Cannot implement a app/driver which uses other datasources AND has external network access

Question

Cannot implement a app/driver which uses other datasources AND has external network access

cgreenhalgh opened this issue 5 years ago · 4 comments

The container manager sets container config, including environment, differently for drivers vs apps, see [getDriverConfig](https://github.com/me-box/core-container-manager/blob/master/containerManager.go#L759] and getAppConfig.

In particular, only drivers get environment variable DATABOX_STORE_URL whether or not an app has required a store, and only apps get environment variables DATASOURCE_... whether or not a driver has declared that it need datasources. For drivers, the access permissions are also not set up in the CM

Perhaps that's why some existing examples rely on DATABOX_ZMQ_ENDPOINT where they should apparently use DATABOX_STORE_URL (as an app workaround?!).

So you would think tagging it as an app would be better...
But if it tagged as an app then I believe the external whitelist is not initialised in the core network by the CM.

Answer 1 · 2019-09-05T18:10:36.000Z

There again, maybe its a feature, as it means you can't write a component that reads data from another component's datasource and sends it out to a (whitelisted) host without going via a datasource/store (i.e. splitting it into an export driver/actuator and a bridge app to link the two)

(But not setting DATABOX_STORE_URL in apps with stores is probably still a bug)

Answer 2 · 2019-09-05T20:27:48.000Z

I think the former is definitely a feature of Databox, the latter sadly is the issue with the store which has to be addressed

Answer 3 · 2019-09-05T20:43:32.000Z

To stop a driver with external access leaking data, drivers cannot read data from any store apart from the one they own. This is by design but does cause a lot of confusion and complication (combined with App not having any external access ever) as many simple use-cases need an app driver pair to perform even simple tasks. As the relationship between the driver and store is a one to one relationship it was implemented as an env var DATABOX_STORE_URL.

Apps can request access to many data sources in different stores so the store URL can and often is different for each data source. So when accessing a data source the URL is extracted from the DATASOURCE_... env var.

DATABOX_STORE_URL should only be set for Apps if they request a store. If it's not then its a bug 👍

It was on my todo list for a long time to tidy this up and move to using docker secrets to pass the config data to apps and drivers. However, it never made it to the top :-)

Answer 4 · 2019-09-09T09:46:09.000Z

OK, I think it makes sense.

Some kind of error/warning at some point prior to silently failing to access the apparently whitelisted external sites from apps would be good to have, though :-)