Update Keycloak Configuration and Upgrade FastAPI Key Authentication (#…

…97) * fix: local variable 'security_scheme' referenced before assignment * add openapi-schema-pydantic * remove duplicates command * remove spaces from docker-compose.yml * remove --optimized and update env vars to use the latest keycloak * upgrade fastapi-key-auth to 0.12.0 fix empty token validation
geobeyond · Jun 16, 2023 · e92f8b7 · e92f8b7
1 parent 006d7f4
commit e92f8b7
Show file tree

Hide file tree

Showing 4 changed files with 39 additions and 29 deletions.
diff --git a/poetry.lock b/poetry.lock
diff --git a/pyproject.toml b/pyproject.toml
@@ -33,7 +33,7 @@ fastapi = "^0.97.0"
 typer = {extras = ["all"], version = "^0.7.0"}
 pydantic = {extras = ["dotenv", "email"], version = "^1.10.9"}
 nest-asyncio = "^1.5.6"
-fastapi-key-auth = "^0.11.0"
+fastapi-key-auth = "^0.12.0"
 sqlalchemy = "^1.4.48"
 geoalchemy2 = "^0.12.5"
 shapely = "<2.0"

diff --git a/scripts/iam/.env b/scripts/iam/.env
@@ -1,16 +1,25 @@
+# keycloak default admin user and password
 KEYCLOAK_ADMIN=admin
 KEYCLOAK_ADMIN_PASSWORD=admin
-DB_VENDOR=postgres
-DB_ADDR=postgres
-DB_DATABASE=keycloak
-DB_USER=keycloak
-DB_PASSWORD=password
-POSTGRES_DB=keycloak
-POSTGRES_USER=keycloak
-POSTGRES_PASSWORD=password
+
+# predefined client secret
 CLIENT_SECRET=2yholx8r3mqyUJaOoJiZhcqvQDQwmgyD
+
+# to be changed in prodection
 KC_HOSTNAME=localhost
 KC_HEALTH_ENABLED=true
 KC_METRICS_ENABLED=true
 KC_HOSTNAME_STRICT_HTTPS=false
 KC_HOSTNAME_STRICT=false
+
+# database type to be used by keycloak and host name (container name) of the database
+KC_DB=postgres
+KC_DB_URL_HOST=postgres
+
+# database credentials to be used by keycloak and postgres
+POSTGRES_DB=keycloak
+POSTGRES_USER=keycloak
+POSTGRES_PASSWORD=password
+
+# skip override of data if already exists
+KC_OVERRIDE=false
diff --git a/scripts/iam/docker-compose.yml b/scripts/iam/docker-compose.yml
@@ -5,20 +5,21 @@ services:
     ports:
       - 8282:8080
     environment:
-      - KEYCLOAK_ADMIN=${KEYCLOAK_ADMIN}
+      - CLIENT_SECRET=${CLIENT_SECRET} # predefined client secret
+      - KEYCLOAK_ADMIN=${KEYCLOAK_ADMIN} # default user name and password of keycloak admin
       - KEYCLOAK_ADMIN_PASSWORD=${KEYCLOAK_ADMIN_PASSWORD}
-      - DB_VENDOR=${DB_VENDOR}
-      - DB_ADDR=${DB_ADDR}
-      - DB_DATABASE=${DB_DATABASE}
-      - DB_USER=${DB_USER}
-      - DB_PASSWORD=${DB_PASSWORD}
-      - CLIENT_SECRET=${CLIENT_SECRET}
-      - KC_HOSTNAME=${KC_HOSTNAME}
+      - KC_HOSTNAME=${KC_HOSTNAME} # to be changed in prodection
       - KC_HEALTH_ENABLED=${KC_HEALTH_ENABLED}
       - KC_METRICS_ENABLED=${KC_METRICS_ENABLED}
       - KC_HOSTNAME_STRICT_HTTPS=${KC_HOSTNAME_STRICT_HTTPS}
       - KC_HOSTNAME_STRICT=${KC_HOSTNAME_STRICT}
-    command: -v start --http-enabled=true --import-realm --optimized
+      - KC_DB=${KC_DB} #db
+      - KC_DB_URL_HOST=${KC_DB_URL_HOST}
+      - KC_DB_URL_DATABASE=${POSTGRES_DB}
+      - KC_DB_USERNAME=${POSTGRES_USER}
+      - KC_DB_PASSWORD=${POSTGRES_PASSWORD}
+      - KC_OVERRIDE=${KC_OVERRIDE} # skip override of data if already exists
+    command: -v start --http-enabled=true --import-realm
     volumes:
       - ./keycloak/imports:/opt/keycloak/data/import
     depends_on: