Issue
- Want to avoid script approvals with a Jenkins Pipeline Groovy script
Environment
- CloudBees Jenkins Enterprise
- Pipeline plugin
Resolution
With Groovy CPS DSL from SCM there is intentionally no option to disable sandbox mode (though such a RFE is filed), i.e., to use whole-script approval mode.
On the other hand, Groovy CPS DSL source, you have two modes: with or without sandbox. These are very different. Without the sandbox, the whole script must be approved, or this is done implicitly if the edit is done by an administrator. With the sandbox, every method call (etc.) must be approved, regardless of user. For Groovy CPS DSL from SCM, currently only sandbox mode is offered; JENKINS-28178 tracks alternatives. https://wiki.jenkins-ci.org/display/JENKINS/Script+Security+Plugin\#ScriptSecurityPlugin-User%E2%80%99sguide gives more context.
Comments
1 comment
For Groovy CPS DSL, you have two modes: with or without sandbox. These are very different. Without the sandbox, the whole script must be approved, or this is done implicitly if the edit is done by an administrator. With the sandbox, every method call (etc.) must be approved, regardless of user. For Groovy CPS DSL from SCM, currently only sandbox mode is offered; JENKINS-28178 tracks alternatives. https://wiki.jenkins-ci.org/display/JENKINS/Script+Security+Plugin#ScriptSecurityPlugin-User%E2%80%99sguide gives more context.
Please sign in to leave a comment.