Is your feature request related to a problem? Please describe.
In some situations, it is desired to install software in an immutable way, so that its behavior cannot be changed during at runtime. For example there are distros that are immutable for security and reproducibility reasons (e.g. NixOS). For such distributions, parts or all of the file system might be read-only, and it isn't desired that applications can change their behavior themselves after installation.
The azure-cli has quite some dynamic behavior, especially the dynamic updating of commandIndex.json, extensionCommandTree.json and versionCheck.json allow altering the azure-cli behavior and dynamic updates through the azure-cli itself. In a immutable distribution, such files should likely be read-only, but there currently isn't a way to signal this intend to the azure-cli and the cli expects these files to be writable.
Describe the solution you'd like
There are three things needed to enable this use case:
- Add a way to configure an immutable config directory where these files can be placed, for example using an environment variable like
AZURE_IMMUTABLE_DIR. When set, the named files are read from this directory instead of the usual azure config directory.
- Add a command to generate these files during packaging/installation, so they can be placed in the
AZURE_IMMUTABLE_DIR before it is made read only. This can already be triggered by invoking some azure-cli commands, but it would be nice to have a separate command to create these files.
- When
AZURE_IMMUTABLE_DIR is set during runtime, don't try to regenerate/modify/update the files. Rather print a warning that the installation is immutable and cannot be dynamically updated.
Describe alternatives you've considered
Additional context
Is your feature request related to a problem? Please describe.
In some situations, it is desired to install software in an immutable way, so that its behavior cannot be changed during at runtime. For example there are distros that are immutable for security and reproducibility reasons (e.g. NixOS). For such distributions, parts or all of the file system might be read-only, and it isn't desired that applications can change their behavior themselves after installation.
The azure-cli has quite some dynamic behavior, especially the dynamic updating of
commandIndex.json,extensionCommandTree.jsonandversionCheck.jsonallow altering the azure-cli behavior and dynamic updates through the azure-cli itself. In a immutable distribution, such files should likely be read-only, but there currently isn't a way to signal this intend to the azure-cli and the cli expects these files to be writable.Describe the solution you'd like
There are three things needed to enable this use case:
AZURE_IMMUTABLE_DIR. When set, the named files are read from this directory instead of the usual azure config directory.AZURE_IMMUTABLE_DIRbefore it is made read only. This can already be triggered by invoking some azure-cli commands, but it would be nice to have a separate command to create these files.AZURE_IMMUTABLE_DIRis set during runtime, don't try to regenerate/modify/update the files. Rather print a warning that the installation is immutable and cannot be dynamically updated.Describe alternatives you've considered
Additional context