💥 Support environment config [BREAKING CHANGES] #764
Conversation
| // To support legacy TLS environment variables, if they are present, we will | ||
| // have them force-override anything loaded from existing file or env | ||
| if !cctx.RootCommand.DisableConfigEnv { | ||
| oldEnvTLSCert, _ := cctx.Options.EnvLookup.LookupEnv("TEMPORAL_TLS_CERT") |
There was a problem hiding this comment.
Mentioned in the other PR, but this sure seems like a good reason to export the constants from the SDK
There was a problem hiding this comment.
I don't think every SDK should export every environment variable name as part of its public API to users, it will be part of the spec.
| implied-env: TEMPORAL_CONFIG_FILE | ||
| - name: profile | ||
| type: string | ||
| description: Profile to use for config file. |
There was a problem hiding this comment.
Should this use default as the default?
There was a problem hiding this comment.
No because the default is actually determined by the Go SDK not by the CLI. A CLI flag (whether set via "default" or explicitly) would override where it may be otherwise set, e.g. env var or the actual default.
temporalcli/commandsgen/commands.yml
Outdated
| Remove a full profile entirely _or_ remove a property within a profile. | ||
| When deleting an entire profile, the `--profile` must be set explicitly. | ||
| ``` | ||
| temporal env delete \ | ||
| --profile my-profile | ||
| ``` |
There was a problem hiding this comment.
IMO adding an explicit --delete-whole-profile or something might be good in that instance, but, not hugely concerned.
There was a problem hiding this comment.
👍 Yeah this just matches what we do for env today, but I do agree. Actually this should be a top-level command called delete-profile so delete can always require the --prop.
There was a problem hiding this comment.
Moved to its own command. Leaving conversation open for others that may want to see that this changed.
temporalcli/client.go
Outdated
| // In the past, the presence of API key CLI arg did not imply TLS like it | ||
| // does with envconfig. Therefore if there is a user-provided API key and | ||
| // TLS is not present, explicitly disable it so API key presence doesn't | ||
| // enable it in ToClientOptions below. | ||
| // TODO(cretz): Or do we want to break compatibility to have TLS defaulted | ||
| // for all API keys? | ||
| if c.ApiKey != "" && clientProfile.TLS == nil { | ||
| clientProfile.TLS = &envconfig.ClientConfigTLS{Disabled: true} | ||
| } |
There was a problem hiding this comment.
Thoughts here on just making TLS the default for API key and adding TLS disabled option? Technically a backwards incompatible break, but a good one IMO.
There was a problem hiding this comment.
Ok, I have made this breaking change and added tests
# Conflicts: # go.mod # go.sum # temporalcli/client.go # temporalcli/commands.gen.go # temporalcli/commands.go # temporalcli/commandsgen/commands.yml
| type: string | ||
| description: | | ||
| File path to read TOML config from, defaults to | ||
| `$CONFIG_PATH/temporal/temporal.toml` where `$CONFIG_PATH` is defined |
There was a problem hiding this comment.
| `$CONFIG_PATH/temporal/temporal.toml` where `$CONFIG_PATH` is defined | |
| `$CONFIG_PATH/temporalio/temporal.toml` where `$CONFIG_PATH` is defined |
| if namespaceExplicitlySet { | ||
| clientProfile.Namespace = c.Namespace | ||
| } |
There was a problem hiding this comment.
| if namespaceExplicitlySet { | |
| clientProfile.Namespace = c.Namespace | |
| } | |
| if namespaceExplicitlySet { | |
| clientProfile.Namespace = c.Namespace | |
| } else { | |
| c.Namespace = clientProfile.Namespace | |
| } |
Some code is using c.Namespace flag in its output which is obviously not valid if it's overwritten by env config stuff. Need to either update c.Namespace with the valid value or have some other way to relay what is the now-current namespace value.
yuandrew
left a comment
There was a problem hiding this comment.
Primarily looked at the commandsgen stuff, just one clarity comment
temporalcli/commandsgen/commands.yml
Outdated
| # short: The single letter short version of name (i.e. a for address). (string) | ||
| # env: Binds the environment variable to this flag. (string) | ||
| # implied-env: Documents the environment variable as bound to the flag, | ||
| # but does actually bind it. |
There was a problem hiding this comment.
Should this be doesn't? Also missing the type (string)
There was a problem hiding this comment.
Also, I'm not seeing ImpliedEnv used anywhere, do we want it printed into the generated docs?
There was a problem hiding this comment.
Yes, I meant doesn't, will fix. Yes, I do think it'd make sense to be in the docs just like env. I just had to make a separate field because it's effectively doc only, it has no runtime use.
What was changed
--api-keynow assumes TLS (i.e.--tls) by default, so users using API keys on non-TLS servers will have to explicitly disable TLS (i.e.--tls=false)temporal configcommandsChecklist