[keycloak-dev] Running custom scripts in Keycloak container image

[Sebastian Laskawiec]

Hey guys,

A while ago, one of our contributors, Wouter, sent an interesting pull
request: https://github.com/jboss-dockerfiles/keycloak/pull/176

The aim is to allow running custom scripts just before Keycloak boots up
and after the main configuration is done. This allows a user to inject his
own scripts (even *.cli) into /opt/jboss/tools/docker-entrypoint.d and
execute them automatically.

This is somewhat related to what the Integrately Team is doing. They
basically use an InitContainer [1] to put additional extensions into our
image. Perhaps with the proposed approach, they could embed a custom script
that would download whatever extensions they need and put them into the
deployments directory?

After thinking about this for a while, and besides really good advantages
of the Pull Request, I have some doubts. The biggest one is about our
guarantees with regard the Keycloak distribution (by saying distribution I
mean the binaries, their structure and Keycloak server location in the
image). If we accept this approach, it will be pretty hard for us to change
any major thing (even some trivial things like the location of the Keycloak
Server) without breaking the client scripts.

Personally, I'm slightly leaning towards accepting this feature, but with a
description in README, that the user scripts may break at any time and in
any version (maybe even we should print this message in our logs). This way
we'll make the contract for such scripts very clear.

What do you think?

Thanks,
Sebastian

[1] https://kubernetes.io/docs/concepts/workloads/pods/init-containers/