Optimized keycloak variables

2025-08-29 23:08:06 +02:00 · 2025-08-17 11:40:15 +02:00
parent bfe18dd83c
commit 5c9ca20e04
12 changed files with 24 additions and 19 deletions
--- a/roles/web-app-keycloak/templates/env.j2
+++ b/roles/web-app-keycloak/templates/env.j2
@@ -2,7 +2,7 @@
 # Documentation can be found here: 
 # @see https://www.keycloak.org/server/containers

-KC_HOSTNAME=                    https://{{ domains | get_domain(application_id) }}
+KC_HOSTNAME=                    {{ KEYCLOAK_URL }}
 KC_HTTP_ENABLED=                true

 # Health Checks
@@ -11,18 +11,18 @@ KC_HEALTH_ENABLED=              true
 KC_METRICS_ENABLED=             true

 # Administrator
-KEYCLOAK_ADMIN=                 "{{applications | get_app_conf(application_id, 'users.administrator.username', True)}}"
-KEYCLOAK_ADMIN_PASSWORD=        "{{applications | get_app_conf(application_id, 'credentials.administrator_password', True)}}"
+KEYCLOAK_ADMIN=                 "{{ KEYCLOAK_ADMIN }}"
+KEYCLOAK_ADMIN_PASSWORD=        "{{ KEYCLOAK_ADMIN_PASSWORD }}"

 # Database
-KC_DB=                          postgres
-KC_DB_URL=                      {{database_url_jdbc}}
+KC_DB=                          {{ database_type }}
+KC_DB_URL=                      {{ database_url_jdbc }}
 KC_DB_USERNAME=                 {{ database_username }}
 KC_DB_PASSWORD=                 {{ database_password }}

 # If the initial administrator already exists and the environment variables are still present at startup, an error message stating the failed creation of the initial administrator is shown in the logs. Keycloak ignores the values and starts up correctly.
-KC_BOOTSTRAP_ADMIN_USERNAME=    "{{applications | get_app_conf(application_id, 'users.administrator.username', True)}}"
-KC_BOOTSTRAP_ADMIN_PASSWORD=    "{{applications | get_app_conf(application_id, 'credentials.administrator_password', True)}}"
+KC_BOOTSTRAP_ADMIN_USERNAME=    "{{ KEYCLOAK_ADMIN }}"
+KC_BOOTSTRAP_ADMIN_PASSWORD=    "{{ KEYCLOAK_ADMIN_PASSWORD }}"

 # Enable detailed logs
 {% if MODE_DEBUG | bool %}
--- a/roles/web-app-keycloak/vars/main.yml
+++ b/roles/web-app-keycloak/vars/main.yml
@@ -5,11 +5,16 @@ database_type:                    "postgres"
 # Keycloak

 ## General
+KEYCLOAK_URL:                       "{{ domains | get_url(application_id, WEB_PROTOCOL) }}"
 KEYCLOAK_REALM:                     "{{ OIDC.CLIENT.REALM }}" # This is the name of the default realm which is used by the applications
 KEYCLOAK_REALM_URL:                 "{{ WEB_PROTOCOL }}://{{ KEYCLOAK_REALM }}"
 KEYCLOAK_DEBUG_ENABLED:             "{{ MODE_DEBUG }}"
 KEYCLOAK_CLIENT_ID:                 "{{ OIDC.CLIENT.ID }}"

+# Credentials
+KEYCLOAK_ADMIN:                     "{{ applications | get_app_conf(application_id, 'users.administrator.username') }}"
+KEYCLOAK_ADMIN_PASSWORD:            "{{ applications | get_app_conf(application_id, 'credentials.administrator_password') }}"
+
 ## Docker
 KEYCLOAK_CONTAINER:                 "{{ applications | get_app_conf(application_id, 'docker.services.keycloak.name') }}"      # Name of the keycloak docker container
 KEYCLOAK_DOCKER_IMPORT_DIR:         "/opt/keycloak/data/import/"                                                              # Directory in which keycloak import files are placed in the running docker container