programming/configuration_files_proposal.md


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92

# Configuration files proposal

No one will ever agree on the ideal configuration file format.
Therefore, we should allow people to use their preferred configuration file format in all programs.

## Rough idea

Write libraries for as many languages as possible that read files like:

```
#? yaml
my configuration:
  option: value
```

```
#? json
{"my configuration": {"option": "value"}}
```

and produces a JSON string with the "parsed" input from the second line onwards.
(Or optionally, a data structure appropriate for the language that you are using.)

If your program uses this library to read configuration, then your users can write their configuration in their preferred language.

## Challenges

* How to prevent arbitrary code execution and other attacks?
* How to support as many configuration languages as possible?

## Possible solutions

Use capability-based runtimes and embed capabilities in the first line of the configuration file:

```
                                                  # Allow the specific format parser to...
+file(./**)                                       # ... read files in the same directory as the configuration file and descendants.
+hostname                                         # ... access the hostname.
+load(https://example.com/file,sha256:...,/file)  # ... download a file from the Internet and expose it to the parser.
...
```

Be able to refer to different parsers:

```
# Built-in parsers
json
yaml
...

# Parsers installed on the local system
/path/to/my/parser

# Download parsers on demand
https://example.com/foo-parser
```

## Possible implementation

Use WASM runtimes:

* They already support capabilities.
* Parsers can be distributed as WASM blobs.

Maybe use [Extism](https://github.com/extism/extism) to implement.

## Motivating examples

### Declarative CI

`.github/workflows/workflow.yaml`:

```
#? https://jsonnet.org/jsonnet.wasm +load(https://jsonnetci.com/rust.libsonnet,sha256:...,/rust.libsonnet)
local rust = import '/rust.libsonnet';

rust.github({
  'supported-archs': ['x86_64-unknown-linux-gnu', ...],
  'attach-binaries-to-releases': true,
  'upload-to-docsrs': true,
  ...
})
```

but also `.gitlab-ci.yml`:

```
#? https://jsonnet.org/jsonnet.wasm +load(https://jsonnetci.com/rust.libsonnet,sha256:...,/rust.libsonnet)
local rust = import '/rust.libsonnet';

rust.gitlab(...)
```