Torben Knerr added a comment - 2017-01-30 20:18 Did anyone ever get this to work with the `configure` block? I lost a day of my life trying to modify the job xml in a `configure` block to enable the sandbox. Finally I got it so far: pipelineJob( "foo" ) { parameters { activeChoiceParam( 'Param' ) { choiceType( 'SINGLE_SELECT' ) groovyScript { script( ' return [ "a" , "b" , "c" ]' ) } } } // we need to wrap the active choice parameters' groovy script and fallbackScript // inside a secureScript wrapper with the sandbox enabled configure { proj -> // find all <script class= "...GroovyScript" > nodes via depth-first search def scriptContainers = proj. '**' .findAll{ n -> n.class == Node && n. '@class' == 'org.biouno.unochoice.model.GroovyScript' } scriptContainers.each { s -> // wrap <script> inside a <secureScript> s.appendNode( 'secureScript' , [plugin: 'script-security@1.25' ]).with { appendNode( 'script' , s.script.value) appendNode( 'sandbox' , ' true ' ) parent.remove(s.script) } } } } It seems to work (i.e. XML looks ok) on https://job-dsl.herokuapp.com/ , but when used in Jenkins it still does not work. The generated config.xml ends up with both <script> and <secureScript> tags side-by-side, i.e. the removal of the script element via {{ parent.remove(s.script) }} does not work when this JobDSL runs in Jenkins. I had tried a variation with {{ replaceNode }} but this would not work in https://job-dsl.herokuapp.com ("java.lang.UnsupportedOperationException: Replacing the root node is not supported"). It did not throw this exception when run in Jenkins, but also not make any difference – still both elements there and the script needs approval. Help?!

Daniel Spilker added a comment - 2017-01-31 08:23 Use the Automatically Generated DSL : job( 'example' ) { parameters { choiceParameter { name( 'Param' ) script { groovyScript { script { script( ' return [ "a" , "b" , "c" ]' ) sandbox( true ) } fallbackScript { script('') sandbox( false ) } } } choiceType( 'SINGLE_SELECT' ) description( 'example param' ) randomName( 'param-4711' ) filterable( false ) } } }

Torben Knerr added a comment - 2017-01-31 11:12 daspilker oh that is possible? It wasn't showing up on my local instances embedded API viewer, so I thought the automatically generated DSL would not be available. How can I tell if it is?

Daniel Spilker added a comment - 2017-01-31 11:17 tknerr You must use the choiceParameter instead of activeChoiceParam . choiceParameter is provided by the Automatically Generated DSL, activeChoiceParam is the built-in DSL.

Torben Knerr added a comment - 2017-01-31 11:22 daspilker nevermind, I found it. Did not notice that the generated parameter is named differently ("choiceParameter"): Your example from above is working (in that it generates a valid config.xml at least) and gets me a big step further. Thanks a lot!

Dana Goyette added a comment - 2017-02-10 00:03 Using automatically generated DSL is a workaround, not a fix. We need real / direct support for enabling sandboxing. If I try to use automatically generated DSL, then "mvn test" in my dsl source fails, and the only examples of tests of automatically-generated DSL use gradle, not maven.