-
Notifications
You must be signed in to change notification settings - Fork 73
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
THREESCALE-10924: Remove duplicated config .yml files, keep only those in config/ #3766
base: master
Are you sure you want to change the base?
Conversation
@@ -253,7 +253,7 @@ def cache_store_config | |||
email_sanitizer_configs = (three_scale.delete(:email_sanitizer) || {}).symbolize_keys | |||
config.three_scale.email_sanitizer.merge!(email_sanitizer_configs) | |||
|
|||
config.three_scale.merge!(three_scale.slice!(:force_ssl, :access_code)) | |||
config.three_scale.merge!(three_scale.slice!(:force_ssl)) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think there was actually a bug here. This access_code
is retrieved here:
access_code.presence || ThreeScale.config.access_code |
But with this code, it was resulting in nil
. The correct way to get the value would be Rails.application.config.access_code
. But I thought it would be better to place it under three_scale
specific config.
config/zync.yml
Outdated
<<: *default | ||
endpoint: | ||
|
||
production: |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This file is overwritten by 3scale operator: https://github.com/3scale/3scale-operator/blob/87c3f3b9d18b2fb625d05fa6c2cbb60b3c397d0c/pkg/3scale/amp/component/system.go#L1227-L1235
Need to figure out:
- do we need it? can't we use the built-in
zync.yml
file? - if we have one already in
config
, would operator override it?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
- do we need it? can't we use the built-in
zync.yml
file?
I updated the file in b8fdb59 a bit, to apply the timeouts that are set in the operator. We can add ZYNC_ENDPOINT
to the operator and use the default file instead. Possibly the idea of having the zync.yml
file set in operator is that this way it is available as a ConfigMap, and can be easily changed. On the other hand, I don't think that this file is supposed to be updated easily.
- if we have one already in
config
, would operator override it?
The extra files defined by the operator are mounted at /opt/system-extra-configs
, which are then symlinked to config
directory via https://github.com/3scale/porta/blob/cleanup-config-files-remove-dups/openshift/system/entrypoint.sh#L17
As we use ln -sf
there shouldn't be a problem with overriding the existing file with the new content (set by operator).
@@ -1,3 +0,0 @@ | |||
production: |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
517082c
to
fcb147f
Compare
Differences between the current and the target configs, caused by the refactoring of the config files (this is with the assumption that
Files to compare:
Files to compare: |
Script that I used to print the configs:
Example commands:
|
config/core.yml
Outdated
username: <%= ENV.fetch('CONFIG_INTERNAL_API_USER', nil) %> | ||
password: <%= ENV.fetch('CONFIG_INTERNAL_API_PASSWORD', nil) %> | ||
|
||
development: | ||
<<: *default | ||
# fake server is useful when you don't run a real backend apisonator | ||
# fake_server: 'http://localhost:3000/internal/' |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
OK, this might be a potential place that a developer might want to change locally. We can add an env var for this.
config/database.yml
Outdated
@@ -0,0 +1,42 @@ | |||
base: &default | |||
<% case ENV['DATABASE_URL'].to_s |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
So, this might be controversial...
This changed file does the ENV['DATABASE_URL'].to_s
3 times 😬 (well, I guess at the execution time it will be 2.
But to be honest, for me it's much easier to understand this one than the original one: https://github.com/3scale/porta/blob/539780953ebc6eddebcc1450a842e9d3198ea571/config/examples/database.yml
But maybe I'm wrong, and the original is actually better. Opinions welcome!
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I changed my mind 🙃
I will revert the format of this file to the original one.
config/segment.yml
Outdated
@@ -1,7 +1,7 @@ | |||
base: &default | |||
enabled: false | |||
stub: false | |||
write_key: 'null' | |||
write_key: true |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
What is this for?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This is for Segment analytics
analytics.load("<%= segment.write_key %>"); |
We use it in SaaS, on-premises it's disabled. This true
value was in openshift
configs, but the value actually doesn't matter, cause as long as it's disabled, it won't be used.
We can actually add env vars here, so we can later reuse this config in SaaS. But not sure whether to leave it for another PR.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
If it's disabled by default in all environments, how they enable it in SaaS? I guess they need to create a configmap for this file and mount it. I think it would be better to add an env variable to enable it, and leave it disabled by default. Anyway, better to do it in another PR I think.
a70cde4
to
c078fe5
Compare
config/segment.yml
Outdated
enabled: false | ||
stub: false | ||
write_key: 'null' | ||
enabled: <%= ENV['SEGMENT_WRITE_KEY'].present? %> |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
nice!
85275af
to
c0ef05e
Compare
config/database.yml
Outdated
@@ -3,7 +3,8 @@ when /^oracle/ %> | |||
base: &default | |||
adapter: oracle_enhanced | |||
url: <%= ENV['DATABASE_URL'] %> | |||
pool: <%= ENV.fetch('RAILS_MAX_THREADS', 25) %> | |||
encoding: utf8 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
production config uses these settings, and I don't see any reason not to use them in test/dev:
porta/openshift/system/config/database.yml
Lines 17 to 18 in 6d213ec
encoding: utf8 | |
pool: <%= ENV.fetch('RAILS_MAX_THREADS', 5) %> |
config/database.yml
Outdated
|
||
<% when /^postgresql/ %> | ||
base: &default | ||
adapter: postgresql | ||
url: <%= ENV['DATABASE_URL'] %> | ||
pool: <%= ENV.fetch('RAILS_MAX_THREADS', 25) %> | ||
encoding: unicode | ||
encoding: utf8 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
config/database.yml
Outdated
encoding: utf8 | ||
pool: <%= ENV.fetch('RAILS_MAX_THREADS', 5) %> |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Shouldn't this be utf8mb3
or utf8mb3_bin
like in schema.rb
? Just asking, I don't really know the difference between encoding, charset and collation.
Line 15 in 43dcd03
create_table "access_tokens", charset: "utf8mb3", collation: "utf8mb3_bin", force: :cascade do |t| |
cors_config = YAML.load_file(Rails.root.join("config/cors.yml")).deep_symbolize_keys | ||
rails_envs = %i[development test production] | ||
rails_envs.each do |rails_env| | ||
stub_config = cors_config[rails_env] |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Removed enabled: true
as it doesn't make difference.
Codecov ReportAll modified and coverable lines are covered by tests ✅
Additional details and impacted files@@ Coverage Diff @@
## master #3766 +/- ##
==========================================
- Coverage 94.29% 94.22% -0.08%
==========================================
Files 2774 2771 -3
Lines 92333 91291 -1042
==========================================
- Hits 87068 86017 -1051
- Misses 5265 5274 +9 ☔ View full report in Codecov by Sentry. |
.circleci/config.yml
Outdated
use-example-config-files: &use-example-config-files | ||
run: | ||
name: Copy example config files into place to be used by tests | ||
command: cp config/examples/*.yml config/ |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Wait, why do we remove this?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Because there's no config/examples
anymore, this PR removes it and moves its files to config.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@akostadinov @jlledom if you prefer, I can move them back to config/examples
, so the only thing the PR will do is get rid of the duplicates in openshift/system/config
by unifying the files
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I prefer returning the examples until we have something to deal with setting credentials in a relatively secure way.
.dockerignore
Outdated
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I don't understand why are these lines removed.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Before, the Dockerfile copied them from config/examples
, so the ones under config
had to be ignored, then overwritten by those under config/examples
.
Now they have been moved from config/examples
so the ones under config
are already the good ones and we can keep them.
.gitignore
Outdated
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Same here, these ignores should stay.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
No, now we want to track them in git as we tracked those under config/examples
before, since they are essentially the same files.
Dockerfile
Outdated
@@ -19,7 +19,6 @@ ENV DISABLE_SPRING="true" \ | |||
WORKDIR /opt/system/ | |||
|
|||
ADD . ./ | |||
ADD config/examples/*.yml config/ |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We need to keep this.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
No, config/examples
doesn't exist anymore and its files are already under config
config/amazon_s3.yml
Outdated
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
These files contain secrets. The should be git ignored and dockerignored. To prevent leaking them into git or into the container image builds.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This one doesn't contain secrets:
https://github.com/3scale/porta/blob/cleanup-config-files-remove-dups/config/amazon_s3.yml
And it was already in git before, but under config/examples
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
it contains secret_access_key
, at least locally is supposed to
I think we shouldn't change the structure of |
I think I expressed this concern before but I don't find the comment. Anyway, this PRs aims to leave the files under |
It's not so good idea to keep passwords in env variables because they are visible to all local processes from this or any other user. |
@akostadinov @jlledom Yes, I understand your concerns. But what @jlledom says is exactly the reasoning. I actually found it pretty annoying many times that when some PR changes some configs, you need to copy the But I also agree that sometimes we want to test stuff locally, and we don't want necessarily to affect the "default" configs. My idea was to be able to configure most of the things (all would be impossible) via environment variables, and But if you don't like this approach, I'm fine with just moving all the configs back to |
At least for anything with passwords, need to be in examples. The rest I guess makes more sense to stay as defaults. |
I don't thinks that's much of a problem. I have a few passwords stored in my .env and all of them are for fake/test/development/staging environments, I never needed to use any production credentials. |
Any cloud credentials can equally well be abused and costs incurred. |
Well, regarding the passwords, in the image the passwords would need to go in env vars anyway, so if we want to use the default configs for both local development and images, they will need to be in env vars in any case. I think if these are stored in I am more concerned about such files as Or maybe Or potentially Probably in So, we can maybe put I'd vote for env vars way. I think it's easier, and we can even just have multiple sets of |
I see your concerns. Just an idea, this might make sense to be implemented with a global override configuration file. Where one can put any configration value and it will override the defaults. Just for dev and test environment. It would not be trivial to implement but would probably cover all use cases.
It is alright to have env vars read by the config files. Just we locally change it to a static values for sensitive content.
Check |
Why should it be |
Yeah, sorry, that comment is outdated, since then I update to taking the value from an env var: https://github.com/3scale/porta/pull/3766/files#diff-3027cb92d1f25cc230471a202a313a8e4ffdc445147f6530c29dbc6e7b7e3ef8R3 So, if the env var is not set, it will be
|
837f6ea
to
f706804
Compare
It was failing because of the validation error: "From does not match the domain of your outbound email" errors.add(field, :wrong_domain) unless email.join.split('@').last == domain Caused by the change of the default no-reply email in settings from example.net to example.com
f706804
to
b9dd022
Compare
@akostadinov @jlledom I restored b9dd022 You can compare the contents of the config files in
Diff with some common parts removed: |
What this PR does / why we need it:
We currently have multiple places where
.yml
configuration files are set:config
- the default folderconfig/examples
- these are not added to the container image, but for development they need to be copied toconfig
openshift/system/config
- these are copied to the container image by Dockerfile commands.This causes some inconveniences:
example
to local versions againThis can be avoided by having a single set of configs. Normally, they would not collide, because we use
development
andtest
for development, andproduction
typically is only used in the container image. And even if we wanted to runproduction
locally, the values are normally configured through env variables, so it's the matter of adjusting your.env
file.Which issue(s) this PR fixes
https://issues.redhat.com/browse/THREESCALE-10924
Verification steps
See these comments:
#3766 (comment)
#3766 (comment)
Special notes for your reviewer: