Skip to content

Sandbox Improvements #219

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 6 commits into from
Dec 2, 2022
Merged

Sandbox Improvements #219

merged 6 commits into from
Dec 2, 2022

Conversation

@cretz
Copy link
Member

@cretz cretz commented Dec 2, 2022
edited
Loading

What was changed

  • Fix issue with isinstance and issubclass in sandbox
    • Made them be thread-local during sandbox run and if in sandbox, make sure to unwrap their parameters before running
  • Properly resolve relative imports to their full names for checking against passthrough/restrictions
  • Add with workflow.unsafe.imports_passed_through(): context manager for easier passthrough
  • Change SandboxRestrictions.passthrough_modules to be a simple set of strings instead of the unnecessary full sandbox matcher used by other restrictions (💥 technically a breaking change in a marked-unstable API area)
  • Added SandboxRestrictions.with_passthrough_modules helper to add passthrough modules to the immutable restriction set
  • Did hack to make subclasses of restricted/proxy types at lease load. They still don't work if used though.
  • Mark Pydantic datetime issue as a known issue
  • Clarified passthrough module customization in README

Checklist

  1. Closes [Bug] Fix README to use workflow_runner instead of runner in sandbox examples #203
  2. Closes [Feature Request] Make it easier to pass through third party modules #204
  3. Relates to [Bug] SandboxWorkflowRunner doesn't use correct Pydantic field types in some cases #207
  4. Closes [Bug] Sandbox importer not respecting relative levels for pass through #208
  5. Closes [Bug] Sandboxed classes should be able to extend restricted classes #210
  6. Closes [Bug] Importing gevent causes sandbox errors #216

@cretz cretz requested a review from a team December 2, 2022 16:38
@cretz cretz mentioned this pull request Dec 2, 2022
Closed
@cretz cretz merged commit cc679b9 into temporalio:main Dec 2, 2022
@cretz cretz deleted the sandbox-updates1 branch December 2, 2022 21:13
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@bergundy bergundy bergundy approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

2 participants

@cretz @bergundy