-
Type:
Bug
-
Resolution: Unresolved
-
Priority:
Minor
-
Component/s: script-security-plugin
-
None
-
Environment:Jenkins 2.462.1
script-security: 1354.va_70a_fe478c7f
workflow-cps: 3953.v19f11da_8d2fa_
When I run a NonCPS method in a parallel() it gets attacked by RejectEverythingInterceptor check. Look at this very simple scripted pipeline:
@NonCPS
def parallelBlock() {
  return {echo("Hello World")}
}
parallel('linux_32': parallelBlock(), 'linux_64': parallelBlock())
Exception:
java.lang.SecurityException: Rejecting unsandboxed method call: WorkflowScript.invokeMethod(java.lang.String, [Ljava.lang.Object at PluginClassLoader for script-security//org.kohsuke.groovy.sandbox.impl.RejectEverythingInterceptor.onMethodCall(RejectEverythingInterceptor.java:44) at PluginClassLoader for script-security//org.kohsuke.groovy.sandbox.impl.Checker$1.call(Checker.java:178) at PluginClassLoader for script-security//org.kohsuke.groovy.sandbox.impl.Checker.checkedCall(Checker.java:182) at PluginClassLoader for script-security//org.kohsuke.groovy.sandbox.impl.Checker.checkedCall(Checker.java:152) at org.kohsuke.groovy.sandbox.impl.Checker$checkedCall$0.callStatic(Unknown Source) at org.codehaus.groovy.runtime.callsite.CallSiteArray.defaultCallStatic(CallSiteArray.java:55) at org.codehaus.groovy.runtime.callsite.AbstractCallSite.callStatic(AbstractCallSite.java:197) at WorkflowScript$_parallelBlock_closure1.doCall(WorkflowScript:3)
The workaround is to introduce an intermediate CPS method which calls the NonCPS method:
@NonCPS
def parallelBlockBody() {
  echo("Hello World!")
}
def parallelBlock() {
  return {parallelBlockBody()}
}
parallel('linux_32': parallelBlock(), 'linux_64': parallelBlock())
I suppose it is a bug, because I did not find in the description of parallel() that it does not support NonCPS.
P. S.: I wanted to choose https://github.com/jenkinsci/groovy-sandbox , but it is not available in "Component/s" so I selected script-security-plugin.