Publishing and Execution Environment
Tasks in Airtrain must be published before they can be executed. Publishing creates a secure, isolated environment where tasks run with strictly controlled access to resources and permissions.
Publishing Process
When a task is published, Airtrain:
- Validates the entire task structure
- Creates a secure execution environment
- Assigns a unique task ID
- Sets up permission boundaries
from airtrain import publish_task
@publish_task
class DataAnalysisTask(Task):
input_schema = AnalysisInputSchema
output_schema = AnalysisOutputSchema
required_permissions = [
DatabaseAccess,
StorageAccess
]
Secure Execution Environment
Resource Isolation
The execution environment ensures:
- Access only to explicitly permitted resources
- Isolated runtime environment
- Controlled network access
- Monitored resource usage
class ExecutionEnvironment:
def __init__(self, task_id: str, permissions: List[Permission]):
self.task_id = task_id
self.permitted_resources = self._setup_permissions(permissions)
self.sandbox = self._create_sandbox()
Permission Enforcement
def _setup_permissions(self, permissions: List[Permission]):
"""
Set up permission boundaries for task execution
Args:
permissions: List of granted permissions
Returns:
Dictionary of accessible resources
"""
return {
permission.resource: permission.access_level
for permission in permissions
if permission.is_valid()
}
Publishing Workflow
1. Validation Phase
def validate_for_publishing(task: Task):
"""
Validate task before publishing
Args:
task: Task to be published
Raises:
ValidationError: If task doesn't meet publishing requirements
"""
# Validate schemas
validate_schemas(task.input_schema, task.output_schema)
# Validate permissions
validate_permissions(task.required_permissions)
# Validate execution graph
validate_graph(task.execution_graph)
2. Environment Setup
def setup_execution_environment(task_id: str, permissions: List[Permission]):
"""
Create secure execution environment
Args:
task_id: Unique task identifier
permissions: Granted permissions
Returns:
Configured execution environment
"""
env = ExecutionEnvironment(task_id, permissions)
env.setup_resource_limits()
env.configure_network_access()
return env
3. Resource Management
def manage_resources(environment: ExecutionEnvironment):
"""
Set up resource management for execution environment
Args:
environment: Configured execution environment
"""
environment.setup_memory_limits()
environment.setup_cpu_limits()
environment.setup_disk_quotas()
environment.configure_timeouts()
Execution Flow
Once published, task execution follows these steps:
-
Permission Verification
- Check all required permissions
- Verify permission validity
- Set up access boundaries
-
Environment Preparation
- Create isolated runtime
- Configure resource limits
- Set up monitoring
-
Secure Execution
- Run within boundaries
- Monitor resource usage
- Log all activities
def execute_published_task(task_id: str, input_data: dict):
"""
Execute published task in secure environment
Args:
task_id: Published task identifier
input_data: Task input data
Returns:
Task execution results
"""
# Get published task
task = PublishedTaskRegistry.get(task_id)
# Create execution environment
env = ExecutionEnvironment(task_id, task.permissions)
# Execute with monitoring
with env.monitor():
result = task.execute(input_data)
return result
Best Practices
-
Permission Management
- Request minimum necessary permissions
- Regularly review and update permissions
- Remove unused permissions
- Document permission requirements
-
Resource Usage
- Set appropriate resource limits
- Monitor resource consumption
- Optimize resource usage
- Handle resource exhaustion
-
Security
- Regular security audits
- Monitor for unusual patterns
- Update security policies
- Log security events
-
Maintenance
- Regular environment updates
- Performance monitoring
- Security patches
- Resource optimization
Next Steps
Learn how to:
- Publish your first task
- Configure execution environments
- Monitor task execution
- Manage task permissions