search

adorsys / keycloak-config-cli

Import YAML/JSON-formatted configuration files into Keycloak - Configuration as Code for Keycloak.
Apache License 2.0
793 stars 145 forks source link

Possibility to "spread" env variables to a json array? #873

Open manuschillerdev opened 1 year ago

manuschillerdev commented 1 year ago

Problem Statement

I want to provide redirectURIs for client apps via env variables.

Minimal Example:


{
  "realm": "example",
  "clients": [
    {
      "clientId": "webapp",
      "name": "webapp",
      "redirectUris": ["/*"] // can this be something like $(env:CLIENT_WEBAPP_REDIRECT_URIS)?
      // suppose CLIENT_WEBAPP_REDIRECT_URIS="https://host1.tld,https://host2.tld,https://host3.tld"
      // should be turned into:
      "redirectUris": ["https://host1.tld", "https://host2.tld", "https://host3.tld"]
    }
  ]
}

### Proposed Solution

I am not sure how a proper solution would look like.
There are several helpers like `urlDecoder`. Maybe a solution would be to have something like `toArrray`?
But since `keycloak-config-cli` uses [Apache StringSubstitutor](https://commons.apache.org/proper/commons-text/apidocs/org/apache/commons/text/StringSubstitutor.html) I am not sure, if that would be feasible at all.

### Environment

- Keycloak Version: 21.1.1-debian-11-r8
- keycloak-config-cli Version: 5.6.1-debian-11-r22
- Java Version: I guess 11?

### Additional information

_No response_

### Acceptance Criteria

- [ ] As a user, I can define env variables as comma separated lists, that get expanded to array values in Keycloak JSON Configurations
michaljelonek commented 3 months ago

We face the same problem. Overall this is a fantastic tool that fits our use-cases, but the lack of ability to provide an array of values is a blocker and unfortunately whatever I tried was met with failure. Is there a possibility that this is looked at or an alternative that someone knows is provided? I'm really unsure how to proceed as we need the ability to provide redirectUris/webOrigins per environment.

stecullum commented 1 month ago

We provide arrays of values like ..

"my_redirects_json": "[\"http://localhost:3000/*\",\"https://abcdev.net/*\"]"

And then

        "redirectUris": ${my_redirects_json},

^^ the problem is this breaks the json syntax and is a PIA as now you cannot compare json etc :(

The alternative I also tried was ....programatically splitting the arrays into elements ( easy )

"my_redirects_json_0": "http://localhost:3000/*"
"my_redirects_json_1": "https://abcdev.net/*

And then hardcoding...

        "redirectUris": [ ${my_redirects_json_0}, ${my_redirects_json_1}"

But the issue is if we have a single realm file for multiple envs and one of the environments wants an additional settings it sort of breaks as you have to inject an empty value in and this empty value is not ignored;

For example

dev_settings::
"my_redirects_json_0": "http://localhost:3000/*"
"my_redirects_json_1": "https://abcdev.net/*
"my_redirects_json_2": "https://another-just-fordev.net/*

prod_settings::
"my_redirects_json_0": "http://localhost:3000/*"
"my_redirects_json_1": "https://abcdev.net/*"
"my_redirects_json_2": ""  // not used in prod

And then hardcoding...

        "redirectUris": [ ${my_redirects_json_0}, ${my_redirects_json_1}, ${my_redirects_json_2}"

This results in an empty element inside keycloak after applying the production settings; i would have hoped empty elements would have been ignore as this would have helped