[BD-13] refactor: deprecates ModuleSystem properties related to code sandboxing

[pomegranited]

Description

Builds on the shim added by https://github.com/edx/edx-platform/pull/29190 to deprecate the following ModuleSystem attributes which are only used by CAPA problems:

• cache: deprecated in favour of the added CacheService
• can_execute_unsafe_code, get_python_lib_zip: deprecated in favour of the added SandboxService

Also fixes the safe_exec.tests.TestSafeOrNot.test_cant_do_something_forbidden test , which was failing on my devstack with latest master. But since Jenkins and the github CI don't run in a virtualenv, this test is skipped, so this issue had gone unnoticed.

This change is only a refactoring, and should not affect Learners, Course Authors, or anyone else using edx-platform.

Supporting information

• Content Core Platform Simplication project
• BLENDED-113 (edX internal ticket)
• FAL-2209 (OpenCraft internal ticket)

Testing instructions

• LMS: https://pr29260.sandbox.opencraft.hosting/
• Studio: https://studio.pr29260.sandbox.opencraft.hosting/

LMS:

1. Login as a demo learner (honor@example.com / edx)
2. Enrol in the BD-13 test course
3. Navigate to the Complex Blocks > Custom python problem. Ensure that you can answer the question correctly (this tests the python code sandboxing).
4. Switch to the Legacy Course Experience and ensure you can still answer this problem.

Regression testing:

1. Browse around the Demo course, paying particular attention to the CAPA problems.
2. Check that you can submit answers to problems, and save changes to blocks. (This tests that these changes haven't broken anything else with CAPA problems.)
3. Switch to the Legacy Course Experience and ensure you can submit answers to problems there too.

Studio:

1. Login as a demo staff (staff@example.com / edx)
2. Navigate to the Demo course and browse through the blocks, paying particular attention to the CAPA problem blocks. Ensure they render and edit as expected.
3. Check that you can submit answers to problems, and save changes to blocks.
4. Preview unpublished changes and ensure they render as expected.
5. Publish changes, and ensure they render in the LMS as expected.

safe_exec:

In your devstack's lms-shell, run the following command, and ensure all tests pass.

pytest common/lib/capa/capa/safe_exec/tests/test_safe_exec.py

Deadline

None

[openedx-webhooks]

Thanks for the pull request, @pomegranited! I've created BLENDED-1005 to keep track of it in Jira. More details are on the BD-13 project page.

When this pull request is ready, tag your edX technical lead.

[pomegranited]

jenkins run python

[pomegranited]

jenkins run python

[pomegranited]

jenkins run python

[pomegranited]

Hi @ormsbee , are you able to review and merge this OSPR? CC @symbolist

The test failure looks unrelated (and intermittant):

ERROR: Could not find a version that satisfies the requirement django-ratelimit-backend (unavailable)
ERROR: No matching distribution found for django-ratelimit-backend (unavailable)

but I don't know how to trigger a re-run of these unit tests?

[ormsbee]

@pomegranited: I'm re-running the tests. I might not get to review this until tomorrow though. Is this blocking other BD-13 work?

[pomegranited]

Thank you @ormsbee ! Nope, this isn't blocking other BD-13 work, so tomorrow is perfectly fine.

[ormsbee]

The code looks fine to me. I think this mostly comes down to how we want to test it before trying to merge it in.

@pdpinch: Any thoughts on this? This is refactoring work so it's not supposed to result in user-facing changes, but it's code sandboxing, which means that if there is a regression, it's very likely to hit advanced MIT content first. 😛

FYI @connorhaugh, @kenclary, @jristau1984

[pomegranited]

@ormsbee @pdpinch You're welcome to use the sandbox server for testing, it's running the current version of this branch:

• LMS: https://pr29260.sandbox.opencraft.hosting/
• Studio: https://studio.pr29260.sandbox.opencraft.hosting/

It has the usual demo users on it, so you can use staff@example.com / edx to create or modify courses.

There's a working custom python problem, and one that demonstrates a PermissionDenied error, but you're welcome to add more courses/units and test however you need.

CC @connorhaugh @kenclary @jristau1984

[pdpinch]

Would it be possible to enable the python_lib.zip feature? I thought that the most thorough way to test this would be to run the demo course in https://github.com/mitodl/mitx-grading-library but it looks like the course can't find the python library (for example).

[edx-status-bot]

Your PR has finished running tests. There were no failures.

[pomegranited]

@pdpinch CC @ormsbee @Agrendalath

I've resolved conflicts created when the other BD-13 PRs merged, and deployed a new sandbox server using the latest code. Could you please verify that your MITx Grading Library problems are working correctly, and let me know if anything needs to be fixed before this can be merged?

[pomegranited]

Nudge @pdpinch CC @ormsbee @Agrendalath :)

[pdpinch]

So sorry that I lost track of this.

I'm finding that the first problem in the MITx Grading Library test course isn't behaving as advertised.

I'm going to continue testing today/tomorrow to try to come up with an explanation, and also review other problems, but I didn't want to hold up this key bit of feedback any longer.

[pdpinch]

I tested up through formula grader, but I need to take a break. I'm really not sure what's up with the first problem. Most everything else is working, except:

• responses messages with a single apostrophe ' are getting escaped. I think this is pre-existing issue.
• The 2nd sample answer to "Sibling Variables" in this unit is returning an incorrect response when it should be correct.

I'll test these on edge as a comparison point.

[pomegranited]

Hi @pdpinch , thanks for testing your custom problems on edge too. I don't think this change would have caused the kind of issues you're seeing -- basically, either codejail would work or it wouldn't work -- but we need to be sure before merging.

[pdpinch]

@pomegranited sorry again for being slow to follow up. I've gone through the entire MITx Graders course now.

I reviewed the first problem again and now it seems to be working. The most likely explanation is I misunderstood the directions.

The other issues I noted are still there:

responses messages with a single apostrophe ' are getting escaped.

I confirmed this is a pre-existing issue by testing on edge.edx.org

The 2nd sample answer to "Sibling Variables" in this unit is returning an incorrect response when it should be correct.

The behavior here is different on the sandbox from edX. Since this a problem that uses sampling, I imagine it might be some subtle difference between the sandbox and edge. I'll consult with someone who knows more about the inner workings, but I don't think this, by itself, should stop you from proceeding with this PR.

[ormsbee]

I think that means we're good to go, but please don't merge until tomorrow (Jan 19). It's my understanding that edX is being extra careful about release today. FYI @jristau1984, @doctoryes, @connorhaugh, @kenclary

[pdpinch]

Out of an abundance of caution, I also tested to make sure that python_lib.zip is not available via an unauthorized or unauthenticated browser request. I'm relieved to say that it is not and the following URL returned a 404 as expected:

https://pr29260.sandbox.opencraft.hosting/asset-v1:MITx+demo+3T2021+type@asset+block@python_lib.zip

[pomegranited]

Brilliant, thank you for your thorough testing @pdpinch !
And thanks for providing a merge timeline @ormsbee . Are you able to merge this tomorrow @pdpinch ?

[pdpinch]

Looks like there are some pylint failures. I'll try running the tests again.

[pomegranited]

@pdpinch

Looks like there are some pylint failures. I'll try running the tests again.

Looks like pylint has changed its mind about some import ordering.. Hopefully this fix will sort it.

[pomegranited]

... and it has!
@pdpinch would you be willing to work with edX to merge this on Tuesday? CC @ormsbee @Agrendalath

[pdpinch]

@pomegranited this passed tests. Do you want to squash it?

[pomegranited]

Thanks @pdpinch -- squashed and rebased.

[pdpinch]

@pomegranited since this touches a sensitive area of the code base on edx.org, I'm making sure that we have someone monitoring the deployment and available to do a rollback if necessary.

Question for you: are there any concerns about rolling this back, if it is necessary? I don't see anything myself, but is there anything we should know, perhaps about caching?

[pomegranited]

@pdpinch Nope, it should roll back cleanly if there are any issues in production.
It's just a code refactoring -- no changes to where or what gets cached, and hopefully it won't cause any errors.
But good plan to deploy it under supervision -- could you ping people on the openedx-cc-edx-platform Slack room according to the Changes to Committer “Champion” Program?

[openedx-webhooks]

@pomegranited 🎉 Your pull request was merged! Please take a moment to answer a two question survey so we can improve your experience in the future.

[pdpinch]

Thanks @pomegranited!

[edx-pipeline-bot]

EdX Release Notice: This PR has been deployed to the staging environment in preparation for a release to production.

[edx-pipeline-bot]

EdX Release Notice: This PR has been deployed to the production environment.

[pomegranited]

Woo hoo!! Thank you so much for testing this thorougly @pdpinch , and for getting it merged!