Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Be more explicit about configs and where they come from #535

Merged
merged 6 commits into from
Oct 29, 2024
Merged

Be more explicit about configs and where they come from #535

merged 6 commits into from
Oct 29, 2024

Conversation

bheesham
Copy link
Member

This PR adds/removes a couple of things:

  • A documented env.sample
  • An updated env.sample, now shows the full keys we expect, along with some docs about where to get them
  • Less dependencies (everett) -- this one did a bit of magic which I removed and implemented ourself (as a result it should be painfully clear what's missing on startup)
  • Use OIDC_REDIRECT_URI -- we set this environment variable but never use it

See individual commits for a better review story.

@bheesham bheesham requested a review from a team October 29, 2024 16:59
dividehex
dividehex approved these changes Oct 29, 2024
View reviewed changes
Copy link
Contributor

@dividehex dividehex left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

👍 I love it! ❤️

@bheesham
Copy link
Member Author

Ou, actually, I found an issue. I'll re-do bits of this (specifically concerning the OIDC_REDIRECT_URI bit).

I'll mark this PR as a DO NOT MERGE for now.

bheesham
bheesham commented Oct 29, 2024
View reviewed changes
dashboard/config.py Outdated Show resolved Hide resolved
@bheesham bheesham changed the title Be more explicit about configs and where they come from DO NOT MERGE Be more explicit about configs and where they come from Oct 29, 2024
@bheesham bheesham changed the title DO NOT MERGE Be more explicit about configs and where they come from Be more explicit about configs and where they come from Oct 29, 2024
@bheesham
Copy link
Member Author

Should be resolved now -- I removed the bits in oidc_auth which confused me (and weren't being used anyways, see the handler for /forbidden).

@bheesham
Reduce magic around configs
3a68146 
This allows us to remove a dependency (`everett`) while being clearer about
where configs come from. If something fails with a `KeyError` (or similar), we
can `grep` the codebase and find that value.

Jira: IAM-1443
@bheesham
OIDC provider metadata discovery is used
981b261 
We don't need these since the discovery [is handled by Flask-pyoidc for us][pyoidc].

Jira: IAM-1443

[pyoidc]: https://github.com/zamzterz/Flask-pyoidc/blob/26b123572cba0b3fa84482c6c0270900042a73c9/src/flask_pyoidc/provider_configuration.py#L142-L144
@bheesham
Document the envfile
4ce60bb 
Jira: IAM-1443
@bheesham
config Fail on usage instead
17f73db 
Jira: IAM-1443
@bheesham
config Make use of OIDC_REDIRECT_URI
31ed6f4 
Jira: IAM-1443
@bheesham
OIDC_REDIRECT_URI is used in Flask-pyoidc, not TokenVerification
784997c 
I was confusing what this configuration value was used for. Turns out, we don't
make explicit use of this, though internally Flask-pyoidc does.

To clear up some confusion here I removed the bit of code from
TokenVerification.

Jira: IAM-1443
@bheesham bheesham merged commit a2d56de into mozilla-iam:master Oct 29, 2024
1 check passed
@bheesham bheesham deleted the simpler-config branch October 29, 2024 18:53
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@dividehex dividehex dividehex approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@bheesham @dividehex