search

adorsys / keycloak-config-cli

Import YAML/JSON-formatted configuration files into Keycloak - Configuration as Code for Keycloak.
Apache License 2.0
778 stars 140 forks source link

Policy Deleted - Partial import of client authorization with multiple files #783

Closed GretUp closed 1 year ago

GretUp commented 2 years ago

Problem Statement

I have multiple files which add roles, resources, policies and permissions. How am I able to do this without deleting the entities which are not present in the current json? At the moment if e.g. a policy does not exist in a json it gets deleted.

I tried to figure out a mechanism: https://github.com/adorsys/keycloak-config-cli/blob/0c14bb2f3ec14b1363f7a1e4fe85670d8542ea5f/docs/MANAGED.md But still cant find a solution. Maybe you can rewrite the page so it is easier to understand; maybe with examples.

e.g. I have troubles understanding the sentence: "For example if a group isn't defined inside the import json but other groups specified, keycloak-config-cli will calculate the difference and delete the group from keycloak."

BTW: If I use "--import.state" I am getting an error: The elements [import.state] were left unbound.

Proposed Solution

Implement a flag where policies/permissions are not deleted when not present in a json. Update the documentation so it is understandable.

Environment

Additional information

I changed in application.properties:

import.managed.role=no-delete import.managed.client=no-delete import.managed.client-authorization-resources=no-delete

But still......policies are getting deleted.

Acceptance Criteria

No response

jkroepke commented 2 years ago

Could you try to use a different --import.cache.key for each file?

GretUp commented 2 years ago

Hi @jkroepke ,

Sorry, I am new to this tool. Can you give some examples? Where are the parameters described?

Thank you!