Menu
The following script for the Jenkins Workflow plugin:
def mapping = readFile 'a file'
mapping.eachLine {
def line = it.tokenize('|')
sh "${line[1]}"
}
requires script approvals:
staticMethod org.codehaus.groovy.runtime.DefaultGroovyMethods tokenize java.lang.String java.lang.String
staticMethod org.codehaus.groovy.runtime.DefaultGroovyMethods eachLine java.lang.String java.lang.String
In order to have the script run successfully a build must be attempted, a manual approval must be granted, and then another build must be attempted again, and so on.
For large scripts it is a rather tedious process to keep white listing methods.
Is there a subset of groovy methods which do not require script approval and/or white listing?
660
Script Approval This simple Jenkins security system is designed to allow any kind of script to be run, but only with an administrator’s approval. There is a global list of scripts and you have to approve each one to be able to run it. They are blocked to prevent any malicious actions.
The first, the Groovy Sandbox, is enabled by default for Jenkins Pipeline allowing user-supplied Scripted and Declarative Pipeline to execute without prior Administrator intervention. The second, Script Approval, allows Administrators to approve or deny unsandboxed scripts, or allow sandboxed scripts to execute additional methods.
After you approve the script, job can be run without failing. Problem starts if your scripts automatically sets up something in Jenkins, for example you want to create a ready-to-work machine that does not require further GUI operations or a seed job that uses groovy to create other jobs.
Companies can accelerate their software development process by using Jenkins, as Jenkins can automate build and test rapidly. Jenkins workflow is the old name for the Jenkins pipeline. Pipelines are the Jenkins job which a user-defined programmatically using the groovy script
You just need to approve the newly run methods as they come up.
The Script Security plugin ships with some methods whitelisted already. The methods you listed here have not made it in yet. JENKINS-25804 tracks the desire to whitelist routine computational methods by default.
Note that if you are using the Groovy CPS DSL from SCM script source, there is intentionally no option to disable sandbox mode, i.e., to use whole-script approval mode. That is because an administrator would need to approve the whole script after every committed edit, no matter how trivial. By contrast, with the Groovy CPS DSL source, every edit made by an administrator gets immediately recorded as approved without a separate step.
143
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
