-
Notifications
You must be signed in to change notification settings - Fork 49
Create development guidelines for handling credentials in components and platforms code #424
Comments
IMO it probably makes sense to do such validations in a centralized place depending on the cluster config. For example, if the config contains a Packet cluster, ensure we have the Packet-related env var(s) in place. Such logic fits naturally in a |
I don't fully agree with that. IMO environment variable is a "runtime" change, as opposite to the configuration which is static (think "source code"). The example would be
If we decide to treat environment variables as part of the configuration, then indeed, configuration validation should trigger the logic, but the definitions should definitely be stored closely to the related subject, so I think it would be nice to have a good separation of concerns here. E.g. |
What don't you agree with? That we should validate configuration centrally? |
To clarify, my main points were:
|
I don't fully agree, that when validating the configuration, we should make sure that env variables are set. IMO they should be validated separately, as explained above. |
Oh, I was not implying we want to validate env vars and the config in the same action. |
As mentioned in #422, we often need to deal with credentials in our code (providers API tokens, etc.). We should decide and document if we want to e.g. validate that specific environment variable is set, or do we let Terraform do the validation, which negatively impacts the UX, as we cannot do the checks early (think runtime check instead of compile-time check).
The text was updated successfully, but these errors were encountered: