MPL-10 MPLConfig interface with advanced access to the configuration

griddynamics / mpl

[IT-36925] Jenkins Shared Modular Pipeline Library

https://blog.griddynamics.com/developing-a-modular-pipeline-library-to-improve-devops-collaboration/

Apache License 2.0

157 stars 97 forks source link

MPL-10 MPLConfig interface with advanced access to the configuration #27

Closed sparshev closed 5 years ago

sparshev commented 5 years ago

Prepared an interface for the configuration - it's a virtual one-level flatten map, allow to access config variables & set them for Maps and Lists.

I prepared some unit tests and checked over our nested library - seems working correctly and can build the MPL itself using Jenkins.

Please do not merge until community will be ok with this solution.

fixes #10

sparshev commented 5 years ago

I tested the changes over the existing pipelines & modules and found some issues with security on jenkins 2.150.1 and security plugin 1.54:

com.griddynamics.devops.mpl.MPLModuleException: Found error during execution of the module 'library:mpl/resources/com/griddynamics/devops/mpl/modules/Checkout/Checkout.groovy#5':
org.jenkinsci.plugins.scriptsecurity.sandbox.RejectedAccessException: Scripts not permitted to use method groovy.lang.GroovyObject getProperty java.lang.String (com.griddynamics.devops.mpl.MPLConfig.git)
    at Checkout.run(library:mpl/resources/com/griddynamics/devops/mpl/modules/Checkout/Checkout.groovy:5)
    at com.griddynamics.devops.mpl.Helper.runModule(file:/var/jenkins_home/jobs/mpl-10-test/builds/42/libs/mpl/src/com/griddynamics/devops/mpl/Helper.groovy:133)
    at MPLModule.call(/var/jenkins_home/jobs/mpl-10-test/builds/42/libs/mpl/vars/MPLModule.groovy:76)

Will try on the never jenkins & security plugin, but overall it doesn't look good...

sparshev commented 5 years ago

With Jenkins 2.176.1 & security plugin 1.60 - the same...

sparshev commented 5 years ago

Yeah, it's blocked: https://github.com/jenkinsci/script-security-plugin/blob/script-security-1.60/src/main/resources/org/jenkinsci/plugins/scriptsecurity/sandbox/whitelists/blacklist#L7 :

# Reflective access to Groovy is too open-ended. Approve only specific GroovyObject subclass methods.
method groovy.lang.GroovyObject getMetaClass
method groovy.lang.GroovyObject getProperty java.lang.String
...

sparshev commented 5 years ago

Ok, I fixed the security sandbox error in jenkins by using Map as an interface - for Map Security plugin allows the get & put methods execution.

Tested on jenkins with complicated pipeline - seems working well.

sparshev commented 5 years ago

Tested again on jenkins pipeline - looks good. So it's the working version that could be merged.

sparshev commented 5 years ago

Just rebased to the latest master

sparshev commented 5 years ago

Ok, looks like it could be merged since working fine.