As an example, let’s say you have the following pseudocode:
if test environment: # meaning you don't have the typical service account prod perms sudo as service account + do operation else: # in prod so service account will have perms do operation
assuming that the operation is permission sensitive, such that you need these perms to run in test (otherwise the code would break because of aforementioned perms errors), is this good/bad practice, and what’s the best solution? Is this code a security risk, or should the engineer be responsible for assigning the right environment variables?
Consider that without this if/else, you can’t run/debug the app outside of prod anymore. There’s value in being able to run/debug in test right?
If I left the company tomorrow and no one else was familiar with how to debug this locally, if any other random person ran into an error in prod, pulled down the code and tried to run it locally, and found out it just wouldn’t work, and then had to figure out they had to sudo as the service account, I think they’d be pretty annoyed?