Skip to content
This repository has been archived by the owner on Jun 6, 2024. It is now read-only.

add job Envs #1544

Merged
merged 5 commits into from
Oct 26, 2018
Merged

add job Envs #1544

merged 5 commits into from
Oct 26, 2018

Conversation

hao1939
Copy link
Contributor

@hao1939 hao1939 commented Oct 17, 2018

fix #1527.

@hao1939 hao1939 requested a review from Gerhut October 17, 2018 09:13
@coveralls
Copy link

Coverage Status

Coverage decreased (-0.01%) to 51.62% when pulling 86b140a on hao/job_envs into 0bb43fc on master.

@coveralls
Copy link

coveralls commented Oct 17, 2018
edited
Loading

Coverage Status

Coverage increased (+0.04%) to 51.671% when pulling 51b6bac on hao/job_envs into 0b9f008 on master.

@hao1939
Copy link
Contributor Author

hao1939 commented Oct 18, 2018

The UI looks like below:
image

Gerhut
Gerhut reviewed Oct 19, 2018
View reviewed changes
src/rest-server/src/models/job.js
if (data.jobEnvs) {
for (let key in data.jobEnvs) {
if (data.jobEnvs.hasOwnProperty(key)) {
jobEnvs = jobEnvs.concat(key, '=', data.jobEnvs[key], '\n');
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

No encode needed?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

There are indeed injection risks, javascript injection and bash injection.
I will take more investigation.

Copy link
Contributor Author

@hao1939 hao1939 Oct 24, 2018
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It's some kind of complicated.
We pass the env.list to docker command, which would quote.
https://github.com/Microsoft/pai/blob/4491119258197ccd6700f295b3ff518ed4a83c81/src/rest-server/src/templates/yarnContainerScript.mustache#L277

So if we quote it with single/double quote, the value would corrupt, as below:

hayua@stcvl-131:~$ cat env.list
double_quote="with double quote"
single_quote='with single quote'
hayua@stcvl-131:~$ sudo docker run -it --env-file env.list ubuntu env |grep quote
double_quote="with double quote"
single_quote='with single quote'

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hi @Gerhut,
Now the "env list' was passing to 'docker run', which would take care of 'encoding and escaping'.
We should pass it as it is.

@hao1939 hao1939 merged commit d0b9ed4 into master Oct 26, 2018
@hao1939 hao1939 deleted the hao/job_envs branch October 26, 2018 12:50
fanyangCS
fanyangCS reviewed Oct 26, 2018
View reviewed changes
Copy link
Contributor

@fanyangCS fanyangCS left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Do we have documentation for this feature?

@hao1939
Copy link
Contributor Author

hao1939 commented Oct 29, 2018

Not yet, I will add doc.

@fanyangCS fanyangCS mentioned this pull request Jan 3, 2019
Closed
@hao1939 hao1939 mentioned this pull request Jan 8, 2019
Closed
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@fanyangCS fanyangCS fanyangCS left review comments

@Gerhut Gerhut Gerhut approved these changes

@wangcan0329 wangcan0329 Awaiting requested review from wangcan0329

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Feature request: support job parameters
4 participants
@hao1939 @coveralls @Gerhut @fanyangCS