Hi,
Why I'm getting:
org.jenkinsci.plugins.scriptsecurity.sandbox.RejectedAccessException: Scripts not permitted to use method groovy.lang.GroovyObject invokeMethod java.lang.String java.lang.Object
when built-in steps are used inside closure for a global variable when closure.delegate = instance of class?
Please check the example bellow:
In shared library I have file vars/buildPlugin.groovy
def call(body) {
def config = new Dsl()
body.resolveStrategy = Closure.DELEGATE_FIRST
body.delegate = config
body()
echo "Name set by closure: ${config.name}"
}
class Dsl {
def name
}
and here is how it is using in Jenkinsfile (or pipeline script):
@Library('library.name') _
buildPlugin {
name = 'name_from_Jenkinsfile'
echo "Name from Jenkinsfile: ${name}"
}
This causes error:
org.jenkinsci.plugins.scriptsecurity.sandbox.RejectedAccessException: Scripts not permitted to use method groovy.lang.GroovyObject invokeMethod java.lang.String java.lang.Object (Dsl echo org.codehaus.groovy.runtime.GStringImpl)
However if I change the delegate to be the Map everything works as expected:
def call(body) {
def config = [:]
// def config = new Dsl()
body.resolveStrategy = Closure.DELEGATE_FIRST
body.delegate = config
body()
echo "Name set by closure ${config.name}"
}
class Dsl {
def name
}
For what it's worth - If I uncheck Use Groovy Sandbox checkbox in pipeline job config I don't have RejectedAccessException even when config is instance of Dsl().
I know that I can just approve this signature but unlikely it is a right way to go.
I will be grateful for any help/hint.