Add Keycloak to MTBA

bridgehead

@@ -41,6 +41,7 @@ case "$PROJECT" in
 		;;
 esac
 
+# TODO: Please add proper documentation for variable priorities (1. secrets, 2. vars, 3. PROJECT.local.conf, 4. PROJECT.conf, 5. ???
 loadVars() {
 	# Load variables from /etc/bridgehead and /srv/docker/bridgehead
 	set -a

ccp/modules/mtba-compose.yml

@@ -20,11 +20,18 @@ services:
       FILE_END_OF_LINE: ${MTBA_FILE_END_OF_LINE}
       CSV_DELIMITER: ${MTBA_CSV_DELIMITER}
       HTTP_RELATIVE_PATH: "/mtba"
+      KEYCLOAK_ADMIN_GROUP: "${KEYCLOAK_ADMIN_GROUP}"
+      KEYCLOAK_CLIENT_ID: "${KEYCLOAK_PRIVATE_CLIENT_ID}"
+      KEYCLOAK_CLIENT_SECRET: "${OIDC_CLIENT_SECRET}"
+      KEYCLOAK_REALM: "${KEYCLOAK_REALM}"
+      KEYCLOAK_URL: "${KEYCLOAK_URL}"
+
     labels:
       - "traefik.enable=true"
       - "traefik.http.routers.mtba_ccp.rule=PathPrefix(`/mtba`)"
       - "traefik.http.services.mtba_ccp.loadbalancer.server.port=8480"
       - "traefik.http.routers.mtba_ccp.tls=true"
+
       - "traefik.http.middlewares.mtba_ccp_strip.stripprefix.prefixes=/mtba"
       - "traefik.http.routers.mtba_ccp.middlewares=mtba_ccp_strip, auth"
     volumes:

ccp/vars

@@ -18,7 +18,7 @@ KEYCLOAK_ADMIN_GROUP="DKTK_CCP_$(capitalize_first_letter ${SITE_ID})_Verwalter"
 KEYCLOAK_PRIVATE_CLIENT_ID=${SITE_ID}-private
 KEYCLOAK_PUBLIC_CLIENT_ID=${SITE_ID}-public
 # TODO: Change Keycloak Realm to productive. "test-realm-01" is only for testing
-KEYCLOAK_REALM="test-realm-01"
+KEYCLOAK_REALM="${KEYCLOAK_REALM:-test-realm-01}"
 KEYCLOAK_URL="https://login.verbis.dkfz.de"
 KEYCLOAK_TOKEN_GROUP="groups"
 POSTGRES_TAG=15.6-alpine