Improve unit test framework to execute in near sandboxed jenkins environment

[sparshev]

Right now unit tests are executing in a quite relaxed environment, but we need a way to check that the same logic will work in jenkins sandbox (by using the original script-security plugin) and right now it's hard to say for sure.

[sparshev]

Ok, the thing is moving slightly - right now I'm going through mocking of CPS Script, hopefully this is possible.

[sparshev]

Prepared CPS test base #49 and posted a couple of issues to JenkinsPipelineUnit:

• Shared library classes executed in a different way jenkinsci/JenkinsPipelineUnit#159 - related to JENKINS-59911
• Unreadable exception on serialization error jenkinsci/JenkinsPipelineUnit#160 - to show the better exceptions

Still not used security plugin I think, but CPS is already something.

[sparshev]

JenkinsPipelineUnit don't allow to execute CPS tests on somehow complex pipelines that using groovy closures methods (.find/.findAll and many others) due to issue (for example [1,2,3].findAll { it > 1 } will return false instead of [2,3]), like the one was fixed here: jenkinsci/workflow-cps-plugin#124

[sparshev]

I tried a number of ways and seems just one is working well for us:

Running CPS tes base of the JenkinsPipelineUnit

Uses groovy-cps, but without improvements of workflow-cps plugin, so making not much sense.

Running JenkinsRule with intercepting CpsScript

Unfortunately will not work properly, because CpsScript is highly protected: final invokeMethod() and the other functions that could be changed - it requires too much support and not working without changes.

Running JenkinsRule with intercepting groovy-cps Invoker classes (SandboxInvoker, DefaultInvoker)

Working well with minimal changes and there is a minimal risk of some additional changes. Also allow to prepare rules for sandboxed or non-sandboxed scopes and choose the depth of the intercepting:

• only CpsScript calls - like for JenkinsPipelineUnit
• all calls in the CPS
• maybe there is a way to narrow the scope to the loaded shared libraries...

So the last approach looks promising.

[sparshev]

Just completed JenkinsRule unit tests implementation, there is still some issues - but looks like it's working as expected.

[sparshev]

Asked here to help with some jenkins-related issues here: https://issues.jenkins-ci.org/browse/JENKINS-33925

[sparshev]

The issue with not proper placing of the Build.fileExists(openshift) could be related to some issues with MPLModule execution. Maybe it's not closing the block properly.

[sparshev]

Ok, found workaround - just use the current node (if it's BlockStartNode) together with enclosures - otherwise MPLModule for some reason will add extra trace items.

[sparshev]

Davin suggested a couple of other ways to achieve the same result to register the custom interceptor here: cloudbees/groovy-cps#107 (comment)