feature: Support configuring an allow-list for passing environment variables to a plugin's runtime #8867
Description
Feature scope
CLI (options, error messages, logging, etc.)
Description
Since Meltano plugins can execute arbitrary code, users might desire to limit what they can read from the environment.
The main inspiration for this sort of feature comes to me from Tox's pass_env. Another very useful thing that Tox documents is a table of variables that are always passed to ensure basic functionality:
Environment Variable |
Linux |
MacOS |
Windows |
|---|---|---|---|
https_proxy |
✅ |
✅ |
✅ |
http_proxy |
✅ |
✅ |
✅ |
no_proxy |
✅ |
✅ |
✅ |
LANG |
✅ |
✅ |
✅ |
LANGUAGE |
✅ |
✅ |
✅ |
CURL_CA_BUNDLE |
✅ |
✅ |
✅ |
SSL_CERT_FILE |
✅ |
✅ |
✅ |
CC |
✅ |
✅ |
✅ |
CFLAGS |
✅ |
✅ |
✅ |
CCSHARED |
✅ |
✅ |
✅ |
CXX |
✅ |
✅ |
✅ |
CPPFLAGS |
✅ |
✅ |
✅ |
LD_LIBRARY_PATH |
✅ |
✅ |
✅ |
LDFLAGS |
✅ |
✅ |
✅ |
HOME |
✅ |
✅ |
✅ |
FORCE_COLOR |
✅ |
✅ |
✅ |
NO_COLOR |
✅ |
✅ |
✅ |
TMPDIR |
✅ |
✅ |
❌ |
TEMP |
❌ |
❌ |
✅ |
TMP |
❌ |
❌ |
✅ |
USERPROFILE |
❌ |
❌ |
✅ |
PATHEXT |
❌ |
❌ |
✅ |
MSYSTEM |
❌ |
❌ |
✅ |
WINDIR |
❌ |
❌ |
✅ |
APPDATA |
❌ |
❌ |
✅ |
PROGRAMDATA |
❌ |
❌ |
✅ |
PROGRAMFILES(x86) |
❌ |
❌ |
✅ |
SYSTEMDRIVE |
❌ |
❌ |
✅ |
SYSTEMROOT |
❌ |
❌ |
✅ |
COMSPEC |
❌ |
❌ |
✅ |
PROCESSOR_ARCHITECTURE |
❌ |
❌ |
✅ |
NUMBER_OF_PROCESSORS |
❌ |
❌ |
✅ |
PIP_* |
✅ |
✅ |
✅ |
VIRTUALENV_* |
✅ |
✅ |
✅ |
NETRC |
✅ |
✅ |
✅ |
Activity