Explicitly allow configDB keys #628

Closed
floatingghost wants to merge 9 commits from config-db-keys into develop
No description provided.
floatingghost added 3 commits 2023-08-15 11:42:23 +00:00
Remove now-unused database_config_whitelist
Some checks failed
ci/woodpecker/push/lint Pipeline was successful
ci/woodpecker/push/test Pipeline was successful
ci/woodpecker/push/build-amd64 Pipeline was successful
ci/woodpecker/push/build-arm64 Pipeline was successful
ci/woodpecker/push/docs Pipeline was successful
ci/woodpecker/pr/lint Pipeline was successful
ci/woodpecker/pr/test Pipeline failed
ci/woodpecker/pr/build-arm64 unknown status
ci/woodpecker/pr/docs unknown status
ci/woodpecker/pr/build-amd64 unknown status
d63bb3f6b1
floatingghost added 1 commit 2023-08-15 12:59:38 +00:00
Add exclusion reasons, mix task to check enabled keys
Some checks are pending
ci/woodpecker/push/build-amd64 Pipeline is pending
ci/woodpecker/push/build-arm64 Pipeline is pending
ci/woodpecker/push/docs Pipeline is pending
ci/woodpecker/push/lint Pipeline is pending
ci/woodpecker/push/test Pipeline is pending
ci/woodpecker/pr/build-amd64 Pipeline is pending
ci/woodpecker/pr/build-arm64 Pipeline is pending
ci/woodpecker/pr/docs Pipeline is pending
ci/woodpecker/pr/lint Pipeline is pending
ci/woodpecker/pr/test Pipeline is pending
6f55ca14f2
floatingghost added 1 commit 2023-08-15 13:00:45 +00:00
mix format
Some checks are pending
ci/woodpecker/push/build-amd64 Pipeline is pending
ci/woodpecker/push/build-arm64 Pipeline is pending
ci/woodpecker/push/docs Pipeline is pending
ci/woodpecker/push/lint Pipeline is pending
ci/woodpecker/push/test Pipeline is pending
ci/woodpecker/pr/lint Pipeline was successful
ci/woodpecker/pr/test Pipeline was successful
ci/woodpecker/pr/build-amd64 Pipeline was successful
ci/woodpecker/pr/build-arm64 Pipeline was successful
ci/woodpecker/pr/docs Pipeline was successful
7e1732c654
floatingghost added 3 commits 2023-08-17 10:42:28 +00:00
Add warning for config that probably shouldn't be in the DB
Some checks are pending
ci/woodpecker/push/build-amd64 Pipeline is pending
ci/woodpecker/push/build-arm64 Pipeline is pending
ci/woodpecker/push/docs Pipeline is pending
ci/woodpecker/push/lint Pipeline is pending
ci/woodpecker/push/test Pipeline is pending
ci/woodpecker/pr/build-amd64 Pipeline is pending
ci/woodpecker/pr/build-arm64 Pipeline is pending
ci/woodpecker/pr/docs Pipeline is pending
ci/woodpecker/pr/lint Pipeline is pending
ci/woodpecker/pr/test Pipeline is pending
16512acc3b
floatingghost added 1 commit 2023-08-17 11:19:41 +00:00
Add a final few DB exclusion reasons
Some checks are pending
ci/woodpecker/push/build-amd64 Pipeline is pending
ci/woodpecker/push/build-arm64 Pipeline is pending
ci/woodpecker/push/docs Pipeline is pending
ci/woodpecker/push/lint Pipeline is pending
ci/woodpecker/push/test Pipeline is pending
ci/woodpecker/pr/build-amd64 Pipeline is pending
ci/woodpecker/pr/build-arm64 Pipeline is pending
ci/woodpecker/pr/docs Pipeline is pending
ci/woodpecker/pr/lint Pipeline is pending
ci/woodpecker/pr/test Pipeline is pending
15aa62f178
Contributor

Whitelisting settings definitely makes sense to me. I agree with the idea that a sysadmin is not the same as an instance admin, and thus it makes sense to me to keep certain settings away from an instance admin (And I don't see much reason to have sysadmin settings in the db since they should generally not change much or at all).

But now we have configs in

  • config/config.exs
  • config/description.exs
  • lib/pleroma/config/configurable_from_database.ex

If I understand correctly, config/description.exs is used to tell admin-fe what configs can be set. Can't that be used/considered as a whitelist? (Unless config/description.exs is supposed to become deprecated while moving more settings to akkoma-fe, but I'm unsure if deprecating this is a long term plan.)

I do wonder why db_exclusion_reason is a thing 🤔 Why add settings there, just to say they are excluded 🤷‍♀️ Maybe just to make the reasoning clear, idk. Or maybe it does more than I assume it does...

Whitelisting settings definitely makes sense to me. I agree with the idea that a sysadmin is not the same as an instance admin, and thus it makes sense to me to keep certain settings away from an instance admin (And I don't see much reason to have sysadmin settings in the db since they should generally not change much or at all). But now we have configs in * config/config.exs * config/description.exs * lib/pleroma/config/configurable_from_database.ex If I understand correctly, `config/description.exs` is used to tell admin-fe what configs can be set. Can't that be used/considered as a whitelist? (Unless `config/description.exs` is supposed to become deprecated while moving more settings to akkoma-fe, but I'm unsure if deprecating this is a long term plan.) I do wonder why `db_exclusion_reason` is a thing 🤔 Why add settings there, just to say they are excluded 🤷‍♀️ Maybe just to make the reasoning clear, idk. Or maybe it does more than I assume it does...
ilja reviewed 2023-08-17 14:09:03 +00:00
@ -0,0 +3,4 @@
# Basically it's silly to let this be configurable
# set a list of things that we can set in the database
# this is mostly our stuff, with some extra in there
Contributor

The first line of this comment makes sense in the scope of this PR, but not for someone looking at the code as-is. I would remove that line.

I'm not sure what's meant in the last line with "our stuff", so maybe that should also be removed, or clarified?

The first line of this comment makes sense in the scope of this PR, but not for someone looking at the code as-is. I would remove that line. I'm not sure what's meant in the last line with "our stuff", so maybe that should also be removed, or clarified?
floatingghost closed this pull request 2023-12-11 10:16:38 +00:00
Some checks are pending
ci/woodpecker/push/build-amd64 Pipeline is pending
ci/woodpecker/push/build-arm64 Pipeline is pending
ci/woodpecker/push/docs Pipeline is pending
ci/woodpecker/push/lint Pipeline is pending
ci/woodpecker/push/test Pipeline is pending
ci/woodpecker/pr/build-amd64 Pipeline is pending
ci/woodpecker/pr/build-arm64 Pipeline is pending
ci/woodpecker/pr/docs Pipeline is pending
ci/woodpecker/pr/lint Pipeline is pending
ci/woodpecker/pr/test Pipeline is pending

Pull request closed

Sign in to join this conversation.
No description provided.