Better ergonomics for passing through environment variables

Question

Better ergonomics for passing through environment variables

johnbatty opened this issue 3 years ago · 2 comments

I would like to propose an enhancement to floki to more easily allow existing environment variables to be passed through from the invoking environment to the floki docker container.

I have increasingly been coming across situations which require authentication, where credentials are typically provided via env vars. I therefore want to make it easy to pass these env vars through from a developer's environment into a floki container.

This is currently possible via docker_switches:

docker_switches:
- -e
- MY_REPO_PASSWORD
- -e
- MY_PAT_TOKEN
...etc

However, this is a bit clunky, particularly if you want to pass multiple variables. It is also potentially non-trivial to update this list with automated tools if you want to add/remove entries.

I therefore propose adding a new key env, which simply takes a list of environment variable names to pass through. This would be expanded internally to a series of -e <env_var_name> parameters for the docker run invocation. Example:

env:
- MY_REPO_PASSWORD
- MY_PAT_TOKEN
...etc

Thoughts?

I'm happy to make the code changes if we can agree that this is a desirable feature.

Answer 1 · 2022-03-02T10:20:25.000Z

Richard just suggested that if we do decide to add this, then floki should check that the specified variables exist, and fail with a helpful error if they don't. I agree.

Answer 2 · 2022-06-06T10:25:54.000Z

I think this is a desirable feature - it does somewhat break of the contract of being able to run floki files regardless of environment but the feature already exists with docker_switches and is already being actively used like that.

There's potentially a larger question around "do we want a better defined system of passing secrets into floki in the first place" - but for now I don't see any reason to block a change like this.