Hi I have some jenkinfiles which worked perfectly when I just copied them to a simple pipeline job. After shifting to a multibranch or jenkinsfile from scm all of them get a rejected access exception, which makes sense due to groovy sand boxing
ERROR: Failed: org.jenkinsci.plugins.scriptsecurity.sandbox.RejectedAccessException: Scripts not permitted to use new java.util.HashMap
on a command, which is just parsing an xml from a get with curl
13:55:28 + xmllint --xpath string(//action/cause/shortDescription) JENKINS_REST_API_RESULTS
[Pipeline] readFile
[Pipeline] error
[Pipeline] echo
My problem is I have admin privileges for jenkins. I also have permission to read/RunScripts in Overall, but I still don't see an approval request for "java.util.HashMap" in scriptApproval section.
At one point I had approvals due to my testing but now what ever I try e.g. moving the job a simple pipeline enabling sandboxing, creating a multibranch, loading the jenkinsfile through scm, nothing triggers a script approval for "java.util.HashMap". Which I am not even sure I require because I am the admin my self, who is creating these jobs.
And I see no way to whitelist certain methods my self, until or unless as Patrick Wolf mentioned to create a plugin and install it. Is there any solution for this currently. And I totally vote for a disabled or a limited sandboxed environment, with the choice easily accessible from the configuration.
|