Init traefik auth proxy

r-brown · r-brown · commit b1e4191ceb11 · 2025-08-04T11:36:48.000+02:00
diff --git a/traefik-authproxy/justfile b/traefik-authproxy/justfile
@@ -1,4 +1,9 @@
-APP_NAME := "traefik_authproxy"
+APP_NAME := "traefik-authproxy"
+
+LOCAL_KEYCLOAK := "http://keycloak.localhost"
+LOCAL_KEYCLOAK_DOCKER := "http://host.docker.internal:8080"
+LOCAL_CLIENT_ID := "labs64io-api-gateway"
+LOCAL_CLIENT_SECRET := "mTEqlt1dDzcVyEOzFjBZV4X8jvEkaQnc"
 
 # build application
 docker:
@@ -10,12 +15,12 @@ docker:
 # run docker image
 run: docker
     docker run -p 8081:8081 \
-      -e KEYCLOAK_DISCOVERY_URL="http://host.docker.internal:8080/realms/labs64io/.well-known/openid-configuration" \
-      -e KEYCLOAK_URL="http://host.docker.internal:8080" \
+      -e KEYCLOAK_DISCOVERY_URL="{{LOCAL_KEYCLOAK_DOCKER}}/realms/labs64io/.well-known/openid-configuration" \
+      -e KEYCLOAK_URL="{{LOCAL_KEYCLOAK_DOCKER}}" \
       -e KEYCLOAK_REALM="labs64io" \
       -e KEYCLOAK_AUDIENCE="account" \
       -e ROLE_MAPPING_FILE="/home/l64user/role_mapping.yaml" \
-      -v $(pwd)/role_mapping.yaml:/home/l64user/role_mapping.yaml \
+      -v $(pwd)/sample_role_mapping.yaml:/home/l64user/role_mapping.yaml \
       {{APP_NAME}}:latest
 
 # open documentation
@@ -26,12 +31,12 @@ docu:
 
 # open Keycloak well-known configuration
 test-show-wellknown:
-    open "http://keycloak.localhost/realms/labs64io/.well-known/openid-configuration"
+    open "{{LOCAL_KEYCLOAK}}/realms/labs64io/.well-known/openid-configuration"
 
 # generate JWT token
 test-generate-jwt-token:
-    curl --location --request POST 'http://keycloak.localhost/realms/labs64io/protocol/openid-connect/token' \
+    curl --location --request POST '{{LOCAL_KEYCLOAK}}/realms/labs64io/protocol/openid-connect/token' \
     --header 'Content-Type: application/x-www-form-urlencoded' \
     --data-urlencode 'grant_type=client_credentials' \
-    --data-urlencode 'client_id=labs64io-api-gateway' \
-    --data-urlencode 'client_secret=mTEqlt1dDzcVyEOzFjBZV4X8jvEkaQnc'
+    --data-urlencode 'client_id={{LOCAL_CLIENT_ID}}' \
+    --data-urlencode 'client_secret={{LOCAL_CLIENT_SECRET}}'
diff --git a/traefik-authproxy/sample_role_mapping.yaml b/traefik-authproxy/sample_role_mapping.yaml
diff --git a/traefik-authproxy/traefik_authproxy.py b/traefik-authproxy/traefik_authproxy.py
@@ -60,8 +60,8 @@ def load_role_mapping(file_path: str) -> Tuple[Dict[str, List[str]], List[str]]:
         return protected_paths, public_paths
 
     except Exception as e:
-        app_logger.error(f"load_role_mapping::Failed to load file: {e}")
-        raise HTTPException(status_code=500, detail="Unable to load role mapping configuration")
+        app_logger.warning(f"load_role_mapping::Skipping path check – failed to load mapping: {e}")
+        return {}, []
 
 PROTECTED_PATHS, PUBLIC_PATHS = load_role_mapping(ROLE_MAPPING_FILE)
 
