Revert "Split GroovyScript for agent and controller"

Author: basil

src/main/java/org/jenkinsci/plugins/scriptler/builder/ScriptlerBuilder.java

@@ -51,7 +51,6 @@
 import org.jenkinsci.plugins.scriptler.config.Parameter;
 import org.jenkinsci.plugins.scriptler.config.Script;
 import org.jenkinsci.plugins.scriptler.config.ScriptlerConfiguration;
-import org.jenkinsci.plugins.scriptler.util.ControllerGroovyScript;
 import org.jenkinsci.plugins.scriptler.util.GroovyScript;
 import org.jenkinsci.plugins.scriptler.util.ScriptHelper;
 import org.jenkinsci.plugins.scriptler.util.UIHelper;
@@ -263,8 +262,8 @@ public boolean perform(AbstractBuild<?, ?> build, Launcher launcher, BuildListen
             final Object output;
             if (script.onlyBuiltIn) {
                 // When run on the built-in node, make build, launcher, listener available to script
-                output = FilePath.localChannel.call(new ControllerGroovyScript(
-                        script.getScriptText(), expandedParams, true, listener, launcher, build));
+                output = FilePath.localChannel.call(
+                        new GroovyScript(script.getScriptText(), expandedParams, true, listener, launcher, build));
             } else {
                 VirtualChannel channel = launcher.getChannel();
                 if (channel == null) {

src/main/java/org/jenkinsci/plugins/scriptler/tokenmacro/ScriptlerTokenMacro.java

@@ -8,11 +8,9 @@
 import hudson.remoting.ChannelClosedException;
 import hudson.remoting.VirtualChannel;
 import java.io.IOException;
-import java.util.List;
-import jenkins.model.Jenkins;
+import java.util.Collections;
 import org.jenkinsci.plugins.scriptler.Messages;
 import org.jenkinsci.plugins.scriptler.config.Script;
-import org.jenkinsci.plugins.scriptler.util.ControllerGroovyScript;
 import org.jenkinsci.plugins.scriptler.util.GroovyScript;
 import org.jenkinsci.plugins.scriptler.util.ScriptHelper;
 import org.jenkinsci.plugins.tokenmacro.DataBoundTokenMacro;
@@ -41,23 +39,21 @@ public String evaluate(AbstractBuild<?, ?> context, TaskListener listener, Strin
             throw new MacroEvaluationException(Messages.tokenmacro_AdminScriptOnly(scriptId));
         }
 
-        String scriptText = script.getScriptText();
         VirtualChannel channel;
-        GroovyScript groovyScript;
-        if (script.onlyBuiltIn || Jenkins.get().equals(context.getBuiltOn())) {
+        if (script.onlyBuiltIn) {
             channel = FilePath.localChannel;
-            groovyScript = new ControllerGroovyScript(scriptText, List.of(), true, listener, null, context);
         } else {
             FilePath remoteFilePath = context.getWorkspace();
             if (remoteFilePath == null) {
                 // the remote node has apparently disconnected, so we can't run our script
                 throw new ChannelClosedException((Channel) null, null);
             }
             channel = remoteFilePath.getChannel();
-            groovyScript = new GroovyScript(scriptText, List.of(), true, listener);
         }
 
-        Object output = channel.call(groovyScript);
+        Object output = channel.call(
+                new GroovyScript(script.getScriptText(), Collections.emptyList(), true, listener, null, context));
+
         return output != null ? output.toString() : "";
     }
 

src/main/java/org/jenkinsci/plugins/scriptler/util/ControllerGroovyScript.java

@@ -3,15 +3,21 @@
 import edu.umd.cs.findbugs.annotations.NonNull;
 import groovy.lang.GroovyShell;
 import groovy.lang.Script;
+import hudson.Launcher;
+import hudson.model.AbstractBuild;
 import hudson.model.TaskListener;
 import java.io.PrintStream;
 import java.io.Serial;
 import java.util.*;
 import java.util.concurrent.ConcurrentLinkedQueue;
+import jenkins.model.Jenkins;
 import jenkins.security.MasterToSlaveCallable;
+import jenkins.security.Roles;
 import org.apache.commons.collections.map.LRUMap;
 import org.jenkinsci.plugins.scriptler.Messages;
 import org.jenkinsci.plugins.scriptler.config.Parameter;
+import org.jenkinsci.remoting.Role;
+import org.jenkinsci.remoting.RoleChecker;
 
 /**
  * Inspired by hudson.util.RemotingDiagnostics.Script, but adding parameters.
@@ -27,6 +33,9 @@ public class GroovyScript extends MasterToSlaveCallable<Object, RuntimeException
 
     private final boolean failWithException;
     private final TaskListener listener;
+    private final transient AbstractBuild<?, ?> build;
+    private final transient Launcher launcher;
+    private transient ClassLoader cl;
 
     @SuppressWarnings("unchecked")
     private static final Map<String, ConcurrentLinkedQueue<Script>> cache = Collections.synchronizedMap(new LRUMap(10));
@@ -41,30 +50,57 @@ public class GroovyScript extends MasterToSlaveCallable<Object, RuntimeException
     }
 
     /**
-     * Constructor
+     * This constructor can only be used when the script is executed on the built-in node, because launcher and build
+     * can not be transferred to an agent and therefore the execution will fail
      * @param script the script to be executed
      * @param parameters the parameters to be passed to the script
      * @param failWithException should the job fail with an exception
      * @param listener access to logging via listener
+     * @param launcher the launcher
+     * @param build the current build
      */
     public GroovyScript(
             String script,
             @NonNull Collection<Parameter> parameters,
             boolean failWithException,
-            TaskListener listener) {
+            TaskListener listener,
+            Launcher launcher,
+            AbstractBuild<?, ?> build) {
         this.script = script;
         this.parameters = new ArrayList<>(parameters);
         this.failWithException = failWithException;
         this.listener = listener;
+        this.cl = getClassLoader();
+        this.build = build;
+        this.launcher = launcher;
+    }
+
+    /**
+     * Constructor
+     * @param script the script to be executed
+     * @param parameters the parameters to be passed to the script
+     * @param failWithException should the job fail with an exception
+     * @param listener access to logging via listener
+     */
+    public GroovyScript(
+            String script,
+            @NonNull Collection<Parameter> parameters,
+            boolean failWithException,
+            TaskListener listener) {
+        this(script, parameters, failWithException, listener, null, null);
     }
 
     public ClassLoader getClassLoader() {
-        return Thread.currentThread().getContextClassLoader();
+        return Jenkins.get().getPluginManager().uberClassLoader;
     }
 
     public Object call() {
+        // if we run locally, cl!=null. Otherwise the delegating classloader will be available as context classloader.
+        if (cl == null) {
+            cl = Thread.currentThread().getContextClassLoader();
+        }
         PrintStream logger = listener.getLogger();
-        GroovyShell shell = new GroovyShell(getClassLoader());
+        GroovyShell shell = new GroovyShell(cl);
 
         for (Parameter param : parameters) {
             final String paramName = param.getName();
@@ -77,7 +113,9 @@ public Object call() {
 
         // set default variables
         shell.setVariable("out", logger);
-        setShellVariables(shell);
+        shell.setVariable("listener", listener);
+        if (build != null) shell.setVariable("build", build);
+        if (launcher != null) shell.setVariable("launcher", launcher);
 
         ConcurrentLinkedQueue<Script> scriptPool = cache.get(script);
         if (scriptPool == null) {
@@ -115,8 +153,13 @@ public Object call() {
         }
     }
 
-    protected void setShellVariables(@NonNull GroovyShell shell) {
-        shell.setVariable("listener", listener);
+    @Override
+    public void checkRoles(RoleChecker roleChecker) throws SecurityException {
+        if (launcher != null && build != null) {
+            roleChecker.check(this, Roles.MASTER);
+        } else {
+            roleChecker.check(this, Role.UNKNOWN);
+        }
     }
 
     private static final class ScriptlerExecutionException extends RuntimeException {