Complete removal of AWS SDK v1

[olamy]

Signed-off-by: Olivier Lamy [email protected]

Testing done

Submitter checklist

• Make sure you are opening from a topic/feature/bugfix branch (right side) and not your main branch!
• Ensure that the pull request title represents the desired changelog entry
• Please describe what you did
• Link to relevant issues in GitHub or Jira
• Link to relevant pull requests, esp. upstream and downstream changes
• Ensure you have provided tests - that demonstrates feature works or fixes the issue

[bengaywins]

@olamy any idea if/when this will be in a state that can be merged?

[olamy]

@olamy any idea if/when this will be in a state that can be merged?

I have no idea. It seems the goal is to keep v1 here for a long time for backward compatibility.
Maybe @MarkEWaite or @basil have an answer.

[bengaywins]

That’s a terrible idea considering Amazon is end-of-life the Java v1 SDK Dec 31 this year.

…

On Sun, Jul 13, 2025 at 21:08 Olivier Lamy ***@***.***> wrote: *olamy* left a comment (jenkinsci/aws-credentials-plugin#284) <#284 (comment)> @olamy <https://github.com/olamy> any idea if/when this will be in a state that can be merged? I have no idea. It seems the goal is to keep v1 here for a long time for backward compatibility. Maybe @MarkEWaite <https://github.com/MarkEWaite> or @basil <https://github.com/basil> have an answer. — Reply to this email directly, view it on GitHub <#284 (comment)>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/AE3K573X6SYXZRQHQJD2H533IMUMVAVCNFSM6AAAAAB4PZGJ7WVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZTANRXG43DONBUHA> . You are receiving this because you commented.Message ID: ***@***.***>

[olamy]

That’s a terrible idea considering Amazon is end-of-life the Java v1 SDK Dec 31 this year.

I didn't say forever but I guess at least to this date.
But this doesn't mean plugins consuming this plugin will not have upgrade before.
Most of the plugins have already been upgraded to use v2 api

[bengaywins]

Waiting till end of life to migrate is just as bad. It leaves NO room for reverting while fixes happen to ensure a smoother transition when end of life comes.

…

On Sun, Jul 13, 2025 at 22:16 Olivier Lamy ***@***.***> wrote: *olamy* left a comment (jenkinsci/aws-credentials-plugin#284) <#284 (comment)> That’s a terrible idea considering Amazon is end-of-life the Java v1 SDK Dec 31 this year. I didn't say forever but I guess at least to this date. — Reply to this email directly, view it on GitHub <#284 (comment)>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/AE3K577SFIEM5NHCUWJ2OT33IM4K7AVCNFSM6AAAAAB4PZGJ7WVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZTANRXHA3DIMBSG4> . You are receiving this because you commented.Message ID: ***@***.***>

[olamy]

Waiting till end of life to migrate is just as bad. It leaves NO room for reverting while fixes happen to ensure a smoother transition when end of life comes.

I'm not quite sure to understand the problem?
If you look at the code of this plugin, it's just offering a centralized way for all Jenkins plugins using AWS API to obtain credentials against AWS credentials. That's the only feature this plugin is providing.
To be backward compatible with plugins not upgraded yet, the method offering v1 credentials have been marked as deprecated and methods offering v2 api credentials have been added.
With such approach plugins migrated and plugins not yet migrated can both use new versions of this plugin without breaking anything.
Imagine the scenario of totally removing v1 in this plugin, it would mean only plugins upgraded to v2 would work.

[bengaywins]

I don’t see the scenario that only v2 SDK support exists as being a problem. Jenkins mainline isn’t here to support forever legacy projects that companies have chosen to never upgrade. Jenkins plugin support already has enough burden.

…

On Sun, Jul 13, 2025 at 22:34 Olivier Lamy ***@***.***> wrote: *olamy* left a comment (jenkinsci/aws-credentials-plugin#284) <#284 (comment)> Waiting till end of life to migrate is just as bad. It leaves NO room for reverting while fixes happen to ensure a smoother transition when end of life comes. I'm not quite sure to understand the problem? If you look at the code of this plugin, it's just offering a centralized way for all Jenkins plugins using AWS API to obtain credentials against AWS credentials. That's the only feature this plugin is providing. To be backward compatible with plugins not upgraded yet, the method offering v1 credentials have been marked as deprecated and methods offering v2 api credentials have been added. With such approach plugins migrated and plugins not yet migrated can both use new versions of this plugin without breaking anything. Imagine the scenario of totally removing v1 in this plugin, it would mean only plugins upgraded to v2 would work. — Reply to this email directly, view it on GitHub <#284 (comment)>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/AE3K57436CFHQU7ZIBQEFP33IM6OFAVCNFSM6AAAAAB4PZGJ7WVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZTANRXHA4TEOJQGY> . You are receiving this because you commented.Message ID: ***@***.***>

[MarkEWaite]

Imagine the scenario of totally removing v1 in this plugin, it would mean only plugins upgraded to v2 would work.

That's the scenario that most worries me. The JENKINS-73638 epic shows the status along with its tracking spreadsheet. Today, removing AWS SDIK v1 would break use cases for three plugins that each have more than 5000 installations:

• Pipeline: AWS Steps - 14000 installs
• Hashicorp Vault Plugin - 9500 installs
• Kubernetes Credentials Provider Plugin - 7100 installs

I don’t see the scenario that only v2 SDK support exists as being a problem.

Different Jenkins users have different upgrade cycles. By continuing to support AWS SDK v1 until at least its end of life, we are retaining compatibility for users. The project governance page notes that compatibility matters to the Jenkins project. That document includes the phrase:

The Jenkins project places high value on maintaining this compatibility, and will be very careful in removing functionality.

Having said that, it is fair and reasonable to note that we're trying to strike a balance between compatibility and end of life or outdated dependencies. With regard to web browsers, Jenkins proactively supports the most current browsers and is willing to accept patches for older browser support so long as they are low risk. With regard to operating systems, Jenkins doesn't support operating systems that are not supported by the operating system vendor and we don't accept patches.

I hope that the maintainers of plugins that depend on AWS SDK v1 will upgrade their plugins to AWS SDK v2.

I think that we should retain support for AWS SDK v1 until at least the Dec 31, 2025 end of life. If AWS SDK v1 continues to work, I think that we should retain support for it so long as it continues to work (even after the end of life), at least until those top 3 plugins upgrade to support AWS SDK v2.

[MarkEWaite]

@bengaywins could you confirm that the incremental build of this pull request works in your environment? That seems like a good first test and would allow you to already be working with a plugin version that has removed AWS SDK v1.

[bengaywins]

We do our Jenkins updates on Thursday mornings and I will attempt to use said incremental to confirm it works. Lots of our build jobs depend on this plugin, so it should be noticed rather quickly.

[batmat]

@bengaywins were you able to test the Incremental version? Thanks

[bengaywins]

I am sorry, I haven't been able to. I've been really busy and so haven't been able to sort through how to do that and run said update. And not sure I will be able to get to it before end of the year sadly. Sorry about that delay.