Skip to content

CredentialsProvider optimized lookup by id #1003

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Draft
jglick wants to merge 7 commits into
base: master
Choose a base branch
from
Draft

CredentialsProvider optimized lookup by id #1003

jglick wants to merge 7 commits into from
+494 −25

Conversation

@jglick
Copy link
Member

@jglick jglick commented Jan 6, 2026
edited
Loading

The basis of #980 (a full fix will require some downstream changes).

Prior cleanup: #1001.

@jglick jglick requested review from aneveux and dwnusbaum January 6, 2026 19:13
@jglick jglick requested a review from Copilot January 6, 2026 21:51
Copilot AI reviewed Jan 6, 2026
View reviewed changes
Copy link

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR introduces optimized credential lookup methods to address performance issues when searching for credentials by ID, particularly when using remote vault providers like HashiCorp Vault. The optimization allows providers to implement direct ID-based lookups instead of retrieving all credentials and filtering, enabling early termination when a matching credential is found.

Key changes:

  • Added new static lookup methods findCredentialByIdInItemGroup and findCredentialByIdInItem that search providers sequentially and return on first match
  • Added overridable provider-level methods getCredentialByIdInItemGroup and getCredentialByIdInItem with default implementations that fall back to existing list-based methods
  • Refactored findCredentialById(Run) to use the new optimized lookup methods

Reviewed changes

Copilot reviewed 3 out of 3 changed files in this pull request and generated 6 comments.

File Description
src/main/java/com/cloudbees/plugins/credentials/CredentialsProvider.java Added optimized credential lookup infrastructure with four new methods (two static, two instance) and refactored existing findCredentialById to use new optimized paths; added debug logging for lookup operations
src/main/java/com/cloudbees/plugins/credentials/CredentialsMatchers.java Added cross-references to new lookup methods in the javadoc for withId matcher
src/test/java/com/cloudbees/plugins/credentials/ByIdTest.java Added comprehensive test suite with test providers to verify lazy evaluation behavior and optimization effectiveness

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

src/test/java/com/cloudbees/plugins/credentials/ByIdTest.java
static void addCredential(IdCredentials credential) {
credentials.add(credential);
}

Copy link

Copilot AI Jan 6, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The static credential lists in LazyProvider2 and LazyProvider3 are never cleared between tests, which could lead to test interference. Consider adding methods to clear these credentials and calling them in a setup or teardown method (e.g., @beforeeach or @AfterEach) to ensure test isolation.

Suggested change
static void clearCredentials() {
credentials.clear();
}

Copilot uses AI. Check for mistakes.
Copy link
Member Author

@jglick jglick Jan 6, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

(should avoid static fields, use lookupSingleton and instance fields)

src/test/java/com/cloudbees/plugins/credentials/ByIdTest.java
Comment on lines +277 to +282
private static final List<IdCredentials> credentials = new java.util.concurrent.CopyOnWriteArrayList<>();
static final AtomicInteger listCalls = new AtomicInteger(0);

static void addCredential(IdCredentials credential) {
credentials.add(credential);
}
Copy link

Copilot AI Jan 6, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The static credential list in LazyProvider3 is never cleared between tests, which could lead to test interference. Consider adding a method to clear these credentials and calling it in a setup or teardown method (e.g., @beforeeach or @AfterEach) to ensure test isolation.

Copilot uses AI. Check for mistakes.
This was referenced Jan 7, 2026
Draft
Draft
Draft
Draft
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@aneveux aneveux Awaiting requested review from aneveux

@dwnusbaum dwnusbaum Awaiting requested review from dwnusbaum

Assignees

No one assigned

Labels

enhancement

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@jglick