Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

JENKINS-73941 - ForceSandbox - Align Script-Security plugin with preexisting behavior in Workflow-CPS plugin #585

Merged
merged 2 commits into from
Oct 29, 2024
Merged

JENKINS-73941 - ForceSandbox - Align Script-Security plugin with preexisting behavior in Workflow-CPS plugin #585

merged 2 commits into from
Oct 29, 2024

Conversation

jgarciacloudbees
Copy link
Contributor

JENKINS-73941 - Option to hide "Use Groovy Sandbox" for users without Administer permission globally in the system

Related to

In #584 we implemented the new forceSandbox logic in the Script Security Plugin instead of the Workflow-CPS Plugin.

The specific SandBox implementations are managed in the specific plugins, and in WorkflowCPS there are some functionalities not properly migrated in the previous PR to this repo

When the ForceSandbox option is enabled in the system:

  • In WorkFlow-CPS, when a preexistent Pipeline has the sandBox disabled, a nonAdmin user can't edit it (the plugin is throwing an exception)
  • In the Script-Security-Plugin, we have a Sandbox template implemented in org.jenkinsci.plugins.scriptsecurity.sandbox.groovy.SecureGroovyScript, but this behavior was not migrated, so when a preexistent Pipeline has the sandBox disabled, a nonAdmin user can edit it.

We have aligned both behaviors.

In addition, for admin users, when running the FormValidation, we haven't changed the behavior (the ForceSandbox does not apply to admin), but we have added in the message some information about Sandbox not allowed in the system.

Testing done

New test cases were included to cover the described changes.

Submitter checklist

  • Make sure you are opening from a topic/feature/bugfix branch (right side) and not your main branch!
  • Ensure that the pull request title represents the desired changelog entry
  • Please describe what you did
  • Link to relevant issues in GitHub or Jira
  • Link to relevant pull requests, esp. upstream and downstream changes
  • Ensure you have provided tests - that demonstrates feature works or fixes the issue

@jgarciacloudbees jgarciacloudbees marked this pull request as ready for review October 29, 2024 13:26
@jgarciacloudbees jgarciacloudbees requested a review from a team as a code owner October 29, 2024 13:26
@jglick jglick added the bug label Oct 29, 2024
@jgarciacloudbees jgarciacloudbees changed the title JENKINS-73941 - ForceSandbox - Align preexistant behavior in Workflow-CPS plugin JENKINS-73941 - ForceSandbox - Align preexisting behavior in Workflow-CPS plugin with Script-Security plugin Oct 29, 2024
@jgarciacloudbees jgarciacloudbees changed the title JENKINS-73941 - ForceSandbox - Align preexisting behavior in Workflow-CPS plugin with Script-Security plugin JENKINS-73941 - ForceSandbox - Align Script-Security plugin with preexisting behavior in Workflow-CPS plugin Oct 29, 2024
@jglick jglick requested a review from amuniz October 29, 2024 15:50
@jglick jglick merged commit df2fc45 into jenkinsci:master Oct 29, 2024
17 checks passed
@jgarciacloudbees jgarciacloudbees deleted the JENKINS-73941 branch October 29, 2024 16:09
This was referenced Oct 30, 2024
Merged
Merged
@jgarciacloudbees jgarciacloudbees mentioned this pull request Oct 31, 2024
Merged
6 tasks
@hashar hashar mentioned this pull request Nov 4, 2024
Merged
@jgarciacloudbees jgarciacloudbees mentioned this pull request Nov 6, 2024
Merged
6 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@amuniz amuniz amuniz approved these changes

@jglick jglick jglick approved these changes

Assignees
No one assigned
Labels
bug
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@jgarciacloudbees @jglick @amuniz