[sso-admin] Fix import and config issues

FileStorage is in werkzeug.datastructures, this didn't get caught by
mypy due to lack of type hints.

AdminFlaskApp now loads the configuration earlier, otherwise the
connection to other systems gets started with the wrong values.
While there, use .update since values from the environment are exactly what
we want to be using and the way it was written, they are expected to be
set up.

We also had swapped creation of the admin.lib.admin.Admin object and
processing admin.lib.postup.Postup; which loads some secrets needed for
moodle.

dd-sso/admin/src/admin/flaskapp.py

@@ -74,11 +74,9 @@ class AdminFlaskApp(Flask):
     def __init__(self, *args: Any, **kwargs: Any):
         super().__init__(*args, **kwargs)
         self.url_map.strict_slashes = False
-        from admin.lib.admin import Admin
-        self.admin = Admin(self)
+        self._load_config()
         # Minor setup tasks
         self._load_validators()
-        self._load_config()
         self._setup_routes()
         setup_api_views(self)
         setup_app_views(self)
@@ -101,6 +99,9 @@ class AdminFlaskApp(Flask):
         """
         from admin.lib.postup import Postup
         Postup(self)
+        # This must happen after Postup since it, e.g. fetches moodle secrets
+        from admin.lib.admin import Admin
+        self.admin = Admin(self)
 
     def json_route(self, rule: str, **options: Any) -> Callable[..., OptionalJsonResponse]:
         return self.route(rule, **options)  # type: ignore  # mypy issue #7187
@@ -136,30 +137,18 @@ class AdminFlaskApp(Flask):
                     f.write(secrets.token_hex())
             self.secret_key = open(secret_key_file, "r").read()
 
-            # Move on with ISARD's settings
-            self.config.setdefault("DOMAIN", os.environ["DOMAIN"])
-            self.config.setdefault(
-                "KEYCLOAK_POSTGRES_USER", os.environ["KEYCLOAK_DB_USER"]
-            )
-            self.config.setdefault(
-                "KEYCLOAK_POSTGRES_PASSWORD", os.environ["KEYCLOAK_DB_PASSWORD"]
-            )
-            self.config.setdefault(
-                "MOODLE_POSTGRES_USER", os.environ["MOODLE_POSTGRES_USER"]
-            )
-            self.config.setdefault(
-                "MOODLE_POSTGRES_PASSWORD", os.environ["MOODLE_POSTGRES_PASSWORD"]
-            )
-            self.config.setdefault(
-                "NEXTCLOUD_POSTGRES_USER", os.environ["NEXTCLOUD_POSTGRES_USER"]
-            )
-            self.config.setdefault(
-                "NEXTCLOUD_POSTGRES_PASSWORD", os.environ["NEXTCLOUD_POSTGRES_PASSWORD"]
-            )
-            self.config.setdefault(
-                "VERIFY", True if os.environ["VERIFY"] == "true" else False
-            )
-            self.config.setdefault("API_SECRET", os.environ.get("API_SECRET"))
+            # Move on with settings from the environment
+            self.config.update({
+                "DOMAIN": os.environ["DOMAIN"],
+                "KEYCLOAK_POSTGRES_USER": os.environ["KEYCLOAK_DB_USER"],
+                "KEYCLOAK_POSTGRES_PASSWORD": os.environ["KEYCLOAK_DB_PASSWORD"],
+                "MOODLE_POSTGRES_USER": os.environ["MOODLE_POSTGRES_USER"],
+                "MOODLE_POSTGRES_PASSWORD": os.environ["MOODLE_POSTGRES_PASSWORD"],
+                "NEXTCLOUD_POSTGRES_USER": os.environ["NEXTCLOUD_POSTGRES_USER"],
+                "NEXTCLOUD_POSTGRES_PASSWORD": os.environ["NEXTCLOUD_POSTGRES_PASSWORD"],
+                "VERIFY": os.environ["VERIFY"] == "true",
+                "API_SECRET": os.environ.get("API_SECRET"),
+            })
         except Exception as e:
             log.error(traceback.format_exc())
             raise

dd-sso/admin/src/admin/lib/dashboard.py

@@ -34,7 +34,7 @@ from typing import TYPE_CHECKING, Any, Dict
 if TYPE_CHECKING:
     from admin.flaskapp import AdminFlaskApp
 
-from werkzeug import FileStorage
+from werkzeug.datastructures import FileStorage
 
 class Dashboard:
     app : "AdminFlaskApp"