Description
Currently, several scripts and configurations use potentially dangerous default values that could lead to unintended deployments or operations in the wrong environment. This poses significant security and operational risks, especially in production environments.
Current problematic defaults identified:
- chat_service/routers/chat.py - Uses default model instead of failing:
_OPENAI_MODEL_DEFAULT = "qwen2.5-0.5b-instruct"
OPENAI_MODEL_NAME = os.getenv("OPENAI_MODEL", _OPENAI_MODEL_DEFAULT)
Security/Operational Risks:
- Silent fallbacks that mask configuration errors
- Applications running with unintended configurations
- Difficult debugging when wrong defaults are used
- Potential for production impact due to unclear configuration
Notes
Current files requiring refactoring:
chat_service/routers/chat.py - Remove _OPENAI_MODEL_DEFAULT fallback
- Any other Python files using
os.getenv() with defaults across all services
- Search pattern:
os.getenv(".*", .*)
Example of desired behavior:
# Before (dangerous)
model = os.getenv("OPENAI_MODEL", "qwen2.5-0.5b-instruct") # Silently uses default
# After (safe)
model = os.environ["OPENAI_MODEL"]
if not model:
raise ValueError("OPENAI_MODEL environment variable must be set") # Explicit error
Benefits:
- Eliminates silent configuration errors
- Forces explicit configuration of all services
- Reduces risk of production incidents due to assumed defaults
- Makes service configurations more explicit and auditable
- Follows principle of least surprise and fail-fast design
- Easier debugging when configuration issues arise
Target Pattern for Python Code:
# Instead of: OPENAI_MODEL_NAME = os.getenv("OPENAI_MODEL", _OPENAI_MODEL_DEFAULT)
# Use:
OPENAI_MODEL_NAME = os.environ["OPENAI_MODEL"]
if not OPENAI_MODEL_NAME:
raise ValueError("OPENAI_MODEL environment variable must be set")
Dependencies:
- Review all Python services in repository for
os.getenv() with defaults
- Update all example.env files to include required environment variables
- Update documentation and README files with new required parameters
- Add proper environment variable validation at application startup
- Update Docker and Helm configurations to ensure required env vars are set
Description
Currently, several scripts and configurations use potentially dangerous default values that could lead to unintended deployments or operations in the wrong environment. This poses significant security and operational risks, especially in production environments.
Current problematic defaults identified:
Security/Operational Risks:
Notes
Current files requiring refactoring:
chat_service/routers/chat.py- Remove_OPENAI_MODEL_DEFAULTfallbackos.getenv()with defaults across all servicesos.getenv(".*", .*)Example of desired behavior:
Benefits:
Target Pattern for Python Code:
Dependencies:
os.getenv()with defaults