Docker Plugin for Jenkins error: Scripts not permitted to use method
Docker Plugin for Jenkins error: Scripts not permitted to use method
我正在尝试从我的 Jenkins 管道发布到 Docker,但我尝试的大多数操作都会导致错误。我最近的尝试是这样的:
docker.withDockerRegistry('https://docker-registry.myco.com/lsacco/swagger-rest', 'docker-credential') {
def image = docker.image(APPLICATION_NAME);
image.tag("latest");
image.push()
}
当我运行这个的时候,Jenkins输出这个错误:
org.jenkinsci.plugins.scriptsecurity.sandbox.RejectedAccessException: Scripts not permitted to use method groovy.lang.GroovyObject invokeMethod java.lang.String java.lang.Object (org.jenkinsci.plugins.docker.workflow.Docker withDockerRegistry java.lang.String java.lang.String org.jenkinsci.plugins.workflow.cps.CpsClosure2)
at org.jenkinsci.plugins.scriptsecurity.sandbox.whitelists.StaticWhitelist.rejectMethod(StaticWhitelist.java:163)
at org.jenkinsci.plugins.scriptsecurity.sandbox.groovy.SandboxInterceptor.onMethodCall(SandboxInterceptor.java:78)
at org.jenkinsci.plugins.scriptsecurity.sandbox.groovy.SandboxInterceptor.onMethodCall(SandboxInterceptor.java:69)
at org.kohsuke.groovy.sandbox.impl.Checker.call(Checker.java:149)
at org.kohsuke.groovy.sandbox.impl.Checker.checkedCall(Checker.java:146)
at com.cloudbees.groovy.cps.sandbox.SandboxInvoker.methodCall(SandboxInvoker.java:15)
at WorkflowScript.dockerDeploy(WorkflowScript:290)
at WorkflowScript.run(WorkflowScript:76)
at ___cps.transform___(Native Method)
at com.cloudbees.groovy.cps.impl.ContinuationGroup.methodCall(ContinuationGroup.java:55)
at com.cloudbees.groovy.cps.impl.FunctionCallBlock$ContinuationImpl.dispatchOrArg(FunctionCallBlock.java:106)
at com.cloudbees.groovy.cps.impl.FunctionCallBlock$ContinuationImpl.fixArg(FunctionCallBlock.java:79)
at sun.reflect.GeneratedMethodAccessor317.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at com.cloudbees.groovy.cps.impl.ContinuationPtr$ContinuationImpl.receive(ContinuationPtr.java:72)
at com.cloudbees.groovy.cps.impl.ClosureBlock.eval(ClosureBlock.java:40)
at com.cloudbees.groovy.cps.Next.step(Next.java:58)
at com.cloudbees.groovy.cps.Continuable.run0(Continuable.java:154)
at org.jenkinsci.plugins.workflow.cps.SandboxContinuable.access[=11=]1(SandboxContinuable.java:19)
at org.jenkinsci.plugins.workflow.cps.SandboxContinuable.call(SandboxContinuable.java:33)
at org.jenkinsci.plugins.workflow.cps.SandboxContinuable.call(SandboxContinuable.java:30)
at org.jenkinsci.plugins.scriptsecurity.sandbox.groovy.GroovySandbox.runInSandbox(GroovySandbox.java:106)
at org.jenkinsci.plugins.workflow.cps.SandboxContinuable.run0(SandboxContinuable.java:30)
at org.jenkinsci.plugins.workflow.cps.CpsThread.runNextChunk(CpsThread.java:164)
at org.jenkinsci.plugins.workflow.cps.CpsThreadGroup.run(CpsThreadGroup.java:277)
at org.jenkinsci.plugins.workflow.cps.CpsThreadGroup.access[=11=]0(CpsThreadGroup.java:77)
at org.jenkinsci.plugins.workflow.cps.CpsThreadGroup.call(CpsThreadGroup.java:186)
at org.jenkinsci.plugins.workflow.cps.CpsThreadGroup.call(CpsThreadGroup.java:184)
at org.jenkinsci.plugins.workflow.cps.CpsVmExecutorService.call(CpsVmExecutorService.java:47)
at java.util.concurrent.FutureTask.run(FutureTask.java:266)
at hudson.remoting.SingleLaneExecutorService.run(SingleLaneExecutorService.java:112)
at jenkins.util.ContextResettingExecutorService.run(ContextResettingExecutorService.java:28)
at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511)
at java.util.concurrent.FutureTask.run(FutureTask.java:266)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
at java.lang.Thread.run(Thread.java:745)
我 运行正在使用最新的 Jenkins 以及所有最新的插件更新。有什么想法吗?
1.642.2 詹金斯
Plugins.txt
ace-editor:1.1
ant:1.2
antisamy-markup-formatter:1.3
async-http-client:1.7.24
aws-credentials:1.12
aws-java-sdk:1.10.45
branch-api:1.3
build-token-root:1.3
cloudbees-folder:5.3
conditional-buildstep:1.3.3
config-file-provider:2.10.0
copy-to-slave:1.4.4
copyartifact:1.37
credentials-binding:1.7
credentials:1.25
cvs:2.12
docker-build-publish:1.1
docker-commons:1.3.1
docker-custom-build-environment:1.6.4
docker-traceability:1.1
docker-workflow:1.4
dockerhub-notification:1.0.2
durable-task:1.8
envinject:1.92.1
external-monitor-job:1.4
git-client:1.19.6
git-server:1.6
git:2.4.2
github-api:1.72.1
github:1.17.1
handlebars:1.1.1
jackson2-api:2.5.4
javadoc:1.3
jenkins-jira-issue-updater:1.18
jira:2.2
job-dsl:1.44
jquery:1.11.2-0
jquery-detached:1.2.1
junit:1.11
ldap:1.11
mailer:1.16
managed-scripts:1.2.1
mapdb-api:1.0.6.0
mask-passwords:2.8
matrix-auth:1.3.2
matrix-project:1.6
maven-plugin:2.12.1
momentjs:1.1.1
multi-branch-project-plugin:0.4.1
node-iterator-api:1.5
nodelabelparameter:1.7.1
pam-auth:1.2
Parameterized-Remote-Trigger:2.2.2
parameterized-trigger:2.30
pipeline-rest-api:1.0
pipeline-stage-view:1.0
plain-credentials:1.1
promoted-builds:2.25
rebuild:1.25
run-condition:1.0
scm-api:1.1
script-security:1.17
skip-certificate-check:1.0
ssh-credentials:1.11
ssh-slaves:1.10
subversion:2.5.7
swarm:2.0
timestamper:1.7.4
token-macro:1.12.1
translation:1.12
vsphere-cloud:2.11
workflow-aggregator:1.15
workflow-api:1.15
workflow-basic-steps:1.15
workflow-cps-global-lib:1.15
workflow-cps:1.15
workflow-durable-task-step:1.15
workflow-job:1.15
workflow-multibranch:1.15
workflow-scm-step:1.15
workflow-step-api:1.15
workflow-support:1.15
可能与这个问题有关:
https://issues.jenkins-ci.org/browse/JENKINS-30414
如最新评论中所述,Script Security plugin 可能是问题所在。
我可以通过从这个 Docker image 在我的奴隶上安装 docker-io 并使用一个单独的 Docker 主机来解决这个问题我需要调用来构建 运行 并将我的 docker 图像推送到我的注册表。
我最终使用以下脚本解决了这个问题:
docker.withServer(DOCKER_MACHINE_HOSTNAME) {
def image = docker.build(DOCKER_TAG, '.')
// Test container then stop and remove it
def container = image.run('--name ' + DOCKER_CONTAINER_NAME)
container.stop()
docker.withRegistry(DOCKER_REGISTRY, QUAY_CREDENTIALS_ID ) {
image.push(DOCKER_APPLICATION_TAG)
}
}
这是一个古老的问题,但为了人们在顶部使用谷歌搜索短语的好处,我想指出:
当您遇到 "Scripts not permitted to use method" 错误 特别是 关于 groovy.lang.GroovyObject invokeMethod
时,原因几乎总是因为您在一个对象上调用了一个方法没有那个方法。
在这种情况下,您尝试调用 docker.withDockerRegistry
。 docker
上没有名为 withDockerRegistry
的方法。
该方法被简单地调用 withRegistry
。
请注意,与 GroovyObject invokeMethod
无关的 "Scripts not permitted..." 错误是实际的权限问题,但涉及 GroovyObject invokeMethod
的此类错误通常是安全系统屏蔽了 "no such method"错误
我正在尝试从我的 Jenkins 管道发布到 Docker,但我尝试的大多数操作都会导致错误。我最近的尝试是这样的:
docker.withDockerRegistry('https://docker-registry.myco.com/lsacco/swagger-rest', 'docker-credential') {
def image = docker.image(APPLICATION_NAME);
image.tag("latest");
image.push()
}
当我运行这个的时候,Jenkins输出这个错误:
org.jenkinsci.plugins.scriptsecurity.sandbox.RejectedAccessException: Scripts not permitted to use method groovy.lang.GroovyObject invokeMethod java.lang.String java.lang.Object (org.jenkinsci.plugins.docker.workflow.Docker withDockerRegistry java.lang.String java.lang.String org.jenkinsci.plugins.workflow.cps.CpsClosure2)
at org.jenkinsci.plugins.scriptsecurity.sandbox.whitelists.StaticWhitelist.rejectMethod(StaticWhitelist.java:163)
at org.jenkinsci.plugins.scriptsecurity.sandbox.groovy.SandboxInterceptor.onMethodCall(SandboxInterceptor.java:78)
at org.jenkinsci.plugins.scriptsecurity.sandbox.groovy.SandboxInterceptor.onMethodCall(SandboxInterceptor.java:69)
at org.kohsuke.groovy.sandbox.impl.Checker.call(Checker.java:149)
at org.kohsuke.groovy.sandbox.impl.Checker.checkedCall(Checker.java:146)
at com.cloudbees.groovy.cps.sandbox.SandboxInvoker.methodCall(SandboxInvoker.java:15)
at WorkflowScript.dockerDeploy(WorkflowScript:290)
at WorkflowScript.run(WorkflowScript:76)
at ___cps.transform___(Native Method)
at com.cloudbees.groovy.cps.impl.ContinuationGroup.methodCall(ContinuationGroup.java:55)
at com.cloudbees.groovy.cps.impl.FunctionCallBlock$ContinuationImpl.dispatchOrArg(FunctionCallBlock.java:106)
at com.cloudbees.groovy.cps.impl.FunctionCallBlock$ContinuationImpl.fixArg(FunctionCallBlock.java:79)
at sun.reflect.GeneratedMethodAccessor317.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at com.cloudbees.groovy.cps.impl.ContinuationPtr$ContinuationImpl.receive(ContinuationPtr.java:72)
at com.cloudbees.groovy.cps.impl.ClosureBlock.eval(ClosureBlock.java:40)
at com.cloudbees.groovy.cps.Next.step(Next.java:58)
at com.cloudbees.groovy.cps.Continuable.run0(Continuable.java:154)
at org.jenkinsci.plugins.workflow.cps.SandboxContinuable.access[=11=]1(SandboxContinuable.java:19)
at org.jenkinsci.plugins.workflow.cps.SandboxContinuable.call(SandboxContinuable.java:33)
at org.jenkinsci.plugins.workflow.cps.SandboxContinuable.call(SandboxContinuable.java:30)
at org.jenkinsci.plugins.scriptsecurity.sandbox.groovy.GroovySandbox.runInSandbox(GroovySandbox.java:106)
at org.jenkinsci.plugins.workflow.cps.SandboxContinuable.run0(SandboxContinuable.java:30)
at org.jenkinsci.plugins.workflow.cps.CpsThread.runNextChunk(CpsThread.java:164)
at org.jenkinsci.plugins.workflow.cps.CpsThreadGroup.run(CpsThreadGroup.java:277)
at org.jenkinsci.plugins.workflow.cps.CpsThreadGroup.access[=11=]0(CpsThreadGroup.java:77)
at org.jenkinsci.plugins.workflow.cps.CpsThreadGroup.call(CpsThreadGroup.java:186)
at org.jenkinsci.plugins.workflow.cps.CpsThreadGroup.call(CpsThreadGroup.java:184)
at org.jenkinsci.plugins.workflow.cps.CpsVmExecutorService.call(CpsVmExecutorService.java:47)
at java.util.concurrent.FutureTask.run(FutureTask.java:266)
at hudson.remoting.SingleLaneExecutorService.run(SingleLaneExecutorService.java:112)
at jenkins.util.ContextResettingExecutorService.run(ContextResettingExecutorService.java:28)
at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511)
at java.util.concurrent.FutureTask.run(FutureTask.java:266)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
at java.lang.Thread.run(Thread.java:745)
我 运行正在使用最新的 Jenkins 以及所有最新的插件更新。有什么想法吗?
1.642.2 詹金斯
Plugins.txt
ace-editor:1.1
ant:1.2
antisamy-markup-formatter:1.3
async-http-client:1.7.24
aws-credentials:1.12
aws-java-sdk:1.10.45
branch-api:1.3
build-token-root:1.3
cloudbees-folder:5.3
conditional-buildstep:1.3.3
config-file-provider:2.10.0
copy-to-slave:1.4.4
copyartifact:1.37
credentials-binding:1.7
credentials:1.25
cvs:2.12
docker-build-publish:1.1
docker-commons:1.3.1
docker-custom-build-environment:1.6.4
docker-traceability:1.1
docker-workflow:1.4
dockerhub-notification:1.0.2
durable-task:1.8
envinject:1.92.1
external-monitor-job:1.4
git-client:1.19.6
git-server:1.6
git:2.4.2
github-api:1.72.1
github:1.17.1
handlebars:1.1.1
jackson2-api:2.5.4
javadoc:1.3
jenkins-jira-issue-updater:1.18
jira:2.2
job-dsl:1.44
jquery:1.11.2-0
jquery-detached:1.2.1
junit:1.11
ldap:1.11
mailer:1.16
managed-scripts:1.2.1
mapdb-api:1.0.6.0
mask-passwords:2.8
matrix-auth:1.3.2
matrix-project:1.6
maven-plugin:2.12.1
momentjs:1.1.1
multi-branch-project-plugin:0.4.1
node-iterator-api:1.5
nodelabelparameter:1.7.1
pam-auth:1.2
Parameterized-Remote-Trigger:2.2.2
parameterized-trigger:2.30
pipeline-rest-api:1.0
pipeline-stage-view:1.0
plain-credentials:1.1
promoted-builds:2.25
rebuild:1.25
run-condition:1.0
scm-api:1.1
script-security:1.17
skip-certificate-check:1.0
ssh-credentials:1.11
ssh-slaves:1.10
subversion:2.5.7
swarm:2.0
timestamper:1.7.4
token-macro:1.12.1
translation:1.12
vsphere-cloud:2.11
workflow-aggregator:1.15
workflow-api:1.15
workflow-basic-steps:1.15
workflow-cps-global-lib:1.15
workflow-cps:1.15
workflow-durable-task-step:1.15
workflow-job:1.15
workflow-multibranch:1.15
workflow-scm-step:1.15
workflow-step-api:1.15
workflow-support:1.15
可能与这个问题有关: https://issues.jenkins-ci.org/browse/JENKINS-30414
如最新评论中所述,Script Security plugin 可能是问题所在。
我可以通过从这个 Docker image 在我的奴隶上安装 docker-io 并使用一个单独的 Docker 主机来解决这个问题我需要调用来构建 运行 并将我的 docker 图像推送到我的注册表。
我最终使用以下脚本解决了这个问题:
docker.withServer(DOCKER_MACHINE_HOSTNAME) {
def image = docker.build(DOCKER_TAG, '.')
// Test container then stop and remove it
def container = image.run('--name ' + DOCKER_CONTAINER_NAME)
container.stop()
docker.withRegistry(DOCKER_REGISTRY, QUAY_CREDENTIALS_ID ) {
image.push(DOCKER_APPLICATION_TAG)
}
}
这是一个古老的问题,但为了人们在顶部使用谷歌搜索短语的好处,我想指出:
当您遇到 "Scripts not permitted to use method" 错误 特别是 关于 groovy.lang.GroovyObject invokeMethod
时,原因几乎总是因为您在一个对象上调用了一个方法没有那个方法。
在这种情况下,您尝试调用 docker.withDockerRegistry
。 docker
上没有名为 withDockerRegistry
的方法。
该方法被简单地调用 withRegistry
。
请注意,与 GroovyObject invokeMethod
无关的 "Scripts not permitted..." 错误是实际的权限问题,但涉及 GroovyObject invokeMethod
的此类错误通常是安全系统屏蔽了 "no such method"错误