-
Improvement
-
Resolution: Unresolved
-
Major
-
- Jenkins 2.401.3
- Configuration as Code Plugin 1670.v564dc8b_982d0
- Script Security Plugin 1264.vecf66020eb_7d
Currently it is possible to add approved signatures with JCasC as follows:
security:
scriptApproval:
approvedSignatures:
- "field hudson.model.UpdateSite$Entry version"
- "method hudson.model.Run getCause java.lang.Class"
I could not find a way to add signatures approved assuming permission check (using an ACL: access control list). I have tried the following but it did not work:
security:
scriptApproval:
aclApprovedSignatures:
- "staticMethod jenkins.model.Jenkins getInstance"
approvedSignatures:
- "field hudson.model.UpdateSite$Entry version"
- "method hudson.model.Run getCause java.lang.Class"
It would be great to have such improvement.
[JENKINS-71783] Configure aclApprovedSignatures with JCasC
| Priority | Original: Minor [ 4 ] | New: Major [ 3 ] |
| Labels | New: jenkins plugin |
Osaid
made changes -
| Resolution | New: Fixed [ 1 ] | |
| Status | Original: Open [ 1 ] | New: Closed [ 6 ] |
| Resolution | Original: Fixed [ 1 ] | |
| Status | Original: Closed [ 6 ] | New: Reopened [ 4 ] |
| Status | Original: Reopened [ 4 ] | New: Open [ 1 ] |
This is particularly important because blanket approving is not secure.
And right now standing up a new Jenkins server means either having to go through tons of errors / failed jobs approving one at a time with ACL's or blanket approving them. Being able to provision ACL signatures with JCasC would help make that process drastically easier and more secure.