search

adorsys / keycloak-config-cli

Import YAML/JSON-formatted configuration files into Keycloak - Configuration as Code for Keycloak.
Apache License 2.0
778 stars 140 forks source link

Allow importing attribute groups in User Declarative Profile #859

Closed lme-atolcd closed 1 year ago

lme-atolcd commented 1 year ago

Problem Statement

The current behaviour of the User Declarative Profile import allows to only import attributes. I would like to also import attributes groups, but it doesn't seem possible with keycloak-config-cli 5.6.1.

https://github.com/adorsys/keycloak-config-cli/blob/v5.6.1/src/main/java/de/adorsys/keycloak/config/service/UserProfileImportService.java#L67

Proposed Solution

It should be possible to import a complete json User profile (the same json used in the Keycloak admin console, in "Realm setting > User profile > JSON editor") by not puting the result of realmImport.getUserProfile(); in userProfile.put("attributes", userProfileAttributes);. But insteed use the result of realmImport.getUserProfile(); verbatim in JsonUtil.toJson(...).

String buildUserProfileConfigurationString(RealmImport realmImport) {
-        Map<String, Object> userProfile = new LinkedHashMap<>();
         List<LinkedHashMap<String, Object>> userProfileAttributes = realmImport.getUserProfile();
         if (userProfileAttributes != null && !userProfileAttributes.isEmpty()) {
-            userProfile.put("attributes", userProfileAttributes);
-            return JsonUtil.toJson(userProfile);
+            return JsonUtil.toJson(userProfileAttributes);
         } else {
             return null;
         }

Before:

  {
    "realm": "my-realm",
    "attributes": {
      "userProfileEnabled": "true"
    },
    "userProfile": [
        {
        "name": "attribute1"
        },
        {
        "name": "attribute2"
        }
    ]
}

After:

{
    "realm": "my-realm",
    "attributes": {
      "userProfileEnabled": "true"
    },
    "userProfile": {
        "attributes": [
            {
            "name": "attribute1",
            "group": "group1"
            },
            {
            "name": "attribute2",
            "group": "group2"
            }
        ],
        "groups": [
            {
              "name": "group1"
            },
            {
              "name": "group2"
            }
        ]
    }
}

This change allows direct copy/paste between the json import file used by keycloak-config-cli and the Keycloak realm admin console.

Environment

Additional information

No response

Acceptance Criteria

No response

lme-atolcd commented 1 year ago

FYI, a commit implementing the proposed solution is available. https://github.com/lme-atolcd/keycloak-config-cli/commit/931cae9848c67a3b0e633019284ff59d3d974ee6

If the proposed solution is accepted, I can create a pull request.