Add UTOPIA_CONSOLE_USER environment variable to console containers #334
Conversation
mbfisher
force-pushed
the
utopia-console-user-env
branch
from
cb05fa5
to
b5c341f
Compare
| @@ -68,7 +68,7 @@ manifests: generate | |||
| install-tools: | |||
| go install github.com/onsi/ginkgo/ginkgo@v1.16.5 | |||
| go install sigs.k8s.io/controller-tools/cmd/controller-gen@v0.10.0 | |||
| go install sigs.k8s.io/controller-runtime/tools/setup-envtest@latest | |||
| go install sigs.k8s.io/controller-runtime/tools/setup-envtest@v0.0.0-20230216140739-c98506dc3b8e | |||
There was a problem hiding this comment.
It looks like the latest version of this supports golang >1.22. Rather than try to upgrade go I've just pinned to an older version that works without changing anything else
|
Hi Mike. @mbfisher |
Hey @bogvak, I haven't done any testing like that, no. I wanted to get a sense check of the direction before setting up the local k8s cluster and everything! |
|
Hi @mbfisher In general, seems like this would do what you expect. I'm trying to think if this might have any further implications. Meanwhile, I wonder if you considered exposing the environment variable from the label, similar to how it is done for the session recording pod, for consistency? This would set it to the username e.g. |
No I hadn't considered that - didn't know it existed!! It would be better to keep it consistent across the containers and just have one way to do it. This is why you ask for advice 👌 Would this work because |
Pretty much, yes. Technically, it's not part of the - name: LABEL_USER
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: metadata.labels['user']So, instead of encoding a specific string to the environment variable via the code in Theatre, we would encode a reference to a label field. Also, I was informed that Theatre is apparently also available publicly, so we should best avoid using the |
|
Thanks for the explanation @0x0013! Am I right that I could use the If that would work, do you think either implementation is better than the other? I'm inclined to use the 🙏 |
|
Hi @mbfisher I seem to have missed your reply/question.
The link doesn't work for me, maybe the branch has been deleted? But from context, if I understand correctly, I think this would work.
I think this could be a valuable addition for other services as well, as long as the above suggestions are followed, namely, not using a GC-specific naming ( |
|
@0x0013 ah dang I went the other way to get us unblocked! https://github.com/gocardless/anu/pull/30890 We'll need to make the same change for other services, so when we're ready for that I'll revive this PR. |
In FY25, BPNG will have a Hero Metric that measures our ability to process payments without manual intervention. For more info see here.
We'd like to automate the way this is measured, so @stephenbinns and I are looking in to how to instrument the different ways we intervene in payment processing. A very common one is the use of consoles, for example to restart Paysvc banking pipelines:
We would like to instrument this code to record the intervention, including the engineer who performed it. To do this we need to know which engineer has authorised the console from within the Rails console.
This change introduces a
UTOPIA_CONSOLE_USERenvironment variable to all consoles, set to the email address of the authorised user.Neither of us are subject matter experts in either Kubernetes, Utopia or Anu, but we know enough to cobble together a change. Any and all advice about better ways to achieve this would be very welcome!
For more on how we're approaching this project, here's our scoping doc, though fair warning that it's changing fast 🙏