diff options
| author | Frederick Muriuki Muriithi | 2024-10-18 10:29:56 -0500 |
|---|---|---|
| committer | Frederick Muriuki Muriithi | 2024-10-18 10:29:56 -0500 |
| commit | 287668a13474a6d95a0f4836851f55efcd47abaa (patch) | |
| tree | 74242bcfc38955def51fcb7fcaeddf90cf3bf4f1 /issues | |
| parent | 68afefe92229091467f31e74c9722a35e52fe82e (diff) | |
| download | gn-gemtext-287668a13474a6d95a0f4836851f55efcd47abaa.tar.gz | |
GN3: Configuration/Setting: New issue
Create a new issue to help with improving our application
configuration system.
Diffstat (limited to 'issues')
| -rw-r--r-- | issues/genenetwork3/check-for-mandatory-settings.gmi | 40 |
1 files changed, 40 insertions, 0 deletions
diff --git a/issues/genenetwork3/check-for-mandatory-settings.gmi b/issues/genenetwork3/check-for-mandatory-settings.gmi new file mode 100644 index 0000000..16a2f8a --- /dev/null +++ b/issues/genenetwork3/check-for-mandatory-settings.gmi @@ -0,0 +1,40 @@ +# Check for Mandatory Settings + +## Tags + +* status: open +* priority: high +* type: bug, improvement +* interested: fredm, bonz +* assigned: jnduli, rookie101 +* keywords: GN3, gn3, genenetwork3, settings, config, configs, configurations + +## Explanation + +Giving defaults to some important settings leads to situations where the correct configuration is not set up correctly leading at best to failure, and at worst, to subtle failures that can be difficult to debug: e.g. When a default URI to a server points to an active domain, just not the correct one. + +We want to make such (arguably, sensitive) configurations explicit, and avoid giving them defaults. We want to check that they are set up before allowing the application to run, and fail loudly and obnoxiously if they are not provided. + +Examples of configuration variables that should be checked for: + +* All external URIs (external to app/repo under consideration) +* All secrets (secret keys, salts, tokens, etc) + +We should also eliminate from the defaults: + +* Computed values +* Calls to get values from ENVVARs (`os.environ.get(…)` calls) + +### Note on ENVVARs + +The environment variables should be used for overriding values under specific conditions, therefore, it should both be explicit and the last thing loaded to ensure they actually override settings. + +=> https://git.genenetwork.org/gn-auth/tree/gn_auth/__init__.py?id=3a276642bea934f0a7ef8f581d8639e617357a2a#n70 See this example for a possible way of allowing ENVVARs to override settings. + +The example above could be improved by maybe checking for environment variables starting with a specific value, e.g. the envvar `GNAUTH_SECRET_KEY` would override the `SECRET_KEY` configuration. This allows us to override settings without having to change the code. + +## Tasks + +* [ ] Explicitly check configs for ALL external URIs +* [ ] Explicitly check configs for ALL secrets +* [ ] Explicitly load ENVVARs last to override settings |