Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-51262

Job dsl and Authorize Project plugin is not working with "Sandbox" policy for executing groovy scripts.

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Not A Defect
    • Icon: Minor Minor

      The issue we faced is job DSL plugin is not honoring groovy sandbox policies.

      we have installed structs plugin 1.13 version , Authorize Project plugin and Script Security plugin.


      Developer usually need to use "Sandbox" for executing groovy as it doesn't require any approval from administrators.


      We can see that this policy is working well in templates, pipelines and regular jobs. But it is failing when used in combination of "job dsl"and "Authorize Project plugin".


      This combination is expecting users who triggered job to have "Overall/RunScripts" access.This access cannot be given to developers.

      We configured job dsl to execute a groovy script in sandbox.

      For triggering this job, we used Authorization step with "Run as User who triggered Build".

       

      The build never executes and simply show waiting for next executor - even though that slave is idle.

       

      we can run the same build successfully as  admin and have "RunScripts" access. As developers we don't have this access and it is showing waiting for executor.

       

            daspilker Daniel Spilker
            karthik_haluven karthik h v
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Created:
              Updated:
              Resolved: