Fix Missing In-process Script Approval in Jenkins
1 min read

Fix Missing In-process Script Approval in Jenkins

Fix Missing In-process Script Approval in Jenkins

Normally, when you have a script or a method to be approved, you should see the In-process Script Approval entry in your Jenkins' configuration:

Jenkins script approval

Unfortunately, the In-process Script Approval entry in Jenkins' configuration is not always shown, even though we have items to be approved. I found that installing the Permissive Script Security and briefly enabling it would solve the problem.

On linux (Ubuntu), you need to edit /etc/default/jenkins and add

JAVA_ARGS="-Djava.awt.headless=true -Dpermissive-script-security.enabled=true"

Then, you need to restart Jenkins for the security plugin to be disabled. I executed one of the pipelines containing the above script to check that script security was disabled. Then I restored the old JAVA_ARGS value in /etc/default/jenkins and restarted Jenkins it again.

When trying to execute the script, lo and behold!, the entry was there and waiting me to approve a bunch of API calls.

Notes

  • As at the moment of writing this entry there is no audit mode, the script (pipeline) will fail early at the first call, without reccording subsequent problematic ones. Therefore, you'll need to run the script multiple times, untill all calls are approved.
  • Versioned pipelines will require method-level approval as they can't be executed outside the sandbox. Unversioned pipelines provide the option to execute the script outside the sandbox. Then, the whole script will require approval by an admin.

HTH,