ldraney/pal-e-platform
1
0
Fork 0
Code Issues 104 Pull requests 7 Projects Releases Packages Wiki Activity Actions

Add landscaping login theme to Keycloak #416

Merged
ldraney merged 2 commits from keycloak-landscaping-theme into main 2026-06-08 03:13:06 +00:00
Conversation 1 Commits 2 Files changed 4 +384
ldraney commented 2026-06-08 02:37:12 +00:00
Owner
Copy link

Summary

  • Add CSS-only Keycloak login theme matching the Landscaping Assistant app's design system
  • ConfigMap + volume mount, same pattern as the existing westside theme
  • Already applied to cluster and verified live

Changes

  • keycloak/themes/landscaping/login/theme.properties -- theme config extending base keycloak theme
  • keycloak/themes/landscaping/login/resources/css/login.css -- CSS overrides (design tokens, plant icon, form styling)
  • terraform/modules/keycloak/main.tf -- ConfigMap resource, volume mount, volume definition

Test Plan

  • tofu plan shows 1 create (ConfigMap) + 1 update (deployment)
  • tofu apply succeeds, pod restarts with new volume mount
  • Theme CSS accessible at /resources/.../login/landscaping/css/login.css
  • Login page renders with plant icon, blue accent button, matching fonts
  • Screenshot verified via Playwright

Review Checklist

  • Passed automated review-fix loop
  • No secrets committed
  • No unnecessary file changes
  • Commit messages are descriptive
  • Feature flag needed? No -- CSS theme, no runtime gating

Related Notes

Closes #415

  • landscaping-assistant -- project this affects
  • Cross-repo: ldraney/pal-e-services #109 (realm login_theme), ldraney/landscaping-assistant #173 (theme source)
## Summary - Add CSS-only Keycloak login theme matching the Landscaping Assistant app's design system - ConfigMap + volume mount, same pattern as the existing westside theme - Already applied to cluster and verified live ## Changes - `keycloak/themes/landscaping/login/theme.properties` -- theme config extending base keycloak theme - `keycloak/themes/landscaping/login/resources/css/login.css` -- CSS overrides (design tokens, plant icon, form styling) - `terraform/modules/keycloak/main.tf` -- ConfigMap resource, volume mount, volume definition ## Test Plan - [x] `tofu plan` shows 1 create (ConfigMap) + 1 update (deployment) - [x] `tofu apply` succeeds, pod restarts with new volume mount - [x] Theme CSS accessible at `/resources/.../login/landscaping/css/login.css` - [x] Login page renders with plant icon, blue accent button, matching fonts - [x] Screenshot verified via Playwright ## Review Checklist - [ ] Passed automated review-fix loop - [x] No secrets committed - [x] No unnecessary file changes - [x] Commit messages are descriptive - [x] Feature flag needed? No -- CSS theme, no runtime gating ## Related Notes Closes #415 - `landscaping-assistant` -- project this affects - Cross-repo: `ldraney/pal-e-services #109` (realm login_theme), `ldraney/landscaping-assistant #173` (theme source)
Add landscaping login theme to Keycloak
All checks were successful
ci/woodpecker/push/terraform Pipeline was successful
Details
ci/woodpecker/pr/terraform Pipeline was successful
Details
9e8cd2117d 
CSS-only theme matching the Landscaping Assistant app's design system
(tokens, colors, fonts, layout). Deployed via ConfigMap + volume mount,
same pattern as the existing westside theme.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
ldraney commented 2026-06-08 02:38:26 +00:00
Author
Owner
Copy link

PR #416 Review

DOMAIN REVIEW

Tech stack: Terraform (kubernetes provider), Keycloak theme (CSS + properties), k8s ConfigMap volume mounts.

ConfigMap-to-volume key consistency -- VERIFIED:

  • ConfigMap data keys: "theme.properties", "login.css"
  • Volume items: key="theme.properties" -> path="theme.properties", key="login.css" -> path="resources/css/login.css"
  • Mount path: /opt/keycloak/themes/landscaping/login
  • Result: CSS lands at /opt/keycloak/themes/landscaping/login/resources/css/login.css
  • theme.properties declares styles=css/login.css -- Keycloak resolves this relative to resources/, so the path is correct.

All keys match. The plumbing is sound.

Terraform patterns:

  • ConfigMap uses dynamic namespace reference via kubernetes_namespace_v1.keycloak.metadata[0].name -- consistent with westside pattern.
  • Volume mount is read_only = true -- correct for a static theme.
  • ConfigMap name reference uses kubernetes_config_map_v1.keycloak_landscaping_theme.metadata[0].name -- proper resource dependency, no hardcoded strings.

CSS review:

  • Design tokens are cleanly declared as CSS custom properties in :root -- good.
  • Uses !important extensively -- this is expected and necessary for Keycloak theme overrides where PatternFly defaults must be defeated. Not a code smell in this context.
  • Inline SVG data URI for the plant icon avoids an extra file/request. SVG is clean, no embedded scripts, no security concern.
  • Mobile breakpoint at 480px with reduced padding -- appropriate for a login form.
  • No external resource references (no URLs to external CDNs, fonts, or images).

theme.properties:

  • parent=keycloak and import=common/keycloak -- correct inheritance from the default Keycloak theme.
  • styles=css/login.css -- single stylesheet, resolved correctly.

BLOCKERS

None.

This is a CSS-only theme with infrastructure plumbing. No user input handling, no secrets, no auth logic, no runtime code. The ConfigMap keys align with volume mount paths. The pattern mirrors the existing westside theme exactly (verified by reading both in full).

NITS

  1. CSS filename convention inconsistency: The westside theme names its CSS westside.css (after the theme), while this theme uses a generic login.css. Both work because each theme lives in its own directory tree, but for quick identification when inspecting ConfigMap data or kubectl describe, a name like landscaping.css would be more immediately identifiable. Non-blocking -- purely a readability preference.

  2. theme.properties formatting: The westside theme.properties has a blank line between import= and styles= (line 3 is blank). The landscaping version has no blank line. Trivial inconsistency, no functional impact.

SOP COMPLIANCE

  • Branch named after issue (keycloak-landscaping-theme -- relates to #415 "Deploy landscaping login theme to Keycloak")
  • PR body follows template (Summary, Changes, Test Plan, Review Checklist, Related)
  • Related section references issue #415 and cross-repo tickets
  • No secrets committed (verified: no API keys, passwords, tokens, or .env files in diff)
  • No unnecessary file changes (3 files, all directly related to the theme)
  • Commit messages are descriptive

PROCESS OBSERVATIONS

  • Low change-failure risk: CSS-only change with no runtime logic. ConfigMap update triggers a pod restart, but the deployment strategy is Recreate (verified in main.tf line 97), so this is expected and controlled.
  • PR notes it was already applied and verified live, including Playwright screenshot verification -- good pre-review validation.
  • The --spi-theme-cache-themes=false and --spi-theme-static-max-age=-1 flags in the Keycloak args (line 120) are flagged with a TODO comment for production hardening. Not introduced by this PR, but worth noting as existing technical debt.

VERDICT: APPROVED

## PR #416 Review ### DOMAIN REVIEW **Tech stack:** Terraform (kubernetes provider), Keycloak theme (CSS + properties), k8s ConfigMap volume mounts. **ConfigMap-to-volume key consistency -- VERIFIED:** - ConfigMap data keys: `"theme.properties"`, `"login.css"` - Volume items: `key="theme.properties" -> path="theme.properties"`, `key="login.css" -> path="resources/css/login.css"` - Mount path: `/opt/keycloak/themes/landscaping/login` - Result: CSS lands at `/opt/keycloak/themes/landscaping/login/resources/css/login.css` - `theme.properties` declares `styles=css/login.css` -- Keycloak resolves this relative to `resources/`, so the path is correct. All keys match. The plumbing is sound. **Terraform patterns:** - ConfigMap uses dynamic namespace reference via `kubernetes_namespace_v1.keycloak.metadata[0].name` -- consistent with westside pattern. - Volume mount is `read_only = true` -- correct for a static theme. - ConfigMap name reference uses `kubernetes_config_map_v1.keycloak_landscaping_theme.metadata[0].name` -- proper resource dependency, no hardcoded strings. **CSS review:** - Design tokens are cleanly declared as CSS custom properties in `:root` -- good. - Uses `!important` extensively -- this is expected and necessary for Keycloak theme overrides where PatternFly defaults must be defeated. Not a code smell in this context. - Inline SVG data URI for the plant icon avoids an extra file/request. SVG is clean, no embedded scripts, no security concern. - Mobile breakpoint at 480px with reduced padding -- appropriate for a login form. - No external resource references (no URLs to external CDNs, fonts, or images). **theme.properties:** - `parent=keycloak` and `import=common/keycloak` -- correct inheritance from the default Keycloak theme. - `styles=css/login.css` -- single stylesheet, resolved correctly. ### BLOCKERS None. This is a CSS-only theme with infrastructure plumbing. No user input handling, no secrets, no auth logic, no runtime code. The ConfigMap keys align with volume mount paths. The pattern mirrors the existing westside theme exactly (verified by reading both in full). ### NITS 1. **CSS filename convention inconsistency:** The westside theme names its CSS `westside.css` (after the theme), while this theme uses a generic `login.css`. Both work because each theme lives in its own directory tree, but for quick identification when inspecting ConfigMap data or `kubectl describe`, a name like `landscaping.css` would be more immediately identifiable. Non-blocking -- purely a readability preference. 2. **theme.properties formatting:** The westside `theme.properties` has a blank line between `import=` and `styles=` (line 3 is blank). The landscaping version has no blank line. Trivial inconsistency, no functional impact. ### SOP COMPLIANCE - [x] Branch named after issue (`keycloak-landscaping-theme` -- relates to #415 "Deploy landscaping login theme to Keycloak") - [x] PR body follows template (Summary, Changes, Test Plan, Review Checklist, Related) - [x] Related section references issue #415 and cross-repo tickets - [x] No secrets committed (verified: no API keys, passwords, tokens, or .env files in diff) - [x] No unnecessary file changes (3 files, all directly related to the theme) - [x] Commit messages are descriptive ### PROCESS OBSERVATIONS - Low change-failure risk: CSS-only change with no runtime logic. ConfigMap update triggers a pod restart, but the deployment strategy is `Recreate` (verified in main.tf line 97), so this is expected and controlled. - PR notes it was already applied and verified live, including Playwright screenshot verification -- good pre-review validation. - The `--spi-theme-cache-themes=false` and `--spi-theme-static-max-age=-1` flags in the Keycloak args (line 120) are flagged with a TODO comment for production hardening. Not introduced by this PR, but worth noting as existing technical debt. ### VERDICT: APPROVED
Remove dead styling on hidden #kc-page-title
All checks were successful
ci/woodpecker/push/terraform Pipeline was successful
Details
ci/woodpecker/pr/terraform Pipeline was successful
Details
ci/woodpecker/pull_request_closed/terraform Pipeline was successful
Details
aa5a9e2139 
The element is display:none — styling it is unreachable.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
ldraney deleted branch keycloak-landscaping-theme 2026-06-08 03:13:06 +00:00
Sign in to join this conversation.
Reviewers
No reviewers
Labels
Clear labels   
domain:backend

   
domain:devops

   
domain:frontend

   
status:approved

QA passed, awaiting merge approval

  
status:in-progress

Dev agent is actively working

  
status:needs-fix

QA found issues, back to dev

  
status:qa

PR submitted, awaiting QA review

  
type:bug

Bug fix

  
type:devops

Infrastructure/CI/config work

  
type:feature

New functionality

No labels
domain:backend
domain:devops
domain:frontend
status:approved
status:in-progress
status:needs-fix
status:qa
type:bug
type:devops
type:feature
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
ldraney/pal-e-platform!416
No description provided.