add comments from PR review

bird-house · Jan 25, 2024 · e17649b · e17649b
1 parent 22a161f
commit e17649b
Show file tree

Hide file tree

Showing 3 changed files with 9 additions and 4 deletions.
diff --git a/birdhouse/default.env b/birdhouse/default.env
@@ -83,6 +83,7 @@ export SERVER_LICENSE_URL='${__DEFAULT__SERVER_LICENSE_URL}'
 # Defaults for required variables recommended for override for security reasons.
 # Those will not be set explicitly as defaults to ensure they are overridden explicitly by the instance.
 # These values would be detected only if the instance was configured using a copy of 'env.local.example'.
+# Any default value change here should be synchronized with the corresponding value in 'env.local.example'.
 export __DEFAULT__MAGPIE_SECRET="itzaseekrit"
 export __DEFAULT__MAGPIE_ADMIN_USERNAME="admin"
 export __DEFAULT__MAGPIE_ADMIN_PASSWORD="qwertyqwerty!"

diff --git a/birdhouse/env.local.example b/birdhouse/env.local.example
@@ -4,6 +4,9 @@
 #
 # Do NOT use environment variables in here since when pavics-compose.sh runs
 # inside a container, the environment vars do not have the same value.
+#
+# Any default value change here should be synchronized with the corresponding
+# value in 'default.env' for the corresponding '__DEFAULT__{var}' definition.
 #############################################################################
 
 # Override data persistence root directory

diff --git a/birdhouse/scripts/read-configs.include.sh b/birdhouse/scripts/read-configs.include.sh
@@ -193,10 +193,11 @@ read_components_default_env() {
 # Check that all optional variables are defined with a different value than the default to emit a warning log message.
 # Also check that required variables do not use generic defaults to indicate possible security issues.
 check_default_vars() {
-    # for required variables, do not check for omitted override
-    # those will be flagged as error (check_required_vars)
-    # only indicate if there is a possible security concern
-    # note that the defaults of required variables are not define in those variables
+    # For required variables, do not check for omitted override,
+    # since those will be flagged as error anyway (see 'check_required_vars').
+    # Only indicate if there is a possible security concern.
+    # Note that the defaults of required variables are not actually set in those variables, but
+    # are listed in 'env.local.example', hence why they pose a possible security concern.
     # (ie: __DEFAULT__MAGPIE_ADMIN_PASSWORD exists, but MAGPIE_ADMIN_PASSWORD is not set, must have explicit override)
     for i in ${VARS}
     do