Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-69452

JCasC JSON Schema output lacks scriptApproval properties

XMLWordPrintable

    • Icon: Task Task
    • Resolution: Unresolved
    • Icon: Minor Minor
    • script-security-plugin
    • None
    • script-security plugin version 1138.v8e727069a_025
      JCasC plugin 1414.v878271fc496f

      The JSON Schema output for this plugin lacks the "approvedSignatures" and "approvedSignatureHashes properties. As a result, valid JCasC files fail JSON Schema validation.

      Steps to reproduce:

      1. Install JCasC plugin and script-security plugin.
      2. Download the JCasC JSON Schema document for the Jenkins server: https://jenkins.example.com/configuration-as-code/schema
      3. Use the JSON Schema to validate some trivial JCasC samples. Here is one small JCasC sample that fails to validate: 
        ---
security:
  scriptApproval:
    approvedSignatures:
      - method hudson.model.Job getNextBuildNumber

      Actual results:

      The JSON Schema document has this:

                      "scriptApproval": {
                    "additionalProperties": false,
                    "type": "object",
                    "properties": {
                        "approvedSignatures": {
                            "description": "",
                            "additionalProperties": false,
                            "type": "array",
                            "$id": "#/definitions/org.jenkinsci.plugins.scriptsecurity.scripts.ScriptApproval"
                        }}
                },

      This means validation will fail on the user's approvedSignatures parameter.

      Expected results

      The JSON Schema needs to have these properties instead:

                      "scriptApproval": {
                    "additionalProperties": false,
                    "type": "object",
                    "$id": "#/definitions/org.jenkinsci.plugins.scriptsecurity.scripts.ScriptApproval",
                    "properties": {
                        "approvedSignatures": {
                            "type": "array"
                        },
                        "approvedSignatureHashes": {
                            "type": "array"
                        }
                    }
                },

      Additional info

      You can use a variety of tools to perform JSON Schema validation on JCasC YAML. Here's a Python script we use to do it:

      import json
from jsonschema import validate
import yaml

# Load the JSON Schema doc downloaded earlier
# from $JENKINS_URL/configuration-as-code/schema
with open('jenkins-casc-schema.json') as f:
    schema = json.load(f)
f.close()
with open('casc.yaml') as d:
    yaml_data = yaml.full_load(d)

# Validate the user's casc.yaml with the JSON Schema:
validate(instance=yaml_data, schema=schema)

      The error from this script is:

      jsonschema.exceptions.ValidationError: Additional properties are not allowed ('approvedSignatures' was unexpected)

            Unassigned Unassigned
            ktdreyer Ken Dreyer
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Created:
              Updated: