Authorization Scopes are deleted - how to prevent deletion of "remote managed" scopes.

[mpromny]

Problem Statement

Hi, We know about the existence of the below listed variables:

keycloak-config-cli:
    env:
        IMPORT_VARSUBSTITUTION_ENABLED: "true"
        IMPORT_MANAGED_CLIENTSCOPE: no-delete
        IMPORT_MANAGED_SCOPEMAPPING: no-delete
        IMPORT_MANAGED_CLIENTSCOPEMAPPING: no-delete
        IMPORT_MANAGED_CLIENTAUTHORIZATIONRESOURCES: no-delete

Unfortunately, none of them protects against deleting clients authorization scope DELETE /auth/admin/realms/{REALM_NAME}/clients/{CLIENT_ID}/authz/resource-server/scope/{SCOPE_ID}

or I'm incorrectly assuming that those properties could be passed as environment variables:

        "import.managed.client-scope=no-delete",
        "import.managed.scope-mapping=no-delete",
        "import.managed.client-scope-mapping=no-delete",
        "import.managed.client-authorization-resources=no-delete",

if I'm making a wrong assumption, please let me know.

Proposed Solution

I would like to ask if there is any parameter which would allow to disable deleting authorization scopes or if it could be added in the future.

Maybe something like that: IMPORT_MANAGED_CLIENTAUTHORIZATIONSCOPES

In keycloak-config-cli 4.5 we could easily achieve that modifying src/main/java/de/adorsys/keycloak/config/service/ClientImportService.java

Environment

• Keycloak Version: 16.0
• keycloak-config-cli Version: 5.2.1
• Java Version: 11

Additional information

No response

Acceptance Criteria

No response

[ReginaldoSantos]

It looks like your request was fulfilled in version 5.9.

Check this https://github.com/adorsys/keycloak-config-cli/blob/v5.12.0/CHANGELOG.md#590---2023-10-13

[mpromny]

Yes, all works. Thank you for the notification.

As @ReginaldoSantos wrote, request has been fulfilled by: https://github.com/adorsys/keycloak-config-cli/blob/v5.12.0/CHANGELOG.md#590---2023-10-13