Adjust default env values for mit-learn (#2235)

Author: mbertrand

README-keycloak.md

@@ -32,31 +32,21 @@ the secret in the admin.
 ## Making it Work
 
 The Keycloak instance is part of the `keycloak` profile in the Composer file, so
-if you want to interact with it, you'll need to run
-`COMPOSE_PROFILES=backend,frontend,keycloak,apisix docker compose up`. (If you
+be sure that you have the following set in your .env file:
+`COMPOSE_PROFILES=backend,frontend,keycloak,apisix`. (If you
 start the app without the profile, you can still start Keycloak later by
 specifying the profile.)
 
-If you want to use the Keycloak and APISIX instances, follow these steps:
-
-1. Change the value of `MITOL_API_BASE_URL` to `http://api.open.odl.local:8065`
-   in your `shared.local.env` file.
-2. Add `MITOL_NEW_USER_LOGIN_URL=http://open.odl.local:8062/onboarding` to your
-   `shared.local.env` file
-3. Copy all the env values under the "# APISIX/Keycloak " section of
-   `backend.local.example.env` to your `backend.local.env` file. You can leave
-   all the values as is. Remove `DISABLE_APISIX_USER_MIDDLEWARE=False` if
-   present in your backend.local.env file.
-4. Keycloak needs to create its own database, which will only happen if you
-   first destroy your current mit-learn database container:
-   `docker compose down db`. If you prefer not to do this, you can manually
-   create it by running the SQL in `config/postgres/init-keycloak.sql` in a
-   postgres shell.
-5. Start containers with the command
-   `COMPOSE_PROFILES=backend,frontend,keycloak,apisix docker compose up`
-
-The Keycloak and APISIX containers should start up and stay running. APISIX is
-on port 8065, Keycloak on port 8066. Now you should be able to log in at
+When you run `docker compose up`, the Keycloak and APISIX containers should start up.
+APISIX is on port 8065, Keycloak on port 8066. Now you should be able to log in at
 `https://open.odl.local:8065/login` with one of the users mentioned above, or
 just click "Log in" from the home page at http://open.odl.local:8062. Try
 logging out and back in a couple times to make sure it works.
+
+Keycloak is enabled by default. If you do NOT want to use the Keycloak and APISIX instances,
+follow these steps:
+
+1. Change the value of `MITOL_API_BASE_URL` to `http://api.open.odl.local:8063`
+   in your `shared.local.env` file.
+2. Add `DISABLE_APISIX_USER_MIDDLEWARE=True` to your `backend.local.env` file
+3. Set `COMPOSE_PROFILES=backend,frontend` in your .env file

README.md

@@ -34,7 +34,7 @@ The following settings must be configured before running the app:
 
 - `COMPOSE_PROFILES`
 
-  Controls which docker containers run. To run them all, use `COMPOSE_PROFILES=backend,frontend`. See [Frontend Development](./frontends/README.md) for more.
+  Controls which docker containers run. To run them all, use `COMPOSE_PROFILES=backend,frontend,keycloak,apisix`. See [Frontend Development](./frontends/README.md) for more.
   This can be set either in a top-level `.env` that `docker compose` [automatically ingests](https://docs.docker.com/compose/environment-variables/envvars/#compose_env_files) or through any other method of setting an environment variable in your shell (e.g. `direnv`).
 
 - `MAILGUN_KEY` and `MAILGUN_SENDER_DOMAIN`

env/backend.env

@@ -36,3 +36,28 @@ UWSGI_THREADS=35
 
 TIKA_SERVER_ENDPOINT=http://tika:9998/
 TIKA_CLIENT_ONLY=True
+
+# APISIX/Keycloak settings
+APISIX_LOGOUT_URL=http://api.open.odl.local:8065/logout/
+APISIX_SESSION_SECRET_KEY=supertopsecret1234
+KC_SPI_THEME_WELCOME_THEME=scim
+KC_SPI_REALM_RESTAPI_EXTENSION_SCIM_LICENSE_KEY=
+KEYCLOAK_BASE_URL=http://kc.ol.local:8066
+KEYCLOAK_CLIENT_ID=apisix
+# This is not a secret. This is for the Keycloak container, only for local use.
+KEYCLOAK_CLIENT_SECRET=HckCZXToXfaetbBx0Fo3xbjnC468oMi4 # pragma: allowlist-secret
+KEYCLOAK_DISCOVERY_URL=http://kc.ol.local:8066/realms/ol-local/.well-known/openid-configuration
+KEYCLOAK_REALM_NAME=ol-local
+KEYCLOAK_SCOPES="openid profile ol-profile"
+KEYCLOAK_SVC_KEYSTORE_PASSWORD=supertopsecret1234
+KEYCLOAK_SVC_HOSTNAME=kc.ol.local
+KEYCLOAK_SVC_ADMIN=admin
+KEYCLOAK_SVC_ADMIN_PASSWORD=admin
+AUTHORIZATION_URL=http://kc.ol.local:8066/realms/ol-local/protocol/openid-connect/auth
+ACCESS_TOKEN_URL=http://kc.ol.local:8066/realms/ol-local/protocol/openid-connect/token
+OIDC_ENDPOINT=http://kc.ol.local:8066/realms/ol-local
+SOCIAL_AUTH_OL_OIDC_OIDC_ENDPOINT=http://kc.ol.local:8066/realms/ol-local
+SOCIAL_AUTH_OL_OIDC_KEY=apisix
+# This is not a secret. This is for the Keycloak container, only for local use.
+SOCIAL_AUTH_OL_OIDC_SECRET=HckCZXToXfaetbBx0Fo3xbjnC468oMi4 # pragma: allowlist-secret
+USERINFO_URL=http://kc.ol.local:8066/realms/ol-local/protocol/openid-connect/userinfo

env/shared.env

@@ -1,9 +1,8 @@
+MITOL_NEW_USER_LOGIN_URL=http://open.odl.local:8062/onboarding
+MITOL_API_LOGOUT_SUFFIX=logout
 MITOL_APP_BASE_URL=http://open.odl.local:8062
-
-# Without apisix and keycloak
-MITOL_API_BASE_URL=http://api.open.odl.local:8063
-# With apisix and keycloak
-#MITOL_API_BASE_URL=http://api.open.odl.local:8065
+# With apisix and keycloak, use port 8065
+MITOL_API_BASE_URL=http://api.open.odl.local:8065
 
 MITOL_SUPPORT_EMAIL=support@localhost
 CSRF_COOKIE_NAME=csrftoken-local

env/shared.local.example.env

@@ -3,4 +3,5 @@
 # POSTHOG_PROJECT_API_KEY=
 # POSTHOG_TIMEOUT_MS=1500
 # EMBEDLY_KEY=
-MITOL_NEW_USER_LOGIN_URL=http://open.odl.local:8062/onboarding
+# Use port 8063 if apisix/keycloak disabled
+MITOL_API_BASE_URL=http://api.open.odl.local:8063