timja / jenkins-gh-issues-poc-06-18

0 stars 0 forks source link

[JENKINS-68711] Script approval page does not display new scripts. #6058

Open timja opened 2 years ago

timja commented 2 years ago

Hello team,
We are experiencing new issue with jenkins, since version 2.332.3.
First, after update to this version it became impossible to approve scripts from the job page, which has this script.
After that we started to use page /scriptApproval/ to approve all scripts in jenkins.

And since yesterday (07.06.2022) new scripts stopped to appear on this page, but when we open job with "Configure" button, it still displays under script that it's not approved.

Luckily we have investigated, that by applying this configuration again (saving job without any changes by admin) - will lead script to appear in /scriptApproval/ page.

No changes were applied to this jenkins so far, last restart and maintenance was on may, 20.

Just for information, we are uploading our jobs with jenkins job builder script.

Also, running script

import org.jenkinsci.plugins.scriptsecurity.scripts.*
toApprove = ScriptApproval.get().getPendingScripts().collect()
toApprove.each {pending -> ScriptApproval.get().approveScript(pending.getHash())} 

return nothing, like there is no not approved scripts in system.

Added after invesitgations:
Issue can be reproduced by clicking "Clear Approvals" button for scripts(remove $JENKINS_HOME/scriptApproval.xml works same). This will cause Jenkins to forget all approved scripts and they will be blocked on launch.
Moreover, script won't appear in script approval page until next restart. And on restart, it takes time to collect all scripts for that page blocking jenkins restart. We have more than 4000 jobs in our jenkins and it takes us roughly 1 hour to restart jenkins after approval clear.


Originally reported by borys_tsolin, imported from: Script approval page does not display new scripts.
  • status: Open
  • priority: Minor
  • resolution: Unresolved
  • imported: 2022/01/10