Add environment variable expansion to keycloak.conf (#11285)

Closes #11283

Co-authored-by: Dominik Guhr <dguhr@redhat.com>

Co-authored-by: Dominik Guhr <dguhr@redhat.com>

docs/guides/pom.xml

@@ -59,14 +59,40 @@
                 <version>1.5.5</version>
                 <executions>
                     <execution>
-                        <id>asciidoc-to-html</id>
+                        <id>server-asciidoc-to-html</id>
                         <phase>generate-resources</phase>
                         <goals>
                             <goal>process-asciidoc</goal>
                         </goals>
                         <configuration>
-                            <sourceDirectory>${basedir}/target/generated-guides/*</sourceDirectory>
+                            <sourceDirectory>${basedir}/target/generated-guides/server</sourceDirectory>
                             <sourceDocumentName>index.adoc</sourceDocumentName>
+                            <outputDirectory>${project.build.directory}/generated-docs/server</outputDirectory>
+                            <backend>html5</backend>
+                            <sourceHighlighter>coderay</sourceHighlighter>
+
+                            <attributes>
+                                <imagesdir>./</imagesdir>
+                                <toc>left</toc>
+                                <toc>left</toc>
+                                <icons>font</icons>
+                                <sectanchors>true</sectanchors>
+                                <idprefix/>
+                                <idseparator>-</idseparator>
+                                <docinfo1>true</docinfo1>
+                            </attributes>
+                        </configuration>
+                    </execution>
+                    <execution>
+                        <id>operator-asciidoc-to-html</id>
+                        <phase>generate-resources</phase>
+                        <goals>
+                            <goal>process-asciidoc</goal>
+                        </goals>
+                        <configuration>
+                            <sourceDirectory>${basedir}/target/generated-guides/operator</sourceDirectory>
+                            <sourceDocumentName>index.adoc</sourceDocumentName>
+                            <outputDirectory>${project.build.directory}/generated-docs/operator</outputDirectory>
                             <backend>html5</backend>
                             <sourceHighlighter>coderay</sourceHighlighter>
 

docs/guides/src/GENERATE-DOCS.md

@@ -12,6 +12,6 @@ mvn clean install
 After that you will have the following artifacts:
 
 - `docs/guides/target/generated-guides`: pure asciidoc generated versions of the guides
-- `docs/guides/target/generated-docs/index.html`: all guides in a single html file generated with asciidoc maven plugins. 
+- `docs/guides/target/generated-docs/<operator|server>/index.html`: all guides in a single html file generated with asciidoc maven plugins. 
 
 _Note:_ The layout primarily serves as an example for now and is not how we will eventually present the documentation.

docs/guides/src/main/server/configuration.adoc

@@ -162,6 +162,24 @@ To add the initial admin user using environment variables, set `KEYCLOAK_ADMIN`
 Keycloak uses them at the first startup to create an initial user with administration rights.
 Once the first user with administrative rights exists, you can use the UI or the command line tool `kcadm.[sh|bat]` to create additional users.
 
+== Using placeholders
+
+You are able to use placeholders to resolve the configuration option value from environment variables.
+
+.Using a placeholder to resolve the host from an environment variable
+[source, bash]
+----
+db-url-host=${r"${MY_DB_HOST}"}
+----
+
+You are also able to default to a specific value if the environment variable can not be resolved:
+
+.Setting a default value
+[source, bash]
+----
+db-url-host=${r"${MY_DB_HOST:mydb}"}
+----
+
 == Unsupported server options
 
 In most cases, the available options from the server configuration should suffice to configure the server.

quarkus/runtime/src/main/java/org/keycloak/quarkus/runtime/configuration/KeycloakPropertiesConfigSource.java

@@ -150,7 +150,7 @@ public class KeycloakPropertiesConfigSource extends AbstractLocationConfigSource
             if (mapper != null
                     || key.contains(NS_KEYCLOAK_PREFIX + "spi")
                     || key.contains(NS_KEYCLOAK_PREFIX + "feature")) {
-                String value = replaceProperties(properties.get(k));
+                String value = properties.get(k);
 
                 result.put(key, value);
 

quarkus/runtime/src/test/java/org/keycloak/quarkus/runtime/configuration/test/ConfigurationTest.java

@@ -121,6 +121,13 @@ public class ConfigurationTest {
         assertEquals("http://envvar.unittest", initConfig("hostname", "default").get("frontendUrl"));
     }
 
+    @Test
+    public void testKeycloakConfPlaceholder() {
+        assertEquals("warn", createConfig().getRawValue("kc.log-level"));
+        putEnvVar("SOME_LOG_LEVEL", "debug");
+        assertEquals("debug", createConfig().getRawValue("kc.log-level"));
+    }
+
     @Test
     public void testEnvVarAvailableFromPropertyNames() {
         putEnvVar("KC_VAULT_DIR", "/foo/bar");

quarkus/runtime/src/test/resources/META-INF/keycloak.conf

@@ -1,2 +1,3 @@
 spi-hostname-default-frontend-url = ${keycloak.frontendUrl:http://filepropdefault.unittest}
 %user-profile.spi-hostname-default-frontend-url = http://filepropprofile.unittest
+log-level=${SOME_LOG_LEVEL:warn}