Comments (19)
Update - I'm working with some Keycloak contributors / external maintainers about transferring ownership. We have some things to figure out, but this work is ongoing. I'll post another update here in a few weeks with our progress.
from terraform-provider-keycloak.
Hi @NeckBeardPrince, thanks for starting this discussion.
It's not really a secret that I've been losing steam maintaining this repo. When I first started this project, I was using Keycloak in production at the company I was working for at the time, and wanted a better way to manage it with the tooling that we were already using. However, I've since changed jobs (twice), and I haven't used Keycloak in production in years. So it's been difficult for me to find the motivation to continue working on this, especially since I don't have production experience with the new versions and new functionality that's been added.
I'm absolutely open to adding new maintainers and even transferring the ownership of the project to someone else. However, recent compromise of other open source projects makes it very difficult for me to do this. This project, even in its somewhat inactive state, is still trusted by thousands of companies around the world to manage Keycloak, which is arguably one of the most security-critical pieces of software you could implement at an organization. I would feel terrible if I handed out maintainer access or transferred ownership and it led to something like this. Ultimately, I think transferring this project to the Keycloak team is the best solution here, but I don't really know if they're willing or able to take this on. If anyone in the community knows the best way to reach out to them, let me know and I can try to get that discussion started.
I do want to say that I feel guilty that I've let so many issues go unresolved and PRs unreviewed. I will try to do a better job of, at the very least, reviewing PRs and getting these changes merged and released. However, I don't think I can commit to working on any new features myself.
from terraform-provider-keycloak.
I've sent an email to the Keycloak team to discuss this. I'll follow up with an issue if I don't hear back soon.
from terraform-provider-keycloak.
Yes I forgot to update here - I did reach out to the Keycloak team privately by email. I wanted to avoid publicly putting pressure on the team via GitHub issues.
I will post here if there are any updates.
from terraform-provider-keycloak.
I would like to continue the maintenance of this provider with the support of the company I'm working for which will dedicate hours to maintain this project. Is there any update if this repo will be migrated to the Keycloak team? Or should we just fork the repo and start publishing releases within a new namespace?
from terraform-provider-keycloak.
Hello everyone,
if not done already please participate in the latest survey from the Keycloak team https://www.keycloak.org/2024/06/realm-config-manamagemtn-tools-survey.
This could give this provider the needed gravity.
from terraform-provider-keycloak.
It's important to understand that Keycloak is driven by RedHat Inc., not community. So far they always prioritised Keycloak Admin UI over Configuration-as-Code approach. There are some steps towards CoC with their CRDs, but last time we've tried it, it didn't support most features that we needed and appeared to be unreliable in some cases. So this Terraform provider was a rescue for us.
The point is, so far the current state of things has worked out for RedHat over many years. I'd really like to see official Terraform provider support from Keycloak team, but I wouldn't keep my hopes up too much. We as a community should think about plan B already to keep this project maintained.
from terraform-provider-keycloak.
@NeckBeardPrince - the information you're citing there is almost accurate. It should be "uses" and not "used". It is still the upstream source of Red Hat Build of Keycloak, and Red Hat continues to support it with a team of engineers, managers and other resources.
At the same time it is a joint effort with the community to maintain the code base and enhance it with new features.
Full disclosure: I'm one of the maintainers of the Keycloak project, working full time on the Keycloak project and I'm funded by Red Hat.
from terraform-provider-keycloak.
i hope it will continue here in this repo, or with another maintainer. i myself use it privately as well as for business. creating a fork of it and developing it myself seems a bit much to me, so i hope it will be continued by the keycloak team.
from terraform-provider-keycloak.
RedHat is part of IBM these days, just like Terraform, so in theory there should not be a blocker to release official provider for Keycloak. (keeping my fingers crossed)
Keycloak isn't supported by Red Hat, hasn't been since April 2023. Red Hat used it for an upstream build for their Red Hat build of Keycloak. In the same month, Red Hat donated it to the CNCF. source
from terraform-provider-keycloak.
@mrparkers Are there any updates from the Keycloak team?
from terraform-provider-keycloak.
Hello everyone,
if not done already please participate in the latest survey from the Keycloak team https://www.keycloak.org/2024/06/realm-config-manamagemtn-tools-survey. This could give this provider the needed gravity.
Correct me if I'm wrong here, but doesn't the Pulumi and Crossplane providers also rely on this module?
Edit: @thomasdarimont responded
from terraform-provider-keycloak.
Any news @mrparkers ?
from terraform-provider-keycloak.
@ahus1 Would the keycloak team be willing to support this provider? As experts for the API that would be a great addition.
I'm maintainer of https://github.com/crossplane-contrib/provider-keycloak - which directly depends on this provider repository, as we are currently using the tool upjet to generate crossplane resources from the terraform provider.
If this repository stays unmaintained i'm forced to rewrite the crossplane provider from scratch or fork away from this repository to fix what needs to be fixed
from terraform-provider-keycloak.
@ahus1 Would the keycloak team be willing to support this provider? As experts for the API that would be a great addition.
I'm maintainer of https://github.com/crossplane-contrib/provider-keycloak - which directly depends on this provider repository, as we are currently using the tool upjet to generate crossplane resources from the terraform provider.
If this repository stays unmaintained i'm forced to rewrite the crossplane provider from scratch or fork away from this repository to fix what needs to be fixed
Pulumi also depends on this provider.
from terraform-provider-keycloak.
@mrparkers I completely understand not wanting to just transfer the project to someone else. Would you be willing to open an issue on the Keycloak to open a dialog with the Keycloak team about taking on the Terraform module? It might be better received if it's coming from the maintainer of the most used and relied upon Terraform module.
from terraform-provider-keycloak.
RedHat is part of IBM these days, just like Terraform, so in theory there should not be a blocker to release official provider for Keycloak. (keeping my fingers crossed)
from terraform-provider-keycloak.
Would the keycloak team be willing to support this provider?
@mrparkers has reached out to Keycloak's project lead. AFAIK there hasn't been a decision yet, and @mrparkers will reveal more information when there is something the share.
from terraform-provider-keycloak.
Correct me if I'm wrong here, but doesn't the Pulumi and Crossplane providers also rely on this module?
Yes, they do.
from terraform-provider-keycloak.
Related Issues (20)
- `keycloak_openid_audience_protocol_mapper`: Unpaginated request to `/admin/realms/${realm}/clients`
- The private_key schema element of the keycloak_realm_keystore_rsa resource must be sensitive HOT 1
- keycloak_openid_client.authorization decision_strategy field doesn't work HOT 2
- no admin_events_expiration
- support `display_on_consent_screen` in `keycloak_openid_client_scope` HOT 1
- Unstable state for keycloak_user attributes (null field)
- OpenTofu registry is missing GPG keys for this provider
- Unable to set federationLink on keycloak_user
- Authentication Flow / Subflow / Executions priorities HOT 1
- Support for configuring external token exchange HOT 1
- Support for Keycloak Organization (amazing) feature
- [Feature] Add an upsert flag on the client
- Client Fine Grained permissions 'extra_config' only sometimes works. KC 24.0.5
- import support for subgroups HOT 1
- CVE-2024-6104 - GHSA-v6v8-xj6m-xwqh
- Getting errors when running tests
- Ability to create protocol mapper other than hardcoded HOT 1
- Ability to set bruteForceProtected on realm explicitly
- keycloak_openid_client_js_policy does not support policies uploaded via JAR files.
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from terraform-provider-keycloak.