New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Prevent execution of ddev config
in the wrong directory
#5493
Comments
I have done this many times. I do it in the ~/workspace/ddev folder periodically because I'm working on DDEV code and am in the wrong window. My problem is typically doing it with More thoughts about how this would work? I don't think we could encourage most of the people that need it to use it, and experienced users already know exactly what happened, and novices wouldn't know how to configure it... If you use
But sometimes you don't see that and don't realize that your config didn't work. |
ddev config
can accidentally be done in the wrong directory, how to prevent that?
Thanks for sharing, and we are probably not the only two who have done this, but it is slightly embarrassing to admit ... :-) And thanks for updating the title, it's more precise now. It also made me realize that we don't need to keep an eye on a lot of commands, only
I think I haven't tried that yet, pure luck? I am not sure how to prevent it ... And also, like you ask, might there be a use case for allowing it? Anyway, for me having a whitelist of folder(s) would be a great start, and help in using DDEV, by preventing errors by blocking all folders, except those I define. So sub-folders can maybe be dealt with in a follow up issue? About defining the rule in plain speech, I see it as "Only allow running
How it could look in
The https://github.com/ddev/ddev/blob/master/pkg/ddevapp/config.go#L67-L70 Maybe the |
Yes, it could be added to that check. I think this would help me. I'm not sure it would help the general population. It would help you :) Interested in trying a PR? There are a number of PRs out there that update global config... |
Heh, yes it could help us :) I have no experience with Go, so I am probably not able to create a PR, sadly ... |
So...... this actually just happened to me :D (exactly the same thing) It was on a I am curious and I think you mentioned it at some point, but why are we wiping everything on composer create-project.. I'd think there's a way to do what composer create does without that so dangerous step. |
Only if this encourages you, I had no experience with Go either but it wasn't too hard to pick up. |
Why not just doing the creation on the temp folder and then simply copy over the files.. if you wanna go "clean", do a removal of only the files and directories that were created by the composer-create command.. .but honestly, I don't see the need of running a create-project command on a non-empty ddev project. Another opinionated approach, much safer, is to the same validation that composer does when you try to do it on an empty directory:
Only that what ddev considers empty is a folder with just a .ddev directory and nothing else. Maybe also an empty configured webroot if you happened to use I don't think ddev should be in a position where it can accidentally remove unwated thing, even if it's a user error. |
Related:
That approach has potential could easily result in completely incorrect set of files. Imagine an existing vendor directory with "whatever" in it. Then you build new project and copy all the new stuff in there.
That means that the .ddev, .tarballs, and .git directory couldn't exist, right? |
I am working on a PR |
That sounds like a pragmatic approach.
I do agree with that. |
ddev config
can accidentally be done in the wrong directory, how to prevent that?ddev config
in the wrong directory
No, I meant that ddev can validate the emptyness of where it's running create-project, about to send a PR, actually quite happy with it. It avoids restarting ddev and all that. |
But it already does create an empty directory for the installation, then copies that to the project directory. (But I do think we're getting somewhere with this conversation!) |
@rfay following up from #5499 (comment)
I wonder if without composer create doing any removing this is too important. This works the same as most |
It definitely has messed me up at the confusion level. I use ~/workspace as base for projects. If I accidentally Also, All commands other than |
I'd expect Then I am not sure if you should validate running ddev config inside a directory. I agree it's likely never wanted. Maybe instead of an error prompt for a warning.. it's something so rare. |
It does start the closest. |
One way this could be partially addressed is for |
It works well, thanks @hanoii! There is no removal of files if I create a Drupal 10 project, go up one level, start another DDEV project, and from that folder run I ran the command from this folder, which already has a project in it:
The
I verified the already existing Drupal 10 installation, and it is still there and works well. |
I remain convinced that we should try to deal with the basic problem described here, accidental The destructive behavior is definitely the case where you do a @gitressa thanks so much for reviewing! It would be more useful if you reviewed in the PR though. So reviewing in #5499 would be more effective communication, and I know you're all about effective communication! |
I also tried with just a folder with a single file in it, and that also blocked the command from running, as desired:
|
Sure @rfay, I'll comment in the PR :-) |
…5499) Co-authored-by: Randy Fay <randy@randyfay.com>
Fixed in #5499, thanks! |
@gitressa let's keep this one open as I think it's still valid as far what @rfay steered it to. For that matter, I would expect this to work pretty much like npm:
So I would do the same here:
|
ddev config
in the wrong directoryddev composer create
You can unsubscribe from this issue if you are not longer interested on the bigger scope of it. |
No no, I just thought that the PR was fixing this issue, just with another method. I'll revert the title.
Just the opposite, I am very interested :) |
ddev composer create
ddev config
in the wrong directory
The issue summary can probably be updated I think if we want to keep this issue open with the bigger scope, probably something for @rfay to do if he want and can, I can't |
Feel free to post it here, and I can add it ... or perhaps you can be granted permissions to edit issue summaries? |
Yes, I would still like to solve the original problem, because although I've never been bitten by the catastrophic |
@gitressa had the catastrophic problem too! It is the issue summary after all! |
So glad that can't happen any more. Thanks so much for taking on this initiative. |
@rfay what about this idea? |
I think this might be just right, but of course it doesn't solve my problem, which is typically executing it in ~/workspace (the directory where I keep all my projects). But
I believe this is already the case. |
Ah ok
No, now detects it and prevents from running. I am saying that this should be allowed. |
Agreed, as long as it operates on the parent project. |
I am saying the opposite. I would expect it work exactly as |
It would be easy to create one by just manually creating a .ddev/config.yaml as well, if people want that.. Good conversation! |
I still feel strongly about the above, and I have another suggestion which you will probably hate (or not :)):
If you don't like two as it means changing something so hardcoded in ddev mindset you can continue to leave it as is and allow both commands to co-exist for some time but update the docs to refere to this new command for new projects. If you do 2, however, you are, by escence, fixing this issue, you cannot run ddev config in the wrong directory anymore. |
How about None of these solve my biggest problem, which is configuring in the ~/workspace/ddev or ~/workspace, just places I don't want them. I don't think we're going to find a solution to those necessarily. I actually could use a |
the thing with init or allowing config in any directory, is that even if you end up configuring a project in the workspace dir, it won't cause any harm. Again, same as git init. You are in /workspace/a and run git init, and then you run git init in /workspace, you can continue doing git init in /workspace/b without much hindrance |
It already doesn't do "harm" in my case. Just confusion. |
Is there an existing issue for this?
Is your feature request related to a problem?
The other day I was creating a new DDEV instance using the
ddev composer create
command.I wasn't concentrating (I know, bad move) and accidentally didn't enter the folder I had just created for this purpose. These should have been the steps:
Except, I got distracted and skipped the
cd drupal10
step ...I quickly hit "Enter" through the prompts from the
ddev config
andddev composer create
commands, which looked all right. But since I wasn't in~/dev/drupal10
, but instead in the~/dev
folder, where all my projects are (around 15) they were almost all deleted, until the process got stopped by a write-only folder.Yes I know, I should have double checked the prompts.
Describe your solution
It would be awesome if it was possible to designate folders, where DDEV will gladly run project commands such as
ddev composer create
(i.e. those where you can get acould not find a project
message) and reject them elsewhere.ddev list
and similar commands which doesn't alter anything should still be allowed from any folder.We only need to check for
ddev config
, since without a.ddev
sub-folder present, no file altering commands will run, but simply return a "Failed to get project(s): could not find a project in /home/username.".For example, I only ever run DDEV commands in project sub-folders within a development folder called
~/dev
(/home/username/dev
), such as/home/username/dev/drupal10
.So a rule could be, to only allow DDEV to execute file altering commands in sub-folders of
~dev
with the pattern/home/username/dev/*
.Meaning: Only allow running
ddev config
from for example/home/username/dev/drupal10
Everywhere else, for example
/home/username/dev
or/home/username
you get a message like this:Defining the rule in plain speech: "Only allow running
ddev config
from these folders". Since there can be more than one, it should probably be an array, like this:allow_ddev_config: ["/home/rfay/workspace/*", "/tmp/*"]
How it could look in
.ddev/global_config.yaml
:The
ddev config
command already checks if it is run from the home folder, which it doesn't allow and returns the message "could not create new config: ddev config is not useful in your home directory (/home/username)".https://github.com/ddev/ddev/blob/master/pkg/ddevapp/config.go#L67-L70
Maybe the
allow_ddev_config
setting can be added similarly?Describe alternatives
No response
Additional context
No response
The text was updated successfully, but these errors were encountered: