keycloak icon indicating copy to clipboard operation
keycloak copied to clipboard
verified publisher icon ansible-middleware

Enable features in quarkus

Open fxwgr opened this issue 6 months ago • 6 comments

SUMMARY

As in #274 it would be very handy if there would be a way to simply enable features, like in the legacy Keycloak playbook.

ISSUE TYPE
  • Features can't be enabled in current Keycloak Quarkus playbook

fxwgr avatar Jun 17 '25 15:06 fxwgr

@fxwgr, so you want to enable the mentioned feature using a variable? just like keycloak_ha_enabled? Am I thinking it correctly?

RanabirChakraborty avatar Jun 17 '25 16:06 RanabirChakraborty

@RanabirChakraborty for me it would be sufficient to have an variable like in the previously mentioned Keycloak legacy role keycloak_features: [ { name: 'docker', status: 'enabled' } ]

fxwgr avatar Jun 18 '25 07:06 fxwgr

You can still define enabled/disabled feature using the parameter keycloak_quarkus_additional_env_vars (list), like here:

    keycloak_quarkus_additional_env_vars:
      - key: KC_FEATURES
        value: clusterless
      - key: KC_FEATURES_DISABLED
        value: persistent-user-sessions,kerberos

We could add a parameter for features alone, but it would require a rather complex validation for additional env vars. @hwo-wd wdyt?

guidograzioli avatar Jun 30 '25 11:06 guidograzioli

@guidograzioli great, thanks, I just tried KC_FEATURES_ENABLED and it didn't work, so I thought this option is missing.

BTW: Is there a complete list of available env vars? Couldn't find such information in the quarkus role readme.

fxwgr avatar Jul 01 '25 10:07 fxwgr

As you can see we already use the feature extensively in the CI tests:

https://github.com/ansible-middleware/keycloak/blob/main/molecule/quarkus/converge.yml#L28 https://github.com/ansible-middleware/keycloak/blob/main/molecule/quarkus_ha_remote/converge.yml#L51

For the list of envvars read by keycloak, please refer to the keycloak.org documentation. The list of role parameters for the keycloak_quarkus role is documented in the role README [1], and in argument_specs [2]

[1] https://github.com/ansible-middleware/keycloak/blob/main/roles/keycloak_quarkus/README.md [2] https://github.com/ansible-middleware/keycloak/blob/main/roles/keycloak_quarkus/meta/argument_specs.yml

guidograzioli avatar Jul 01 '25 14:07 guidograzioli

You can still define enabled/disabled feature using the parameter keycloak_quarkus_additional_env_vars (list), like here:

keycloak_quarkus_additional_env_vars:
  - key: KC_FEATURES
    value: clusterless
  - key: KC_FEATURES_DISABLED
    value: persistent-user-sessions,kerberos

We could add a parameter for features alone, but it would require a rather complex validation for additional env vars. @hwo-wd wdyt?

complex validation as in:

  • check if keycloak_quarkus_features (or similar) is set by user AND contained in keycloak_quarkus_additional_env_vars and, if so:
    • merge them?
    • throw error? <- especially this would break downwards compatibility

from my standpoint I would keep the way it is, it's also the way to go for helm charts etc.

hwo-wd avatar Jul 07 '25 09:07 hwo-wd