Raise an exception when AMI search is blank. #617
Merged
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Changes the behaviour when the AMI ID and search are blank from logging a warning to raising an exception. Motivated by experiencing what happens when it just warns:
We use the configuration-as-code plugin; when interpolating secrets, if you have a typo in the secret name, it inserts the empty string:
https://github.com/jenkinsci/configuration-as-code-plugin/blob/e7501727c4704aaa1e95bdc246a1454dc5b20440/plugin/src/main/java/io/jenkins/plugins/casc/SecretSourceResolver.java#L124
Unfortunately we had a typo in the name of an AMI used by a rarely-run job, which used a slightly different AMI from all the other jobs on our server. So, when we deployed, we missed the warning message:
... then a day later, the job that used this special ami ran. Because the code warned rather than throwing an exeption, it attempted to search for an AMI with no search parameters, then picked one of the results to launch. As luck would have it, there was also a typo in our IAM rule that prevented launching public AMIs; eventually, after two days of retries, the job manage to launch one of the random AMIs: a bitcoin miner 🤦. The node was shut down seconds later when jenkins failed to connect to it, and our alarms noticed the miner, leading us to investigate where it had originated.
Hence this PR...I really don't think anyone wants to use Jenkins as a random AMI launcher :)
(there is no issue raised to link to)