Push keycloak config to env vars

alukach · alukach · commit 0faee7b942d4 · 2024-04-02T17:38:02.000-07:00
diff --git a/docker-compose.yml b/docker-compose.yml
@@ -44,6 +44,10 @@ services:
       - POSTGRES_PORT=5432
       - DB_MIN_CONN_SIZE=1
       - DB_MAX_CONN_SIZE=10
+      - KEYCLOAK_REALM=eoapi
+      - KEYCLOAK_HOST=http://localhost:8080
+      - KEYCLOAK_CLIENT_ID=stac-api
+      - KEYCLOAK_INTERNAL_HOST=http://keycloak:8080
     depends_on:
       - database
     command: bash -c "bash /tmp/scripts/wait-for-it.sh -t 120 -h database -p 5432 && /start-reload.sh"
diff --git a/runtime/eoapi/stac/eoapi/stac/app.py b/runtime/eoapi/stac/eoapi/stac/app.py
@@ -35,12 +35,7 @@
 tiles_settings = TilesApiSettings()
 settings = Settings()
 
-keycloak = KeycloakAuth(
-    realm="eoapi",
-    client_id="stac-api",
-    host="http://localhost:8080",
-    internal_host="http://keycloak:8080",
-)
+keycloak = KeycloakAuth()
 
 
 @asynccontextmanager
diff --git a/runtime/eoapi/stac/eoapi/stac/auth.py b/runtime/eoapi/stac/eoapi/stac/auth.py
@@ -1,20 +1,24 @@
 from typing import Annotated, Dict, Iterable, List, Optional, TypedDict
-from dataclasses import dataclass, field
 from functools import cached_property
 
 import jwt
+import pydantic
 from fastapi import HTTPException, Security, security, status
 
 
-@dataclass
-class KeycloakAuth:
+class KeycloakAuth(pydantic.BaseSettings):
     realm: str
     host: str
     client_id: str
     internal_host: Optional[str] = None
 
     required_audience: Optional[str | Iterable[str]] = None
-    scopes: Dict[str, str] = field(default_factory=lambda: {})
+    scopes: Dict[str, str] = pydantic.Field(default_factory=lambda: {})
+
+    class Config:
+        env_file = ".env"
+        env_prefix = "KEYCLOAK_"
+        keep_untouched = (cached_property,)
 
     def _build_url(self, host: str):
         return f"{host}/realms/{self.realm}/protocol/openid-connect"
