A story that was embarrassing to give anison file to the production environment

Overview

This year is almost over. Since "this year's reflection will be within this year," I would like to post a story that I did in production at the end of the year **.

Two days back, I was an intern who is currently an engineer, fixing a ** file-uploading system bug **. Coding proceeded smoothly, and deployment was completed successfully. I did a light test to see if I could upload properly in production, and left the company that day.

The next day, as soon as I went to work, my boss called me.

Boss * "○○ -kun, did you touch the file upload system? Something strange file is up ..." * I * "Weird file ...?" *

When I checked the specified url, the sound source of ** My Idol Declaration sung by a friend was uploaded there. ** ** (It's a really good song, please listen)

スクリーンショット 2020-12-28 22.57.07.png

Fortunately, the file was set to private, and the upload was done with my own test account, so the rumor that "I am Kimoota" only flowed throughout the company. ~~ No, I want to die normally. ~~ But if the file is public and has been seen by the user ... just thinking about it makes me chill.

(Digression) What kind of implementation were you trying to implement?

As a background, I will briefly touch on ** what implementation I was trying to implement **. (It's a little connected to the story of why I had to test in a production environment, but it's okay to skip it.)

It all started with the problem "** For some reason I can't upload large files for production **". In the first place, we have adopted the mechanism of "passing the file itself to the API and uploading it to s3" as shown in the figure below, and in the actual production, the API Gateway was installed in the previous stage. As a result of the investigation, it was discovered that due to the specifications of ** API Gateway, requests for files larger than 10MB are rejected. ** ** スクリーンショット 2020-12-28 22.46.49.png Therefore, as a workaround, we decided to issue a signed-url for uploading from the ** API => upload the file directly from the front **. スクリーンショット 2020-12-28 23.00.58.png

For those who want a more detailed explanation, this article etc. will be helpful.

By the way, in the ** staging environment, the same situation did not occur because the API Gateway in the previous stage was omitted. ** (That was part of the cause ...)

What the hell was the cause

Why did such a mistake happen? It's easy to put it all together because I was incompetent, but I'll try to analyze it properly so that I don't make the same mistakes again.

I gave a file that I did not understand well at the time of development

Regarding the file, it appeared at the top when I searched for a video in Finder. Although I knew the contents, during development, I was conscious of ** "because it is a development environment anyway" **, and I was testing the upload with the same file without thinking about anything. As a result, it led to a situation where the same file was unknowingly given during the test upload in production. I learned the lesson that ** do not do things that should not be done in the production environment during development, such as giving an appropriate file and giving an appropriate name (name it ●).

The consciousness of production was clear

In the first place, the service under development was before the official release, there were few users, and even if a program with some strange data or bugs came up in the production, there was almost no damage. From here, the spoiling of "** It's a production, but it's appropriate to some extent **" arose, and as a result, it led to this time itself. (Thanks to that, there was almost no damage to the failure ...) However, with this awareness, we may have made similar mistakes even after the official release and made irreparable mistakes. ** I learned the lesson that the awareness that it is a production environment even before the release is proper **.

Staging wasn't working well

Although the so-called "staging environment" existed at our company, it was just an environment for "checking for inconsistencies with the same data as the production", and there was a considerable difference from the production configuration. ** (In this case, API Gateway is not installed before API) In the first place, if we had the same configuration for production and staging, we would not have had to test in production. I learned that ** staging should be made with exactly the same composition as the actual production as a copy of the actual production **.

Be careful next year

Based on the above, I would like to pay attention to the following points when developing in the future.

-** What you don't do in production isn't done in development. ** ** -** Have a proper awareness that it is a production environment. ** ** -** Make staging work (create with the same configuration as the production environment) **

Next year, I will do my best not to make such a small mistake.

Recommended Posts

A story that was embarrassing to give anison file to the production environment
A memo that was soberly addicted to the request of multipart / form-data
The story of forgetting to close a file in Java and failing
A story I was addicted to when testing the API using MockMVC
The story of making it possible to build a project that was built by Maven with Ant
A story that I was addicted to twice with the automatic startup setting of Tomcat 8 on CentOS 8
A story that took time to establish a connection
The story that docker had a hard time
A story about making a Builder that inherits the Builder
A story about trying to operate JAVA File
About the solution of the error that occurred when trying to create a Japanese file of devise in the Docker development environment
An embarrassing story that was treated as the same day when trying to compare dates on 3/31 and 4/1 [Java / Calendar]
The CSV file that I was able to download suddenly started to appear on the page.
A story I was addicted to when getting a key that was automatically tried on MyBatis
Completely delete the migration file that you failed to delete
A story that solved the problem that the Java (jdk) version was too high to use the h2o library in R and R Studio.
A story I was addicted to before building a Ruby and Rails environment using Ubuntu (20.04.1 LTS)
A story that I realized that I had to study as an engineer in the first place
The story of introducing a very Rails-like serverless framework "Ruby on Jets" into the production environment
[Docker] Is it good enough to call it a multi-stage build? → The story that became so good
A story that turbolinks was confused by doing something wrong
A story I was addicted to in Rails validation settings
I want to give a class name to the select attribute
[PostgreSQL] The story that you have to cut the session properly
The story I was addicted to when setting up STS
The story of making a binding for libui, a GUI library for Ruby that is easy to install
[Rails] A story that continued to incorrectly verify the reason why the update action did not pass (update)
[Swift5] How to create a .gitignore file and the code that should be written by default
[Circle CI] A story I was addicted to at Start Building
Mechanism for converting to a language that the browser can recognize
A story that I struggled to challenge a competition professional with Java
How to create a jar file or war file using the jar command
A story of frustration trying to create a penetration environment on Ubuntu 20.04
[Gradle] The story that the class file did not exist in the jar file
Create a static file that expands variables using the ERB class
The story of Collectors.groupingBy that I want to keep for posterity
About the matter that I was addicted to how to use hashmap
Add a time stamp to the JAR file name in Gradle
A story about making a calculator to calculate the shell mound rate
I want to display the images under assets/images in the production environment
A story that struggled with the introduction of Web Apple Pay
The story that Tomcat suffered from a timeout error in Eclipse
A good way to make a recursive function that reverses the characters
How to identify the path that is easy to make a mistake
The operator that was born to be born, instanceof (Java) ~ How to use the instanceof operator ~
[chown] How to change the owner of a file or directory
I made a tool to output the difference of CSV file
A story that confirmed the profile of Yasuko Sawaguchi 36 years ago
[Rails] How to reset the database in production environment (Capistrano version)
The story that ARM's processing performance of Open JDK was low
A story that I wanted to write a process equivalent to a while statement with the Stream API of Java8
A story that may make you happy if you create a Sorry Page image to put kubernetes into production
File transfer to virtual environment that could not be solved even after trying for a day: Memorandum
Ubuntu 20.04 The story of creating CFn that installs CloudWatch agent on LTS and creates a configuration file
The story of introducing Gradle as a retrofit to an existing system that did not manage packages
A story about running a program that copies files in Java from a bat file to make the work done every day a little more efficient