New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Service Principal used by infra.ci.jenkins.io to spawn Azure agents expires on 2024-03-22 #4000
Comments
Ref. jenkins-infra/helpdesk#4000 This PR changes the end date of this service principal used by infra.ci.jenkins.io to spin up Azure VM agents to rotate it (regular routine)
Opened jenkins-infra/azure#648 to rotate (by extending expiration date of 3 months) the credential |
…648) Ref. jenkins-infra/helpdesk#4000 This PR changes the end date of this service principal used by infra.ci.jenkins.io to spin up Azure VM agents to rotate it (regular routine)
Weird: the Azure console was still showing the old SP password while terrafomr (and Azure API) showed the new one. Old password value was invalid and revoked (which is good) but no new value visible though. Might be an Azure weirdness. Out of caution, we deleted the existing SP password (not the SP!) and ran the terraform azure job a second time to create the new credential with success |
=> waiting 4 hours before closing (time to ensure any leftover in-memory Azure token are rotated to use the new SP) |
|
Service(s)
infra.ci.jenkins.io
Summary
The SP password end date is set to 2024-03-22:
https://github.com/jenkins-infra/azure/blob/1c14ad33dfbf32f96755346fdba2915be0a4989b/infra.ci.jenkins.io.tf#L44-L48
It needs to be updated, then the corresponding credentials must be updated in chart-secrets (private repo).
Reproduction steps
No response
The text was updated successfully, but these errors were encountered: