Closed sparshev closed 5 years ago
I tested the changes over the existing pipelines & modules and found some issues with security on jenkins 2.150.1 and security plugin 1.54:
com.griddynamics.devops.mpl.MPLModuleException: Found error during execution of the module 'library:mpl/resources/com/griddynamics/devops/mpl/modules/Checkout/Checkout.groovy#5':
org.jenkinsci.plugins.scriptsecurity.sandbox.RejectedAccessException: Scripts not permitted to use method groovy.lang.GroovyObject getProperty java.lang.String (com.griddynamics.devops.mpl.MPLConfig.git)
at Checkout.run(library:mpl/resources/com/griddynamics/devops/mpl/modules/Checkout/Checkout.groovy:5)
at com.griddynamics.devops.mpl.Helper.runModule(file:/var/jenkins_home/jobs/mpl-10-test/builds/42/libs/mpl/src/com/griddynamics/devops/mpl/Helper.groovy:133)
at MPLModule.call(/var/jenkins_home/jobs/mpl-10-test/builds/42/libs/mpl/vars/MPLModule.groovy:76)
Will try on the never jenkins & security plugin, but overall it doesn't look good...
With Jenkins 2.176.1 & security plugin 1.60 - the same...
Yeah, it's blocked: https://github.com/jenkinsci/script-security-plugin/blob/script-security-1.60/src/main/resources/org/jenkinsci/plugins/scriptsecurity/sandbox/whitelists/blacklist#L7 :
# Reflective access to Groovy is too open-ended. Approve only specific GroovyObject subclass methods.
method groovy.lang.GroovyObject getMetaClass
method groovy.lang.GroovyObject getProperty java.lang.String
...
Ok, I fixed the security sandbox error in jenkins by using Map as an interface - for Map Security plugin allows the get
& put
methods execution.
Tested on jenkins with complicated pipeline - seems working well.
Tested again on jenkins pipeline - looks good. So it's the working version that could be merged.
Just rebased to the latest master
Ok, looks like it could be merged since working fine.
Prepared an interface for the configuration - it's a virtual one-level flatten map, allow to access config variables & set them for Maps and Lists.
I prepared some unit tests and checked over our nested library - seems working correctly and can build the MPL itself using Jenkins.
Please do not merge until community will be ok with this solution.
fixes #10