Rework config lambda to inject Github environment vars into Keycloak Config CLI Fargate task. (#69)

* Rework config lambda to inject Github environment vars into Keycloak Config CLI Fargate task.

* Fix comment

Author: alukach

.github/workflows/deploy.yaml

@@ -75,7 +75,10 @@ jobs:
         run: |
           echo "CONFIG_LAMBDA_ARN=$(jq -r '."veda-keycloak-${{ inputs.environment }}".ConfigLambdaArn' outputs.json)" >> $GITHUB_ENV
 
-      - name: Run Apply Config
+      - name: Process environment variables
+        id: process-env-vars
+        run: |
+          echo "CONFIG_VARS=$(echo '${{ toJSON(vars) }}' | jq -c .)" >> $GITHUB_ENV
+
+      - name: Apply Config
         run: npm run apply-config $CONFIG_LAMBDA_ARN
-        env:
-          GRAFANA_CLIENT_URL: ${{ vars.GRAFANA_CLIENT_URL }}

README.md

@@ -95,7 +95,7 @@ clients:
 ```
 
 > [!IMPORTANT]  
-> For the above example, we also must ensure that Github Actions configuration step is updated to pass the `GRAFANA_CLIENT_URL` from Github Actions deployment environment into the step's environment (ie `env` statement).
+> For the above example, we also must ensure that `GRAFANA_CLIENT_URL` is set within the Github Environment's variables via the Github settings console.
 
 </details>
 

bin/apply-config.mjs

@@ -30,7 +30,8 @@ main()
     logs.forEach((l) => console.log(l));
   })
   .catch((error) => {
-    console.error(`Error: ${error}`);
+    console.error("Error:", error);
+    console.error("Stack trace:", error.stack);
     exitCode = 1;
   })
   .finally(() => process.exit(exitCode));
@@ -65,7 +66,7 @@ async function invokeLambda(lambdaArn) {
     new InvokeCommand({
       FunctionName: lambdaArn,
       InvocationType: "RequestResponse",
-      Payload: new TextEncoder().encode(JSON.stringify({})),
+      Payload: new TextEncoder().encode(process.env.CONFIG_VARS),
     })
   );
   return JSON.parse(new TextDecoder().decode(response.Payload));

cdk/lib/KeycloakConfig.ts

@@ -19,6 +19,9 @@ interface KeycloakConfigConstructProps {
 
 type clientSecretTuple = Array<[string, secretsManager.ISecret]>;
 
+/**
+ * Responsible for creating infrastructure to apply configuration to a Keycloak instance.
+ */
 export class KeycloakConfig extends Construct {
   constructor(
     scope: Construct,
@@ -77,7 +80,9 @@ export class KeycloakConfig extends Construct {
       cpu: 256,
       memoryLimitMiB: 512,
     });
+    const containerName = "ConfigContainer";
     configTaskDef.addContainer("ConfigContainer", {
+      containerName,
       image: ecs.ContainerImage.fromAsset(props.configDir, {
         platform: ecrAssets.Platform.LINUX_AMD64,
         buildArgs: {
@@ -115,10 +120,19 @@ export class KeycloakConfig extends Construct {
         const ecsClient = new ECSClient({});
 
         exports.handler = async function(event) {
+          console.log('Received event:', event);
           const params = {
             cluster: '${props.cluster.clusterName}',
             taskDefinition: '${configTaskDef.taskDefinitionArn}',
             launchType: 'FARGATE',
+            overrides: {
+              containerOverrides: [
+                {
+                  name: ${JSON.stringify(containerName)},
+                  environment: event,
+                },
+              ],
+            },
             networkConfiguration: {
               awsvpcConfiguration: {
                 subnets: ${JSON.stringify(props.subnetIds)},