Centralize env vars with Viper

.github/workflows/ci.yml

@@ -102,7 +102,7 @@ jobs:
         run: make test-integration
         env:
           CREATE_JUNIT_REPORT: "true"
-          LOCALSTACK_AUTH_TOKEN: ${{ secrets.LOCALSTACK_AUTH_TOKEN }}
+          LSTK_AUTH_TOKEN: ${{ secrets.LOCALSTACK_AUTH_TOKEN }}
 
       - name: Upload test results
         uses: actions/upload-artifact@v6

Makefile

@@ -21,7 +21,7 @@ test:
 test-integration: $(BUILD_DIR)/$(BINARY_NAME)
 	@JUNIT=""; [ -n "$$CREATE_JUNIT_REPORT" ] && JUNIT="--junitfile ../../test-integration-results.xml"; \
 	if [ "$$(uname)" = "Darwin" ]; then \
-		cd test/integration && KEYRING=file go run gotest.tools/gotestsum@latest --format testdox $$JUNIT -- -count=1 ./...; \
+		cd test/integration && LSTK_KEYRING=file go run gotest.tools/gotestsum@latest --format testdox $$JUNIT -- -count=1 ./...; \
 	else \
 		cd test/integration && go run gotest.tools/gotestsum@latest --format testdox $$JUNIT -- -count=1 ./...; \
 	fi

cmd/root.go

@@ -8,6 +8,7 @@ import (
 	"github.com/localstack/lstk/internal/api"
 	"github.com/localstack/lstk/internal/config"
 	"github.com/localstack/lstk/internal/container"
+	"github.com/localstack/lstk/internal/env"
 	"github.com/localstack/lstk/internal/output"
 	"github.com/localstack/lstk/internal/runtime"
 	"github.com/localstack/lstk/internal/ui"
@@ -27,6 +28,7 @@ var rootCmd = &cobra.Command{
 		if cmd.Name() == "version" {
 			return nil
 		}
+		env.Init()
 		return config.Init()
 	},
 	Run: func(cmd *cobra.Command, args []string) {

env.example

@@ -1,7 +1,11 @@
-export LOCALSTACK_AUTH_TOKEN=ls-...
+# Authentication token (optional - will trigger device flow login if not set)
+export LSTK_AUTH_TOKEN=ls-...
 
-# Force file-based keyring backend (instead of system keychain)
-# export KEYRING=file
-#
-export LOCALSTACK_API_ENDPOINT=https://api.staging.aws.localstack.cloud
-export LOCALSTACK_WEB_APP_URL=https://app.staging.aws.localstack.cloud
+# API endpoint (defaults to https://api.localstack.cloud)
+export LSTK_API_ENDPOINT=https://api.staging.aws.localstack.cloud
+
+# Web app URL (defaults to https://app.localstack.cloud)
+export LSTK_WEB_APP_URL=https://app.staging.aws.localstack.cloud
+
+# Force file-based keyring backend instead of system keychain (optional)
+# export LSTK_KEYRING=file

internal/api/client.go

@@ -7,8 +7,9 @@ import (
 	"fmt"
 	"log"
 	"net/http"
-	"os"
 	"time"
+
+	"github.com/localstack/lstk/internal/env"
 )
 
 type PlatformAPI interface {
@@ -65,12 +66,8 @@ type PlatformClient struct {
 }
 
 func NewPlatformClient() *PlatformClient {
-	baseURL := os.Getenv("LOCALSTACK_API_ENDPOINT")
-	if baseURL == "" {
-		baseURL = "https://api.localstack.cloud"
-	}
 	return &PlatformClient{
-		baseURL:    baseURL,
+		baseURL:    env.Vars.APIEndpoint,
 		httpClient: &http.Client{Timeout: 30 * time.Second},
 	}
 }

internal/auth/auth.go

@@ -4,10 +4,10 @@ import (
 	"context"
 	"errors"
 	"fmt"
-	"os"
 
 	"github.com/99designs/keyring"
 	"github.com/localstack/lstk/internal/api"
+	"github.com/localstack/lstk/internal/env"
 	"github.com/localstack/lstk/internal/output"
 )
 
@@ -27,18 +27,18 @@ func New(sink output.Sink, platform api.PlatformAPI, storage AuthTokenStorage, a
 	}
 }
 
-// GetToken tries in order: 1) keyring 2) LOCALSTACK_AUTH_TOKEN env var 3) device flow login
+// GetToken tries in order: 1) keyring 2) LSTK_AUTH_TOKEN env var 3) device flow login
 func (a *Auth) GetToken(ctx context.Context) (string, error) {
 	if token, err := a.tokenStorage.GetAuthToken(); err == nil && token != "" {
 		return token, nil
 	}
 
-	if token := os.Getenv("LOCALSTACK_AUTH_TOKEN"); token != "" {
+	if token := env.Vars.AuthToken; token != "" {
 		return token, nil
 	}
 
 	if !a.allowLogin {
-		return "", fmt.Errorf("authentication required: set LOCALSTACK_AUTH_TOKEN or run in interactive mode")
+		return "", fmt.Errorf("authentication required: set LSTK_AUTH_TOKEN or run in interactive mode")
 	}
 
 	output.EmitLog(a.sink, "No existing credentials found. Please log in:")

internal/auth/auth_test.go

@@ -13,7 +13,7 @@ import (
 )
 
 func TestMain(m *testing.M) {
-	_ = os.Unsetenv("LOCALSTACK_AUTH_TOKEN")
+	_ = os.Unsetenv("LSTK_AUTH_TOKEN")
 	m.Run()
 }
 

internal/auth/login.go

@@ -5,15 +5,13 @@ package auth
 import (
 	"context"
 	"fmt"
-	"os"
 
 	"github.com/localstack/lstk/internal/api"
+	"github.com/localstack/lstk/internal/env"
 	"github.com/localstack/lstk/internal/output"
 	"github.com/pkg/browser"
 )
 
-const webAppURL = "https://app.localstack.cloud"
-
 type LoginProvider interface {
 	Login(ctx context.Context) (string, error)
 }
@@ -82,11 +80,7 @@ func (l *loginProvider) Login(ctx context.Context) (string, error) {
 }
 
 func getWebAppURL() string {
-	// allows overriding the URL for testing
-	if url := os.Getenv("LOCALSTACK_WEB_APP_URL"); url != "" {
-		return url
-	}
-	return webAppURL
+	return env.Vars.WebAppURL
 }
 
 func (l *loginProvider) completeAuth(ctx context.Context, authReq *api.AuthRequest) (string, error) {

internal/auth/token_storage.go

@@ -10,6 +10,7 @@ import (
 
 	"github.com/99designs/keyring"
 	"github.com/localstack/lstk/internal/config"
+	"github.com/localstack/lstk/internal/env"
 )
 
 const (
@@ -44,8 +45,8 @@ func NewTokenStorage() (AuthTokenStorage, error) {
 		},
 	}
 
-	// Force file backend if KEYRING env var is set to "file"
-	if os.Getenv("KEYRING") == "file" {
+	// Force file backend if LSTK_KEYRING env var is set to "file"
+	if env.Vars.Keyring == "file" {
 		keyringConfig.AllowedBackends = []keyring.BackendType{keyring.FileBackend}
 	}
 

internal/env/env.go

@@ -0,0 +1,33 @@
+package env
+
+import (
+	"strings"
+
+	"github.com/spf13/viper"
+)
+
+type Env struct {
+	AuthToken   string
+	APIEndpoint string
+	WebAppURL   string
+	Keyring     string
+}
+
+var Vars = &Env{}
+
+// Init initializes environment variable configuration
+func Init() {
+	viper.SetEnvPrefix("LSTK")
+	viper.SetEnvKeyReplacer(strings.NewReplacer(".", "_"))
+	viper.AutomaticEnv()
+
+	viper.SetDefault("api_endpoint", "https://api.localstack.cloud")
+	viper.SetDefault("web_app_url", "https://app.localstack.cloud")
+
+	Vars = &Env{
+		AuthToken:   viper.GetString("auth_token"),
+		APIEndpoint: viper.GetString("api_endpoint"),
+		WebAppURL:   viper.GetString("web_app_url"),
+		Keyring:     viper.GetString("keyring"),
+	}
+}

internal/ui/run_login_test.go

@@ -16,6 +16,7 @@ import (
 	"github.com/charmbracelet/x/exp/teatest"
 	"github.com/localstack/lstk/internal/api"
 	"github.com/localstack/lstk/internal/auth"
+	"github.com/localstack/lstk/internal/env"
 	"github.com/localstack/lstk/internal/output"
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
@@ -83,7 +84,9 @@ func TestLoginFlow_DeviceFlowSuccess(t *testing.T) {
 	mockServer := createMockAPIServer(t, "test-license-token", true)
 	defer mockServer.Close()
 
-	t.Setenv("LOCALSTACK_API_ENDPOINT", mockServer.URL)
+	t.Setenv("LSTK_API_ENDPOINT", mockServer.URL)
+	t.Setenv("LSTK_AUTH_TOKEN", "")
+	env.Init()
 
 	ctx, cancel := context.WithTimeout(context.Background(), 10*time.Second)
 	defer cancel()
@@ -139,7 +142,9 @@ func TestLoginFlow_DeviceFlowFailure_NotConfirmed(t *testing.T) {
 	mockServer := createMockAPIServer(t, "", false)
 	defer mockServer.Close()
 
-	t.Setenv("LOCALSTACK_API_ENDPOINT", mockServer.URL)
+	t.Setenv("LSTK_API_ENDPOINT", mockServer.URL)
+	t.Setenv("LSTK_AUTH_TOKEN", "")
+	env.Init()
 
 	ctx, cancel := context.WithTimeout(context.Background(), 10*time.Second)
 	defer cancel()

test/integration/env/env.go

@@ -0,0 +1,60 @@
+package env
+
+import (
+	"os"
+	"strings"
+	"testing"
+)
+
+type Key string
+
+const (
+	AuthToken   Key = "LSTK_AUTH_TOKEN"
+	APIEndpoint Key = "LSTK_API_ENDPOINT"
+	Keyring     Key = "LSTK_KEYRING"
+	CI          Key = "CI"
+)
+
+func Get(key Key) string {
+	return os.Getenv(string(key))
+}
+
+func Require(t testing.TB, key Key) string {
+	t.Helper()
+	v := os.Getenv(string(key))
+	if v == "" {
+		t.Fatalf("%s must be set to run this test", key)
+	}
+	return v
+}
+
+type Environ []string
+
+func Without(keys ...Key) Environ {
+	return Environ(os.Environ()).Without(keys...)
+}
+
+func With(key Key, value string) Environ {
+	return Environ(os.Environ()).With(key, value)
+}
+
+func (e Environ) Without(keys ...Key) Environ {
+	var result Environ
+	for _, entry := range e {
+		excluded := false
+		for _, key := range keys {
+			if strings.HasPrefix(entry, string(key)+"=") {
+				excluded = true
+				break
+			}
+		}
+		if !excluded {
+			result = append(result, entry)
+		}
+	}
+	return result
+}
+
+func (e Environ) With(key Key, value string) Environ {
+	return append(e, string(key)+"="+value)
+}

test/integration/license_test.go

@@ -6,12 +6,12 @@ import (
 	"fmt"
 	"net/http"
 	"net/http/httptest"
-	"os"
 	"os/exec"
 	"testing"
 	"time"
 
 	"github.com/docker/docker/api/types/container"
+	"github.com/localstack/lstk/test/integration/env"
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
 )
@@ -20,8 +20,7 @@ const licenseContainerName = "localstack-aws"
 
 func TestLicenseValidationSuccess(t *testing.T) {
 	requireDocker(t)
-	authToken := os.Getenv("LOCALSTACK_AUTH_TOKEN")
-	require.NotEmpty(t, authToken, "LOCALSTACK_AUTH_TOKEN must be set to run this test")
+	authToken := env.Require(t, env.AuthToken)
 
 	cleanupLicense()
 	t.Cleanup(cleanupLicense)
@@ -63,10 +62,7 @@ func TestLicenseValidationSuccess(t *testing.T) {
 	defer cancel()
 
 	cmd := exec.CommandContext(ctx, binaryPath(), "start")
-	cmd.Env = append(
-		os.Environ(),
-		"LOCALSTACK_API_ENDPOINT="+mockServer.URL,
-	)
+	cmd.Env = env.With(env.APIEndpoint, mockServer.URL)
 	output, err := cmd.CombinedOutput()
 
 	// Check for validation errors from handler
@@ -95,11 +91,7 @@ func TestLicenseValidationFailure(t *testing.T) {
 	defer cancel()
 
 	cmd := exec.CommandContext(ctx, binaryPath(), "start")
-	cmd.Env = append(
-		os.Environ(),
-		"LOCALSTACK_API_ENDPOINT="+mockServer.URL,
-		"LOCALSTACK_AUTH_TOKEN=test-token-for-license-validation",
-	)
+	cmd.Env = env.With(env.APIEndpoint, mockServer.URL).With(env.AuthToken, "test-token-for-license-validation")
 	output, err := cmd.CombinedOutput()
 
 	require.Error(t, err, "expected lstk start to fail with forbidden license")

test/integration/login_test.go

@@ -8,13 +8,13 @@ import (
 	"io"
 	"net/http"
 	"net/http/httptest"
-	"os"
 	"os/exec"
 	"runtime"
 	"testing"
 	"time"
 
 	"github.com/creack/pty"
+	"github.com/localstack/lstk/test/integration/env"
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
 )
@@ -77,8 +77,7 @@ func TestDeviceFlowSuccess(t *testing.T) {
 	t.Cleanup(cleanup)
 
 	// Require valid token from environment
-	licenseToken := os.Getenv("LOCALSTACK_AUTH_TOKEN")
-	require.NotEmpty(t, licenseToken, "LOCALSTACK_AUTH_TOKEN must be set to run this test")
+	licenseToken := env.Require(t, env.AuthToken)
 
 	// Create mock API server that returns the real token
 	mockServer := createMockAPIServer(t, licenseToken, true)
@@ -88,10 +87,7 @@ func TestDeviceFlowSuccess(t *testing.T) {
 	defer cancel()
 
 	cmd := exec.CommandContext(ctx, binaryPath(), "login")
-	cmd.Env = append(
-		envWithout("LOCALSTACK_AUTH_TOKEN"),
-		"LOCALSTACK_API_ENDPOINT="+mockServer.URL,
-	)
+	cmd.Env = env.Without(env.AuthToken).With(env.APIEndpoint, mockServer.URL)
 
 	ptmx, err := pty.Start(cmd)
 	require.NoError(t, err, "failed to start command in PTY")
@@ -153,10 +149,7 @@ func TestDeviceFlowFailure_RequestNotConfirmed(t *testing.T) {
 	defer cancel()
 
 	cmd := exec.CommandContext(ctx, binaryPath(), "login")
-	cmd.Env = append(
-		envWithout("LOCALSTACK_AUTH_TOKEN"),
-		"LOCALSTACK_API_ENDPOINT="+mockServer.URL,
-	)
+	cmd.Env = env.Without(env.AuthToken).With(env.APIEndpoint, mockServer.URL)
 
 	ptmx, err := pty.Start(cmd)
 	require.NoError(t, err, "failed to start command in PTY")