Skip to content

[gp] Allow update of existing user-scoped env vars #20193

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 2 commits into from
Sep 11, 2024
Merged

[gp] Allow update of existing user-scoped env vars #20193

merged 2 commits into from
Sep 11, 2024

Conversation

geropl
Copy link
Member

@geropl geropl commented Sep 9, 2024
edited
Loading

Description

This PR does two things:

  • drops references to the long-deleted API call getEnvVars
  • introduces a new flag --scope=[user|repo] to allow update on already existing user-scoped environment variables

###Discussion:
Permissions on environment variables are delicated, as they touch on the "workspace as trust boundary" principle. So far we have been very careful do not allow any cross-repository/-workspace "cross-talk" on the API level.

I still feel the slight expansion to update existing, globally-visible env vars make sense.
Alternatively, we could introduce a property "globally writable" on env vars, to make this even more explicit. WDYT?

Related Issue(s)

Fixes ENT-529

How to test

gitpod /workspace/bel (master) $ gp env
gitpod /workspace/bel (master) $ gp env WS_ENV=test
WS_ENV=test
gitpod /workspace/bel (master) $ gp env --scope=user USER_ENV=test
jsonrpc2: code 403 message: operation not permitted: missing create permission on envVar
  • the the user env var in the UI with value "something"
gitpod /workspace/bel (master) $ gp env --scope=user USER_ENV=test
USER_ENV=test
gitpod /workspace/bel (master) $ gp env
USER_ENV=test
WS_ENV=test

Documentation

Preview status

gitpod:summary

Build Options

Build
  • /werft with-werft
    Run the build with werft instead of GHA
  • leeway-no-cache
  • /werft no-test
    Run Leeway with --dont-test
Publish
  • /werft publish-to-npm
  • /werft publish-to-jb-marketplace
Installer
  • analytics=segment
  • with-dedicated-emulation
  • workspace-feature-flags
    Add desired feature flags to the end of the line above, space separated
Preview Environment / Integration Tests
  • /werft with-local-preview
    If enabled this will build install/preview
  • /werft with-preview
  • /werft with-large-vm
  • /werft with-gce-vm
    If enabled this will create the environment on GCE infra
  • /werft preemptible
    Saves cost. Untick this only if you're really sure you need a non-preemtible machine.
  • with-integration-tests=all
    Valid options are all, workspace, webapp, ide, jetbrains, vscode, ssh. If enabled, with-preview and with-large-vm will be enabled.
  • with-monitoring

/hold

@geropl geropl requested review from a team as code owners September 9, 2024 14:00
@geropl geropl changed the title Gpl/529 scope user [gp] Allow update of existing user-scoped env vars Sep 9, 2024
@geropl
Copy link
Member Author

geropl commented Sep 9, 2024

@filiptronicek If you have some spare time, would ❤️ a review on this one!

filiptronicek
filiptronicek approved these changes Sep 10, 2024
View reviewed changes
Copy link
Member

@filiptronicek filiptronicek left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Code looks great and seems to work just fine in the preview environment. Left one minor comment, thanks!

components/gitpod-cli/cmd/env.go
}

type connectToServerOptions struct {
supervisorClient *supervisor.SupervisorClient
wsInfo *api.WorkspaceInfoResponse
log *log.Entry

setEnvScopeUser bool
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think this would be nicer if we just passed down the scope instead of this boolean, we can reuse the envScope type.

@geropl
Copy link
Member Author

geropl commented Sep 11, 2024

/unhold

@roboquat roboquat merged commit d3eccd0 into main Sep 11, 2024
59 checks passed
@roboquat roboquat deleted the gpl/529-scope-user branch September 11, 2024 06:57
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@filiptronicek filiptronicek filiptronicek approved these changes

Assignees
No one assigned
Labels
size/L team: team-enterprise team: team-experience
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@geropl @filiptronicek @roboquat