Python is able to load Python code at runtime, so one can use Python for configuration. A solution doesn’t need to go looking for problems that are already solved.
People interested in configuring Python software in Python
should look into Starlark.
There are Python bindings for two versions of Starlark:
Go (https://github.com/caketop/python-starlark-go)
and Rust (https://github.com/inducer/starlark-pyo3).
I used python-starlark-go for a time
in a project that ran on x86-64 Linux
and had no problems with it.
(I stopped because my project's configuration turned out simpler than expected,
so I switched to TOML.)
Worth noting that it is specifically CPython that has been called impossible to sandbox.
(2014 discussion: https://news.ycombinator.com/item?id=8280053.)
It may be possible to sandbox PyPy.
PyPy has a sandboxing feature its website calls a "working prototype"
(https://www.pypy.org/features.html#sandboxing).
If someone invested in it—potentially a huge effort—it could plausibly become good enough for configuration.
But, IMO, Starlark is a better choice here
because it was designed for isolation from the start.
If you wanted to invest in Python-as-config-for-Python,
a good use of your time might be improving Starlark for Python.
So true. One of the major config mgt utilities which shall remain nameless, (cough, Ansible, cough), is written in python but created an excrable POS config language build on YAML. At least Ant had the excuse that Java was not suitable for a config language. Will people never learn that building scripting languages on markup languages will inevitably end in tears?
