You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@aurora.apache.org by "Zameer Manji (JIRA)" <ji...@apache.org> on 2015/09/28 19:38:04 UTC

[jira] [Commented] (AURORA-915) create strict mode for .aurora config

    [ https://issues.apache.org/jira/browse/AURORA-915?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14933644#comment-14933644 ] 

Zameer Manji commented on AURORA-915:
-------------------------------------

On the [Aurora Roadmap|https://docs.google.com/document/d/1vyhTZSlEPeibQm2_7HK6JXOkydO0ZllZNQZ2O3cC4_0/edit] document I made a case for strict mode that [~clambert] suggested should be recorded here.

{noformat}
Right now we provide a declarative Python DSL for .aurora files. The indention is that our users declare the configuration of their jobs and use Python to reduce duplication or organize the configuration as needed.

Right now the files are just evaled() with minimal (no?) sanitation. This means that the configuration files can change sys.path, import random code, open sockets, etc.

A strict mode for configuration would prevent importing random code and only allow the include mechanism built into the DSL. This would ensure the .aurora files are more declarative than random Python code.

This also ensures that it might be possible for other tools to evaluate the config and get the same result as the user evaluating the config on their local machine.

A sketch of configuration mode might be:
* No import statements
* Input from the current system (ie current user, etc) will be provided as bindings like '{{os.user}}'
{noformat}

I believe this should be in the client to inform the user when they are violating strict mode.

> create strict mode for .aurora config
> -------------------------------------
>
>                 Key: AURORA-915
>                 URL: https://issues.apache.org/jira/browse/AURORA-915
>             Project: Aurora
>          Issue Type: Task
>          Components: Client
>            Reporter: brian wickman
>
> I propose we have a strict mode for .aurora configuration (pystachio) that prevents importing python modules (including os and sys.)  Possibly we snapshot os.environ and provide a binding helper to give access to it.  For people who need things like the current user, perhaps provide a default binding like {{\{\{system.user\}\}}} and the like.  We are getting bitten by people adding too much sophistication into .aurora configuration like full blown sys.args introspection and web clients, etc.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)