JS7 JobScheduler

Space shortcuts

Page tree

Introduction

JS7 enables execution of JS7 - GraalVM JavaScript Jobs and JS7 - GraalVM Python Jobs using the GraalVM Polyglot interface.

To allow full control of the run-time environment, security, and guest language behavior, JS7 provides a mechanism to configure GraalVM run-time options.

  • Options govern how guest languages (GraalVM JavaScript/Python) interact with the host JVM, which features are permitted, and how language-specific behavior is customized.
  • Some options affect permissions and host access, while others control language-specific run-time behavior.

Configuring GraalVM Options

GraalVM options can be configured from a single argument, named according to the pattern: js7_options.graalvm.<language>

Examples:

  • js7_options.graalvm.js
    • GraalVM JavaScript run-time configuration
  • js7_options.graalvm.python
    • GraalVM Python run-time configuration

The argument can be provided in a number of ways:

  • As a file reference (toFile)
  • As a JSON string
  • Using various configuration sources, such as Job Resources, Order Variables, Job Arguments and Node arguments.

Types of GraalVM Options

There are two categories of configurable options:

Polyglot Access Methods (Language-Independent)

The options control access permissions between the host JVM and guest languages.

See GraalVM documentation:

JS7 exposes the following GraalVM Context.Builder methods as configuration options.

Each option is named following the pattern: js7.polyglot.<Context.Builder method name>


JS7 Option NameDefaultCorresponding Context.Builder MethodMethod Description (GraalVM)JS7 Behavior

js7.polyglot.allowCreateProcess

trueallowCreateProcess(boolean enabled)If true, allows guest language to execute external processes.

js7.polyglot.allowCreateThread

trueallowCreateThread(boolean enabled)If true, allows guest languages to create new threads.

js7.polyglot.allowEnvironmentAccess

trueallowEnvironmentAccess(EnvironmentAccess accessPolicy)Allow environment access using the provided policy.
  • true (corresponds to EnvironmentAccess.INHERIT)
    •  Grants guest languages read access to process environment.
  • false (corresponds to EnvironmentAccess.NONE)
    • Grants guest languages no access to process environment.

js7.polyglot.allowExperimentalOptions

trueallowExperimentalOptions(boolean enabled)Allow experimental options to be used for language options.

js7.polyglot.allowHostClassLookup

trueallowHostClassLookup(Predicate<String> classFilter)Sets a filter that specifies the Java host classes that can be looked up by the guest application.
  • true
    • Any loaded Java class can be instantiated (e.g., java.io.File).
  • false
    • Only explicitly bound Java objects, e.g., js7Step, are accessible.
    • No additional Java objects can be instantiated.
    • Effectively blocks Java instantiation.

Instead of boolean true/false, a positive/negative regular expression pattern can be provided:

  • Positive pattern
    • Allows use of matching classes.
    • Example:
      • "js7.polyglot.allowHostClassLookup": "java\\.io\\.File|java\\.nio\\.file\\.Path"
      • The java.io.File and java.nio.file.Path classes are allowed.
  • Negative pattern (must start with !)
    • Excludes matching classes. All other classes are allowed.
    • Example:
      • "js7.polyglot.allowHostClassLookup": "!java\\.io\\.File|java\\.nio\\.file\\.Path"
      • The java.io.File and java.nio.file.Path classes are not allowed

js7.polyglot.IOAccess.allowHostFileAccess

true

allowIO(IOAccess ioAccess)

IOAccess.Builder with

allowHostFileAccess(boolean allow)

Configures guest language access to host IO.

If true, it allows the guest language unrestricted access to files on the host system.


js7.polyglot.IOAccess.allowHostSocketAccess

true

allowIO(IOAccess ioAccess)

IOAccess.Builder with

allowHostSocketAccess(boolean allow)

Configures guest language access to host IO.

If true, it allows the guest language unrestricted access to host system sockets.


js7.polyglot.allowNativeAccesstrueallowNativeAccess(boolean enabled)Allows guest languages to access the native interface.
js7.polyglot.allowPolyglotAccesstrueallowPolyglotAccess(PolyglotAccess accessPolicy)Allow polyglot access using the provided policy.
  • true (corresponds to PolyglotAccess.ALL access policy)
    •  Provides guest languages full access to other languages using polyglot evaluation and binding builtins.
  • false (corresponds to PolyglotAccess.NONE access policy)
    • Provides guest languages no access to other languages using polyglot builtins evaluation and binding builtins.

Language-specific Options

The options are specific to a particular guest language and control run-time features unique to the language.

GraalVM Python

For available GraalVM Python content options, see GraalPy Context Options

Note: The options are used via the Polyglot Context in JS7, and their behavior may vary.

Example js7_options.graalvm.python:

{
  	"options": {
		"python.PythonPath": "/opt/js7/python-libs:/home/js7user/python"
	}
}
  • The option specifies that the Python run-time will search for modules in specified directories.
  • Path entries are separated by : on Unix-like systems and by ; on Windows.

GraalVM JavaScript

GraalVM JavaScript content options are not as clearly documented from GraalPy.

Some links:

Example js7_options.graalvm.js:

{
  	"options": {
        "js.commonjs-require": true,
        "js.commonjs-require-cwd": "/opt/js7/javascript-libs"
	}
}

Note: Experimental options may require allowExperimentalOptions(true).


  • No labels