Improve configuration variable troubleshooting with DEBUG logs, more helpful errors, and unit tests #579
Conversation
Adds the expected & actual char length for the config var to the error message, to aid in troubleshooting
| @@ -214,6 +243,14 @@ class Config: # pylint: disable=C0115 | |||
| f'Startup configuration: pii logging = {os.getenv("FIDESOPS__LOG_PII") == "True"}' | |||
| ) | |||
|
|
|||
| def log_all_config_values(self) -> None: | |||
There was a problem hiding this comment.
This gets called during start_webserver to provide some helpful DEBUG logs. I find it's often difficult to figure out if my ENV variables or configuration file is loading as expected, so this aids in that
There was a problem hiding this comment.
this will be super helpful, thanks!
| @@ -266,15 +302,15 @@ def get_config() -> FidesopsConfig: | |||
| """ | |||
| try: | |||
| return FidesopsConfig.parse_obj(load_toml("fidesops.toml")) | |||
| except (FileNotFoundError, ValidationError) as e: | |||
There was a problem hiding this comment.
Catching the ValidationError here was odd; it basically made it try loading the config twice:
- once from the file, which if invalid threw an error
- then once again from defaults, which may throw an error
This is surprising, because if you have an invalid config it fails twice, and usually with different error messages, which is misleading.
There was a problem hiding this comment.
By removing this catch, the validation error simply crashes startup and throws a more relevant warning log and stacktrace.
There was a problem hiding this comment.
good catch, I'll actually have to update this on my fideslog integration branch
There was a problem hiding this comment.
Ideally let's get this merged to main so you can just rebase 👍
| logger.warning( | ||
| "WARNING: log level is DEBUG, so sensitive or personal data may be logged. " | ||
| "Set FIDESOPS__SECURITY__LOG_LEVEL to INFO or higher in production." | ||
| ) |
There was a problem hiding this comment.
I'm increasingly of the opinion we should remove the LOG_PII variable, and just use this single LOG_LEVEL instead. Having DEBUG vs INFO logs is a standard config option most apps support, so it'll be more intuitive to use this.
There was a problem hiding this comment.
NOTE: I really wanted to DEBUG log all the ENV vars at startup too, but by the time this method runs the FidesopsConfig has already been loaded (and potentially crashed), so it's too late. Since we're using the config to set the log level simultaneously, it's awkward to use DEBUG logs to see the ENV vars... kind of a chicken & egg situation.
| from fidesops.core.config import get_config | ||
|
|
||
|
|
||
| def test_config_from_default() -> None: |
There was a problem hiding this comment.
These first three tests (load from default, load from path, load from ENV) didn't have any tests yet so I added some basic ones
There was a problem hiding this comment.
Looking good @NevilleS, just wanted additional clarify on the fidesops.toml you've added, due to the fact that I'm working on testing new env variables for fideslog that may need to be added to this toml, too.
| @@ -266,15 +302,15 @@ def get_config() -> FidesopsConfig: | |||
| """ | |||
| try: | |||
| return FidesopsConfig.parse_obj(load_toml("fidesops.toml")) | |||
| except (FileNotFoundError, ValidationError) as e: | |||
There was a problem hiding this comment.
good catch, I'll actually have to update this on my fideslog integration branch
| @@ -214,6 +243,14 @@ class Config: # pylint: disable=C0115 | |||
| f'Startup configuration: pii logging = {os.getenv("FIDESOPS__LOG_PII") == "True"}' | |||
| ) | |||
|
|
|||
| def log_all_config_values(self) -> None: | |||
There was a problem hiding this comment.
this will be super helpful, thanks!
|
@eastandwestwind I pushed the update here, LMK if there's anything else you'd recommend. Thanks! |
…helpful errors, and unit tests (#579) * Improve error message for APP_ENCRYPTION_KEY Adds the expected & actual char length for the config var to the error message, to aid in troubleshooting * Update tests with black formatting * Add tests for loading config vars * Only attempt to parse config vars once * Add ability to specify LOG_LEVEL via the config * Log all config vars during startup at DEBUG level * Update CHANGELOG.md with new features * Update configuration docs * Add comment to test fidesops.toml * Use string interpolation instead of f-strings for log statements
Purpose
After watching @RobertKeyser run into some mysterious errors setting up the
fidesopsconfiguration values recently, I thought I'd make a few QOL improvements to the debug-ability of our config.Changes
FIDESOPS__SECURITY__APP_ENCRYPTION_KEYto output the number of characters to aid troubleshootingFIDESOPS__SECURITY__LOG_LEVELconfiguration variable to allow controlling the log level #579DEBUGlogs at startup to view all configuration values #579FidesopsConfigloading and tests forAPP_ENCRYPTION_KEYvalidationChecklist
CHANGELOG.mdfileCHANGELOG.mdfile is being appended toUnreleasedsection in an appropriate category. Add a new category from the list at the top of the file if the needed one isn't already there.Run Unsafe PR Checkslabel has been applied, and checks have passed, if this PR touches any external servicesTicket
n/a