Should support for passwords in configurations be dropped in 2.0?
bdice opened this issue · 2 comments
Feature description
A large portion of the code in signac/common/validate.py and signac/common/config.py is dedicated to handling passwords in configuration files. We have deprecated and dropped support for external MongoDB databases, which was the original use case for handling passwords. No other part of the signac.rc configuration contains user secrets.
If we drop the default [hosts] section of signac.rc, then we can remove a lot of unused/untested code (see coverage of config.py and coverage of validate.py).
I created this issue to open discussion about a few questions:
- Will we ever want to store user secrets in the
signac.rcfile again in the future? - If so, should we keep this code?
Proposed solution
Two possibilities:
-
We remove the
[hosts]section from the validator, increment the schema version, and create a migration that will remove[hosts](with a user warning) if it exists. This way we ensure that any user secrets are purged from thesignac.rcfile. -
We remove the
[hosts]section from the validator, which would treat it as a "user defined section" for any existing projects and leave any user secrets in the file. If we remove this section from the validator without requiring a migration, I'm not sure if this requires a schema version bump.
In developer meeting, we decided on option 2. We'll remove the [hosts] section from the validator and remove all the corresponding validation / password handling code. We won't attempt to migrate (remove [hosts] from) user configuration files. Technically, this might require a schema version bump. @vyasr plans to bump the schema version with some other changes he's working on, so we're going to just change the schema temporarily and then bump the schema version later before releasing 2.0 since no migration will be necessary for this change.