--import.managed.required-action=no-delete doesn't seem to prevent deletion - Githubissues

adorsys / keycloak-config-cli

Import YAML/JSON-formatted configuration files into Keycloak - Configuration as Code for Keycloak.

Apache License 2.0

705 stars 133 forks source link

--import.managed.required-action=no-delete doesn't seem to prevent deletion #834

Open akikoskinen opened 1 year ago

akikoskinen commented 1 year ago

Current Behavior

Keycloak-config-cli deletes all existing required actions, only leaving or creating the one mentioned in the realm JSON.

Expected Behavior

Keycloak-config-cli should leave the existing required actions untouched.

Steps To Reproduce

The realm JSON contains one required action:

...
  "requiredActions": [
    {
      "alias": "verify-email-code-action",
      "name": "Verify email by code",
      "providerId": "verify-email-code-action",
      "enabled": true,
      "defaultAction": false,
      "priority": 1001,
      "config": {}
    }
  ]
...

When running Keycloak-config-cli, the --import.managed.required-action=no-delete option is given.

Environment

Keycloak Version: 19.0.2
keycloak-config-cli Version: 5.5.0
Java Version: 17

Anything else?

To me it looks like RequiredActionsImportService looks for the property for client scopes, while it should probably check the required actions property.

akikoskinen commented 1 year ago

Indeed it looks like giving the --import.managed.client-scope=no-delete option prevents deletion of pre-existing required actions.