Weeknotes 2022-01-24

, Jochen
Didn't record any programming streams last week, let's see how it'll work out in the next one.

For my podcast hosting SaaS. I need a way to deploy a new podcast. All the Unix user, database, and config file creation can be handled via fastdeploy, but there's one pretty scary part: Someone on the internet types stuff like a domain name into a web form and I have to use this user input in deployment scripts running as root on my infrastructure. For example, let's assume I'll just start an ansible playbook and pass this user input as `ansible-playbook podcast.yml --extra-vars "fqdn=foobar.example.com"` in a shell command line. It's easy to see how this might go wrong. After first using a temporary file I found out how to use sudo with environment variables. So I'm now using an environment variable to pass the user input and then validating it in the deploy script using pydantic. The start-deployment endpoint now takes an additional optional DeploymentContext which gets passed like this to the script starting the deployment process. Maybe it's not perfect but safe enough for me to stop worrying :) (probably famous last words).
 

Articles

Useful Websites

Twitter

 

Books 

 

Software 

Podcasts

Return to blog