Snap store request: Atelier

store-requests classic-confinement
1

  • name: Atelier

  • description: Atelier presents a Terraform module’s variables as an editable two-pane TUI. It produces a wrapper Terraform project i.e., a main.tf calling the module via its git source, with only the values the user chose to set. Plan and apply run inside the TUI; the wrapper is independently runnable without Atelier installed.

  • snapcraft: atelier/snap/snapcraft.yaml at main · MichaelThamm/atelier · GitHub

  • upstream: GitHub - MichaelThamm/atelier: A terminal UI for configuring Terraform modules · GitHub

  • upstream-relation: maintainer/owner

  • supported-category: *

    • public cloud agent
    • tools for local, non-root user driven configuration of development workspaces/environments

  • reasoning: No existing interface or combination of interfaces can provide functional equivalence to classic confinement for the combination of:

    1. host-binary subprocess execution with version constraints
    2. inherited authentication environment
    3. runtime-arbitrary working directory

Restricting atelier to strict confinement would silently break Terraform version constraints, git authentication, and filesystem access for any working directory outside $HOME — making the snap unusable for a significant portion of the target user base.

I understand that strict confinement is generally preferred over classic.

I’ve tried the existing interfaces to make the snap to work under strict confinement.

2

This request has been added to the queue for review by the @reviewers team.

3

Hey @crucible It is plausible that there are technical reasons why atelier needs classic to work properly in all scenarios, but please note that classic confinement is a sensitive matter and it is reserved for mature, well-known applications published by mature, well-known entities. As of today, I believe that atelier doesn’t meet this criteria because of the following reasons:

  • The project seems to be very fresh, according to the upstream repository

  • The projects seems to have little/none community around according to upstream repository (contributors, issues, PRs, etc.)

  • I could not find evidences that the project has a strong enough user base currently

Thus, considering these factors, I think atelier should not get classic confinement as of now.

4

These are fair reasons. However, this means that Atelier cannot exist as a snap (except for --dangerous, local installs), since the core of its value is broken with strict confinement. I guess it will have to remain a go binary for now :confused: