Closed psss closed 2 months ago
In addition to the command line option, environment variable TMT_FEELING_SAFE should be implemented to allow users to enable this behaviour by default. This should probably include a warning, as such setting might be dangerous.
Not sure about the warning part, e.g. if it's run in a CI environment.
Would it make sense to also implement something like --feeling-paranoid which would override the environment variable above (or future user configuration), in order to make tmt run command safe regardless the environment or config?
Lol, that would be fun :+1:
Would it make sense to also implement something like --feeling-paranoid which would override the environment variable above (or future user configuration), in order to make tmt run command safe regardless the environment or config?
Lol, that would be fun 👍
Having a kill switch like this would be nice, exactly for CI systems: when set, no matter what the user sets in plans or environment, unsafe actions would remain disabled.
Yes, I agree in CI we would set the paranoid flag
In addition to the command line option, environment variable TMT_FEELING_SAFE should be implemented to allow users to enable this behaviour by default. This should probably include a warning, as such setting might be dangerous.
Not sure about the warning part, e.g. if it's run in a CI environment.
Ah, probably just a wrong wording on my side? I meant that the description of the newly added environment variable TMT_FEELING_SAFE
should include a warning that setting this option in user environemnt means enabling the possible unsafe behaviour by default and can be dangerous. Does that make sense?
In order to make the
tmt run
command always safe to execute, even when entering an unkown repository, we should refuse to execute plan withprovision --how local
to prevent executing arbitrary code on user laptop.As some users might already use this in their automation the decision from the hacking session is to start showing a warning since
1.35
and refuse to execute such plans in latertmt
version. Let's give it roughly three months and add a hard stop in1.38
or so?In addition to the command line option, environment variable
TMT_FEELING_SAFE
should be implemented to allow users to enable this behaviour by default. This should probably include a warning, as such setting might be dangerous.Would it make sense to also implement something like
--feeling-paranoid
which would override the environment variable above (or future user configuration), in order to maketmt run
command safe regardless the environment or config?