• Icon: Bug Bug
    • Resolution: Fixed
    • Icon: Critical Critical
    • ec2-plugin
    • None

      After upgrade to 2.86 plugin need extra permission for dynamic script  to make slave online via ssh connection. 

      I can not use "In-process Script Approval" because this script look like 
      'ssh user@123.212.12.232 ....' and it is dynamic! 

          [JENKINS-47593] can not to be online without permission

          Piotr Perzyna created issue -
          Piotr Perzyna made changes -
          Description Original: After upgrade to 2.86 plugin need extra permission for dynamic script to make slave online.  New: After upgrade to 2.86 plugin need extra permission for dynamic script  to make slave online via ssh connection. 

          I can not use "In-process Script Approval" because this script look like 
          'ssh user@123.212.12.232 ....' and it is dynamic! 
          Jesse Glick made changes -
          Component/s New: command-launcher-plugin [ 23169 ]
          Component/s Original: ec2-plugin [ 15625 ]
          Assignee Original: Francis Upton [ francisu ]

          Jesse Glick added a comment -

          Seems an issue with EC2UnixLauncher.

          Jesse Glick added a comment - Seems an issue with EC2UnixLauncher .
          Jesse Glick made changes -
          Component/s New: ec2-plugin [ 15625 ]
          Component/s Original: command-launcher-plugin [ 23169 ]
          Assignee New: Francis Upton [ francisu ]
          Jesse Glick made changes -
          Link New: This issue is blocking JENKINS-47393 [ JENKINS-47393 ]

          Matt Zeemann added a comment -

          While this gets fixed, are there any known workarounds? 

          Matt Zeemann added a comment - While this gets fixed, are there any known workarounds? 

          Piotr Perzyna added a comment -

          Yes, i have!  You can use native java ssh - just uncheck ssh option in config

          Piotr Perzyna added a comment - Yes, i have!  You can use native java ssh - just uncheck ssh option in config

          Since the script to validate is well-known, and the arguments are dynamic (therefore hard to approve), should the plugin use the constructor that pre-approves the script?   

          https://github.com/jenkinsci/command-launcher-plugin/blob/master/src/main/java/hudson/slaves/CommandLauncher.java#L82-L87 

          Chris Kulinski added a comment - Since the script to validate is well-known, and the arguments are dynamic (therefore hard to approve), should the plugin use the constructor that pre-approves the script?    https://github.com/jenkinsci/command-launcher-plugin/blob/master/src/main/java/hudson/slaves/CommandLauncher.java#L82-L87  

          We needed to use the "ssh option" in config, so we patched `EC2UnixLauncher` to use the other constructor for `CommandLauncher`

          We also had to install the new command-launcher-plugin.  It seems the code likely gets a ClassNotFoundException for CommandLauncher, since its been moved to its own plugin. 

          Chris Kulinski added a comment - We needed to use the "ssh option" in config, so we patched `EC2UnixLauncher` to use the other constructor for `CommandLauncher` We also had to install the new command-launcher-plugin.  It seems the code likely gets a ClassNotFoundException for CommandLauncher, since its been moved to its own plugin. 

            wfollonier Wadeck Follonier
            pperzyna Piotr Perzyna
            Votes:
            5 Vote for this issue
            Watchers:
            10 Start watching this issue

              Created:
              Updated:
              Resolved: