[#1393] Update Fidesops config with sane defaults where necessary (#1395

)

* add sane defaults

* make subsections of config with complete defaults optional

* lowercase database.enabled, set defaults for optional configs

* update return type

* updates changelog

* make PORT an env var

* cast env var to int

* remove unnecessary unpinned dependency

* bump fideslib version

* bump fideslib to 3.1.4

* add defaults for the non optional config subclasses

* set empty dict to default for config subclasses that require some fields

* use .get() in assemble URL for correct error message, correct comment

* update jwt_key type annotation

CHANGELOG.md

@@ -45,6 +45,11 @@ The types of changes are:
 
 * Removed `query_param` auth strategy as `api_key` auth strategy now supersedes it [#1331](https://github.com/ethyca/fidesops/pull/1331)
 
+### Developer Experience
+
+* Update Fidesops config with sane defaults where necessary [#1393](https://github.com/ethyca/fidesops/pull/1395)
+
+
 ## [1.8.0](https://github.com/ethyca/fidesops/compare/1.8.0...main)
 
 ### Developer Experience

requirements.txt

@@ -5,12 +5,11 @@ celery[pytest]==5.2.7
 click==8.1.3
 cryptography~=3.4.8
 dask==2022.8.0
-emails
 fastapi-caching[redis]
 fastapi-pagination[sqlalchemy]~= 0.10.0
 fastapi[all]==0.82.0
 fideslang==1.2.0
-fideslib==3.1.2
+fideslib==3.1.4
 fideslog==1.2.3
 hvac==0.11.2
 Jinja2==3.1.2

src/fidesops/ops/api/v1/endpoints/drp_endpoints.py

@@ -66,7 +66,7 @@ async def create_drp_privacy_request(
     a corresponding Fidesops PrivacyRequest
     """
 
-    jwt_key: str = config.security.drp_jwt_secret
+    jwt_key: Optional[str] = config.security.drp_jwt_secret
     if jwt_key is None:
         raise HTTPException(
             status_code=HTTP_500_INTERNAL_SERVER_ERROR,

src/fidesops/ops/core/config.py

@@ -25,7 +25,7 @@
 class FidesopsDatabaseSettings(DatabaseSettings):
     """Configuration settings for Postgres."""
 
-    ENABLED: bool = True
+    enabled: bool = True
 
     class Config:
         env_prefix = "FIDESOPS__DATABASE__"
@@ -35,9 +35,10 @@ class ExecutionSettings(FidesSettings):
     """Configuration settings for execution."""
 
     privacy_request_delay_timeout: int = 3600
-    task_retry_count: int
-    task_retry_delay: int  # In seconds
-    task_retry_backoff: int
+    # By default Fidesops will not retry graph nodes
+    task_retry_count: int = 0
+    task_retry_delay: int = 0  # In seconds
+    task_retry_backoff: int = 0
     subject_identity_verification_required: bool = False
     require_manual_request_approval: bool = False
     masking_strict: bool = True
@@ -77,7 +78,7 @@ def assemble_connection_url(
             # If the whole URL is provided via the config, preference that
             return v
 
-        return f"redis://{quote_plus(values.get('user', ''))}:{quote_plus(values['password'])}@{values['host']}:{values['port']}/{values.get('db_index', '')}"
+        return f"redis://{quote_plus(values.get('user', ''))}:{quote_plus(values.get('password', ''))}@{values.get('host', '')}:{values.get('port', '')}/{values.get('db_index', '')}"
 
     class Config:
         env_prefix = "FIDESOPS__REDIS__"
@@ -118,15 +119,21 @@ class Config:
 class RootUserSettings(FidesSettings):
     """Configuration settings for Analytics variables."""
 
-    analytics_opt_out: Optional[bool]
-    analytics_id: Optional[str]
+    analytics_opt_out: Optional[bool] = True
+    analytics_id: Optional[str] = None
 
     @validator("analytics_id", pre=True)
-    def populate_analytics_id(cls, v: Optional[str]) -> str:
+    def populate_analytics_id(
+        cls,
+        v: Optional[str],
+        values: Dict[str, str],
+    ) -> Optional[str]:
         """
         Populates the appropriate value for analytics id based on config
         """
-        return v or cls.generate_and_store_client_id()
+        if not v and not values.get("analytics_opt_out"):
+            v = cls.generate_and_store_client_id()
+        return v
 
     @staticmethod
     def generate_and_store_client_id() -> str:
@@ -164,15 +171,29 @@ class Config:
 class FidesopsConfig(FidesSettings):
     """Configuration variables for the FastAPI project"""
 
-    database: FidesopsDatabaseSettings
-    redis: RedisSettings
-    security: FidesopsSecuritySettings
-    execution: ExecutionSettings
-    root_user: RootUserSettings
-    admin_ui: AdminUiSettings
-    notifications: FidesopsNotificationSettings
-
-    port: int
+    # Pydantic doesn't initialise subsections automatically if
+    # only environment variables are provided at runtime. If the
+    # config subclass is instantiated with no args, Pydantic runs
+    # validation before loading in environment variables, which
+    # always fails if any config vars in the subsection are non-optional.
+    # Using the empty dict allows Python to load in the environment
+    # variables _before_ validating them against the Pydantic schema.
+    database: FidesopsDatabaseSettings = {}  # type: ignore
+    redis: RedisSettings = {}  # type: ignore
+    security: FidesopsSecuritySettings = {}  # type: ignore
+    execution: Optional[ExecutionSettings] = ExecutionSettings()
+    root_user: Optional[RootUserSettings] = RootUserSettings()
+    admin_ui: Optional[AdminUiSettings] = AdminUiSettings()
+    notifications: Optional[
+        FidesopsNotificationSettings
+    ] = FidesopsNotificationSettings()
+
+    port: int = int(
+        os.getenv(
+            "FIDESOPS__PORT",
+            "8080",  # Run the webserver on port 8080 by default
+        )
+    )
     is_test_mode: bool = os.getenv("TESTING", "").lower() == "true"
     hot_reloading: bool = os.getenv("FIDESOPS__HOT_RELOAD", "").lower() == "true"
     dev_mode: bool = os.getenv("FIDESOPS__DEV_MODE", "").lower() == "true"