Set reviewer role only in the .env file

PGijsbers · PGijsbers · commit 29a89c79589b · 2025-03-17T14:34:48.000+02:00
diff --git a/docker-compose.yaml b/docker-compose.yaml
@@ -9,6 +9,7 @@ services:
       - ./src/config.override.toml:/app/config.override.toml:ro
     environment:
       - KEYCLOAK_CLIENT_SECRET=$KEYCLOAK_CLIENT_SECRET
+      - REVIEWER_ROLE_NAME=$REVIEWER_ROLE_NAME
       - ES_USER=$ES_USER
       - ES_PASSWORD=$ES_PASSWORD
     ports:
diff --git a/src/authentication.py b/src/authentication.py
@@ -27,7 +27,7 @@
 from fastapi.security import OpenIdConnect
 from keycloak import KeycloakOpenID
 
-from config import KEYCLOAK_CONFIG, ROLES_CONFIG
+from config import KEYCLOAK_CONFIG
 
 load_dotenv()
 
@@ -43,7 +43,7 @@
     realm_name=KEYCLOAK_CONFIG.get("realm"),
     verify=True,
 )
-_REVIEWER_ROLE = ROLES_CONFIG.get("reviewer")
+_REVIEWER_ROLE = os.getenv("REVIEWER_ROLE_NAME")
 
 
 @dataclasses.dataclass
diff --git a/src/config.default.toml b/src/config.default.toml
@@ -9,11 +9,6 @@ database = "aiod"
 username = "root"
 password = "ok"
 
-# Configurable aliases for roles configured in Keycloak
-# format: name_in_source = "name in keycloak"
-[roles]
-reviewer = "review_aiod_resources"
-
 # Additional options for development
 [dev]
 reload = true
diff --git a/src/config.py b/src/config.py
@@ -32,5 +32,4 @@ def _merge_configurations(
 CONFIG = _merge_configurations(DEFAULT_CONFIG, OVERRIDE_CONFIG)
 DB_CONFIG = CONFIG.get("database", {})
 KEYCLOAK_CONFIG = CONFIG.get("keycloak", {})
-ROLES_CONFIG = CONFIG.get("roles", {})
 REQUEST_TIMEOUT = CONFIG.get("dev", {}).get("request_timeout", None)
diff --git a/src/tests/authorization/test_authorization.py b/src/tests/authorization/test_authorization.py
@@ -1,13 +1,14 @@
 import contextlib
 import json
+import os
 from http import HTTPStatus
 from unittest.mock import Mock
 
 import pytest
+from dotenv import load_dotenv
 from starlette.testclient import TestClient
 
 from authentication import keycloak_openid, KeycloakUser
-from config import ROLES_CONFIG
 from database.authorization import (
     register_user,
     add_administrator,
@@ -18,9 +19,13 @@
 from database.session import DbSession
 from routers.review_router import ListMode
 
+load_dotenv()
+
 ALICE = KeycloakUser("Alice", {"edit_aiod_resources"}, "alice-sub")
 BOB = KeycloakUser("Bob", {"edit_aiod_resources"}, "bob-sub")
-REVIEWER = KeycloakUser("Reviewer", {ROLES_CONFIG.get("reviewer"), "edit_aiod_resources"}, "reviewer-sub")
+review_role = os.getenv("REVIEWER_ROLE_NAME")
+assert review_role, "The REVIEWER_ROLE_NAME environment variable must be set"
+REVIEWER = KeycloakUser("Reviewer", {review_role, "edit_aiod_resources"}, "reviewer-sub")
 
 
 def _register_user_in_db(user: KeycloakUser) -> KeycloakUser:
