-
Notifications
You must be signed in to change notification settings - Fork 205
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Enhance import-ses
to sniff environment variables.
#2757
Conversation
Note to reviewers: Be sure to check "Hide whitespace changes" |
83a6eab
to
6018478
Compare
I suspect the environment variable is the most ergonomic approach, but I'll think out loud about the other options might be. I see two use cases. The first is unit test programs, when I've seen a test fail, but the normal lockdown options are interfering with the output and I'm happy to turn off security for the sake of debugging. I want to temporarily change the options. It's not a big deal for me to edit a line of code, as long as I can find it, and I've already got the test program open in my editor. So changing a top-level import from one The second is production tools like Plus, it's annoying to write an application that can sense an Having the imported library silently examine (and, eek, mutate) Having the imported library silently examine On the whole, I can't think of a better way to implement this than the environment variable. The next runner up would be for a different library ( So yeah, sorry, I can't think of a good reason to talk you down from this :). |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Can't think of anything better.
The only improvement I can think of, and it might be less usable so don't take it too seriously, would be to have two distinct imports. One ignores process.env
, and has a short default-ish name (like install-ses
). The other pays attention, and reminds the caller of that in the name (like install-ses-get-options-from-envvars
or something). That might serve to remind the reader that something non-obvious is going on during the import. I can't decide if that's worth the extra length (and bikeshedding over the specific name).
Verbal discussion with @warner clarified This change only relates to those that import Also, @warner and I agreed to go ahead with this approach but with an additional logging that such sniffing happened. |
Fixes endojs/endo#578
by surrendering to environment variables.
No automates tests, but I did hand check it. If there is a straightforward was to
add an automated test, please let me know. Otherwise let's do that in another
PR.
From the new NEWS.md:
The
@agoric/import-ses
package exists so the "main" of production code canstart with the following import or its equivalent.
But production code must also be tested. Normal ocap discipline of passing
explicit arguments into the
lockdown
call would require an awkward structuring of start modules, since
the
install-ses
module callslockdown
during its initialization,before any explicit code in the start module gets to run. Even if other code
does get to run first, the
lockdown
call in this module happens duringmodule initialization, before it can legitimately receive parameters by
explicit parameter passing.
Instead, for now,
install-ses
violates normal ocap discipline by featuretesting global state for a passed "parameter". This is something that a
module can but normally should not do, during initialization or otherwise.
Initialization is often awkward.
The
install-ses
module tests, first,for a JavaScript global named
LOCKDOWN_OPTIONS
, and second, for an environmentvariable named
LOCKDOWN_OPTIONS
. If either is present, its value should bea JSON encoding of the options bag to pass to the
lockdown
call. If so,then
install-ses
callslockdown
with those options. If there is no suchfeature,
install-ses
callslockdown
with appropriate settings forproduction use.