Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat(SDM): Ability to accept Python code with config.json #165

Open
aaronsteers opened this issue Dec 10, 2024 · 0 comments
Open

feat(SDM): Ability to accept Python code with config.json #165

aaronsteers opened this issue Dec 10, 2024 · 0 comments
Assignees

Comments

@aaronsteers
Copy link
Contributor

aaronsteers commented Dec 10, 2024

We currently pass manifests to SDM in a special config key __injected_declarative_manifest.

This proposal would add three new special config keys:

  1. __injected_components_py (str): Optional. The full text of a components.py file.
  2. __injected_components_py_sha256 (str): Optional. Hash of the components.py text file. When provided, it will be validated against the __injected_components_py contents. Execution will abort if the checksum does not match.
  3. __allowed_hosts (list[str]): Optional. List of hosts to which the connector should restrict outgoing traffic. When provided, outgoing http requests will not be allowed if they are outside of these allowed hosts.

This would be backwards compatible and not requiring any new capabilities in the platform. This makes our config.json contents much larger, but otherwise it doesn't break anything or open up new vulnerabilities.

Note:

  • Note that __allowed_hosts can optionally be deprioritized and moved into a separate issue. In terms of effort, there is not much overlap in functionality between the ability to run custom code and the ability to restict network traffic. The higher priority is being able to run custom python code from SDM.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

1 participant