From e17649b226fdcacf9ae4ae09a8d1c902120138ce Mon Sep 17 00:00:00 2001
From: Francis Charette Migneault <francis.charette.migneault@gmail.com>
Date: Thu, 25 Jan 2024 11:44:51 -0500
Subject: [PATCH] add comments from PR review

---
 birdhouse/default.env                     | 1 +
 birdhouse/env.local.example               | 3 +++
 birdhouse/scripts/read-configs.include.sh | 9 +++++----
 3 files changed, 9 insertions(+), 4 deletions(-)

diff --git a/birdhouse/default.env b/birdhouse/default.env
index d664ba55..7cd30f60 100644
--- a/birdhouse/default.env
+++ b/birdhouse/default.env
@@ -83,6 +83,7 @@ export SERVER_LICENSE_URL='${__DEFAULT__SERVER_LICENSE_URL}'
 # Defaults for required variables recommended for override for security reasons.
 # Those will not be set explicitly as defaults to ensure they are overridden explicitly by the instance.
 # These values would be detected only if the instance was configured using a copy of 'env.local.example'.
+# Any default value change here should be synchronized with the corresponding value in 'env.local.example'.
 export __DEFAULT__MAGPIE_SECRET="itzaseekrit"
 export __DEFAULT__MAGPIE_ADMIN_USERNAME="admin"
 export __DEFAULT__MAGPIE_ADMIN_PASSWORD="qwertyqwerty!"
diff --git a/birdhouse/env.local.example b/birdhouse/env.local.example
index 41b70ce4..08294533 100644
--- a/birdhouse/env.local.example
+++ b/birdhouse/env.local.example
@@ -4,6 +4,9 @@
 #
 # Do NOT use environment variables in here since when pavics-compose.sh runs
 # inside a container, the environment vars do not have the same value.
+#
+# Any default value change here should be synchronized with the corresponding
+# value in 'default.env' for the corresponding '__DEFAULT__{var}' definition.
 #############################################################################
 
 # Override data persistence root directory
diff --git a/birdhouse/scripts/read-configs.include.sh b/birdhouse/scripts/read-configs.include.sh
index 81880149..5c7d83c4 100644
--- a/birdhouse/scripts/read-configs.include.sh
+++ b/birdhouse/scripts/read-configs.include.sh
@@ -193,10 +193,11 @@ read_components_default_env() {
 # Check that all optional variables are defined with a different value than the default to emit a warning log message.
 # Also check that required variables do not use generic defaults to indicate possible security issues.
 check_default_vars() {
-    # for required variables, do not check for omitted override
-    # those will be flagged as error (check_required_vars)
-    # only indicate if there is a possible security concern
-    # note that the defaults of required variables are not define in those variables
+    # For required variables, do not check for omitted override,
+    # since those will be flagged as error anyway (see 'check_required_vars').
+    # Only indicate if there is a possible security concern.
+    # Note that the defaults of required variables are not actually set in those variables, but
+    # are listed in 'env.local.example', hence why they pose a possible security concern.
     # (ie: __DEFAULT__MAGPIE_ADMIN_PASSWORD exists, but MAGPIE_ADMIN_PASSWORD is not set, must have explicit override)
     for i in ${VARS}
     do