Fix 1 DAGSTER_AUTH_ADMIN_PASSWORD bootstrap bug and 1 logging bug for DAGSTER_AUTH_SECRET_KEY

[hongha912]

Hi, thank you for starting this project. I was testing for my OSS deployment on GCP Cloud Run, which has limitation around SSH-ing into the deployment environment. When trying to create an admin user via the boostrapping process, I came across 2 bugs:

Bug 1
_bootstrap_admin does self.config.get("DAGSTER_AUTH_ADMIN_PASSWORD"), but self.config is config.__dict__ from the AuthConfig singleton. The AuthConfig stores it as self.ADMIN_PASSWORD, not self.DAGSTER_AUTH_ADMIN_PASSWORD

Bug 2: More of a logging bug:

self.SECRET_KEY = os.getenv("DAGSTER_AUTH_SECRET_KEY", self._generate_secret_key()): Python will evaluate self._generate_secret_key() even when the env var exists, because default arguments are eagerly evaluated. The default creates a warning log which caused things to go astray.

Summary by CodeRabbit

• Chores
  • Updated admin user bootstrap configuration to use ADMIN_PASSWORD environment key
  • Modified secret key initialization to automatically generate when empty instead of using provided empty values

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: f0d8ac7a-93d0-4ce5-a909-4b2ecee06f0f

📥 Commits

Reviewing files that changed from the base of the PR and between cb6a6bb and 5398a2f.

📒 Files selected for processing (2)

• dagster_authkit/auth/backends/sql.py
• dagster_authkit/utils/config.py

---

📝 Walkthrough

Walkthrough

Two configuration handling changes in the authentication framework: the admin password bootstrap now reads from ADMIN_PASSWORD instead of DAGSTER_AUTH_ADMIN_PASSWORD, and the secret key initialization now treats empty strings as missing values to trigger auto-generation.

Changes

Cohort / File(s)	Summary
Auth Backend Configuration dagster_authkit/auth/backends/sql.py	Updated _bootstrap_admin to read admin password from ADMIN_PASSWORD config key instead of DAGSTER_AUTH_ADMIN_PASSWORD.
Config Utility Initialization dagster_authkit/utils/config.py	Modified secret key initialization to trigger auto-generation when DAGSTER_AUTH_SECRET_KEY is empty, using or self._generate_secret_key() instead of default parameter.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

Poem

🐰 A config hop, a key renamed,
Passwords dance to a different name,
Empty strings now auto-generate with grace,
Secrets bloom in their rightful place! 🔐✨

🚥 Pre-merge checks | ✅ 2 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 50.00% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (2 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title directly addresses both bugs fixed in the changeset: the DAGSTER_AUTH_ADMIN_PASSWORD bootstrap bug and the DAGSTER_AUTH_SECRET_KEY logging bug. It clearly summarizes the main changes.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}