Status: Closed (View Workflow)
Resolution: Not A Defect
Structs v.1.13 (required)
Script Security v.1.25 (required)
vSphere v.1.1.11 (optional)
Config File Provider v.2.15.4 (optional)
Managed Scripts v.1.3 (optional)
Command Agent Launcher v.1.0 (implied)
JDK Tool v.1.0 (implied)
The issue we faced is job DSL plugin is not honoring groovy sandbox policies.
we have installed structs plugin 1.13 version , Authorize Project plugin and Script Security plugin.
Developer usually need to use "Sandbox" for executing groovy as it doesn't require any approval from administrators.
We can see that this policy is working well in templates, pipelines and regular jobs. But it is failing when used in combination of "job dsl"and "Authorize Project plugin".
This combination is expecting users who triggered job to have "Overall/RunScripts" access.This access cannot be given to developers.
We configured job dsl to execute a groovy script in sandbox.
For triggering this job, we used Authorization step with "Run as User who triggered Build".
The build never executes and simply show waiting for next executor - even though that slave is idle.
we can run the same build successfully as admin and have "RunScripts" access. As developers we don't have this access and it is showing waiting for executor.