问题描述
在我的 jenkins 管道文件中,我使用 JsonSlurperClassic
从 .json 文件读取构建配置.然而,这会引入需要通过进程中脚本批准页面批准的代码.当我通过 GUI 执行此操作时效果很好.
In my jenkins pipeline file I use the JsonSlurperClassic
to read build configurations from a .json file. This however introduces code that needs to be approved over the in-process Script Approval page. This works fine when I do it over the GUI.
但是,我还有一个脚本可以自动设置我的 jenkins 机器,它应该创建一个不需要进一步 GUI 操作的准备工作的机器.该脚本已经使用 jenkins 脚本控制台来批准从属启动命令.在脚本控制台中执行此操作的 groovy 代码如下所示.
However I also have a script that automatically sets up my jenkins machine which should create a ready-to-work machine that does not require further GUI operations. This script already uses the jenkins script console to approve slave start-up commands. The groovy code that is executed in the script console to do this looks like this.
def language = 'system-command';
def scriptSnippet = 'ssh me@slavemachine java -jar ~/bin/slave.jar';
def scriptApproval = Jenkins.instance.getExtensionList(
'org.jenkinsci.plugins.scriptsecurity.scripts.ScriptApproval')[0];
def scriptHash = scriptApproval.hash(scriptSnippet, language);
scriptApproval.approveScript(scriptHash);
这很好用,但现在我想使用相同的代码来批准脚本来自我的管道的片段.我用
This works fine, but now I want to use the same code to approve the scriptsnippets that come from my pipeline. I exchanged the first two lines with
def language = 'groovy'
def scriptSnippet = 'new groovy.json.JsonSlurperClassic';
其中 scriptSnippet
取自 scriptApproval.xml
文件.执行此操作会向 scriptApproval.xml
文件添加一个新的 条目,但不会删除包含脚本片段.这意味着它不起作用.
where the scriptSnippet
is taken from the scriptApproval.xml
file.Executing this adds a new <approvedScriptHashes>
entry to the scriptApproval.xml
file but does not remove the <pendingSignature>
entry that contains the script snippet. This means it does not work.
我的猜测是,语言是错误的,但是我尝试过的其他值,例如 groovy-sh
或 system-commands
也不起作用.你有什么想法为什么它不起作用?
My guess is, that the language is wrong, but other values I tried like groovy-sh
or system-commands
did not work either. Do you have any ideas why it does not work?
感谢您的宝贵时间.
推荐答案
您可以使用 ScriptApproval#approveSignature
方法.这是一个适用于我的 Jenkins 2.85 的示例
You can use ScriptApproval#approveSignature
method. Here is an example that works on my Jenkins 2.85
def signature = 'new groovy.json.JsonSlurperClassic'
org.jenkinsci.plugins.scriptsecurity.scripts.ScriptApproval.get().approveSignature(signature)
这篇关于如何通过 groovy 脚本控制台批准 jenkinsfile 中的脚本片段?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!