Skip to content

Allow installing extensions with external access allowlist #17316

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
May 1, 2025
Merged

Allow installing extensions with external access allowlist #17316

merged 1 commit into from
May 1, 2025
+68 −16

Conversation

samansmink
Copy link
Contributor

@samansmink samansmink commented Apr 30, 2025
edited
Loading

#14568 added a mechanism to add certain files and dirs to an allowlist to allow some IO even when enable_external_access is false.

This PR aims to extend that to also allow installing extensions.

With this PR you can:

SET extension_directory= 'my_extension_dir';
SET allowed_directories=['my_extension_dir', 'http://', 'https://'];
SET enable_external_access=false;
install my_ext;

Note that when using absolute paths EITHER the extension directory needs to exists already OR the allowed directories should contain the path to the parent dir of the extension dir. This is because to create the extension directory, FileSystem::DirectoryExists needs to be called on the directory in which the extension directory will sit. So for example:

SET extension_directory= '/some/path/to/extensions';
where /some/path/to/extensions does not exists yet will only work with:

SET allowed_directories=['/some/path/to', 'http://', 'https://'];

@Mytherin Mytherin requested review from carlopi and removed request for carlopi April 30, 2025 17:07
@Mytherin
Copy link
Collaborator

Thanks for the PR! LGTM

@samansmink samansmink changed the title Allow installing extensions w Allow installing extensions with external access allowlist May 1, 2025
@Mytherin Mytherin merged commit 21f93bf into duckdb:main May 1, 2025
47 of 49 checks passed
@carlopi carlopi mentioned this pull request May 18, 2025
Open
krlmlr added a commit to duckdb/duckdb-r that referenced this pull request May 18, 2025
@krlmlr
vendor: Update vendored sources to duckdb/duckdb@21f93bf
f21b5db 
Allow installing extensions with external access allowlist (duckdb/duckdb#17316)
krlmlr added a commit to duckdb/duckdb-r that referenced this pull request May 18, 2025
@krlmlr
vendor: Update vendored sources to duckdb/duckdb@21f93bf
d72d4ff 
Allow installing extensions with external access allowlist (duckdb/duckdb#17316)
krlmlr added a commit to duckdb/duckdb-r that referenced this pull request May 19, 2025
@krlmlr
vendor: Update vendored sources to duckdb/duckdb@21f93bf
0d12fee 
Allow installing extensions with external access allowlist (duckdb/duckdb#17316)
krlmlr added a commit to duckdb/duckdb-r that referenced this pull request May 19, 2025
@krlmlr
vendor: Update vendored sources to duckdb/duckdb@21f93bf
ea52844 
Allow installing extensions with external access allowlist (duckdb/duckdb#17316)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
Ready To Merge
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@samansmink @Mytherin