Skip to content

Config: use of single YAML file does not work as expected for addons

Problem

I use a single YAML file for all the applications but addon default configuration override it:

Sample configuration eole3.yaml 
default:
  domain: dad.ac-test.fr

codimd:
  keycloak:
    clientSecret: myPersonalSecret
Generated install/addon/codimd/init-keycloak with eole3 build --config eole3.yaml addon -n codimd 
#!/bin/bash
DOMAIN="dad.ac-test.fr"
KEYCLOAK_URL="https://auth.${DOMAIN}"
REALM="laboite"
DEFAULT_LOCALE="fr"
ADMIN_USER="keycloak"
ADMIN_PASSWORD="changeme"
ADMIN_API_USER="admapi"
ADMIN_API_PASSWORD='changeme'
CURL_CMD="curl --silent --show-error"

echo "Get token"
ADMIN_TOKEN=$(${CURL_CMD} \
	    -d "client_id=admin-cli" \
	    -d "username=${ADMIN_USER}" \
	    -d "password=${ADMIN_PASSWORD}" \
	    -d "grant_type=password" \
	    "${KEYCLOAK_URL}/auth/realms/master/protocol/openid-connect/token" \
	    | jq .access_token -r)

if ${CURL_CMD} \
    -H "Authorization: bearer ${ADMIN_TOKEN}" \
    -H "Content-Type: application/json" \
    "${KEYCLOAK_URL}/auth/admin/realms/${REALM}/clients?search=true&&clientId=codimd" \
    | jq --exit-status 'length == 1' > /dev/null
then
    echo "Keycloak client 'codimd' already exists"
else
    echo "Create new keycloak client 'codimd'"
    ${CURL_CMD} \
        -H "Authorization: bearer ${ADMIN_TOKEN}" \
        -H "Content-Type: application/json" \
        -d @- \
        "${KEYCLOAK_URL}/auth/admin/realms/${REALM}/clients" <<EOF
{
    "clientId": "codimd",
    "directAccessGrantsEnabled": true,
    "enabled": true,
    "publicClient": false,
    "redirectUris": [
        "http://codimd.dad.ac-test.fr/*",
        "https://codimd.dad.ac-test.fr/*"
    ],
    "secret": "mybestsecret",
    "standardFlowEnabled": true
}
EOF
fi

The secret is not the one I provided.

This is due to the order of configuration merging.

Note that the same logic is used at several places.

Proposal

We could simplify a lot the configuration with only 2 context lists:

  • one with default configuration files vars.yaml and <addon>-vars.yaml
  • one with user provided configuration files

We merge configurations in the order:

  1. default configuration files list
  2. user provided configuration files

This way, we can provide --config at any place with the same effect.