Difference between revisions of "Jenkins/In-process Script Approval"
(Created page with "Script Sec = Disable = In order to get past this Jenkins security feature, you will need to approve your script. Go to Manage Jenkins -> In-process Script Approval. In that...") |
(No difference)
|
Revision as of 15:46, 28 March 2020
Script Sec
= Disable =
In order to get past this Jenkins security feature, you will need to approve your script. Go to Manage Jenkins -> In-process Script Approval. In that screen, you will see the script that you are trying to execute. There should be an approve button that you'll need to click to approve that script.
The caveat, it will not prompt for approval any first layer DSL Script inline or from a file, but still will call for approval if nested scripts validate Security Script rules. Eg. Jenkins DSL Plugin will process without approval the DSL code (layer1) but if there is a pipeline{} code that is considered as another script inline or from a file (layer2) it will need to be approved.
2-layer DSL script. It contains Utils.markStageSkippedForConditional that uses not whitelisted method.
pipelineJob('New_pipeline') { // <- layer1 script will get executed
parameters {
choiceParam( 'ACTION', ["plan","apply"],"terraform plan or apply")
}
definition {
cps {
script(''' // <- layer2, will require approval
import org.jenkinsci.plugins.pipeline.modeldefinition.Utils
def hosts
pipeline {
agent any
environment {
REGION = "eu-west-1"
}
stages {
stage('Build host lists') {
steps {
script {
hosts = [ "node-1", "node-2" ]
}
}
}
stage('Display list') {
steps {
echo 'Print host[0]'
sh \'\'\'#!/bin/bash
HOST=\'\'\' + hosts[0] + \'\'\'
printf "HOST: $HOST";
\'\'\'
}
stage('SkipStage') {
steps {
// requires approval
Utils.markStageSkippedForConditional('SkipStage')
}
}
}
}
}
''')
}
}
}