Re: System groovy batch tasks

classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

Re: System groovy batch tasks

domi@fortysix.ch
Hmm, If you say so - I belive you.
What is the exact rule behind it? Only to configure need admin  
permissions or also to trigger it?
As the documentation does not say anithing about this, I did not recheck it.
...But I will now - thanks for the pointer :)
regards Domi

Zitat von Vojtech Juranek <[hidden email]>:

> Hi,
>
>> personally I don't like any plugin that supports system groovy scripts
>> for none adminstrative execution - e.g. in a normal build job. This is
>> a big security hole and therefore can't be used in a secure and shared
>> jenkins setup.
>> So I think this is not a good idea - at leas my company would then
>> have to deinstall this plugin from the current installation.
>> Another plugin having this problem is the groovy plugin - which we
>> can't use exactly because of this problem.
>
> this security issue should be fixed since 1.6 release - only user with
> administer permission can add/change system groovy build step. Or did I miss
> something and it's still somehow possible to run system groovy scripts for
> common users? If yes, please let me know.
> Thanks
>
>> On the other hand it would be great to have job type only available
>> for adminstrators, so specific plugin functionality can be enabled to
>> such jobs.
>>
>> /Domi
>>
>> Zitat von Noam Meltzer <[hidden email]>:
>> > Hi,
>> >
>> > Is there a plan to support groovy scripts (specifically, system groovy
>> > scripts) with the Batch Tasks plugin?
>> >
>> >
>> > Best regards,
>> > Noam Meltzer
>


Reply | Threaded
Open this post in threaded view
|

Re: System groovy batch tasks

Vojtech Juranek
> Hmm, If you say so - I belive you.
> What is the exact rule behind it? Only to configure need admin
> permissions or also to trigger it?

only admin can add system groovy build step and configure the system groovy
script. Permissions are not checked when the build is triggered (i.e. also
uses without admin rights can also run the script). The idea is to allow users
run some well defined (defined by admin) system tasks when they need it (e.g.
put slave offline/online, when user wants to start some debugging on slave)

> As the documentation does not say anithing about this,

ah, good point, I'll try to add some info on the page during the weekned,
thanks

> I did not recheck
> it. ...But I will now - thanks for the pointer :)
> regards Domi
>
> Zitat von Vojtech Juranek <[hidden email]>:
> > Hi,
> >
> >> personally I don't like any plugin that supports system groovy scripts
> >> for none adminstrative execution - e.g. in a normal build job. This is
> >> a big security hole and therefore can't be used in a secure and shared
> >> jenkins setup.
> >> So I think this is not a good idea - at leas my company would then
> >> have to deinstall this plugin from the current installation.
> >> Another plugin having this problem is the groovy plugin - which we
> >> can't use exactly because of this problem.
> >
> > this security issue should be fixed since 1.6 release - only user with
> > administer permission can add/change system groovy build step. Or did I
> > miss something and it's still somehow possible to run system groovy
> > scripts for common users? If yes, please let me know.
> > Thanks
> >
> >> On the other hand it would be great to have job type only available
> >> for adminstrators, so specific plugin functionality can be enabled to
> >> such jobs.
> >>
> >> /Domi
> >>
> >> Zitat von Noam Meltzer <[hidden email]>:
> >> > Hi,
> >> >
> >> > Is there a plan to support groovy scripts (specifically, system groovy
> >> > scripts) with the Batch Tasks plugin?
> >> >
> >> >
> >> > Best regards,
> >> > Noam Meltzer
Reply | Threaded
Open this post in threaded view
|

Re: System groovy batch tasks

domi@fortysix.ch
Vojtech,

hwat would you think about enhace the groovy plugin to extend in a way  
that it would be able to trigger scripts provided by scriptler?

regards Domi

Zitat von Vojtech Juranek <[hidden email]>:

>> Hmm, If you say so - I belive you.
>> What is the exact rule behind it? Only to configure need admin
>> permissions or also to trigger it?
>
> only admin can add system groovy build step and configure the system groovy
> script. Permissions are not checked when the build is triggered (i.e. also
> uses without admin rights can also run the script). The idea is to  
> allow users
> run some well defined (defined by admin) system tasks when they need it (e.g.
> put slave offline/online, when user wants to start some debugging on slave)
>
>> As the documentation does not say anithing about this,
>
> ah, good point, I'll try to add some info on the page during the weekned,
> thanks
>
>> I did not recheck
>> it. ...But I will now - thanks for the pointer :)
>> regards Domi
>>
>> Zitat von Vojtech Juranek <[hidden email]>:
>> > Hi,
>> >
>> >> personally I don't like any plugin that supports system groovy scripts
>> >> for none adminstrative execution - e.g. in a normal build job. This is
>> >> a big security hole and therefore can't be used in a secure and shared
>> >> jenkins setup.
>> >> So I think this is not a good idea - at leas my company would then
>> >> have to deinstall this plugin from the current installation.
>> >> Another plugin having this problem is the groovy plugin - which we
>> >> can't use exactly because of this problem.
>> >
>> > this security issue should be fixed since 1.6 release - only user with
>> > administer permission can add/change system groovy build step. Or did I
>> > miss something and it's still somehow possible to run system groovy
>> > scripts for common users? If yes, please let me know.
>> > Thanks
>> >
>> >> On the other hand it would be great to have job type only available
>> >> for adminstrators, so specific plugin functionality can be enabled to
>> >> such jobs.
>> >>
>> >> /Domi
>> >>
>> >> Zitat von Noam Meltzer <[hidden email]>:
>> >> > Hi,
>> >> >
>> >> > Is there a plan to support groovy scripts (specifically, system groovy
>> >> > scripts) with the Batch Tasks plugin?
>> >> >
>> >> >
>> >> > Best regards,
>> >> > Noam Meltzer
>