File this under quick tips and tricks for Python functions in OpenFaas.
I just learned about Pydantic’s support for reading settings from secret files and it fits perfectly with secrets in OpenFaaS. If you love Python or you are writing Python functions in OpenFaas, this is a great way to simplify your configuration parsing.
I am going to keep this short and sweet. Let’s say you have an OpenFaas function that needs to access a database. Typically, this requires the
db_password to be configured. In OpenFaas, we would expect the
db_user as environment variables, but the
db_password is sensitive and should be supplied as a secret, see the docs for a quick intro to secrets.
stack.yaml might look like this
functions: cool_function: lang: python3 image: functions/cool_function:latest env: db_host: cool.rds.aws.com db_user: super_cool_person secrets: - db_password
If you use
pydantic, then the only code you need for to configure your function looks like this
from pydantic import BaseSettings class Settings(BaseSettings): db_password: str db_host: str db_user: str class Config: secrets_dir = '/var/openfaas/secrets' settings = Settings()
Settings is instantiated, it will automatically read the values from the environment variables and from our secrets, because we set
secrets_dir. Given our
stack.yaml above, this means
settings.db_host == cool.rds.aws.com,
db_user == super_cool_person, and
db_passwordwill be the value from
because OpenFaaS puts all of the secrets into
That’s it, 10 lines of code and you get simple type safe configuration.
I am a big fan of type hinting in Python. Once, you are using Pydantic, then the next step is to configure
mypy to get static type checking before you deploy your functions. But that is a blog post for another day.