Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Docker Plugin for Jenkins error: Scripts not permitted to use method

I'm trying to publish to Docker from my Jenkins Pipeline but most things I try result in an error. My latest try was this:

docker.withDockerRegistry('https://docker-registry.myco.com/lsacco/swagger-rest', 'docker-credential') {
    def image = docker.image(APPLICATION_NAME);
    image.tag("latest");
    image.push()
}

When I run this, Jenkins outputs this error:

org.jenkinsci.plugins.scriptsecurity.sandbox.RejectedAccessException: Scripts not permitted to use method groovy.lang.GroovyObject invokeMethod java.lang.String java.lang.Object (org.jenkinsci.plugins.docker.workflow.Docker withDockerRegistry java.lang.String java.lang.String org.jenkinsci.plugins.workflow.cps.CpsClosure2)
    at org.jenkinsci.plugins.scriptsecurity.sandbox.whitelists.StaticWhitelist.rejectMethod(StaticWhitelist.java:163)
    at org.jenkinsci.plugins.scriptsecurity.sandbox.groovy.SandboxInterceptor.onMethodCall(SandboxInterceptor.java:78)
    at org.jenkinsci.plugins.scriptsecurity.sandbox.groovy.SandboxInterceptor.onMethodCall(SandboxInterceptor.java:69)
    at org.kohsuke.groovy.sandbox.impl.Checker$1.call(Checker.java:149)
    at org.kohsuke.groovy.sandbox.impl.Checker.checkedCall(Checker.java:146)
    at com.cloudbees.groovy.cps.sandbox.SandboxInvoker.methodCall(SandboxInvoker.java:15)
    at WorkflowScript.dockerDeploy(WorkflowScript:290)
    at WorkflowScript.run(WorkflowScript:76)
    at ___cps.transform___(Native Method)
    at com.cloudbees.groovy.cps.impl.ContinuationGroup.methodCall(ContinuationGroup.java:55)
    at com.cloudbees.groovy.cps.impl.FunctionCallBlock$ContinuationImpl.dispatchOrArg(FunctionCallBlock.java:106)
    at com.cloudbees.groovy.cps.impl.FunctionCallBlock$ContinuationImpl.fixArg(FunctionCallBlock.java:79)
    at sun.reflect.GeneratedMethodAccessor317.invoke(Unknown Source)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
    at java.lang.reflect.Method.invoke(Method.java:498)
    at com.cloudbees.groovy.cps.impl.ContinuationPtr$ContinuationImpl.receive(ContinuationPtr.java:72)
    at com.cloudbees.groovy.cps.impl.ClosureBlock.eval(ClosureBlock.java:40)
    at com.cloudbees.groovy.cps.Next.step(Next.java:58)
    at com.cloudbees.groovy.cps.Continuable.run0(Continuable.java:154)
    at org.jenkinsci.plugins.workflow.cps.SandboxContinuable.access$001(SandboxContinuable.java:19)
    at org.jenkinsci.plugins.workflow.cps.SandboxContinuable$1.call(SandboxContinuable.java:33)
    at org.jenkinsci.plugins.workflow.cps.SandboxContinuable$1.call(SandboxContinuable.java:30)
    at org.jenkinsci.plugins.scriptsecurity.sandbox.groovy.GroovySandbox.runInSandbox(GroovySandbox.java:106)
    at org.jenkinsci.plugins.workflow.cps.SandboxContinuable.run0(SandboxContinuable.java:30)
    at org.jenkinsci.plugins.workflow.cps.CpsThread.runNextChunk(CpsThread.java:164)
    at org.jenkinsci.plugins.workflow.cps.CpsThreadGroup.run(CpsThreadGroup.java:277)
    at org.jenkinsci.plugins.workflow.cps.CpsThreadGroup.access$000(CpsThreadGroup.java:77)
    at org.jenkinsci.plugins.workflow.cps.CpsThreadGroup$2.call(CpsThreadGroup.java:186)
    at org.jenkinsci.plugins.workflow.cps.CpsThreadGroup$2.call(CpsThreadGroup.java:184)
    at org.jenkinsci.plugins.workflow.cps.CpsVmExecutorService$2.call(CpsVmExecutorService.java:47)
    at java.util.concurrent.FutureTask.run(FutureTask.java:266)
    at hudson.remoting.SingleLaneExecutorService$1.run(SingleLaneExecutorService.java:112)
    at jenkins.util.ContextResettingExecutorService$1.run(ContextResettingExecutorService.java:28)
    at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511)
    at java.util.concurrent.FutureTask.run(FutureTask.java:266)
    at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
    at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
    at java.lang.Thread.run(Thread.java:745)

I'm running on the latest Jenkins with all the latest plugin updates. Any ideas?

1.642.2 Jenkins

Plugins.txt
ace-editor:1.1
ant:1.2
antisamy-markup-formatter:1.3
async-http-client:1.7.24
aws-credentials:1.12
aws-java-sdk:1.10.45
branch-api:1.3
build-token-root:1.3
cloudbees-folder:5.3
conditional-buildstep:1.3.3
config-file-provider:2.10.0
copy-to-slave:1.4.4
copyartifact:1.37
credentials-binding:1.7
credentials:1.25
cvs:2.12
docker-build-publish:1.1
docker-commons:1.3.1
docker-custom-build-environment:1.6.4
docker-traceability:1.1
docker-workflow:1.4
dockerhub-notification:1.0.2
durable-task:1.8
envinject:1.92.1
external-monitor-job:1.4
git-client:1.19.6
git-server:1.6
git:2.4.2
github-api:1.72.1
github:1.17.1
handlebars:1.1.1
jackson2-api:2.5.4
javadoc:1.3
jenkins-jira-issue-updater:1.18
jira:2.2
job-dsl:1.44
jquery:1.11.2-0
jquery-detached:1.2.1
junit:1.11
ldap:1.11
mailer:1.16
managed-scripts:1.2.1
mapdb-api:1.0.6.0
mask-passwords:2.8
matrix-auth:1.3.2
matrix-project:1.6
maven-plugin:2.12.1
momentjs:1.1.1
multi-branch-project-plugin:0.4.1
node-iterator-api:1.5
nodelabelparameter:1.7.1
pam-auth:1.2
Parameterized-Remote-Trigger:2.2.2
parameterized-trigger:2.30
pipeline-rest-api:1.0
pipeline-stage-view:1.0
plain-credentials:1.1
promoted-builds:2.25
rebuild:1.25
run-condition:1.0
scm-api:1.1
script-security:1.17
skip-certificate-check:1.0
ssh-credentials:1.11
ssh-slaves:1.10
subversion:2.5.7
swarm:2.0
timestamper:1.7.4
token-macro:1.12.1
translation:1.12
vsphere-cloud:2.11
workflow-aggregator:1.15
workflow-api:1.15
workflow-basic-steps:1.15
workflow-cps-global-lib:1.15
workflow-cps:1.15
workflow-durable-task-step:1.15
workflow-job:1.15
workflow-multibranch:1.15
workflow-scm-step:1.15
workflow-step-api:1.15
workflow-support:1.15
like image 699
occasl Avatar asked Mar 17 '16 05:03

occasl


2 Answers

This is an ancient question, but I'd like to point out for the benefit of people googling the phrase at the top:

When you get a "Scripts not permitted to use method" error that is specifically about groovy.lang.GroovyObject invokeMethod, the reason is almost always that you have invoked a method on an object that does not have that method.

In this case, you tried to invoke docker.withDockerRegistry. There is no method on docker named withDockerRegistry.

The method is called simply withRegistry.

Note that "Scripts not permitted..." errors that are not about GroovyObject invokeMethod are actual permission issues, but such errors involving GroovyObject invokeMethod are generally the security system masking a "no such method" error

like image 197
Daniel Martin Avatar answered Oct 06 '22 21:10

Daniel Martin


I was able to get around this by installing docker-io on my slave from this Docker image and using a separate Docker host that could service the calls I needed to make to build, run and push my docker image to my registry.

I ended up using the following script to resolve this:

docker.withServer(DOCKER_MACHINE_HOSTNAME) {
    def image = docker.build(DOCKER_TAG, '.')

    // Test container then stop and remove it
    def container = image.run('--name ' + DOCKER_CONTAINER_NAME)
    container.stop()

    docker.withRegistry(DOCKER_REGISTRY, QUAY_CREDENTIALS_ID ) {
        image.push(DOCKER_APPLICATION_TAG)
    }
}
like image 20
occasl Avatar answered Oct 06 '22 21:10

occasl