Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Citi OFN Voucher] Add Activerecord encryption configuration and VINE api config #942

Merged
merged 4 commits into from
Oct 9, 2024
Merged

[Citi OFN Voucher] Add Activerecord encryption configuration and VINE api config #942

merged 4 commits into from
Oct 9, 2024

Conversation

rioug
Copy link
Contributor

@rioug rioug commented Oct 7, 2024
edited
Loading

⚠️ When working on this use the Clockify code: Citi Food Vouchers: #1A. openfoodfoundation/openfoodnetwork#11922 Citi OFN Voucher - VINE Integration ⚠️

Related to : openfoodfoundation/openfoodnetwork#12886

Update env template and secret example to include activerecord encryption configuration and VINE_API_URL config.

@rioug
Update env template and secret example
e6ecfa4 
Includes activerecord encryption configuration
@rioug rioug changed the title Update env template and secret example [Citi voucher] Add Activerecord encryption configuration Oct 7, 2024
@rioug rioug changed the title [Citi voucher] Add Activerecord encryption configuration [Citi OFN Voucher] Add Activerecord encryption configuration Oct 7, 2024
@rioug rioug self-assigned this Oct 7, 2024
@rioug rioug mentioned this pull request Oct 7, 2024
Merged
4 tasks
dacook
dacook requested changes Oct 8, 2024
View reviewed changes
Copy link
Member

@dacook dacook left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

AnsibleUndefinedVariable: 'active_record_encryption_primary_key' is undefined

TASK [app : template files] ****************************************************
failed: [local_test] (item={'src': 'env.j2', 'dest': '/home/openfoodnetwork/apps/openfoodnetwork/shared/config/.env.staging'}) => {"ansible_loop_var": "item", "changed": false, "item": {"dest": "/home/openfoodnetwork/apps/openfoodnetwork/shared/config/.env.staging", "src": "env.j2"}, "msg": "AnsibleUndefinedVariable: 'active_record_encryption_primary_key' is undefined"}
changed: [local_test] => (item={'src': 'postgresql.yml.j2', 'dest': '/home/openfoodnetwork/apps/openfoodnetwork/shared/config/database.yml'})

We probably need to add conditions for these variables, like others in this file.

I'd love to see a cleaner way to do it than what we currently have though. I can think of a couple of options. If we're happy to have these ENV vars defined but blank, we can:

@rioug rioug changed the title [Citi OFN Voucher] Add Activerecord encryption configuration [Citi OFN Voucher] Add Activerecord encryption configuration and VINE api config Oct 8, 2024
@rioug
Copy link
Contributor Author

rioug commented Oct 8, 2024
edited
Loading

Thanks for checking @dacook. I added condition so we don't end up with blank config item which might be problematic.

I ended up adding VINE_API_URL config as well, which I had forgotten.

@rioug rioug requested a review from dacook October 8, 2024 02:49
dacook
dacook reviewed Oct 8, 2024
View reviewed changes
Copy link
Member

@dacook dacook left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Sorry one more question

inventory/host_vars/_example.com/secrets.example.yml Outdated Show resolved Hide resolved
@rioug
Move vine_api_url to host_vars/*/config.yml
b334214 
There isn't any good reason to store it in secrets.yml
@rioug rioug requested a review from dacook October 8, 2024 05:02
mkllnk
mkllnk approved these changes Oct 9, 2024
View reviewed changes
Copy link
Member

@mkllnk mkllnk left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

👍

roles/app/templates/env.j2
Comment on lines +115 to +117
{% if vine_api_url is defined %}
VINE_API_URL="{{ vine_api_url }}"
{% endif %}
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Do you think that a default would work instead?

Suggested change
{% if vine_api_url is defined %}
VINE_API_URL="{{ vine_api_url }}"
{% endif %}
VINE_API_URL="{{ vine_api_url | default('') }}"

Just a question, not a real suggestion.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The code handle a missing VINE_API_URL with an error saying the VINE api isn't configured. With an empty string default it would result in a API connection error which could be confusing when the issue is actually a missing configuration.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ah yes, the code would need to check for the presence of the variable instead.

@mkllnk mkllnk merged commit 07e64c8 into openfoodfoundation:master Oct 9, 2024
2 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@mkllnk mkllnk mkllnk approved these changes

@dacook dacook dacook approved these changes

Assignees

@rioug rioug

Labels
None yet
Projects
OFN Delivery board
Status: Done
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@rioug @mkllnk @dacook