Loading...

XML

Word

Printable

Type: Bug
Resolution: Not A Defect
Priority: Minor
Component/s: authorize-project-plugin, job-dsl-plugin
Labels:
- jenkins
- plugins
Environment:

Hide
Dependencies
Structs v.1.13 (required)
Script Security v.1.25 (required)
vSphere v.1.1.11 (optional)
Config File Provider v.2.15.4 (optional)
Managed Scripts v.1.3 (optional)
Command Agent Launcher v.1.0 (implied)
JDK Tool v.1.0 (implied)

Show
Dependencies Structs v.1.13 (required) Script Security v.1.25 (required) vSphere v.1.1.11 (optional) Config File Provider v.2.15.4 (optional) Managed Scripts v.1.3 (optional) Command Agent Launcher v.1.0 (implied) JDK Tool v.1.0 (implied)

Similar Issues:

Show

The issue we faced is job DSL plugin is not honoring groovy sandbox policies.

we have installed structs plugin 1.13 version , Authorize Project plugin and Script Security plugin.

Developer usually need to use "Sandbox" for executing groovy as it doesn't require any approval from administrators.

We can see that this policy is working well in templates, pipelines and regular jobs. But it is failing when used in combination of "job dsl"and "Authorize Project plugin".

This combination is expecting users who triggered job to have "Overall/RunScripts" access.This access cannot be given to developers.

We configured job dsl to execute a groovy script in sandbox.

For triggering this job, we used Authorization step with "Run as User who triggered Build".

The build never executes and simply show waiting for next executor - even though that slave is idle.

we can run the same build successfully as admin and have "RunScripts" access. As developers we don't have this access and it is showing waiting for executor.

Assignee:: Daniel Spilker

Reporter:: karthik h v

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Created:: 2018-05-11 11:21

Updated:: 2018-07-03 20:22

Resolved:: 2018-06-20 22:26

Details

Description

Attachments

Activity

People

Dates