Work with upstream runner via JOB_RESPONSE FILE. (!211) · Merge requests · Exascale Computing Project CI / Jacamar CI

Paul Bryant requested to merge 72-payload-envparser into develop Jul 07, 2021

Important: Once merged previously patched runners will no longer function.

This commit overhauls how trusted environment varaibles are identified that can be used as job context in a range of processes. Previously specific values where patched into the runner; however, with the upcoming 14.1 release we will now be able to use the JOB_RESPONSE_FILE to view the entiertity of the JSON payload provided by the server to the runner. This context will be used to verify all required CUSTOM_ENV value are untouched by the user.

Please note that the JWT is still the primary driver for the authorization process, coupled with the JACAMAR_CI_* stateful variables. In this new workflow we have choosen to validate the potentially user influenced varaibles and only use them once they have been proven trusted. By taking this stance we ensure support across both privileged (jacamar-auth) and unprivileged (jacamar) processes.

Closes #72 (closed)

Edited Jul 13, 2021 by Paul Bryant

Work with upstream runner via JOB_RESPONSE FILE.

Merge request reports