Replies: 2 comments
-
hehe, so that comment is in the When I warn operators to be cautious, it's NOT because pypyr or any of the pipelines or pypyraws is doing anything malicious/bad/dangerous/flaky. It's because, like you say @blaisep, you should be careful with running example code in a "serious" environment. For example, here is an example that interacts with aws: https://github.com/pypyr/pypyr-example/blob/main/pipelines/aws-s3.yaml The pipeline shows how to upload, download files with/without encryption. Now, if you already have a file But still, as a responsible maintainer I can't be glib and hand-wave away that you could theoretically end up overwriting something you didn't mean to. Thus, warnings all over the place not to run example code that could be overwriting/updating settings/files in production. :-) Similarly, this is why the warnings to remember to delete/clean-up test artefacts so that operators don't get surprise bills. It's not that pypyr is doing anything wrong, it's more to be sure a pipeline author doesn't forget. The risk matrix is an interesting idea! In this case I maybe over-described the risk, because I really don't want, however obliquely, to contribute to someone unthinkingly doing something that inadvertently overwrites something they didn't mean to. |
Beta Was this translation helpful? Give feedback.
-
To answer the question in the title of your post: it's dangerous only in the same sense that any arbitrary python is dangerous - pypyr is a power-tool, like any scripting language. You can of course code it to do whatever you want - and this might well include doing dangerous and controversial things like |
Beta Was this translation helpful? Give feedback.
-
I noticed the comment:
Describing risks:
I also wonder if there is some benefit to include a few fields like:
- maturity (0- no measurement, 1-history, 2- used as part of a larger construct)
- confidence (eg. the ratio of bugs to releases, or maybe the degree of reproducibility/flakiness)
- risk vectors (eg. non-idempotent, mutable, visible secrets)
similar to how we have a test coverage metric.... or how we think about computational complexity?
Beta Was this translation helpful? Give feedback.
All reactions