Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-39943

Artifactory gradle usage has wrong documentation for GradleDeployer.usesPlugin usage

    • Icon: Bug Bug
    • Resolution: Unresolved
    • Icon: Blocker Blocker
    • artifactory-plugin
    • None
    • Jenkins 2.33
      Script Security 1.24
      Artifactory 2.8.1
      Gradle 1.25

      In code that attempts to publish to artifactory using gradle I can't set the usesPlugin property like:
      def rtGradle = Artifactory.newGradleBuild()
      rtGradle.tool = "Gradle_2_14_1"
      rtGradle.setUsesPlugin(true)
      causes: org.jenkinsci.plugins.scriptsecurity.sandbox.RejectedAccessException: unclassified method org.jfrog.hudson.pipeline.types.GradleBuild setUsesPlugin java.lang.Boolean

      Which is @Whitelisted according to:
      https://github.com/jenkinsci/artifactory-plugin/blob/artifactory-2.8.1/src/main/java/org/jfrog/hudson/pipeline/types/deployers/GradleDeployer.java#L46

      The documented way to set this boolean is:
      rtGradle.usesPlugin = true
      but that causes: org.jenkinsci.plugins.scriptsecurity.sandbox.RejectedAccessException: unclassified field org.jfrog.hudson.pipeline.types.GradleBuild usesPlugin

      My /scriptApproval/ shows nothing to approve.

          [JENKINS-39943] Artifactory gradle usage has wrong documentation for GradleDeployer.usesPlugin usage

          Jesse Glick added a comment -

          Any “unclassified” error means that script-security could not even figure out what method you are trying to call, so whether that method is in fact whitelisted is irrelevant. No idea offhand why that would be thrown in this case; usually the result of doing something overly clever with Groovy. Would need to investigate, assuming there are some steps to reproduce from scratch.

          Jesse Glick added a comment - Any “unclassified” error means that script-security could not even figure out what method you are trying to call, so whether that method is in fact whitelisted is irrelevant. No idea offhand why that would be thrown in this case; usually the result of doing something overly clever with Groovy. Would need to investigate, assuming there are some steps to reproduce from scratch .

          Ing. Christoph Obexer added a comment - - edited

          To reproduce from scratch do:
          1.) Configure Artifactory server with ID "local-dummy-server" (does not need to exist)
          2.) Configure a Gradle installation with name "Gradle_2_14_1" with that same version (URL: https://services.gradle.org/distributions/gradle-2.14.1-all.zip) (well likely not needed either)
          3.) Create a pipeline job with below script

          node ('master') {
              def server = Artifactory.server('local-dummy-server')
              def rtGradle = Artifactory.newGradleBuild()
              rtGradle.usesPlugin = true // or rtGradle.setUsesPlugin(true)
              rtGradle.tool = "Gradle_2_14_1"
              def buildInfo = rtGradle.run buildFile: 'build.gradle', tasks: 'clean artifactoryPublish'
          }
          

          4.) run => exception

          Ing. Christoph Obexer added a comment - - edited To reproduce from scratch do: 1.) Configure Artifactory server with ID "local-dummy-server" (does not need to exist) 2.) Configure a Gradle installation with name "Gradle_2_14_1" with that same version (URL: https://services.gradle.org/distributions/gradle-2.14.1-all.zip ) (well likely not needed either) 3.) Create a pipeline job with below script node ('master') { def server = Artifactory.server('local-dummy-server') def rtGradle = Artifactory.newGradleBuild() rtGradle.usesPlugin = true // or rtGradle.setUsesPlugin(true) rtGradle.tool = "Gradle_2_14_1" def buildInfo = rtGradle.run buildFile: 'build.gradle', tasks: 'clean artifactoryPublish' } 4.) run => exception

          jglick Why would the script security plugin not know which method is to be called considering the error points at the correct class, the correct method name and somewhat correct parameters(should be a boolean not the wrapper class)?
          Passing the true as the return value of Boolean.valueOf (which needed to be approved and did show up in /scriptApproval ) did not change the message tough.

          Ing. Christoph Obexer added a comment - jglick Why would the script security plugin not know which method is to be called considering the error points at the correct class, the correct method name and somewhat correct parameters(should be a boolean not the wrapper class)? Passing the true as the return value of Boolean.valueOf (which needed to be approved and did show up in /scriptApproval ) did not change the message tough.

          jglick So in the meantime I figured out that the problem is wrong documentation and not a problem in the script security plugin!

          The correct version is:

          rtGradle.deployer usesPlugin: true
          

          However after setting that my gradle build did not get any credentials passed (the three properties that Artifactory suggest when you use the "set me up" link in it's webui):
          No artifactory_user no artifactory_password and no artifactory_contextUrl at that point I just used the gradle command-line directly because the Artifactory plugin doesn't provide anything useful at that point.

          Ing. Christoph Obexer added a comment - jglick So in the meantime I figured out that the problem is wrong documentation and not a problem in the script security plugin! The correct version is: rtGradle.deployer usesPlugin: true However after setting that my gradle build did not get any credentials passed (the three properties that Artifactory suggest when you use the "set me up" link in it's webui): No artifactory_user no artifactory_password and no artifactory_contextUrl at that point I just used the gradle command-line directly because the Artifactory plugin doesn't provide anything useful at that point.

          eyalbe eyalb: Is one of these accounts better than the other one? Why are there two? And which one is supposed to be assigned by default?

          Ing. Christoph Obexer added a comment - eyalbe eyalb : Is one of these accounts better than the other one? Why are there two? And which one is supposed to be assigned by default?

          Jesse Glick added a comment -

          Probably some bug remains in script-security that it fails to properly detect that what you are about to do should throw a runtime exception explaining the missing method, rather than misleadingly report a security violation. You can file a separate bug for that if you like (I do not have time right now to track it down—easiest if there is a minimal test case that does not involve the Artifactory plugin).

          Jesse Glick added a comment - Probably some bug remains in script-security that it fails to properly detect that what you are about to do should throw a runtime exception explaining the missing method, rather than misleadingly report a security violation. You can file a separate bug for that if you like (I do not have time right now to track it down—easiest if there is a minimal test case that does not involve the Artifactory plugin).

          Thank you all for reporting this issue.
          Indeed the "usesPlugin" method is currently accesses through the deployer object. This is actually a bug, because the "usesPlugin" functionality is not relevant only for deployment. It makes since for the API to be accessed as:
          rtGradle.usesPlugin = true
          We truly apologise for the inconvenience.
          We opened the following issue to track this task. Please follow it for updates:
          https://www.jfrog.com/jira/browse/HAP-851

          Eyal Ben Moshe added a comment - Thank you all for reporting this issue. Indeed the "usesPlugin" method is currently accesses through the deployer object. This is actually a bug, because the "usesPlugin" functionality is not relevant only for deployment. It makes since for the API to be accessed as: rtGradle.usesPlugin = true We truly apologise for the inconvenience. We opened the following issue to track this task. Please follow it for updates: https://www.jfrog.com/jira/browse/HAP-851

          eyalbe If I set rtGradle.usesPlugin = true will there be any communication between the Jenkins plugin and the Artifactory Gradle plugin? Will I get useful build infos and automatic passing of credentials or do I loose all that by setting usesPlugin to true?

          Ing. Christoph Obexer added a comment - eyalbe If I set rtGradle.usesPlugin = true will there be any communication between the Jenkins plugin and the Artifactory Gradle plugin? Will I get useful build infos and automatic passing of credentials or do I loose all that by setting usesPlugin to true?

            eyalb Eyal Ben Moshe
            cobexer Ing. Christoph Obexer
            Votes:
            1 Vote for this issue
            Watchers:
            5 Start watching this issue

              Created:
              Updated: