I've set the script to be sandboxed in the Job DSL script, though it looks link only a marginal improvement because of the need to approve missing method signatures.
What would the Job DSL plugin need to do to automatically approve the non-sandboxed script it sets in a job? As you mention, security here is already being by-passed when the Job DSL plugin is in use. - David On Thursday, August 13, 2015 at 12:05:14 AM UTC+3, Jesse Glick wrote: > > On Tuesday, July 21, 2015 at 4:17:51 PM UTC-4, David Resnick wrote: >> >> How can I have the workflow job script updated via Job DSL without having >> to approve the script each time it changes? >> > > If the Job DSL plugin supports setting sandbox=true here, use that. > However it would be a nice enhancement for the Job DSL integration to > automatically approve a flow definition with sandbox=false that it creates. > (Job DSL builds have unrestricted access to Jenkins so anything created > that way can be assumed to be from a superuser. I am not even sure how you > would secure a Jenkins installation containing this plugin, unless you are > using only basic security levels like “any logged-in user”.) > -- You received this message because you are subscribed to the Google Groups "Jenkins Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-users/0e341cce-c18e-4779-9b94-543aea0f4b89%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
