The health of this repo, an open discussion. #964
Comments
|
Hi @NeckBeardPrince, thanks for starting this discussion. It's not really a secret that I've been losing steam maintaining this repo. When I first started this project, I was using Keycloak in production at the company I was working for at the time, and wanted a better way to manage it with the tooling that we were already using. However, I've since changed jobs (twice), and I haven't used Keycloak in production in years. So it's been difficult for me to find the motivation to continue working on this, especially since I don't have production experience with the new versions and new functionality that's been added. I'm absolutely open to adding new maintainers and even transferring the ownership of the project to someone else. However, recent compromise of other open source projects makes it very difficult for me to do this. This project, even in its somewhat inactive state, is still trusted by thousands of companies around the world to manage Keycloak, which is arguably one of the most security-critical pieces of software you could implement at an organization. I would feel terrible if I handed out maintainer access or transferred ownership and it led to something like this. Ultimately, I think transferring this project to the Keycloak team is the best solution here, but I don't really know if they're willing or able to take this on. If anyone in the community knows the best way to reach out to them, let me know and I can try to get that discussion started. I do want to say that I feel guilty that I've let so many issues go unresolved and PRs unreviewed. I will try to do a better job of, at the very least, reviewing PRs and getting these changes merged and released. However, I don't think I can commit to working on any new features myself. |
|
@mrparkers I completely understand not wanting to just transfer the project to someone else. Would you be willing to open an issue on the Keycloak to open a dialog with the Keycloak team about taking on the Terraform module? It might be better received if it's coming from the maintainer of the most used and relied upon Terraform module. |
|
I've sent an email to the Keycloak team to discuss this. I'll follow up with an issue if I don't hear back soon. |
|
i hope it will continue here in this repo, or with another maintainer. i myself use it privately as well as for business. creating a fork of it and developing it myself seems a bit much to me, so i hope it will be continued by the keycloak team. |
|
It's important to understand that Keycloak is driven by RedHat Inc., not community. So far they always prioritised Keycloak Admin UI over Configuration-as-Code approach. There are some steps towards CoC with their CRDs, but last time we've tried it, it didn't support most features that we needed and appeared to be unreliable in some cases. So this Terraform provider was a rescue for us. The point is, so far the current state of things has worked out for RedHat over many years. I'd really like to see official Terraform provider support from Keycloak team, but I wouldn't keep my hopes up too much. We as a community should think about plan B already to keep this project maintained. |
|
Any news @mrparkers ? |
|
RedHat is part of IBM these days, just like Terraform, so in theory there should not be a blocker to release official provider for Keycloak. (keeping my fingers crossed) |
Keycloak isn't supported by Red Hat, hasn't been since April 2023. Red Hat used it for an upstream build for their Red Hat build of Keycloak. In the same month, Red Hat donated it to the CNCF. source |
|
@NeckBeardPrince - the information you're citing there is almost accurate. It should be "uses" and not "used". It is still the upstream source of Red Hat Build of Keycloak, and Red Hat continues to support it with a team of engineers, managers and other resources. At the same time it is a joint effort with the community to maintain the code base and enhance it with new features. Full disclosure: I'm one of the maintainers of the Keycloak project, working full time on the Keycloak project and I'm funded by Red Hat. |
|
@ahus1 Would the keycloak team be willing to support this provider? As experts for the API that would be a great addition. I'm maintainer of https://github.com/crossplane-contrib/provider-keycloak - which directly depends on this provider repository, as we are currently using the tool upjet to generate crossplane resources from the terraform provider. If this repository stays unmaintained i'm forced to rewrite the crossplane provider from scratch or fork away from this repository to fix what needs to be fixed |
Pulumi also depends on this provider. |
@mrparkers has reached out to Keycloak's project lead. AFAIK there hasn't been a decision yet, and @mrparkers will reveal more information when there is something the share. |
|
Yes I forgot to update here - I did reach out to the Keycloak team privately by email. I wanted to avoid publicly putting pressure on the team via GitHub issues. I will post here if there are any updates. |
|
I would like to continue the maintenance of this provider with the support of the company I'm working for which will dedicate hours to maintain this project. Is there any update if this repo will be migrated to the Keycloak team? Or should we just fork the repo and start publishing releases within a new namespace? |
|
Hello everyone, if not done already please participate in the latest survey from the Keycloak team https://www.keycloak.org/2024/06/realm-config-manamagemtn-tools-survey. |
Correct me if I'm wrong here, but doesn't the Pulumi and Crossplane providers also rely on this module? Edit: @thomasdarimont responded |
Yes, they do. |
|
@mrparkers Are there any updates from the Keycloak team? |
|
Update - I'm working with some Keycloak contributors / external maintainers about transferring ownership. We have some things to figure out, but this work is ongoing. I'll post another update here in a few weeks with our progress. |
|
hey @mrparkers |
https://www.keycloak.org/2024/09/realm-config-management-tools-survey-results :) |
Sadly, nothing about taking over this provider. But still good news. |
|
We are working on it: #999 |
Maybe it is worth to discuss topic under this survey comments ;) keycloak/keycloak#32778 We got 51% for Terraform as tool for managing Keycloak. It is something that it is hard to miss in discussion and could be very important for future of this repo. Next tool got only 16%. @mrparkers has done amazing job that so many project trust this repo. |
|
@thomasdarimont does this mean keycloak officially continues maintaining this repo? 🙏 |
|
@mrparkers and the other contributors have done an amazing job creating and maintaining the Keycloak Terraform Provider over the last years, many thanks for this! This is also reflected in the results of the recent survey on Keycloak Realm Configuration Management Tools (https://www.keycloak.org/2024/09/realm-config-management-tools-survey-results). Since @mrparkers 's work focus has shifted lately, he contacted the Keycloak team and asked us if we could take over ownership of the provider. Given the results of the survey and some extensive discussions, we decided we want to take over the provider as part of the Keycloak project. The primary responsibility will be with @thomasdarimont and me. However, in order to do so we need to change the license of the provider to Apache 2.0 since Keycloak is a CNCF project and Apache 2.0 is the standard license. @mrparkers has opened a PR (#1002) for the license change and we will reach out to all contributors to get their approval on the PR. If you have contributed to the provider, please approve the PR! There are still open questions on how the takeover will technically work and what are the next steps afterwards. We will work on this and share more details once the license issue is sorted out. @tboerger @gim- @rruxandra @pascal-hofmann @NeckBeardPrince @AchimGrolimund @Breee @Woitekku @grolingm-VU @markus-qvest-seidl @marijapopovikj-casumo @michalpawelczykcasumo |
|
I want to express my gratitude to everyone working to ensure the continuity of this provider. Its been a crucial piece of technology. I'm incredibly thankful it exists and I'm very excited the Keycloak project will take over maintainership. However, I’m starting to feel the pain when using the provider with the latest Keycloak releases. I’m curious if there’s a timeline from the Keycloak project on resuming development, especially since it looks like the relicensing PR is kind of stalled. I want to emphasize that this isn’t criticism or a sign of ingratitude. I’m simply hoping for some timeline or rough plan as it would help with planning. |
|
@mwalser I started another round of contacting people who haven't approved the PR. I would wait another week for feedback and then push for a decision how to continue. |
|
@sschu the Week is over and i guess aloot of people are waiting of some updates. 😺 Best Achim |
|
@AchimGrolimund Have you seen #1002? |
|
After adapting the licence to Apache 2.0 in #1002, we are currently preparing a new minor release v4.5.0. The release v4.5.0 will only include essential security updates and no new features to enable a smooth transition to the new provider (mrparkers/terraform-provider-keycloak -> keycloak/terraform-provider-keycloak). After that, we will prepare a new v5.0.0 release with the goal of supporting at least Keycloak 24 and Keycloak 26. |
|
I'm already eagerly awaiting the update for the KC v26 ❤️ |
|
Unfortunately, there are still some permission problems trying to release the provider to the Terraform Registry. They require org admin access which would allow them to potentially do changes on all repos in the Keycloak organization. We are currently trying to find a way to circumvent this. Sorry that this is taking so long... |
First, I want to thank @mrparkers for all the work he has done; it has been invaluable to both the Keycloak and Terraform communities. Looking at his past GitHub activity, he is certainly a busy individual. That being said, the velocity of this repo has not been able to keep up with the changes being made in the Keycloak project. The current, latest release only officially supports up to 21.0.1, which is from March 2023. I understand that this module likely supports higher versions, but it does not seem to support the latest 24.x.x releases. With close to 200 open issues, 34 open PRs and no activity from @mrparkers I fear this module is going to continue to be unmaintained.
So, I ask, what can this community do to revitalize this repo? Is @mrparkers open to adding additional maintainers? Transferring the project to someone else? I'd love it if Keycloak themselves could pick this up and build on it. I am open to discussion and suggestions.
The text was updated successfully, but these errors were encountered: