Provide individual subcommands in approval policy

In addition to run.command, have another input value that is a list of the “subcommands”.

Specifically if the command is something like “command1; commad2 -option” or “command1 && command2 -option”, then you would get [“command1”, “command2 -option”].

This would make it a lot simpler to ensure the commands are in an allowlist, while still allowing multiple commands to be run at once.

Or alternatively, have a way to create a pipeline of multiple tasks to run in the same container, to avoid having to pay the cost of warming up a container for each command when you need to perform multilple tasks.

Workaround
Kind of. Use a very complex regex, or running multiple commands as separate tasks.
Problem
I want to have a policy that only allows certain commands in tasks, but does allow running multiple of those commands in the same task.

Please authenticate to join the conversation.

Upvoters
Status

👀 In Review

Board

💡 Feature Requests

Tags

Access Control

Date

About 21 hours ago

Subscribe to post

Get notified by email when there are changes.