This role manages the approval of signatures for the Script Security Plugin. The role can add or remove signatures by keeping unmanaged signatures in place.

For the management a groovy script is used that is directly executed in the Jenkins, so the changes are applied immediately without need to restart the instance.

This role requires Ansible 2.4 or higher and a running Jenkins on the target instance.

Available variables are listed below, along with their default values.

jenkins_script_security_admin_username: admin

Jenkins admin username.

jenkins_script_security_admin_password: admin

Jenkins admin password.

jenkins_script_security_jenkins_hostname: localhost

Hostname of the jenkins instance.

jenkins_script_security_jenkins_port: 8080

HTTP port of the jenkins instance.

jenkins_script_security_jenkins_url_prefix: ""

Url prefix of the jenkins instance, e.g. when running in tomcat.

jenkins_script_security_jenkins_update_dir: "{{ jenkins_plugins_jenkins_home }}/updates"

Path to the jenkins update directory.

jenkins_script_security_jenkins_base_url: "http://{{ jenkins_script_security_jenkins_hostname }}:{{ jenkins_script_security_jenkins_port }}{{ jenkins_script_security_jenkins_url_prefix }}"

The base url of the jenkins instance.

jenkins_script_security_approved_signatures_present: []

List of signature to approve. List of strings as present in the scriptApproval.xml but without the encapsulating <string></string>.

jenkins_script_security_approved_signatures_absent: []

List of signatures to remove. List of strings as present in the scriptApproval.xml but without the encapsulating <string></string>.

The role has no dependencies.

Approves the signatures for creating a new ArrayList and getting the index of an Element in a list.

- hosts: jenkins
  vars:
    jenkins_script_security_approved_signatures_present:
      - method java.util.List indexOf java.lang.Object
      - new java.util.ArrayList
  roles:
    - role: wcm_io_devops.jenkins_script_security

Apache 2.0