如何通过 groovy 脚本控制台批准来自 jenkinsfile 的脚本片段? [英] How to approve script snippets from a jenkinsfile via the groovy script console?
问题描述
在我的 jenkins 管道文件中,我使用 JsonSlurperClassic 从 .json 文件中读取构建配置.然而,这引入了需要通过 in-process Script Approval 页面批准的代码.当我通过 GUI 执行此操作时效果很好.
In my jenkins pipeline file I use the JsonSlurperClassic to read build configurations from a .json file. This however introduces code that needs to be approved over the in-process Script Approval page. This works fine when I do it over the GUI.
但是,我还有一个脚本可以自动设置我的 jenkins 机器,它应该创建一个不需要进一步 GUI 操作的准备工作机器.该脚本已经使用 jenkins 脚本控制台来批准从属启动命令.在脚本控制台中执行此操作的 groovy 代码如下所示.
However I also have a script that automatically sets up my jenkins machine which should create a ready-to-work machine that does not require further GUI operations. This script already uses the jenkins script console to approve slave start-up commands. The groovy code that is executed in the script console to do this looks like this.
def language = 'system-command';
def scriptSnippet = 'ssh me@slavemachine java -jar ~/bin/slave.jar';
def scriptApproval = Jenkins.instance.getExtensionList(
'org.jenkinsci.plugins.scriptsecurity.scripts.ScriptApproval')[0];
def scriptHash = scriptApproval.hash(scriptSnippet, language);
scriptApproval.approveScript(scriptHash);
这工作正常,但现在我想使用相同的代码来批准脚本来自我的管道的片段.我用前两行交换了
This works fine, but now I want to use the same code to approve the script snippets that come from my pipeline. I exchanged the first two lines with
def language = 'groovy'
def scriptSnippet = 'new groovy.json.JsonSlurperClassic';
scriptSnippet 取自 scriptApproval.xml 文件.执行此操作会在 scriptApproval.xml 文件中添加一个新的 <approvedScriptHashes> 条目,但不会删除包含脚本片段.这意味着它不起作用.
where the scriptSnippet is taken from the scriptApproval.xml file.
Executing this adds a new <approvedScriptHashes> entry to the scriptApproval.xml file but does not remove the <pendingSignature> entry that contains the script snippet. This means it does not work.
我的猜测是,语言是错误的,但我尝试过的其他值,如 groovy-sh 或 system-commands 也不起作用.你有什么想法为什么它不起作用?
My guess is, that the language is wrong, but other values I tried like groovy-sh or system-commands did not work either. Do you have any ideas why it does not work?
感谢您的宝贵时间.
推荐答案
你可以使用ScriptApproval#approveSignature 方法.这是一个适用于我的 Jenkins 2.85 的示例
You can use ScriptApproval#approveSignature method. Here is an example that works on my Jenkins 2.85
def signature = 'new groovy.json.JsonSlurperClassic'
org.jenkinsci.plugins.scriptsecurity.scripts.ScriptApproval.get().approveSignature(signature)
这篇关于如何通过 groovy 脚本控制台批准来自 jenkinsfile 的脚本片段?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
