Details
-
Type:
New Feature
-
Status: Resolved (View Workflow)
-
Priority:
Major
-
Resolution: Fixed
-
Component/s: pipeline
-
Labels:
-
Similar Issues:
-
Epic Link:
Description
Although you are required to have RUN_SCRIPTS to push anything to workflowLibs, the code is run under the same sandbox settings as the main Pipeline scripts. In the case of a Pipeline script using whole-script approval, it makes sense to be checking RUN_SCRIPTS for libraries. But in the case of Pipeline scripts configured to use the Groovy sandbox, the workflowLibs code is also run in the sandbox—a pointless restriction, since only a trusted user could have written that code. You would expect that the library code would be trusted and run in a privileged mode, so it could safely encapsulate otherwise unsafe method calls.
Attachments
Issue Links
- is blocking
-
JENKINS-32731 Allow plugins to contribute to Pipeline global library
-
- Resolved
-
- is related to
-
JENKINS-26538 Less-trusted workflow-cps-global-lib
-
- Resolved
-
- relates to
-
JENKINS-31155 Workflow shared library improvements
-
- Closed
-
-
JENKINS-37011 Provide a way to write full-fledged Steps in CPS-transformed Groovy
-
- Resolved
-
- links to