Use CredentialsSnapshotTaker

[bitwiseman]

Description

#326 made GitHub App Credentials much more stable and tolerant of errors during transport. It also implemented an asymmetric design where a GitHubAppCredentials instance that has been serialize via a path other than XStream is not a fully functional GitHubAppCredentials instance. This is fine for controller to agent, but breaks for controller-to-controller transfer.

This change fixes that by using CredentialsSnapshotTaker and detecting whether where the new credential is landing on an agent.

Submitter checklist

• Link to JIRA ticket in description, if appropriate.
• Change is code complete and matches issue description
• Automated tests have been added to exercise the changes
• Reviewer's manual test instructions provided in PR description. See Reviewer's first task below.

Reviewer checklist

• Run the changes and verify that the change matches the issue description
• Reviewed the code
• Verified that the appropriate tests have been written or valid explanation given

Documentation changes

• Link to jenkins.io PR, or an explanation for why no doc changes are needed

Users/aliases to notify

[amuniz]

👍

[jglick]

This degrades security as now the agent has access to the private key.

[jglick]

To be clear, I think there is a way to use CredentialsSnapshotTaker that retains the security benefits of the current code; would be a minor refinement.

[bitwiseman]

@jglick
You mean like this #336 ?

[jglick]

has access to the private key

Also there is risk in the agent being able to select a different apiUrl: it could trick the controller into sending a “GitHub API” request to a malicious endpoint. I am not sure if it could actually mount a useful attack this way (since the controller would be sending a JWT not the original secret) but it is certainly unnerving and best avoided.