[JIRA] [docker-workflow-plugin] (JENKINS-34288) docker pull gives "Scripts not permitted to use new" error

5 views
Skip to first unread message

docwhat@gerf.org (JIRA)

unread,
Apr 15, 2016, 4:12:02 PM4/15/16
to jenkinsc...@googlegroups.com
Christian Höltje created an issue
 
Jenkins / Bug JENKINS-34288
docker pull gives "Scripts not permitted to use new" error
Issue Type: Bug Bug
Assignee: Jesse Glick
Components: docker-workflow-plugin
Created: 2016/Apr/15 8:11 PM
Environment: Jenkins 1.651.1
CloudBees Docker Pipeline 1.4
Pipeline 2.0
Priority: Minor Minor
Reporter: Christian Höltje

Given the following code in a Jenkinsfile:

{{
node('docker')

{ def sdk = docker.image('some-image:latest'); sdk.pull(); }

}}

I get this traceback:

{{org.jenkinsci.plugins.scriptsecurity.sandbox.RejectedAccessException: Scripts not permitted to use new org.jenkinsci.plugins.docker.commons.credentials.DockerRegistryEndpoint java.lang.String java.lang.String
at org.jenkinsci.plugins.scriptsecurity.sandbox.whitelists.StaticWhitelist.rejectNew(StaticWhitelist.java:167)
at org.jenkinsci.plugins.scriptsecurity.sandbox.groovy.SandboxInterceptor.onNewInstance(SandboxInterceptor.java:116)
at org.kohsuke.groovy.sandbox.impl.Checker$3.call(Checker.java:191)
at org.kohsuke.groovy.sandbox.impl.Checker.checkedConstructor(Checker.java:188)
at com.cloudbees.groovy.cps.sandbox.SandboxInvoker.constructorCall(SandboxInvoker.java:19)
at org.jenkinsci.plugins.docker.workflow.Docker$Image.toQualifiedImageName(jar:file:/var/lib/jenkins/plugins/docker-workflow/WEB-INF/lib/docker-workflow.jar!/org/jenkinsci/plugins/docker/workflow/Docker.groovy:96)
at org.jenkinsci.plugins.docker.workflow.Docker$Image.imageName(jar:file:/var/lib/jenkins/plugins/docker-workflow/WEB-INF/lib/docker-workflow.jar!/org/jenkinsci/plugins/docker/workflow/Docker.groovy:100)
at org.jenkinsci.plugins.docker.workflow.Docker$Image.pull(jar:file:/var/lib/jenkins/plugins/docker-workflow/WEB-INF/lib/docker-workflow.jar!/org/jenkinsci/plugins/docker/workflow/Docker.groovy:120)
at org.jenkinsci.plugins.docker.workflow.Docker.node(jar:file:/var/lib/jenkins/plugins/docker-workflow/WEB-INF/lib/docker-workflow.jar!/org/jenkinsci/plugins/docker/workflow/Docker.groovy:63)
at org.jenkinsci.plugins.docker.workflow.Docker$Image.pull(jar:file:/var/lib/jenkins/plugins/docker-workflow/WEB-INF/lib/docker-workflow.jar!/org/jenkinsci/plugins/docker/workflow/Docker.groovy:119)
at WorkflowScript.run(WorkflowScript:8)
at __cps.transform__(Native Method)
at com.cloudbees.groovy.cps.impl.FunctionCallBlock$ContinuationImpl.dispatchOrArg(FunctionCallBlock.java:93)
at com.cloudbees.groovy.cps.impl.FunctionCallBlock$ContinuationImpl.fixArg(FunctionCallBlock.java:79)
at sun.reflect.GeneratedMethodAccessor91.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at com.cloudbees.groovy.cps.impl.ContinuationPtr$ContinuationImpl.receive(ContinuationPtr.java:72)
at com.cloudbees.groovy.cps.impl.ConstantBlock.eval(ConstantBlock.java:21)
at com.cloudbees.groovy.cps.Next.step(Next.java:58)
at com.cloudbees.groovy.cps.Continuable.run0(Continuable.java:154)
at org.jenkinsci.plugins.workflow.cps.SandboxContinuable.access$001(SandboxContinuable.java:19)
at org.jenkinsci.plugins.workflow.cps.SandboxContinuable$1.call(SandboxContinuable.java:33)
at org.jenkinsci.plugins.workflow.cps.SandboxContinuable$1.call(SandboxContinuable.java:30)
at org.jenkinsci.plugins.scriptsecurity.sandbox.groovy.GroovySandbox.runInSandbox(GroovySandbox.java:106)
at org.jenkinsci.plugins.workflow.cps.SandboxContinuable.run0(SandboxContinuable.java:30)
at org.jenkinsci.plugins.workflow.cps.CpsThread.runNextChunk(CpsThread.java:164)
at org.jenkinsci.plugins.workflow.cps.CpsThreadGroup.run(CpsThreadGroup.java:277)
at org.jenkinsci.plugins.workflow.cps.CpsThreadGroup.access$000(CpsThreadGroup.java:77)
at org.jenkinsci.plugins.workflow.cps.CpsThreadGroup$2.call(CpsThreadGroup.java:186)
at org.jenkinsci.plugins.workflow.cps.CpsThreadGroup$2.call(CpsThreadGroup.java:184)
at org.jenkinsci.plugins.workflow.cps.CpsVmExecutorService$2.call(CpsVmExecutorService.java:47)
at java.util.concurrent.FutureTask.run(FutureTask.java:266)
at hudson.remoting.SingleLaneExecutorService$1.run(SingleLaneExecutorService.java:112)
at jenkins.util.ContextResettingExecutorService$1.run(ContextResettingExecutorService.java:28)
at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511)
at java.util.concurrent.FutureTask.run(FutureTask.java:266)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
at java.lang.Thread.run(Thread.java:745)}}

Add Comment Add Comment
 
This message was sent by Atlassian JIRA (v6.4.2#64017-sha1:e244265)
Atlassian logo

docwhat@gerf.org (JIRA)

unread,
Apr 15, 2016, 5:15:01 PM4/15/16
to jenkinsc...@googlegroups.com
Christian Höltje updated an issue
Change By: Christian Höltje
Given the following code in a {{Jenkinsfile}}:

{{

node('docker') {
  def sdk = docker.image('some-image:latest');
  sdk.pull();
}
}}

I get this traceback:

{{org.jenkinsci.plugins.scriptsecurity.sandbox.RejectedAccessException: Scripts not permitted to use new org.jenkinsci.plugins.docker.commons.credentials.DockerRegistryEndpoint java.lang.String java.lang.String
at org.jenkinsci.plugins.scriptsecurity.sandbox.whitelists.StaticWhitelist.rejectNew(StaticWhitelist.java:167)
at org.jenkinsci.plugins.scriptsecurity.sandbox.groovy.SandboxInterceptor.onNewInstance(SandboxInterceptor.java:116)
at org.kohsuke.groovy.sandbox.impl.Checker$3.call(Checker.java:191)
at org.kohsuke.groovy.sandbox.impl.Checker.checkedConstructor(Checker.java:188)
at com.cloudbees.groovy.cps.sandbox.SandboxInvoker.constructorCall(SandboxInvoker.java:19)
at org.jenkinsci.plugins.docker.workflow.Docker$Image.toQualifiedImageName(jar:file:/var/lib/jenkins/plugins/docker-workflow/WEB-INF/lib/docker-workflow.jar!/org/jenkinsci/plugins/docker/workflow/Docker.groovy:96)
at org.jenkinsci.plugins.docker.workflow.Docker$Image.imageName(jar:file:/var/lib/jenkins/plugins/docker-workflow/WEB-INF/lib/docker-workflow.jar!/org/jenkinsci/plugins/docker/workflow/Docker.groovy:100)
at org.jenkinsci.plugins.docker.workflow.Docker$Image.pull(jar:file:/var/lib/jenkins/plugins/docker-workflow/WEB-INF/lib/docker-workflow.jar!/org/jenkinsci/plugins/docker/workflow/Docker.groovy:120)
at org.jenkinsci.plugins.docker.workflow.Docker.node(jar:file:/var/lib/jenkins/plugins/docker-workflow/WEB-INF/lib/docker-workflow.jar!/org/jenkinsci/plugins/docker/workflow/Docker.groovy:63)
at org.jenkinsci.plugins.docker.workflow.Docker$Image.pull(jar:file:/var/lib/jenkins/plugins/docker-workflow/WEB-INF/lib/docker-workflow.jar!/org/jenkinsci/plugins/docker/workflow/Docker.groovy:119)
at WorkflowScript.run(WorkflowScript:8)
at ___cps.transform___(Native Method)

docwhat@gerf.org (JIRA)

unread,
Apr 15, 2016, 5:16:04 PM4/15/16
to jenkinsc...@googlegroups.com
Christian Höltje updated an issue
Given the following code in a {{Jenkinsfile}}:


{ { code:java}
node('docker') {
  def sdk = docker.image('some-image:latest');
  sdk.pull();
}
{code } }

I get this traceback:


{ { code:java}

{code
} }

docwhat@gerf.org (JIRA)

unread,
Apr 15, 2016, 5:18:01 PM4/15/16
to jenkinsc...@googlegroups.com
Christian Höltje updated an issue
Given the following code in a {{Jenkinsfile}}:


{code:java}
node('docker') {
  def sdk = docker.image('some-image:latest');
  sdk.pull();
}
{code}

I get this traceback:


{ code:java noformat }
{ code noformat }

jglick@cloudbees.com (JIRA)

unread,
Apr 19, 2016, 11:43:02 AM4/19/16
to jenkinsc...@googlegroups.com
Jesse Glick commented on Bug JENKINS-34288
 
Re: docker pull gives "Scripts not permitted to use new" error

This code ought to be supplying that whitelist entry. Reproducible from scratch in a clean environment?

jglick@cloudbees.com (JIRA)

unread,
Apr 19, 2016, 11:46:01 AM4/19/16
to jenkinsc...@googlegroups.com

And this test code fails if and only if you comment out the aforementioned line.

docwhat@gerf.org (JIRA)

unread,
Apr 19, 2016, 11:58:01 AM4/19/16
to jenkinsc...@googlegroups.com

The environment I used originally was pretty clean. I had only just installed the plugins and started playing with them.

However, now that I have had the system up and have uninstalled and re-installed the plugins multiple times: it now works.

I'm fairly certain I was restarting Jenkins after installing plugins, but I can't be positive.

docwhat@gerf.org (JIRA)

unread,
Apr 19, 2016, 12:22:01 PM4/19/16
to jenkinsc...@googlegroups.com

I cannot reproduce on a clean version of Jenkins. Maybe I had an older version of the plugin for some reason?

docwhat@gerf.org (JIRA)

unread,
Apr 19, 2016, 12:23:01 PM4/19/16
to jenkinsc...@googlegroups.com
Christian Höltje resolved as Cannot Reproduce
 
Change By: Christian Höltje
Status: Open Resolved
Resolution: Cannot Reproduce
Reply all
Reply to author
Forward
0 new messages