search

adorsys / keycloak-config-cli

Import YAML/JSON-formatted configuration files into Keycloak - Configuration as Code for Keycloak.
https://adorsys.github.io/keycloak-config-cli/
Apache License 2.0
807 stars 148 forks source link

Support Partial Imports into Keycloak #1161

Closed joao-rebelo closed 2 weeks ago

joao-rebelo commented 1 month ago

Problem Statement

In our current workflow we provide an initial configuration state, and along the time we need to release "patches" that change only some aspects of the configuration. Since keycloak configuration might have been locally changed by some other form we would like to only affect exactly what we provide as patch.

Proposed Solution

As a simple example importing a file as

{ "id": "xpto", "ssoSessionMaxLifespan": 3600 }

would change the Session Max Lifespan of the realm and leave everything else untouched

Environment

No response

Additional information

At the recent KeyConf it was mentioned that partial imports were already supported, but I don't see it documented and also didn't saw such an option while seeing the ImportConfigProperties class. if there is some other way to achieve this, then this ticket can be considered duplicated.

Acceptance Criteria

No response

Motouom commented 2 weeks ago

Hello @joao-rebelo.

You are right it has been solved but no documentation has been made yet.

You should check one of the latest versions of KC-CLI This version and maybe This version of keycloak.

this is an example 

{
  "realm": "example-realm",
  "ssoSessionMaxLifespan": 3600,
  "users": [
    {
      "username": "testuser",
      "enabled": true,
      "email": "testuser@example.com",
      "firstName": "Test",
      "lastName": "User",
      "credentials": [
        {
          "type": "password",
          "value": "samplePassword",
          "temporary": false
        }
      ],
      "attributes": {

      }
    }
  ],
  "clients": [
    {
      "clientId": "your-client",
      "enabled": true,
      "redirectUris": [
        "https://app1.example.com/callb",
        "https://app2.example.com/callback",
        "https://app3.example.co/allback"
      ],
      "webOrigins": [
        "https://app1.example.c",
        "https://app2.emple.com",
        "https://app3.exale.com"
      ],
      "attributes": {
        "post.logout.redirect.uris": "https://app1.example.com/logo##https://app2.example.com/logout##https://app3.example.com/lo"
      },
      "protocol": "openid-connect",
      "publicClient": false,
      "standardFlowEnabled": true,
      "implicitFlowEnabled": false,
      "directAccessGrantsEnabled": true,
      "serviceAccountsEnabled": false,
      "authorizationServicesEnabled": false,
      "fullScopeAllowed": true
    }
  ]
}

Image Image

Now, partially importing only waht i want

{
  "realm": "example-realm",
  "ssoSessionMaxLifespan": 7200,

  "clients": [
    {
      "clientId": "your-client",
      "enabled": true,
      "redirectUris": [
        "https://app1.example.com/callback",
        "https://app2.example.com/callback",
        "https://app3.example.com/callback"
      ],
      "webOrigins": [
        "https://app1.example.com",
        "https://app2.example.com",
        "https://app3.example.com"
      ],
      "attributes": {
        "post.logout.redirect.uris": "https://app1.example.com/logo##https://app2.example.com/logout##https://app3.example.com/lo"
      },
      "protocol": "openid-connect",
      "publicClient": false,
      "standardFlowEnabled": true,
      "implicitFlowEnabled": false,
      "directAccessGrantsEnabled": true,
      "serviceAccountsEnabled": false,
      "authorizationServicesEnabled": false,
      "fullScopeAllowed": true
    }
  ]
}

Image

Image

Lastly, i import only what i want to change again. the ssoSessionMaxLifespan to 4hrs and every other thing remains unchanged.

{
  "realm": "example-realm",
  "ssoSessionMaxLifespan": 14400,
}

Image

Image