Skip to content

[Enhancement] Remove dangerous default environment values from Python services and enforce explicit configuration #138

Description

@NotYuSheng

Description

Currently, several scripts and configurations use potentially dangerous default values that could lead to unintended deployments or operations in the wrong environment. This poses significant security and operational risks, especially in production environments.

Current problematic defaults identified:

  1. chat_service/routers/chat.py - Uses default model instead of failing:
    _OPENAI_MODEL_DEFAULT = "qwen2.5-0.5b-instruct"
    OPENAI_MODEL_NAME = os.getenv("OPENAI_MODEL", _OPENAI_MODEL_DEFAULT)

Security/Operational Risks:

  • Silent fallbacks that mask configuration errors
  • Applications running with unintended configurations
  • Difficult debugging when wrong defaults are used
  • Potential for production impact due to unclear configuration

Notes

Current files requiring refactoring:

  • chat_service/routers/chat.py - Remove _OPENAI_MODEL_DEFAULT fallback
  • Any other Python files using os.getenv() with defaults across all services
  • Search pattern: os.getenv(".*", .*)

Example of desired behavior:

# Before (dangerous)
model = os.getenv("OPENAI_MODEL", "qwen2.5-0.5b-instruct")  # Silently uses default

# After (safe)
model = os.environ["OPENAI_MODEL"]
if not model:
    raise ValueError("OPENAI_MODEL environment variable must be set")  # Explicit error

Benefits:

  • Eliminates silent configuration errors
  • Forces explicit configuration of all services
  • Reduces risk of production incidents due to assumed defaults
  • Makes service configurations more explicit and auditable
  • Follows principle of least surprise and fail-fast design
  • Easier debugging when configuration issues arise

Target Pattern for Python Code:

# Instead of: OPENAI_MODEL_NAME = os.getenv("OPENAI_MODEL", _OPENAI_MODEL_DEFAULT)
# Use:
OPENAI_MODEL_NAME = os.environ["OPENAI_MODEL"]
if not OPENAI_MODEL_NAME:
    raise ValueError("OPENAI_MODEL environment variable must be set")

Dependencies:

  • Review all Python services in repository for os.getenv() with defaults
  • Update all example.env files to include required environment variables
  • Update documentation and README files with new required parameters
  • Add proper environment variable validation at application startup
  • Update Docker and Helm configurations to ensure required env vars are set

Metadata

Metadata

Assignees

No one assigned

    Labels

    enhancementTechnical improvements, infra, refactoringsecurityVulnerabilities, encryption, auth logic

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions