WIP: add env var for configuration #27
Conversation
akoserwal
changed the title
| timeout: 1s | ||
| data: | ||
| spiceDb: | ||
| useTLS: false | ||
| endpoint: spicedb:50051 | ||
| token: "${SPICEDB_PRESHARED:foobar}" | ||
| endpoint: "${ENDPOINT:spicedb:50051}" |
There was a problem hiding this comment.
Has this config been tested with make rebac, etc. It looks odd, but if it works it works. :)
| @@ -21,6 +21,10 @@ COPY --from=builder /workspace/bin/ciam-rebac /usr/local/bin/ | |||
| COPY --from=builder /workspace/configs/config.yaml /usr/local/bin/ | |||
|
|
|||
| ENV SPICEDB_PRESHARED $SPICEDB_PRESHARED | |||
| ENV SPICEDB_ENDPOINT $SPICEDB_ENDPOINT | |||
There was a problem hiding this comment.
Is it worth having a discussion about the use of env vars here? We were pretty committed to using file mounts before (no env vars in previous Dockerfile: https://github.com/RedHatInsights/authz/blob/main/Dockerfile).
I seem to remember people mentioning security concerns around the lines of it being easier to expose an app's environment that the contents of a file.
|
I'm glad to see that RedHat is using Kratos. What are the reasons for using Kratos? We would like to know why users choose to use Kratos to help improve the project continuously. Can you also add a use case, go-kratos/kratos#969 If you have any questions, suggestions or opinions while using it, please feel free to give me feedback. |
Hi @shenqidebaozi thank you for reaching out. We are evaluating Kratos for a POC project. Kratos enabled us to develop a proto-to-open API spec workflow and build APIs quickly. Suggestions: The discord go-kratos forum isn't active much. Is there any other forum where I can engage for doubts/discussions? As we go along with the development, I'll definitely identify areas to improve and where we see an opportunity to contribute. |
|
@akoserwal Due to certain network restrictions, Discord cannot be directly accessed within China. At present, our main focus is on maintaining the community on WeChat. But you can also add my Discord(baozi6562) for communication, and I am also considering how to improve the issue you encountered when using config env. Since the values of environment variables are all strings, it is necessary to convert them to the expected target type when using them. I am considering how to implement this feature. Do you have any ideas? |
One way would be to define the Or allow users to read all environment variables as strings, and then they can do the conversion. |
PR Template:
Describe your changes
Add ENV variables in config.yaml
Ticket reference (if applicable)
Fixes #
Checklist
Are the agreed upon acceptance criteria fulfilled?
Was the 4-eye-principle applied? (async PR review, pairing, ensembling)
Do your changes have passing automated tests and sufficient observability?
Are the work steps you introduced repeatable by others, either through automation or documentation?
The Changes were automatically built, tested, and - if needed, behind a feature flag - deployed to our production environment. (Please check this when the new deployment is done and you could verify it.)
Are the agreed upon coding/architectural practices applied?
Are security needs fullfilled? (e.g. no internal URL)
Is the corresponding Ticket in the right state? (should be on "review" now, put to done when this change made it to production)
For changes to the public API / code dependencies: Was the whole team (or a sufficient amount of ppl) able to review?