feat!: adding breaking changes for new features *open telemetry added…

[mrickettsk]

…, *updated terraform, *updated content safety support, *fixed debugging

🤖AEP PR SUMMARY🤖

Request to AEP failed to process

[github-actions]

Docker Configuration

1. Security & Best Practice: Environment variables for telemetry and logging are correctly passed to the container, enhancing observability. Ensure that sensitive keys such as AZURE_CS_KEY and APPINSIGHTS_KEY are stored securely, possibly using secrets management tools rather than plaintext in configuration files.

Documentation

1. Best Practice: Updating the local setup documentation to include telemetry and observability environment variables is good. Ensure instructions on obtaining these values are clear and secure methods are recommended for managing them.

Dockerfile

1. Code Quality & Best Practice: It's a good practice to specify a non-root user to run your application within the Docker container for enhanced security. Example:

   dockerfile
   RUN useradd --create-home appuser
   WORKDIR /home/appuser
   COPY . .
   RUN chown -R appuser:appuser /home/appuser
   USER appuser

Logging Implementation Changes

1. Code Quality & Security: Transitioning to Python's built-in logging module from a custom logging setup is a positive change, improving maintainability and security. Ensure that the logging level and destination are configurable to adapt to different environments (development, staging, production).

Terraform Changes

1. Cost & Carbon Usage: Introducing Application Insights offers enhanced observability but introduces additional costs. Depending on the volume of logs and telemetry, consider configuring data retention policies to manage costs. Azure Application Insights pricing is based on the volume of data ingested and retained. Optimizing logging levels and telemetry granularity can manage costs efficiently.

   As of the last known pricing, the cost of ingested data in Application Insights is approximately £2.30 per GB/month. With the addition of OpenTelemetry variables (OTEL_*), there's potential for increased telemetry data, so monitor usage closely to manage costs.

2. Best Practice: The Terraform configuration reflects good practice in infrastructure-as-code principles, allowing for reproducible and manageable infrastructure deployments. Ensure that changes, especially those related to security keys and endpoints, follow secure handling practices such as using Azure Key Vault, which is indicated in the configurations.

Environmental Variables and Application Configuration

1. Code Quality & Best Practice:
   • Introducing environment variables for OpenTelemetry and Application Insights improves the observability of the application. Ensure that these are documented well for ease of configuration in different environments.
   • It is good practice to validate crucial environment variables at application startup, providing clear errors if any are missing or improperly configured, enhancing the DX (Developer Experience).

General Recommendations

• Security: Regularly review access policies and roles, especially when integrating with Azure services (Key Vault, Application Insights, etc.), to ensure that least privilege principles are followed.
• Cost Management: Implement monitoring and alerts for Azure resources consumption to avoid unexpected charges, particularly important as you introduce telemetry and logging features that can grow with usage.
• Carbon Usage: Optimize resource utilization and select regions with greener energy sources when possible to reduce the carbon footprint of the cloud infrastructure. Azure's sustainability dashboard can help in understanding the carbon impacts.

In conclusion, while the changes are moving towards improved observability and security, attention to detail in configuration management, sensitive information protection, and cost awareness will ensure a balanced and efficient deployment.

[github-actions]

Request to AEP failed to process

[Joshua-K1]

LGTM.