全局共享库自定义步骤RejectedAccessException

问题描述 投票:0回答:1

我正在尝试干燥我们的詹金斯管道之一并将一些逻辑移至共享库。我已将该库设置为全局共享库,但我仍然遇到我不明白的安全错误。据我了解,我的全局共享库不应该有这个问题。

我已经按照文档设置了共享库。我有一个单独的存储库。由于我只是想将重复的步骤包装到单个自定义步骤中,因此我的存储库如下所示: 

vars
中,我有一个 groovy 文件,其中包含以下内容:

// vars/buildResolverMicroService.groovy

def call(String configFile, String artifactName, String versionString, String classifier) {

    rtMavenRun (
        tool: 'Maven', // Tool name from Jenkins configuration
        pom: 'pom.xml',
        goals: "clean package -P prod -Dloadme.file=${configFile}",
        resolverId: "MAVEN_RESOLVER"
    )

    fileOperations([
        /** Some file operations **/
    ])

    zip(zipFile: "${artifactName}-${versionString}-${classifier}.zip", archive: true, dir: 'build/')
}

然后在我的 Jenkinsfile 中我这样做:

@Library("my-library@master") _

branch = env.BRANCH_NAME
version = '1.0.0'

versionString = branch == 'master' ? version : "${version}-SNAPSHOT"
artifactName = 'my-artifact'
pomFileName = "${artifactName}-${versionString}.pom"

repo = branch == 'master' ? 'Releases' : 'Snapshots'
repositoryLocation = "my/${repo}/in/artifactory"

currentBuild.displayName = branch == 'master' ? versionString : "${versionString}.${env.BUILD_NUMBER}"

artifactoryServerId = 'artifactory-repo1'

pipeline {
    agent {
        label 'my-agent'
    }

    stages {

        stage ('Setup') {
            steps {

                rtServer (
                    id: 'Artifactory'
                )

                rtMavenResolver (
                    id: 'MAVEN_RESOLVER',
                    serverId: 'Artifactory'
                )

                /** more setup **/
            }
        }

        stage ('Build Service 1') {
            steps {
                buildResolverMicroService configFile: 'config1.txt', classifier: 'service1'
            }
        }

        stage ('Build Service 2') {
            steps {
                buildResolverMicroService configFile: 'config2.txt', classifier: 'service2'
            }
        }

        /** Upload to artifactory **/
    }
    post {
        always {
            cleanWs()
        }
    }
}

构建将成功完成 

Setup
阶段,但会失败,并出现我的自定义步骤中的以下异常:

org.jenkinsci.plugins.scriptsecurity.sandbox.RejectedAccessException: Scripts not permitted to use method groovy.lang.GroovyObject invokeMethod java.lang.String java.lang.Object (org.jenkinsci.plugins.workflow.cps.CpsClosure2 buildResolverMicroService java.util.LinkedHashMap)
    at org.jenkinsci.plugins.scriptsecurity.sandbox.whitelists.StaticWhitelist.rejectMethod(StaticWhitelist.java:270)
    at org.jenkinsci.plugins.scriptsecurity.sandbox.groovy.SandboxInterceptor.onMethodCall(SandboxInterceptor.java:159)
    at org.jenkinsci.plugins.scriptsecurity.sandbox.groovy.SandboxInterceptor.onMethodCall(SandboxInterceptor.java:142)
    at org.kohsuke.groovy.sandbox.impl.Checker$1.call(Checker.java:161)
    at org.kohsuke.groovy.sandbox.impl.Checker.checkedCall(Checker.java:165)
    at org.kohsuke.groovy.sandbox.impl.Checker.checkedCall(Checker.java:135)
    at com.cloudbees.groovy.cps.sandbox.SandboxInvoker.methodCall(SandboxInvoker.java:17)
    at WorkflowScript.run(WorkflowScript:100)
    at org.jenkinsci.plugins.pipeline.modeldefinition.ModelInterpreter.delegateAndExecute(ModelInterpreter.groovy:137)
    at org.jenkinsci.plugins.pipeline.modeldefinition.ModelInterpreter.executeSingleStage(ModelInterpreter.groovy:661)
    at org.jenkinsci.plugins.pipeline.modeldefinition.ModelInterpreter.catchRequiredContextForNode(ModelInterpreter.groovy:395)
    at org.jenkinsci.plugins.pipeline.modeldefinition.ModelInterpreter.catchRequiredContextForNode(ModelInterpreter.groovy:393)
    at org.jenkinsci.plugins.pipeline.modeldefinition.ModelInterpreter.executeSingleStage(ModelInterpreter.groovy:660)
    at org.jenkinsci.plugins.pipeline.modeldefinition.ModelInterpreter.evaluateStage(ModelInterpreter.groovy:288)
    at org.jenkinsci.plugins.pipeline.modeldefinition.ModelInterpreter.toolsBlock(ModelInterpreter.groovy:544)
    at org.jenkinsci.plugins.pipeline.modeldefinition.ModelInterpreter.toolsBlock(ModelInterpreter.groovy:543)
    at org.jenkinsci.plugins.pipeline.modeldefinition.ModelInterpreter.evaluateStage(ModelInterpreter.groovy:276)
    at org.jenkinsci.plugins.pipeline.modeldefinition.ModelInterpreter.withEnvBlock(ModelInterpreter.groovy:443)
    at org.jenkinsci.plugins.pipeline.modeldefinition.ModelInterpreter.withEnvBlock(ModelInterpreter.groovy:442)
    at org.jenkinsci.plugins.pipeline.modeldefinition.ModelInterpreter.evaluateStage(ModelInterpreter.groovy:275)
    at org.jenkinsci.plugins.pipeline.modeldefinition.ModelInterpreter.withCredentialsBlock(ModelInterpreter.groovy:481)
    at org.jenkinsci.plugins.pipeline.modeldefinition.ModelInterpreter.withCredentialsBlock(ModelInterpreter.groovy:480)
    at org.jenkinsci.plugins.pipeline.modeldefinition.ModelInterpreter.evaluateStage(ModelInterpreter.groovy:274)
    at org.jenkinsci.plugins.pipeline.modeldefinition.ModelInterpreter.inDeclarativeAgent(ModelInterpreter.groovy:586)
    at org.jenkinsci.plugins.pipeline.modeldefinition.ModelInterpreter.inDeclarativeAgent(ModelInterpreter.groovy:585)
    at org.jenkinsci.plugins.pipeline.modeldefinition.ModelInterpreter.evaluateStage(ModelInterpreter.groovy:272)
    at org.jenkinsci.plugins.pipeline.modeldefinition.ModelInterpreter.stageInput(ModelInterpreter.groovy:356)
    at org.jenkinsci.plugins.pipeline.modeldefinition.ModelInterpreter.stageInput(ModelInterpreter.groovy:355)
    at org.jenkinsci.plugins.pipeline.modeldefinition.ModelInterpreter.evaluateStage(ModelInterpreter.groovy:261)
    at org.jenkinsci.plugins.pipeline.modeldefinition.ModelInterpreter.inWrappers(ModelInterpreter.groovy:613)
    at org.jenkinsci.plugins.pipeline.modeldefinition.ModelInterpreter.inWrappers(ModelInterpreter.groovy:612)
    at org.jenkinsci.plugins.pipeline.modeldefinition.ModelInterpreter.evaluateStage(ModelInterpreter.groovy:259)
    at org.jenkinsci.plugins.pipeline.modeldefinition.ModelInterpreter.withEnvBlock(ModelInterpreter.groovy:443)
    at org.jenkinsci.plugins.pipeline.modeldefinition.ModelInterpreter.withEnvBlock(ModelInterpreter.groovy:442)
    at org.jenkinsci.plugins.pipeline.modeldefinition.ModelInterpreter.evaluateStage(ModelInterpreter.groovy:254)
    at ___cps.transform___(Native Method)
    at com.cloudbees.groovy.cps.impl.ContinuationGroup.methodCall(ContinuationGroup.java:86)
    at com.cloudbees.groovy.cps.impl.FunctionCallBlock$ContinuationImpl.dispatchOrArg(FunctionCallBlock.java:113)
    at com.cloudbees.groovy.cps.impl.FunctionCallBlock$ContinuationImpl.fixArg(FunctionCallBlock.java:83)
    at sun.reflect.GeneratedMethodAccessor251.invoke(Unknown Source)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
    at java.lang.reflect.Method.invoke(Method.java:498)
    at com.cloudbees.groovy.cps.impl.ContinuationPtr$ContinuationImpl.receive(ContinuationPtr.java:72)
    at com.cloudbees.groovy.cps.impl.CollectionLiteralBlock$ContinuationImpl.dispatch(CollectionLiteralBlock.java:55)
    at com.cloudbees.groovy.cps.impl.CollectionLiteralBlock$ContinuationImpl.item(CollectionLiteralBlock.java:45)
    at sun.reflect.GeneratedMethodAccessor495.invoke(Unknown Source)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
    at java.lang.reflect.Method.invoke(Method.java:498)
    at com.cloudbees.groovy.cps.impl.ContinuationPtr$ContinuationImpl.receive(ContinuationPtr.java:72)
    at com.cloudbees.groovy.cps.impl.ConstantBlock.eval(ConstantBlock.java:21)
    at com.cloudbees.groovy.cps.Next.step(Next.java:83)
    at com.cloudbees.groovy.cps.Continuable$1.call(Continuable.java:174)
    at com.cloudbees.groovy.cps.Continuable$1.call(Continuable.java:163)
    at org.codehaus.groovy.runtime.GroovyCategorySupport$ThreadCategoryInfo.use(GroovyCategorySupport.java:129)
    at org.codehaus.groovy.runtime.GroovyCategorySupport.use(GroovyCategorySupport.java:268)
    at com.cloudbees.groovy.cps.Continuable.run0(Continuable.java:163)
    at org.jenkinsci.plugins.workflow.cps.SandboxContinuable.access$001(SandboxContinuable.java:18)
    at org.jenkinsci.plugins.workflow.cps.SandboxContinuable.run0(SandboxContinuable.java:51)
    at org.jenkinsci.plugins.workflow.cps.CpsThread.runNextChunk(CpsThread.java:185)
    at org.jenkinsci.plugins.workflow.cps.CpsThreadGroup.run(CpsThreadGroup.java:400)
    at org.jenkinsci.plugins.workflow.cps.CpsThreadGroup.access$400(CpsThreadGroup.java:96)
    at org.jenkinsci.plugins.workflow.cps.CpsThreadGroup$2.call(CpsThreadGroup.java:312)
    at org.jenkinsci.plugins.workflow.cps.CpsThreadGroup$2.call(CpsThreadGroup.java:276)
    at org.jenkinsci.plugins.workflow.cps.CpsVmExecutorService$2.call(CpsVmExecutorService.java:67)
    at java.util.concurrent.FutureTask.run(FutureTask.java:266)
    at hudson.remoting.SingleLaneExecutorService$1.run(SingleLaneExecutorService.java:131)
    at jenkins.util.ContextResettingExecutorService$1.run(ContextResettingExecutorService.java:28)
    at jenkins.security.ImpersonatingExecutorService$1.run(ImpersonatingExecutorService.java:59)
    at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511)
    at java.util.concurrent.FutureTask.run(FutureTask.java:266)
    at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
    at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
    at java.lang.Thread.run(Thread.java:748)

有人对我做错了什么有任何想法吗?

jenkins groovy jenkins-plugins
1个回答
0
投票

这是一个老问题,但也许答案对某人仍然有用。

问题是你像这样声明了你的函数:

def call(String configFile, String artifactName, String versionString, String classifier) {

你这样称呼它:

buildResolverMicroService configFile: 'config1.txt', classifier: 'service1'

如果您使用恰好四个字符串值(按照您声明的方式)调用函数,那么它会起作用:

buildResolverMicroService 'config1.txt', 'myArtifactName', 'myVersionString', 'service1'

尽管您使用 groovy 的命名参数语法调用函数,但最终会尝试将所有命名参数捆绑到映射中并将其推到您的函数中。

你应该得到一个“没有这样的方法”错误或类似的错误,但是在 Jenkins 中,至少从 2016 年起就存在一个怪癖,即安全系统和标准 Groovy 方法解析顺序发生冲突,并输入了方法名称或调用如果参数类型错误,则会产生 

RejectedAccessException
引用 
groovy.lang.GroovyObject invokeMethod

你想要做的就是定义你的函数,如下所示:

// vars/buildResolverMicroService.groovy

def call(Map params = [:]) {
    String configFile = params.containsKey('configFile') ? params.configFile : "defaultConfigFile.txt"
    String artifactName = params.containsKey('artifactName') ? params.artifactName : "defaultArtifactName"
    String versionString = params.containsKey('versionString') ? params.versionString : "1.0"
    String classifier = params.containsKey('classifier') ? params.classifier : "default"

    rtMavenRun (
        tool: 'Maven', // Tool name from Jenkins configuration
        pom: 'pom.xml',
        goals: "clean package -P prod -Dloadme.file=${configFile}",
        resolverId: "MAVEN_RESOLVER"
    )

    fileOperations([
        /** Some file operations **/
    ])

    zip(zipFile: "${artifactName}-${versionString}-${classifier}.zip", archive: true, dir: 'build/')
}

然后正常调用。

最新问题
© www.soinside.com 2019 - 2024. All rights reserved.