Limit imported interfaces for composed components #83
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Components that are directly composed will never use any virtualized interface that it does not already import. Virtualizing additional interfaces limits the compatibility of the resulting component as it places an additional requirement on the host environment to satisfy each import, used or not. We now inspect the composed component to match the interfaces it imports with the virtualized capabilities. If the composed component does not import the respective interface the resulting component will not virtualize that interface. In effect, use of `--allow-all` will behave as if the caller specifically approved the interfaces actually used. The granularity of filtered imports is coarse. Interfaces that support a consumed capability may still appear as imports even if the composed component does not consume them explicitly. Signed-off-by: Scott Andrews <[email protected]>
|
@guybedford I had a couple false starts trying to make the filtering much more granular. As is, it follows the coarseness of the existing options. A more granular approach may still be useful, but this is simpler and resolves my concerns. |
guybedford
reviewed
Aug 27, 2024
- move filtering to be a separate method from finalize - perform composition in finalize when compose is requested - update readme Signed-off-by: Scott Andrews <[email protected]>
|
Looks great, thanks for adding this! |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Components that are directly composed will never use any virtualized interface that it does not already import. Virtualizing additional interfaces limits the compatibility of the resulting component as it places an additional requirement on the host environment to satisfy each import, used or not.
We now inspect the composed component to match the interfaces it imports with the virtualized capabilities. If the composed component does not import the respective interface the resulting component will not virtualize that interface. In effect, use of
--allow-allwill behave as if the caller specifically approved the interfaces actually used.The granularity of filtered imports is coarse. Interfaces that support a consumed capability may still appear as imports even if the composed component does not consume them explicitly.
Refs #82 (comment)