-
Task
-
Resolution: Unresolved
-
Minor
-
None
-
script-security plugin version 1138.v8e727069a_025
JCasC plugin 1414.v878271fc496f
The JSON Schema output for this plugin lacks the "approvedSignatures" and "approvedSignatureHashes properties. As a result, valid JCasC files fail JSON Schema validation.
Steps to reproduce:
- Install JCasC plugin and script-security plugin.
- Download the JCasC JSON Schema document for the Jenkins server: https://jenkins.example.com/configuration-as-code/schema
- Use the JSON Schema to validate some trivial JCasC samples. Here is one small JCasC sample that fails to validate:
--- security: scriptApproval: approvedSignatures: - method hudson.model.Job getNextBuildNumber
Actual results:
The JSON Schema document has this:
"scriptApproval": { "additionalProperties": false, "type": "object", "properties": { "approvedSignatures": { "description": "", "additionalProperties": false, "type": "array", "$id": "#/definitions/org.jenkinsci.plugins.scriptsecurity.scripts.ScriptApproval" }} },
This means validation will fail on the user's approvedSignatures parameter.
Expected results
The JSON Schema needs to have these properties instead:
"scriptApproval": { "additionalProperties": false, "type": "object", "$id": "#/definitions/org.jenkinsci.plugins.scriptsecurity.scripts.ScriptApproval", "properties": { "approvedSignatures": { "type": "array" }, "approvedSignatureHashes": { "type": "array" } } },
Additional info
You can use a variety of tools to perform JSON Schema validation on JCasC YAML. Here's a Python script we use to do it:
import json from jsonschema import validate import yaml # Load the JSON Schema doc downloaded earlier # from $JENKINS_URL/configuration-as-code/schema with open('jenkins-casc-schema.json') as f: schema = json.load(f) f.close() with open('casc.yaml') as d: yaml_data = yaml.full_load(d) # Validate the user's casc.yaml with the JSON Schema: validate(instance=yaml_data, schema=schema)
The error from this script is:
jsonschema.exceptions.ValidationError: Additional properties are not allowed ('approvedSignatures' was unexpected)
[JENKINS-69452] JCasC JSON Schema output lacks scriptApproval properties
| Description |
Original:
The JSON Schema output for this plugin lacks the "{{{}approvedSignatures{}}}" and "{{{}approvedSignatureHashes{}}} properties. As a result, valid JCasC files fail JSON Schema validation.
h3. Steps to reproduce: # Install JCasC plugin and script-security plugin. # Download the JCasC JSON Schema document for the Jenkins server: [https://jenkins.example.com/configuration-as-code/schema] # Use the JSON Schema to validate some trivial JCasC samples. Here is one small JCasC sample that fails to validate: {noformat} --- security: scriptApproval: approvedSignatures: - method hudson.model.Job getNextBuildNumber {noformat} h3. Actual results: The JSON Schema document has this: {code:json} "scriptApproval": { "additionalProperties": false, "type": "object", "properties": { "approvedSignatures": { "description": "", "additionalProperties": false, "type": "array", "$id": "#/definitions/org.jenkinsci.plugins.scriptsecurity.scripts.ScriptApproval" }} }, {code} This means validation will fail on the user's {{approvedSignatures}} parameter. h3. Expected results The JSON Schema needs to have these properties instead: {code:json} "scriptApproval": { "additionalProperties": false, "type": "object", "$id": "#/definitions/org.jenkinsci.plugins.scriptsecurity.scripts.ScriptApproval", "properties": { "approvedSignatures": { "type": "array" }, "approvedSignatureHashes": { "type": "array" } } }, {code} h3. Additional info You can use a variety of tools to perform JSON Schema validation on JCasC YAML. Here's a Python script we use to do it: {code:python} import json from jsonschema import validate import yaml # Load the JSON Schema doc downloaded earlier # from $JENKINS_URL/configuration-as-code/schema with open('jenkins-casc-schema.json') as f: schema = json.loads(f.read()) f.close() with open('casc.yaml') as d: yaml_data = yaml.full_load(d) # Validate the user's casc.yaml with the JSON Schema: validate(instance=yaml_data, schema=schema) {code} The error from this script is: {noformat} jsonschema.exceptions.ValidationError: Additional properties are not allowed ('approvedSignatures' was unexpected) {noformat} |
New:
The JSON Schema output for this plugin lacks the "{{{}approvedSignatures{}}}" and "{{{}approvedSignatureHashes{}}} properties. As a result, valid JCasC files fail JSON Schema validation.
h3. Steps to reproduce: # Install JCasC plugin and script-security plugin. # Download the JCasC JSON Schema document for the Jenkins server: [https://jenkins.example.com/configuration-as-code/schema] # Use the JSON Schema to validate some trivial JCasC samples. Here is one small JCasC sample that fails to validate: {noformat} --- security: scriptApproval: approvedSignatures: - method hudson.model.Job getNextBuildNumber {noformat} h3. Actual results: The JSON Schema document has this: {code:json} "scriptApproval": { "additionalProperties": false, "type": "object", "properties": { "approvedSignatures": { "description": "", "additionalProperties": false, "type": "array", "$id": "#/definitions/org.jenkinsci.plugins.scriptsecurity.scripts.ScriptApproval" }} }, {code} This means validation will fail on the user's {{approvedSignatures}} parameter. h3. Expected results The JSON Schema needs to have these properties instead: {code:json} "scriptApproval": { "additionalProperties": false, "type": "object", "$id": "#/definitions/org.jenkinsci.plugins.scriptsecurity.scripts.ScriptApproval", "properties": { "approvedSignatures": { "type": "array" }, "approvedSignatureHashes": { "type": "array" } } }, {code} h3. Additional info You can use a variety of tools to perform JSON Schema validation on JCasC YAML. Here's a Python script we use to do it: {code:python} import json from jsonschema import validate import yaml # Load the JSON Schema doc downloaded earlier # from $JENKINS_URL/configuration-as-code/schema with open('jenkins-casc-schema.json') as f: schema = json.load(f) f.close() with open('casc.yaml') as d: yaml_data = yaml.full_load(d) # Validate the user's casc.yaml with the JSON Schema: validate(instance=yaml_data, schema=schema) {code} The error from this script is: {noformat} jsonschema.exceptions.ValidationError: Additional properties are not allowed ('approvedSignatures' was unexpected) {noformat} |