From 39763ea5a21e32b5f6e9420d1312e86c15811c18 Mon Sep 17 00:00:00 2001 From: Petr Date: Sat, 21 Mar 2026 12:01:41 +0100 Subject: [PATCH] Fix: load instance.yaml without requiring webapp secrets Analysts don't have WEBAPP_SECRET_KEY, so load_instance_config() validation failed with noisy warnings. Now reads instance.yaml directly with yaml.safe_load, skipping secret validation. --- src/remote_query.py | 26 +++++++++++++++++++------- 1 file changed, 19 insertions(+), 7 deletions(-) diff --git a/src/remote_query.py b/src/remote_query.py index 6d5cf1a..301ce8c 100644 --- a/src/remote_query.py +++ b/src/remote_query.py @@ -36,7 +36,7 @@ from typing import Optional import duckdb -from config.loader import load_instance_config, get_instance_value +from config.loader import get_instance_value from scripts.duckdb_manager import ( create_local_views, register_bq_table, @@ -55,12 +55,24 @@ class RemoteQueryError(Exception): # --------------------------------------------------------------------------- def _load_remote_query_config() -> dict: - """Load remote_query settings from instance.yaml with defaults.""" - try: - instance_config = load_instance_config() - except (FileNotFoundError, ValueError) as e: - logger.warning("Could not load instance config: %s. Using defaults.", e) - instance_config = {} + """Load remote_query settings from instance.yaml with defaults. + + Uses raw YAML loading instead of load_instance_config() to avoid + requiring webapp secrets (WEBAPP_SECRET_KEY etc.) that analysts + don't have access to. + """ + import yaml as _yaml + from pathlib import Path as _Path + + instance_config: dict = {} + config_dir = _Path(os.environ.get("CONFIG_DIR", "./config")) + yaml_path = config_dir / "instance.yaml" + if yaml_path.exists(): + try: + with open(yaml_path) as f: + instance_config = _yaml.safe_load(f) or {} + except Exception as e: + logger.warning("Could not load instance.yaml: %s. Using defaults.", e) return { "timeout_seconds": get_instance_value(