1

With Keycloak installation 9.0.2.

From keycloak documentation a SPI and provider can be configured the following way within a CLI script:

**/spi=dblock/:add(default-provider=jpa)
**/spi=dblock/provider=jpa/:add(properties={lockWaitTimeout => "900" },enabled=true)

With the goal of settings the properties and enabling the provider using environment properties I have done in my script the following (adapting from the public documentation case):

**/spi=dblock/:add(default-provider=jpa)
**/spi=dblock/provider=jpa/:add(properties={lockWaitTimeout => "${env.LOCK_WAIT_TIMEOUT:900}" },enabled="${env.ENABLE_JPA:true}")

Running my server in standalone mode it leads to the following configuration in my standalone.xml file:

...
<spi name="dblock">
    <provider name="jpa" enabled="false">
        <properties>
            <property name="lockWaitTimeout" value="${env.LOCK_WAIT_TIMEOUT:900}"/>
        </properties>
    </provider>
</spi>
...

Properties are evaluated correctly with environment variable, but setting the enabled value as described above will always result to it statically being evaluated to false.

Is it not possible to use environment variable at this level and have anyone an idea how I should do so ? Thanks a lot for your time.

NicolasG
  • 171
  • 1
  • 6
  • 1
    It looks like that should work. Are you certain you don't have `ENABLE_JPA` set to false in your environment? – James R. Perkins Apr 24 '20 at 16:08
  • Yes the property is not set to false, I would actually expect that the standalone.xml configuration does not depends on the environment variable at the moment the script is run but to have something like this : `` so the value get evaluated at server start. – NicolasG Apr 24 '20 at 16:27
  • Weird it definitely works for me with keycloak-9.0.3. `"enabled" => expression "${env.ENABLE_JPA:true}",`. – James R. Perkins Apr 24 '20 at 21:13

1 Answers1

0

I encountered the same issue and spent quite some time attempting to get this to work. Unfortunately, its not possible.

According to this Bugreport you can use EnvironmentDependentProviderFactory.isSupported() as an alternative.

Michael W
  • 36
  • 2