-
Notifications
You must be signed in to change notification settings - Fork 3.4k
enable immutable installation of azure-cli #28093
Copy link
Copy link
Open
Labels
Auto-AssignAuto assign by botAuto assign by botAzure CLI TeamThe command of the issue is owned by Azure CLI teamThe command of the issue is owned by Azure CLI teamInstallationPM Attentionact-platform-engineering-squadcustomer-reportedIssues that are reported by GitHub users external to the Azure organization.Issues that are reported by GitHub users external to the Azure organization.feature-request
Milestone
Metadata
Metadata
Labels
Auto-AssignAuto assign by botAuto assign by botAzure CLI TeamThe command of the issue is owned by Azure CLI teamThe command of the issue is owned by Azure CLI teamInstallationPM Attentionact-platform-engineering-squadcustomer-reportedIssues that are reported by GitHub users external to the Azure organization.Issues that are reported by GitHub users external to the Azure organization.feature-request
Is your feature request related to a problem? Please describe.
In some situations, it is desired to install software in an immutable way, so that its behavior cannot be changed during at runtime. For example there are distros that are immutable for security and reproducibility reasons (e.g. NixOS). For such distributions, parts or all of the file system might be read-only, and it isn't desired that applications can change their behavior themselves after installation.
The azure-cli has quite some dynamic behavior, especially the dynamic updating of
commandIndex.json,extensionCommandTree.jsonandversionCheck.jsonallow altering the azure-cli behavior and dynamic updates through the azure-cli itself. In a immutable distribution, such files should likely be read-only, but there currently isn't a way to signal this intend to the azure-cli and the cli expects these files to be writable.Describe the solution you'd like
There are three things needed to enable this use case:
AZURE_IMMUTABLE_DIR. When set, the named files are read from this directory instead of the usual azure config directory.AZURE_IMMUTABLE_DIRbefore it is made read only. This can already be triggered by invoking some azure-cli commands, but it would be nice to have a separate command to create these files.AZURE_IMMUTABLE_DIRis set during runtime, don't try to regenerate/modify/update the files. Rather print a warning that the installation is immutable and cannot be dynamically updated.Describe alternatives you've considered
Additional context