Comments (2)
aidanhs
commented on August 24, 2024
Does it make sense to impose a strong separation between 'core' config sections (repository, host, container) and module sections? I'm thinking that module builds should never behave intentionally differently based on core config sections.
By enforcing this separation, it becomes safer (but still not completely) to serialise module configs into the container because they simply cannot contain passwords of the user. Instead they end up containing the passwords of e.g. mysql...which a user at the other end has to know anyway.
Now, assuming module configs are serialised to the container, we can secure any potentially sensitive configs by not putting them in a module. E.g. if we have com.corp.shared_folder.shared_folder and com.corp.vcs.git_login which need common ldap credentials but shouldn't have stored, we'd put them in a section called com.corp.passwords (or even just com.corp).
If either of the modules above has a requirement to use the credentials of the current user (e.g. authenticating to use the version control system), that code would be moved out of build (which only gets run once) and into start.
Which boils down to "Store all configs in container manifest", with restrictions to remove sensitive items - as noted, the only passwords left would be passwords a user needs to know anyway.
from shutit.
ianmiell
commented on August 24, 2024
Is this still an issue with the (now-documented) config changes?
I'm aggressively closing hoping for a re-open if so.
from shutit.
Related Issues (20)
- assert failure
- ssh login crashes for "Last login:" info msg HOT 5
- Issue with spaces in cd HOT 2
- "local variable 'input' referenced before assignment" error in shutit_util.py HOT 7
- TypeError: cannot concatenate 'str' and 'function' objects HOT 2
- get_distro_info bug?
- Cannot keep connection when logged in to remote server HOT 9
- Command line args should be 'inherited' by create_session
- When not echoing, write update to terminal with no newline HOT 1
- Running shutit skeleton throws an error trying to create directory HOT 7
- shutitfile barfs on ENSURE_LINE
- Apply / make sure these are applied to shutit run
- long timeout problems?
- send_and_return_status bug HOT 2
- Can't determine Linux Distro information - Amazon Linux 2 AMI HOT 1
- Improve error message when running on an unsupported distribtution
- Add support for Manjaro Linux on install type map
- Troubleshooting tip: MacOS error for 'readline' when importing shutit HOT 2
- if i run session.send('top',echo=True,check_exit=True) in notebook how to exit?
- disk size HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from shutit.