[jira] [Commented] (AURORA-915) create strict mode for .aurora config

Mon, 28 Sep 2015 10:39:05 -0700 

    [ 
https://issues.apache.org/jira/browse/AURORA-915?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14933644#comment-14933644
 ] 

Zameer Manji commented on AURORA-915:
-------------------------------------

On the [Aurora 
Roadmap|https://docs.google.com/document/d/1vyhTZSlEPeibQm2_7HK6JXOkydO0ZllZNQZ2O3cC4_0/edit]
 document I made a case for strict mode that [~clambert] suggested should be 
recorded here.

{noformat}
Right now we provide a declarative Python DSL for .aurora files. The indention 
is that our users declare the configuration of their jobs and use Python to 
reduce duplication or organize the configuration as needed.

Right now the files are just evaled() with minimal (no?) sanitation. This means 
that the configuration files can change sys.path, import random code, open 
sockets, etc.

A strict mode for configuration would prevent importing random code and only 
allow the include mechanism built into the DSL. This would ensure the .aurora 
files are more declarative than random Python code.

This also ensures that it might be possible for other tools to evaluate the 
config and get the same result as the user evaluating the config on their local 
machine.

A sketch of configuration mode might be:
* No import statements
* Input from the current system (ie current user, etc) will be provided as 
bindings like '{{os.user}}'
{noformat}

I believe this should be in the client to inform the user when they are 
violating strict mode.

> create strict mode for .aurora config
> -------------------------------------
>
>                 Key: AURORA-915
>                 URL: https://issues.apache.org/jira/browse/AURORA-915
>             Project: Aurora
>          Issue Type: Task
>          Components: Client
>            Reporter: brian wickman
>
> I propose we have a strict mode for .aurora configuration (pystachio) that 
> prevents importing python modules (including os and sys.)  Possibly we 
> snapshot os.environ and provide a binding helper to give access to it.  For 
> people who need things like the current user, perhaps provide a default 
> binding like {{\{\{system.user\}\}}} and the like.  We are getting bitten by 
> people adding too much sophistication into .aurora configuration like full 
> blown sys.args introspection and web clients, etc.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Reply via email to