[RSDK-8950] Allow Try Viam to use specific viam modules (#4433)

Co-authored-by: Benjamin Rewis <[email protected]>
viamrobotics · Oct 10, 2024 · bf333a8 · bf333a8
1 parent 53e02ca
commit bf333a8
Show file tree

Hide file tree

Showing 2 changed files with 57 additions and 1 deletion.
diff --git a/module/modmanager/manager.go b/module/modmanager/manager.go
@@ -203,6 +203,26 @@ func (mgr *Manager) Handles() map[string]modlib.HandlerMap {
 	return res
 }
 
+// An allowed list of specific viam namespace modules. We want to allow running some of our official
+// modules even in an untrusted environment.
+var allowedModules = map[string]bool{
+	"viam:raspberry-pi": true,
+}
+
+// Checks if the modules added in an untrusted environment are Viam modules
+// and returns `true` and a list of their configs if any exist in the passed-in slice.
+func checkIfAllowed(confs ...config.Module) (
+	allowed bool /*false*/, newConfs []config.Module,
+) {
+	for _, conf := range confs {
+		if ok := allowedModules[conf.ModuleID]; ok {
+			allowed = true
+			newConfs = append(newConfs, conf)
+		}
+	}
+	return allowed, newConfs
+}
+
 // Add adds and starts a new resource modules for each given module configuration.
 //
 // Each module configuration should have a unique name - if duplicate names are detected,
@@ -212,7 +232,15 @@ func (mgr *Manager) Add(ctx context.Context, confs ...config.Module) error {
 	defer mgr.mu.Unlock()
 
 	if mgr.untrustedEnv {
-		return errModularResourcesDisabled
+		allowed, newConfs := checkIfAllowed(confs...)
+		if !allowed {
+			return errModularResourcesDisabled
+		}
+		// overwrite with just the modules we've allowed
+		confs = newConfs
+		mgr.logger.CWarnw(
+			ctx, "Running in an untrusted environment; will only add some modules", "modules",
+			confs)
 	}
 
 	var (

diff --git a/module/modmanager/manager_test.go b/module/modmanager/manager_test.go
@@ -918,6 +918,34 @@ func TestModuleMisc(t *testing.T) {
 		// i.e.  '/private/var/folders/p1/nl3sq7jn5nx8tfkdwpz2_g7r0000gn/T/TestModuleMisc1764175663/002'
 		test.That(t, modWorkingDirectory, test.ShouldEndWith, filepath.Dir(modPath))
 	})
+
+	t.Run("allowed viam modules only in untrusted environment", func(t *testing.T) {
+		logger := logging.NewTestLogger(t)
+		mgr := setupModManager(t, ctx, parentAddr, logger, modmanageroptions.Options{
+			UntrustedEnv: true,
+			ViamHomeDir:  testViamHomeDir,
+		})
+		// confirm that nothing is added when all modules are not in the allowedList
+		err := mgr.Add(ctx, modCfg)
+		test.That(t, err, test.ShouldBeError, errModularResourcesDisabled)
+
+		allowedCfg := config.Module{
+			Name:     "test-module",
+			ExePath:  modPath,
+			Type:     config.ModuleTypeLocal,
+			ModuleID: "viam:raspberry-pi",
+		}
+
+		// this currently logs and does not return an error
+		err = mgr.Add(ctx, allowedCfg, modCfg)
+		test.That(t, err, test.ShouldBeNil)
+
+		// confirm only the raspberry-pi module was added
+		test.That(t, len(mgr.Configs()), test.ShouldEqual, 1)
+		for _, conf := range mgr.Configs() {
+			test.That(t, conf.ModuleID, test.ShouldContainSubstring, "viam")
+		}
+	})
 }
 
 func TestTwoModulesRestart(t *testing.T) {