Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat: restrict builtins, aqua-ipfs, worker-spell alias [NET-551,NET-730,NET-729,NET-792] #2141

Merged
merged 16 commits into from
Mar 13, 2024

Conversation

kmd-fl
Copy link
Contributor

@kmd-fl kmd-fl commented Mar 8, 2024

Description

Forbid usage of several builtins, aqua-ipfs service and worker-spell alias.

Motivation

Only Host and Worker Spells (and a host manager) should be able to call important built-ins like Srv.create or Worker.create.

Proposed Changes

  1. Make some builtins available only to Host, Worker-Spell, and Host Manager (Here's the list of all protected builtins)
  2. Make aqua-ipfs available only to Host, Worker-Spell, and Host Manager.
  3. Allow calling services and spells worker-spell only Host and Host Manager
  4. Fix incorrect spell resubscription for workers

Additional Notes

  • We shouldn't forget to design a nice permission system when we'll be discussing nox re-design later. It's really easy to miss now an important if is_host when it's needed.

@kmd-fl kmd-fl requested review from gurinderu, folex and justprosh March 8, 2024 17:14
@kmd-fl kmd-fl added the e2e Run e2e workflow label Mar 11, 2024
@kmd-fl kmd-fl enabled auto-merge (squash) March 13, 2024 14:22
@kmd-fl kmd-fl merged commit 0f27f20 into master Mar 13, 2024
14 checks passed
@kmd-fl kmd-fl deleted the restrict-builtins branch March 13, 2024 18:03
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
e2e Run e2e workflow
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants