JCasC JSON Schema output lacks scriptApproval properties

This issue is archived. You can view it, but you can't modify it. Learn more

XMLWordPrintable

      The JSON Schema output for this plugin lacks the "approvedSignatures" and "approvedSignatureHashes properties. As a result, valid JCasC files fail JSON Schema validation.

      Steps to reproduce:

      1. Install JCasC plugin and script-security plugin.
      2. Download the JCasC JSON Schema document for the Jenkins server: https://jenkins.example.com/configuration-as-code/schema
      3. Use the JSON Schema to validate some trivial JCasC samples. Here is one small JCasC sample that fails to validate: 
        ---
security:
  scriptApproval:
    approvedSignatures:
      - method hudson.model.Job getNextBuildNumber

      Actual results:

      The JSON Schema document has this:

                      "scriptApproval": {
                    "additionalProperties": false,
                    "type": "object",
                    "properties": {
                        "approvedSignatures": {
                            "description": "",
                            "additionalProperties": false,
                            "type": "array",
                            "$id": "#/definitions/org.jenkinsci.plugins.scriptsecurity.scripts.ScriptApproval"
                        }}
                },

      This means validation will fail on the user's approvedSignatures parameter.

      Expected results

      The JSON Schema needs to have these properties instead:

                      "scriptApproval": {
                    "additionalProperties": false,
                    "type": "object",
                    "$id": "#/definitions/org.jenkinsci.plugins.scriptsecurity.scripts.ScriptApproval",
                    "properties": {
                        "approvedSignatures": {
                            "type": "array"
                        },
                        "approvedSignatureHashes": {
                            "type": "array"
                        }
                    }
                },

      Additional info

      You can use a variety of tools to perform JSON Schema validation on JCasC YAML. Here's a Python script we use to do it:

      import json
from jsonschema import validate
import yaml

# Load the JSON Schema doc downloaded earlier
# from $JENKINS_URL/configuration-as-code/schema
with open('jenkins-casc-schema.json') as f:
    schema = json.load(f)
f.close()
with open('casc.yaml') as d:
    yaml_data = yaml.full_load(d)

# Validate the user's casc.yaml with the JSON Schema:
validate(instance=yaml_data, schema=schema)

      The error from this script is:

      jsonschema.exceptions.ValidationError: Additional properties are not allowed ('approvedSignatures' was unexpected)

            Assignee:
            Unassigned
            Reporter:
            Ken Dreyer
            Archiver:
            Jenkins Service Account

              Created:
              Updated:
              Archived: