[
https://issues.apache.org/jira/browse/AURORA-915?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14217802#comment-14217802
]
Tom Dunham commented on AURORA-915:
-----------------------------------
You mention in the description that people are doing sys.args introspection,
presumably for the purpose of passing arguments to their jobs. Will strict mode
provide a way to do this safely? (By safely I mean that args passed to the
config can be relied on not to clash with args passed to the command line).
Possibly this need would be met with documentation of the -E option, I'm not
sure.
> create strict mode for .aurora config
> -------------------------------------
>
> Key: AURORA-915
> URL: https://issues.apache.org/jira/browse/AURORA-915
> Project: Aurora
> Issue Type: Task
> Components: Client
> Reporter: brian wickman
>
> I propose we have a strict mode for .aurora configuration (pystachio) that
> prevents importing python modules (including os and sys.) Possibly we
> snapshot os.environ and provide a binding helper to give access to it. For
> people who need things like the current user, perhaps provide a default
> binding like {{\{\{system.user\}\}}} and the like. We are getting bitten by
> people adding too much sophistication into .aurora configuration like full
> blown sys.args introspection and web clients, etc.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
