[keycloak-dev] Access datasource from a CLI

[Stan Silvert]

On 10/21/2015 8:59 AM, Stian Thorgersen wrote:
> It would be nice to have an "offline" cli that can be used to 
> configure Keycloak. If we roll our own CLI for that and it uses 
> jboss-modules do you reckon we can get access to the datasources 
> somehow? This is for things like setting the admin password, 
> import/export from cli, etc..
That's what WildFly's "offline CLI" feature was built for:
http://wildfly.org/news/2015/03/13/Offline-CLI/

Of course, anything is possible, but doing this ourselves involves more 
than just using jboss-modules.  You have to start up the environment 
that lets you use whatever technology you are choosing to connect to the 
data.   If we want to reuse our current code for that then it means 
starting container environments such as CDI, JPA, and other 
dependencies, then wiring them together and starting our own 
stripped-down version of the overall server.

Probably, we would end up doing exactly what WildFly CLI does and just 
embed the server into our CLI process.

Then we are back to the problem of actually getting access to the 
datasource.  That's really a problem whether we roll our own or not.  In 
embedded mode, you can't use the REST API because no inbound connections 
are allowed.

Any CLI will run outside the container.  So you are always faced with 
accessing the container context from outside the container, which is 
next to impossible.  This is the land of the java.lang.LinkageError.  So 
you need some way to call into the container using a serialized data 
format.  If there is a way to do in-process, port-less REST calls then 
that's probably the easiest solution.  But I'm really grasping at straws 
here.  I'd have to do some research to find out what our options are.