From 0e89c66304cda41fd9b98a2527655cb1a1018036 Mon Sep 17 00:00:00 2001
From: danc094codetogether <daniel@codetogether.com>
Date: Mon, 1 Sep 2025 16:31:26 -0600
Subject: [PATCH] chore(keycloak): switch to KC_BOOTSTRAP_* admin vars and
 update compose/templates

Fixes: #165

- Replace deprecated KEYCLOAK_ADMIN / KEYCLOAK_ADMIN_PASSWORD with
  KC_BOOTSTRAP_ADMIN_USERNAME / KC_BOOTSTRAP_ADMIN_PASSWORD.
- Update compose files to pass new env vars to the Keycloak container.
- Refresh .env templates to reflect the new names.
- Remove references to deprecated vars.

Touched:
- compose/.env-with-keycloak-template
- compose/keycloak/.env-template
- compose/keycloak/compose-keycloak.yaml
- compose/keycloak/compose-keycloak-no-nginx.yaml

Why: eliminates KC-SERVICES0110 warnings and ensures deterministic, persistent admin on first bootstrap.

BREAKING CHANGE: set KC_BOOTSTRAP_ADMIN_USERNAME and KC_BOOTSTRAP_ADMIN_PASSWORD instead of KEYCLOAK_ADMIN*.
---
 compose/.env-with-keycloak-template             | 4 ++--
 compose/keycloak/.env-template                  | 4 ++--
 compose/keycloak/compose-keycloak-no-nginx.yaml | 4 ++--
 compose/keycloak/compose-keycloak.yaml          | 4 ++--
 4 files changed, 8 insertions(+), 8 deletions(-)

diff --git a/compose/.env-with-keycloak-template b/compose/.env-with-keycloak-template
index 9662e99..b609fb9 100644
--- a/compose/.env-with-keycloak-template
+++ b/compose/.env-with-keycloak-template
@@ -55,8 +55,8 @@ SSL_KEYCLOAK_KEY=ssl-keycloak.key
 KEYCLOAK_DB_USERNAME=keycloak
 KEYCLOAK_DB_PASSWORD=keycloak
 
-KEYCLOAK_ADMIN_PASSWORD=keycloak
-KEYCLOAK_ADMIN=admin
+KC_BOOTSTRAP_ADMIN_PASSWORD=keycloak
+KC_BOOTSTRAP_ADMIN_USERNAME=admin
 
 # Uncomment the following lines to enable AI integration with Ollama
 #CT_HQ_OLLAMA_AI_URL=http://codetogether-llm:8000
diff --git a/compose/keycloak/.env-template b/compose/keycloak/.env-template
index 5127bae..d74827d 100644
--- a/compose/keycloak/.env-template
+++ b/compose/keycloak/.env-template
@@ -5,5 +5,5 @@ SSL_KEYCLOAK_KEY=ssl-keycloak.key
 KEYCLOAK_DB_USERNAME=keycloak
 KEYCLOAK_DB_PASSWORD=keycloak
 
-KEYCLOAK_ADMIN_PASSWORD=keycloak
-KEYCLOAK_ADMIN=admin
\ No newline at end of file
+KC_BOOTSTRAP_ADMIN_PASSWORD=keycloak
+KC_BOOTSTRAP_ADMIN_USERNAME=admin
\ No newline at end of file
diff --git a/compose/keycloak/compose-keycloak-no-nginx.yaml b/compose/keycloak/compose-keycloak-no-nginx.yaml
index aee976e..8af2fd9 100644
--- a/compose/keycloak/compose-keycloak-no-nginx.yaml
+++ b/compose/keycloak/compose-keycloak-no-nginx.yaml
@@ -36,8 +36,8 @@ services:
       - "start"
     environment:
       # Admin credentials
-      KEYCLOAK_ADMIN: ${KEYCLOAK_ADMIN}
-      KEYCLOAK_ADMIN_PASSWORD: ${KEYCLOAK_ADMIN_PASSWORD}
+      KC_BOOTSTRAP_ADMIN_USERNAME: ${KC_BOOTSTRAP_ADMIN_USERNAME}
+      KC_BOOTSTRAP_ADMIN_PASSWORD: ${KC_BOOTSTRAP_ADMIN_PASSWORD}
 
       # Database connectivity
       KC_DB: mysql
diff --git a/compose/keycloak/compose-keycloak.yaml b/compose/keycloak/compose-keycloak.yaml
index ba83c4b..d1d5233 100644
--- a/compose/keycloak/compose-keycloak.yaml
+++ b/compose/keycloak/compose-keycloak.yaml
@@ -55,8 +55,8 @@ services:
       - "start"
     environment:
       # Admin credentials
-      KEYCLOAK_ADMIN: ${KEYCLOAK_ADMIN}
-      KEYCLOAK_ADMIN_PASSWORD: ${KEYCLOAK_ADMIN_PASSWORD}
+      KC_BOOTSTRAP_ADMIN_USERNAME: ${KC_BOOTSTRAP_ADMIN_USERNAME}
+      KC_BOOTSTRAP_ADMIN_PASSWORD: ${KC_BOOTSTRAP_ADMIN_PASSWORD}
 
       # Database connectivity
       KC_DB: mysql