Component: Cloud Runtime

[StachuDotNet]

The "Cloud" runtime is a collection of cloud-hosted services that Dark supports, including Http Handlers, Crons, Queues, cloud-run Scripts (previously known as REPLs). Your code is stored on the cloud, and we take care of everything else.

Enough for our usage by internal folks

• general pre-work to get it better hooked up to editor, etc (rough)
• baseline -- bring back the "Dark Cloud" in dark-next

Enough for users to start trying it

• isInternalFn doesn't work (There are now nested modules and it doesn't check that)
• support User HTTP Handlers
• "figure out tunnel2 settings/replacement", "iptables"... from old issue Get BwdServer into production #4911
  • we need production testing to prevent users from figuring out IP addresses
  • try to get IP addresses -> error
  • extra level of protection: iptables?
    • or: provide a proxy (like how we used to do things in k8s -- everything would go through proxy, which had firewall rules)
  • with cloud run...
    • we could provide another cloud run project that just does proxy
    • that one doesn't have permissions
  • this is a blocker for letting users running their code on dark-cloud
  • if we don't do this and/or we get it wrong, then an attacker may be able to get access to our entire cloud acct, etc.
  • (note to self (stachu)) I need to study up here and reflect on our current setup
  • pay attention to 169.254.0.0/16 - provides token that has auth as us
• general pre-work to get it better hooked up to editor, etc

Enough to get -classic canvases migrated over

• bring Function execution back to the cloud
• bring Script execution back to the cloud
• bring User DBs in the cloud
• bring Crons back in the cloud
• bring Workers back to the cloud
• bring Secrets back in the cloud
• bring back some minimal support for static assets
• back-fill a lot of tests (see backfill more http handler testing #4763)
• provide (semi-)automated ways of migrating user code from -classic

Stuff that can wait

• disallow saving handlers with the same name as an existing handler
• outbound IP address (see old Outbound IP address #4675)
• send user alerts and notifications (see Send users alerts and notifications #3991)
• add db tracing back to CronChecker and QueueWorker (see Add db tracing back to CronChecker and QueueWorker #3780)
• tell users when errors happen (see Tell users when errors happen #3773)
• ensure background work is sent before pods are shutdown (see Ensure background work is sent before pods are shutdown #3951)
• darklang.com DNS should be put into terraform, and managed by tf in dark-next (Extract google cloud resources as terraform)