From 623d0ad08b0956845a4685f4d16c1718fb2911dd Mon Sep 17 00:00:00 2001 From: Alain Mazy Date: Mon, 1 Jul 2024 15:10:10 +0200 Subject: [PATCH] fail better in case of misconfiguration --- sources/orthanc_auth_service/app.py | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/sources/orthanc_auth_service/app.py b/sources/orthanc_auth_service/app.py index f69592a..f1b273c 100644 --- a/sources/orthanc_auth_service/app.py +++ b/sources/orthanc_auth_service/app.py @@ -39,10 +39,14 @@ roles_configuration=roles_configuration) enable_api_keys = os.environ.get("ENABLE_KEYCLOAK_API_KEYS", "false") == "true" + needKeycloakAdmin = False if not enable_api_keys: logging.warning("ENABLE_KEYCLOAK_API_KEYS is not set, api-keys are disabled") else: logging.warning("ENABLE_KEYCLOAK_API_KEYS is set, using keycloak to handle api-keys") + needKeycloakAdmin = True + + if needKeycloakAdmin or os.environ.get("KEYCLOAK_CLIENT_SECRET") is not None: keycloak_client_secret = get_secret_or_die("KEYCLOAK_CLIENT_SECRET") keycloak_admin_uri = os.environ.get("KECLOAK_ADMIN_URI", "http://keycloak:8080/admin/realms/orthanc/") keycloak_admin_client = KeycloakAdmin(keycloak_uri=keycloak_uri, @@ -50,6 +54,9 @@ keycloak_client_secret=keycloak_client_secret, roles_configuration=roles_configuration) + if keycloak_admin_client is None: + logging.warning("KECLOAK_ADMIN_URI and/or KEYCLOAK_CLIENT_SECRET is not set, you won't be able to access settings/roles API routes") + app = FastAPI() # check if the service requires basic auth (by checking of some USERS have been defined) @@ -73,7 +80,9 @@ def ingest_keycloak_roles(roles_config: RolesConfigurationModel): for keycloak_role in all_keycloak_roles: if keycloak_role not in roles_config.roles: roles_configuration.get_configured_roles().roles[keycloak_role] = RolePermissions() - + else: + logging.error(f"No Keycloack admin client defined, you probably should define KEYCLOAK_CLIENT_SECRET") + raise HTTPException(status_code=404, detail="No Keycloack admin client defined, you probably should define KEYCLOAK_CLIENT_SECRET") # to show invalid payloads (debug)