This Python application demonstrates the use of feature flags managed through Azure App Configuration. It provides a simple "Hello World" functionality, enhanced by the ability to toggle features and behaviors based on feature flags. This setup is ideal for differentiating behaviors in different environments like development (dev) and production (prod).
- Feature Flag Management: Integrates with Azure App Configuration for managing feature flags.
- Environment-Specific Behavior: Custom logic to determine whether the application is running in a
devorprodenvironment. - Dynamic Feature Function Execution: Dynamically executes functions based on the status of feature flags in the current environment.
- Docker Support: Easily containerizable for consistent deployment across environments.
- Docker installed on your machine.
- An Azure account and an Azure App Configuration store set up.
- Python 3.9 or higher (for local development).
-
Azure App Configuration:
- Set up your feature flags in the Azure App Configuration store.
- Obtain the connection string from Azure App Configuration.
- Add feature flags as appropriate, for my example I've used this setup:
-
Environment File:
- Rename
example.envto.envand fill in the variables related to your setup.
- Rename
-
Dockerfile:
- Use the provided
Dockerfilefor container setup.
- Use the provided
-
Docker Compose (Optional):
- Use
docker-compose.ymlto define and run the application with Docker Compose.
- Use
-
Build the Docker Image:
- Navigate to the directory containing the Dockerfile.
- Run
docker build -t my-python-app .to build your Docker image.
-
Run the Docker Container:
- Run
docker run -p 4000:80 -e AZURE_APP_CONFIG_CONNECTION_STRING='your_connection_string_here' -e ENVIRONMENT='prod' my-python-app.
- Run
-
Using
docker-compose.yml:- Update the environment variables in
docker-compose.ymlwith your Azure App Configuration connection string and desired environment.
- Update the environment variables in
-
Start the Application:
- Run
docker-compose upin the directory containingdocker-compose.yml.
- Run
For local development, ensure you have Python 3.9 or higher installed and run the application normally. Make sure to set the appropriate environment variables or use the .env file.
The app.py script includes multiple functionalities:
- Feature Flag Checking: The
is_feature_flag_enabledfunction checks if a specific feature flag is enabled in the given environment. - Listing Feature Flags: The
list_feature_flagsfunction lists all feature flags for the specified environment. - Dynamic Function Execution: The application dynamically executes functions corresponding to enabled feature flags.
- Environment Determination: The
get_environment_labelfunction determines the current running environment (devorprod). - Example Feature Functions: Example functions
BetaFeatureandTestFeaturedemonstrate feature-specific behaviors.
For more details, refer to the comments in app.py.
Using globals() in your Python code as described poses several security risks:
- Arbitrary Code Execution: It allows executing any function in the global scope, potentially leading to harmful effects if an attacker manipulates
func_name. - Injection Vulnerabilities: If
func_nameis influenced by external input without proper checks, it can lead to security vulnerabilities similar to SQL injection. - Unintended Side Effects: Dynamically calling functions can cause unpredictable behavior or corrupt state, especially for functions not intended for such use.
- Difficult Maintenance: This coding pattern complicates understanding, maintaining, and debugging the codebase.
- Encourages Bad Practices: It promotes reliance on global state and functions with side effects, making code fragile and hard to maintain.
To mitigate these risks, use whitelists, object-oriented approaches, or function mapping for more control and safer code.
Remember, dynamic function invocation should be approached with caution and used only when necessary, ensuring all necessary safety checks and validations are in place.