Realm update is not supported in keycloak-operator

[Jeesmon Jacob]

Hi there,

I posted this in zulipchat but sending here as well as I'm not sure if zulipchat is actively monitored for keycloak-operator related questions. Apologize for the double post.

Looking at the realm controller code, there seems to be no support for updating realm config after it is created. Like updating Realm CR to add a client doesn't add the client. Is there a reason for it is not supported? I see this comment in the code in one part and would like to get more details on it.

pkg/controller/keycloakrealm/keycloakrealm_reconciler.go L71:
// Never update the realm configuration, leave it up to the users

We are looking into the CR approach for CRUD operations on Realm without making api calls or accessing admin console.

Any details on this is appreciated.

Thanks,
Jeesmon Jacob

[Ievgen Mykolenko]

Hi Jeesmon,

I have same question: what is the reasoning behind not updating a realm?
I'd love to have declarative configuration for the realm and update realm setting via code without accessing admin cli. Super simple usecase: update realm password policy.

What I see in the code is that realm can be either created or deleted: https://github.com/keycloak/keycloak-operator/blob/master/pkg/controller/keycloakrealm/keycloakrealm_reconciler.go#L25

Knowing the reasoning could spare some time sending a PR.

Did you get any answer in zulipchat or elsewhere?


Thanks,
Ievgen

[DEShown]

There is an open issue in their JIRA system about this: https://issues.redhat.com/browse/KEYCLOAK-15142

You might lend a voice to let the official devs know it's a priority.

[DEShown]

There's also an open PR by a dev from the community. It looks like it's gotten a bit stale with neglect from official redhat devs, but it's promising: https://github.com/keycloak/keycloak-operator/pull/244