Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add caution for no migration file creation inside the containers. #8

Open
alexdeathway opened this issue May 12, 2024 · 8 comments
Open

Add caution for no migration file creation inside the containers. #8

alexdeathway opened this issue May 12, 2024 · 8 comments

Comments

@alexdeathway
Copy link
Owner

No description provided.

@alexdeathway alexdeathway changed the title Add caution for no migration file creation inside the docker. Add caution for no migration file creation inside the containers. May 12, 2024
@CodeStrate
Copy link

@alexdeathway can you elaborate on the issue?

@alexdeathway
Copy link
Owner Author

@CodeStrate The issue with third-party apps being unable to create migration files within the container is due to security restrictions, similar to the problem lqez/django-summernote#492.

There are two ways to address this issue:

  1. Avoid creating migration files within the container.
  2. Use a virtual environment to install and manage dependencies, ensuring they reside in a permissive working directory.

This issue involves raising an exception to inform developers about the first case.

@CodeStrate
Copy link

So if I try to make migrations I should be warned that I can not?

@alexdeathway
Copy link
Owner Author

You can create migrations, but issues arise when migrations for third-party apps are involved. However, the likelihood of this occurring is very slim, as I believe this happened because the third-party app was not actively maintained.

I have encountered this issue only once, but I am documenting it here for future reference in case someone else faces a similar situation.

@CodeStrate
Copy link

So let me get this straight, when we talk migrations in this context it means db correct?

So you're saying I can do it, but third party migrations may be an issue, i.e. if we use anything other than sqlite?

@alexdeathway
Copy link
Owner Author

Just as you create migration files using python manage.py makemigrations , third-party packages can sometimes need to create migration files as well. This can lead to issues if the user executing the command does not have permission to create files, resulting in a PermissionError: [Errno 13] Permission denied: because the migration file cannot be created in the container.

The reason we do not grant the user in the container sufficient privileges is that it could lead to significant security issues if the container is compromised by a malicious actor.

@CodeStrate
Copy link

@alexdeathway how do you propose we should solve it? We can either :

  • Add warnings when user uses python manage.py makemigrations but that means, we may need to also restrict migrating via migrate
  • Or disable these commands entirely inside the container

@MrARwho
Copy link

MrARwho commented Oct 26, 2024

@alexdeathway

  • can we raise a warning when user tries makemigration to something like letting them know to run the makemigration command locally

  • copy the created migration files into the container

  • apply migration inside the container

if you agree to the solution can u assign me the issue ?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@alexdeathway @CodeStrate @MrARwho