[JENKINS-75563] Implement killing windows processes when using container step (#1724)

Co-authored-by: Jesse Glick <jglick@cloudbees.com>

Author: raul-arabaolaza

src/main/java/org/csanchez/jenkins/plugins/kubernetes/pipeline/ContainerExecDecorator.java

@@ -18,6 +18,7 @@
 
 import static org.csanchez.jenkins.plugins.kubernetes.pipeline.Constants.EXIT;
 
+import edu.umd.cs.findbugs.annotations.NonNull;
 import edu.umd.cs.findbugs.annotations.SuppressFBWarnings;
 import hudson.AbortException;
 import hudson.EnvVars;
@@ -27,12 +28,15 @@
 import hudson.Proc;
 import hudson.model.Computer;
 import hudson.model.Node;
+import hudson.remoting.VirtualChannel;
+import hudson.slaves.WorkspaceList;
 import io.fabric8.kubernetes.client.KubernetesClient;
 import io.fabric8.kubernetes.client.KubernetesClientException;
 import io.fabric8.kubernetes.client.dsl.ExecListener;
 import io.fabric8.kubernetes.client.dsl.ExecWatch;
 import java.io.ByteArrayOutputStream;
 import java.io.Closeable;
+import java.io.FileNotFoundException;
 import java.io.FilterOutputStream;
 import java.io.IOException;
 import java.io.InterruptedIOException;
@@ -46,6 +50,7 @@
 import java.util.HashSet;
 import java.util.List;
 import java.util.Map;
+import java.util.Objects;
 import java.util.Optional;
 import java.util.Set;
 import java.util.concurrent.CountDownLatch;
@@ -55,6 +60,7 @@
 import java.util.logging.Level;
 import java.util.logging.Logger;
 import java.util.regex.Matcher;
+import org.apache.commons.io.FilenameUtils;
 import org.apache.commons.io.output.TeeOutputStream;
 import org.csanchez.jenkins.plugins.kubernetes.ContainerTemplate;
 import org.csanchez.jenkins.plugins.kubernetes.KubernetesSlave;
@@ -264,6 +270,8 @@ public void setNodeContext(KubernetesNodeContext nodeContext) {
         this.nodeContext = nodeContext;
     }
 
+    private String workspace;
+
     @Override
     public Launcher decorate(final Launcher launcher, final Node node) {
 
@@ -283,6 +291,7 @@ public Proc launch(ProcStarter starter) throws IOException {
                 String containerWorkingDirFilePathStr = containerWorkingDirFilePath != null
                         ? containerWorkingDirFilePath.getRemote()
                         : ContainerTemplate.DEFAULT_WORKING_DIR;
+                workspace = containerWorkingDirFilePathStr;
                 String containerWorkingDirStr = ContainerTemplate.DEFAULT_WORKING_DIR;
                 if (slave != null && slave.getPod().isPresent() && containerName != null) {
                     Optional<String> containerWorkingDir = PodContainerSource.lookupContainerWorkingDir(
@@ -660,23 +669,58 @@ public void onClose(int i, String s) {
             @Override
             public void kill(Map<String, String> modelEnvVars) throws IOException, InterruptedException {
                 getListener().getLogger().println("Killing processes");
-
                 String cookie = modelEnvVars.get(COOKIE_VAR);
+                int exitCode;
+                if (this.isUnix()) {
+                    exitCode = doLaunch(
+                                    true,
+                                    null,
+                                    null,
+                                    null,
+                                    null,
+                                    "sh",
+                                    "-c",
+                                    "kill \\`grep -l '" + COOKIE_VAR + "=" + cookie
+                                            + "' /proc/*/environ | cut -d / -f 3 \\`")
+                            .join();
+                } else {
+                    VirtualChannel channel = node.getChannel();
+                    if (channel != null && workspace != null) {
+                        FilePath tmpFolder = WorkspaceList.tempDir(new FilePath(channel, workspace));
+                        if (tmpFolder != null) {
+                            try (var mainScript = withTemporaryScript(tmpFolder, "kill-processes-with-cookie.ps1");
+                                    var killProcessScript = withTemporaryScript(tmpFolder, "kill-process-by-id.ps1");
+                                    var csCode = withTemporaryScript(tmpFolder, "ProcessEnvironmentReader.cs")) {
+                                exitCode = doLaunch(
+                                                true,
+                                                null,
+                                                null,
+                                                null,
+                                                null,
+                                                "powershell.exe",
+                                                "-NoProfile",
+                                                "-File",
+                                                /* path to file may contain spaces so wrap in double quotes*/
+                                                "\"" + mainScript.getRemote() + "\"",
+                                                "-cookie",
+                                                cookie,
+                                                "-csFile",
+                                                "\"" + csCode.getRemote() + "\"",
+                                                "-killScript",
+                                                "\"" + killProcessScript.getRemote() + "\"")
+                                        .join();
+                            }
+                        } else {
+                            exitCode = 9099;
+                        }
 
-                int exitCode = doLaunch(
-                                true,
-                                null,
-                                null,
-                                null,
-                                null,
-                                // TODO Windows
-                                "sh",
-                                "-c",
-                                "kill \\`grep -l '" + COOKIE_VAR + "=" + cookie
-                                        + "' /proc/*/environ | cut -d / -f 3 \\`")
-                        .join();
-
-                getListener().getLogger().println("kill finished with exit code " + exitCode);
+                    } else {
+                        exitCode = 9009;
+                    }
+                }
+                getListener()
+                        .getLogger()
+                        .println("Attempt to gracefully kill processes finished with exit code " + exitCode);
             }
 
             private void setupEnvironmentVariable(EnvVars vars, PrintStream out, boolean windows) throws IOException {
@@ -691,6 +735,11 @@ private void setupEnvironmentVariable(EnvVars vars, PrintStream out, boolean win
                     }
                 }
             }
+
+            private static TemporaryFile withTemporaryScript(FilePath workspace, String name)
+                    throws IOException, InterruptedException {
+                return new TemporaryFile(workspace, name);
+            }
         };
     }
 
@@ -909,4 +958,40 @@ private static String[] fixDoubleDollar(String[] envVars) {
                 .map(ev -> ev.replaceAll("\\$\\$", Matcher.quoteReplacement("$")))
                 .toArray(String[]::new);
     }
+
+    private static final class TemporaryFile implements AutoCloseable {
+        @NonNull
+        final FilePath filePath;
+
+        TemporaryFile(@NonNull FilePath workspace, @NonNull String name) throws IOException, InterruptedException {
+            var resource = ContainerExecDecorator.class.getResource("scripts/" + name);
+            if (resource == null) {
+                throw new FileNotFoundException("Script " + name + " not found in resources!");
+            }
+            var tempFile =
+                    workspace.createTempFile(FilenameUtils.getBaseName(name), "." + FilenameUtils.getExtension(name));
+            tempFile.copyFrom(resource);
+            this.filePath = tempFile;
+        }
+
+        public String getRemote() {
+            return filePath.getRemote();
+        }
+
+        @Override
+        public boolean equals(Object o) {
+            if (!(o instanceof TemporaryFile that)) return false;
+            return Objects.equals(filePath, that.filePath);
+        }
+
+        @Override
+        public int hashCode() {
+            return Objects.hashCode(filePath);
+        }
+
+        @Override
+        public void close() throws IOException, InterruptedException {
+            filePath.delete();
+        }
+    }
 }

src/main/resources/org/csanchez/jenkins/plugins/kubernetes/pipeline/scripts/ProcessEnvironmentReader.cs

@@ -0,0 +1,107 @@
+using System;
+using System.Text;
+using System.Diagnostics;
+using System.ComponentModel;
+using System.Runtime.InteropServices;
+
+public class ProcessEnvironmentReader
+{
+    [StructLayout(LayoutKind.Sequential)]
+    public struct PROCESS_BASIC_INFORMATION
+    {
+        public IntPtr Reserved1;
+        public IntPtr PebBaseAddress;
+        public IntPtr Reserved2_0;
+        public IntPtr Reserved2_1;
+        public IntPtr UniqueProcessId;
+        public IntPtr Reserved3;
+    }
+
+    [DllImport("ntdll.dll")]
+    private static extern int NtQueryInformationProcess(
+        IntPtr ProcessHandle,
+        int ProcessInformationClass,
+        ref PROCESS_BASIC_INFORMATION ProcessInformation,
+        uint ProcessInformationLength,
+        out uint ReturnLength);
+
+    [DllImport("kernel32.dll")]
+    private static extern IntPtr OpenProcess(
+        uint dwDesiredAccess,
+        bool bInheritHandle,
+        int dwProcessId);
+
+    [DllImport("kernel32.dll")]
+    private static extern bool ReadProcessMemory(
+        IntPtr hProcess,
+        IntPtr lpBaseAddress,
+        byte[] lpBuffer,
+        int dwSize,
+        out IntPtr lpNumberOfBytesRead);
+
+    [DllImport("kernel32.dll", SetLastError = true)]
+    static extern bool CloseHandle(IntPtr hHandle);
+
+    private const uint PROCESS_QUERY_INFORMATION = 0x0400;
+    private const uint PROCESS_VM_READ = 0x0010;
+    private const int ProcessBasicInformation = 0;
+
+    public static string ReadEnvironmentBlock(int pid)
+    {
+        IntPtr hProcess = OpenProcess(PROCESS_QUERY_INFORMATION | PROCESS_VM_READ, false, pid);
+        if (hProcess == IntPtr.Zero)
+            throw new Win32Exception(Marshal.GetLastWin32Error());
+
+        try
+        {
+            PROCESS_BASIC_INFORMATION pbi = new PROCESS_BASIC_INFORMATION();
+            uint tmp;
+            int status = NtQueryInformationProcess(hProcess, ProcessBasicInformation, ref pbi, (uint)Marshal.SizeOf(pbi), out tmp);
+            if (status != 0)
+                throw new Win32Exception("NtQueryInformationProcess failed");
+
+            // Offsets for Environment variables are different on 32/64 bit
+            // The following offsets are for Windows x64 - for x86 some offsets would need adjusting!
+            // PEB is at pbi.PebBaseAddress
+            // In PEB, offset 0x20 (Win10 x64, might differ!) is ProcessParameters
+            byte[] procParamsPtr = new byte[IntPtr.Size];
+            IntPtr bytesRead;
+            IntPtr processParametersAddr;
+
+            // Offset to ProcessParameters
+            int offsetProcessParameters = 0x20;
+            if (!ReadProcessMemory(hProcess, pbi.PebBaseAddress + offsetProcessParameters, procParamsPtr, procParamsPtr.Length, out bytesRead))
+                throw new Win32Exception("ReadProcessMemory (ProcessParameters) failed");
+
+            processParametersAddr = (IntPtr)BitConverter.ToInt64(procParamsPtr, 0);
+
+            // Offset in RTL_USER_PROCESS_PARAMETERS for Environment = 0x80 (x64)!
+            int offsetEnvironment = 0x80;
+            byte[] environmentPtr = new byte[IntPtr.Size];
+
+            if (!ReadProcessMemory(hProcess, processParametersAddr + offsetEnvironment, environmentPtr, environmentPtr.Length, out bytesRead))
+                throw new Win32Exception("ReadProcessMemory (Environment) failed");
+
+            IntPtr environmentAddr = (IntPtr)BitConverter.ToInt64(environmentPtr, 0);
+
+            // Read an arbitrary chunk (say, 32 KB) where env block should fit
+            int envSize = 0x8000;
+            byte[] envData = new byte[envSize];
+            if (!ReadProcessMemory(hProcess, environmentAddr, envData, envData.Length, out bytesRead))
+                throw new Win32Exception("ReadProcessMemory (Environment data) failed");
+
+            // Environment block is Unicode, ends with two 0 chars.
+            string env = Encoding.Unicode.GetString(envData);
+            int end = env.IndexOf("\0\0");
+
+            if (end > -1)
+                env = env.Substring(0, end);
+
+            return env.Replace('\0', '\n');
+        }
+        finally
+        {
+            CloseHandle(hProcess);
+        }
+    }
+}

src/main/resources/org/csanchez/jenkins/plugins/kubernetes/pipeline/scripts/kill-process-by-id.ps1

@@ -0,0 +1,68 @@
+param(
+    [string]$processId
+)
+
+Add-Type -TypeDefinition @"
+using System;
+using System.Runtime.InteropServices;
+using System.Diagnostics;
+
+public class ProcessControl {
+    [DllImport("kernel32.dll")]
+    public static extern bool AttachConsole(int dwProcessId);
+    [DllImport("kernel32.dll")]
+    public static extern bool SetConsoleCtrlHandler(ConsoleCtrlDelegate HandlerRoutine, bool Add);
+    public delegate bool ConsoleCtrlDelegate(int CtrlType);
+    [DllImport("kernel32.dll")]
+    public static extern bool GenerateConsoleCtrlEvent(uint dwCtrlEvent, uint dwProcessGroupId);
+    [DllImport("kernel32.dll")]
+    public static extern bool FreeConsole();
+}
+"@
+
+try {
+    $process = Get-Process -Id $processId -ErrorAction SilentlyContinue
+    
+    if ($process) {
+        $gracefulShutdown = $false
+        
+        # Method 1: Try Ctrl+C via console API (most reliable in containers)
+        [ProcessControl]::FreeConsole() | Out-Null
+        if ([ProcessControl]::AttachConsole($processId)) {
+            # Don't disable our handler
+            [ProcessControl]::GenerateConsoleCtrlEvent(0, 0) | Out-Null
+            
+            # Wait for process to handle signal
+            if ($process.WaitForExit(5000)) {
+                $gracefulShutdown = $true
+            }
+            [ProcessControl]::FreeConsole() | Out-Null
+        }
+        
+        # Method 2: Try Stop-Process with -Force:$false (more graceful than plain Stop-Process)
+        if (-not $gracefulShutdown) {
+            try {
+                Stop-Process -Id $processId -Force:$false -ErrorAction SilentlyContinue
+                if ($process.WaitForExit(5000)) {
+                    $gracefulShutdown = $true
+                }
+            } catch {
+                # Ignore, this is best effort
+            }
+        }
+        
+        # Method 3: Last resort - force kill
+        if (-not $gracefulShutdown) {
+            try {
+                $process.Kill()
+                $process.WaitForExit(2000)
+                Write-Host "Process $processId forcefully terminated"
+            } catch {
+                return 1 # Failed to stop the process
+            }
+        }
+    }
+    return 0
+} catch {
+    return 1 #Failed to even get the process
+}

src/main/resources/org/csanchez/jenkins/plugins/kubernetes/pipeline/scripts/kill-processes-with-cookie.ps1

@@ -0,0 +1,25 @@
+param(
+    [string]$cookie,
+    [string]$csFile,
+    [string]$killScript
+)
+
+Add-Type -Path $csFile
+$returnCode = 0
+$matchedProcessIds = @()
+Get-Process | ForEach-Object {
+        $id = $_.Id
+        try {
+            $envBlock = [ProcessEnvironmentReader]::ReadEnvironmentBlock($id)
+            if (($envBlock.Contains("JENKINS_SERVER_COOKIE=$($cookie)")) -and ($id -ne $PID)) {
+                $matchedProcessIds += $id
+            }
+        } catch {
+            # Do nothing this is best effort and we expect not to be able to read all processes
+        }
+}
+foreach ($processId in $matchedProcessIds) {
+    & $killScript -processId $processId
+    $returnCode = $returnCode + $LASTEXITCODE
+}
+return $returnCode