feat(release)!: keycloak auth integration and rio-tiler upgrade (#490)

## Breaking
- Cognito auth removed
- Keycloak auth added
- Rio-tiler v06 to v07
https://cogeotiff.github.io/rio-tiler/migrations/v7_migration/

## Upgraded
- Core titiler v0.18 to <v0.2.
https://github.com/developmentseed/titiler/blob/main/CHANGES.md#0190-2024-11-07
- Python upgraded from v3.11 to v3.12

## Changed
- Database VPC subnet selection override removed
- Unit test step in deployment action can now be suppressed with an
environment variable

Author: anayeaye

.example.env

@@ -33,7 +33,8 @@ VEDA_CLIENT_SECRET=secret
 VEDA_DATA_ACCESS_ROLE_ARN=
 VEDA_COGNITO_DOMAIN=
 VEDA_OPENID_CONFIGURATION_URL=
-VEDA_KEYCLOAK_CLIENT_ID=
+VEDA_KEYCLOAK_STAC_API_CLIENT_ID=
+VEDA_KEYCLOAK_INGEST_API_CLIENT_ID=
 
 STAC_BROWSER_BUCKET=
 STAC_URL=

.github/actions/cdk-deploy/action.yml

@@ -12,6 +12,10 @@ inputs:
     required: false
     type: string
     default: "."
+  skip_tests:
+    required: false
+    type: boolean
+    default: false
 
 runs:
   using: "composite"
@@ -21,7 +25,7 @@ runs:
     - name: Set up Python
       uses: actions/setup-python@42375524e23c412d93fb67b49958b491fce71c38 # v5.4.0
       with:
-        python-version: '3.11'
+        python-version: '3.12'
         cache: 'pip'
         cache-dependency-path: |
           ${{ inputs.dir }}/setup.py
@@ -54,34 +58,43 @@ runs:
         python -m pip install -e .[dev,deploy,test]
         python -m pip install boto3
 
+     # === Only run these steps if skip_tests is false ===
+
     - name: Launch services
+      if: ${{ inputs.skip_tests == false }}
       shell: bash
       working-directory: ${{ inputs.dir }}
       run: docker compose up --build -d
 
     - name: Ingest Stac Items/Collection
+      if: ${{ inputs.skip_tests == false }}
       shell: bash
       working-directory: ${{ inputs.dir }}
       run: |
         ./scripts/load-data-container.sh
 
     - name: Sleep for 10 seconds
-      run: sleep 10s
+      if: ${{ inputs.skip_tests == false }}
       shell: bash
       working-directory: ${{ inputs.dir }}
+      run: sleep 10s
 
     - name: Integrations tests
+      if: ${{ inputs.skip_tests == false }}
       shell: bash
       working-directory: ${{ inputs.dir }}
       run: python -m pytest .github/workflows/tests/ -vv -s
 
     - name: Stop services
+      if: ${{ inputs.skip_tests == false }}
       shell: bash
       working-directory: ${{ inputs.dir }}
       run: |
         docker compose down --rmi all --volumes
         sudo rm -rf .pgdata
 
+    # ===================================================
+
     - name: Get relevant environment configuration from aws secrets
       shell: bash
       working-directory: ${{ inputs.dir }}

.github/workflows/pr.yml

@@ -10,7 +10,7 @@ jobs:
       - name: Set up Python
         uses: actions/setup-python@42375524e23c412d93fb67b49958b491fce71c38 # v5.4.0
         with:
-          python-version: '3.11'
+          python-version: '3.12'
 
       - uses: actions/cache@d4323d4df104b026a6aa633fdb11d772146be0bf # v4.2.2
         with:
@@ -48,7 +48,7 @@ jobs:
       - name: Set up Python
         uses: actions/setup-python@42375524e23c412d93fb67b49958b491fce71c38 # v5.4.0
         with:
-          python-version: '3.11'
+          python-version: '3.12'
 
       - uses: actions/cache@d4323d4df104b026a6aa633fdb11d772146be0bf # v4.2.2
         with:
@@ -80,9 +80,6 @@ jobs:
       - name: Install reqs for stac api
         run: python -m pip install stac_api/runtime/
 
-      - name: Install veda auth for ingest api
-        run: python -m pip install common/auth
-
       - name: Ingest unit tests
         run: NO_PYDANTIC_SSM_SETTINGS=1 python -m pytest ingest_api/runtime/tests/ -vv -s
 
@@ -102,7 +99,7 @@ jobs:
       - name: Set up Python
         uses: actions/setup-python@42375524e23c412d93fb67b49958b491fce71c38 # v5.4.0
         with:
-          python-version: '3.11'
+          python-version: '3.12'
 
       - name: Setup Node
         uses: actions/setup-node@cdca7365b2dadb8aad0a33bc7601856ffabcc48e4 #v4.3.0

.github/workflows/tests/conftest.py

@@ -18,6 +18,7 @@
 RASTER_SEARCHES_ENDPOINT = "http://0.0.0.0:8082/searches"
 RASTER_HEALTH_ENDPOINT = "http://0.0.0.0:8082/healthz"
 TILEMATRIX = {"z": 15, "x": 8589, "y": 12849}
+TMS_ID = "WebMercatorQuad"
 
 SEARCHES = [
     {
@@ -228,6 +229,17 @@ def seeded_tilematrix():
     return TILEMATRIX
 
 
+@pytest.fixture
+def seeded_tms_id():
+    """
+    Fixture providing a matrix of seeded data for integration testing.
+
+    Returns:
+        string: A valid TileMatrixSet ID
+    """
+    return TMS_ID
+
+
 @pytest.fixture
 def searches():
     """

.github/workflows/tests/test_raster.py

@@ -21,6 +21,7 @@ def setup(
         raster_health_endpoint,
         seeded_tilematrix,
         searches,
+        seeded_tms_id,
     ):
         """
         Set up the test environment with the required fixtures.
@@ -31,6 +32,7 @@ def setup(
         self.raster_health_endpoint = raster_health_endpoint
         self.seeded_tilematrix = seeded_tilematrix
         self.searches = searches
+        self.seeded_tms_id = seeded_tms_id
 
     def test_raster_api_health(self):
         """test api."""
@@ -53,17 +55,16 @@ def test_mosaic_api(self):
 
         searchid = resp.json()["id"]
         assert resp.status_code == 200
-
         resp = httpx.get(
-            f"{self.raster_searches_endpoint}/{searchid}/-85.6358,36.1624/assets"
+            f"{self.raster_searches_endpoint}/{searchid}/point/-85.6358,36.1624/assets"
         )
         assert resp.status_code == 200
         assert len(resp.json()) == 1
         assert list(resp.json()[0]) == ["id", "bbox", "assets", "collection"]
         assert resp.json()[0]["id"] == self.seeded_id
 
         resp = httpx.get(
-            f"{self.raster_searches_endpoint}/{searchid}/tiles/15/8589/12849/assets"
+            f"{self.raster_searches_endpoint}/{searchid}/tiles/{self.seeded_tms_id}/15/8589/12849/assets"
         )
 
         assert resp.status_code == 200
@@ -72,7 +73,7 @@ def test_mosaic_api(self):
         assert resp.json()[0]["id"] == self.seeded_id
 
         resp = httpx.get(
-            f"{self.raster_searches_endpoint}/{searchid}/tiles/{self.seeded_tilematrix['z']}/{self.seeded_tilematrix['x']}/{self.seeded_tilematrix['y']}",
+            f"{self.raster_searches_endpoint}/{searchid}/tiles/{self.seeded_tms_id}/{self.seeded_tilematrix['z']}/{self.seeded_tilematrix['x']}/{self.seeded_tilematrix['y']}",
             params={"assets": "cog"},
             headers={"Accept-Encoding": "br, gzip"},
             timeout=10.0,
@@ -82,7 +83,7 @@ def test_mosaic_api(self):
         assert "content-encoding" not in resp.headers
 
         resp = httpx.get(
-            f"{self.raster_searches_endpoint}/{searchid}/tiles/{self.seeded_tilematrix['z']}/{self.seeded_tilematrix['x']}/{self.seeded_tilematrix['y']}/assets"
+            f"{self.raster_searches_endpoint}/{searchid}/tiles/{self.seeded_tms_id}/{self.seeded_tilematrix['z']}/{self.seeded_tilematrix['x']}/{self.seeded_tilematrix['y']}/assets"
         )
         assert resp.status_code == 200
 

README.md

@@ -87,9 +87,9 @@ nvm install 20 # .github/workflows/pr.yml uses node version 20
 #### Virtual environment example
 
 ```bash
-# `pipes` package required by the `fire` package deprecated in python >3.11
-pyenv install 3.11
-pyenv shell 3.11
+# `pipes` package required by the `fire` package deprecated in python >3.12
+pyenv install 3.12
+pyenv shell 3.12
 python3 -m venv .venv
 source .venv/bin/activate
 ```

app.py

@@ -118,7 +118,6 @@ def __init__(self, scope: Construct, construct_id: str, **kwargs) -> None:
     config=ingestor_config,
     db_secret=database.pgstac.secret,
     db_vpc=vpc.vpc,
-    db_vpc_subnets=database.vpc_subnets,
 )
 
 ingestor = ingestor_construct(
@@ -128,7 +127,6 @@ def __init__(self, scope: Construct, construct_id: str, **kwargs) -> None:
     table=ingest_api.table,
     db_secret=database.pgstac.secret,
     db_vpc=vpc.vpc,
-    db_vpc_subnets=database.vpc_subnets,
 )
 
 git_sha = subprocess.check_output(["git", "rev-parse", "HEAD"]).decode().strip()

config.py

@@ -84,7 +84,7 @@ class vedaAppSettings(BaseSettings):
         description="Boolean if Cloudfront Distribution should be deployed",
     )
 
-    veda_custom_host: str = Field(
+    veda_custom_host: Optional[str] = Field(
         None,
         description="Complete url of custom host including subdomain. Used to infer url of stac-api before app synthesis.",
     )

database/infrastructure/construct.py

@@ -48,7 +48,7 @@ def __init__(
             self,
             "lambda",
             handler="handler.handler",
-            runtime=aws_lambda.Runtime.PYTHON_3_11,
+            runtime=aws_lambda.Runtime.PYTHON_3_12,
             code=aws_lambda.Code.from_docker_build(
                 path=os.path.abspath("./"),
                 file="database/runtime/Dockerfile",

database/runtime/Dockerfile

@@ -1,4 +1,4 @@
-FROM --platform=linux/amd64 public.ecr.aws/sam/build-python3.11:latest
+FROM --platform=linux/amd64 public.ecr.aws/sam/build-python3.12:latest
 
 ARG PGSTAC_VERSION
 RUN echo "Using PGSTAC Version ${PGSTAC_VERSION}"