Is there a way to configure ScriptApproval

[odavid]

Hi,

I am looking for a way to declare ScriptApproval.
Looking at ScriptApproval.java it seems there is no easy way to declare this using the CasC plugin.

Am I wrong? If currently there is no way to do it, how about creating a dedicated configurator for it?

[jetersen]

I think it would require a dedicated configurator looking at the source code as you suggested.

[odavid]

This is what I thought... Will see what I can do about it...
10x!

[jetersen]

Oh it definitely requires changes too: load() well mess with any configurator if I recall correctly from @ndeloof previous implementations

[ndeloof]

I don't think it will require changes, but for sure will require a custom Configurator to manage approvedScriptHashes, you probably want this configurator to expose a set of script to be pre-approved and configure to actually invoke preapprove. But doing so, as only a hash is stored we won't be able to export a relevant yaml structure. On the other side, asking end-user to configure hash for pre-approved scripts would be a UX non-sense.

[odavid]

Am working exactly on this kind of PR.
I believe it will look like the following:

scriptApproval:
  approvedSignatures:
    - method java.net.URI getHost
    - method java.net.URI getPort
    - new java.net.URI java.lang.String

[odavid]

I believe at least approvedSignatures should be supported.

[ndeloof]

discussion moved to jenkinsci/script-security-plugin#219