search

adorsys / keycloak-config-cli

Import YAML/JSON-formatted configuration files into Keycloak - Configuration as Code for Keycloak.
Apache License 2.0
705 stars 133 forks source link

If the whole realm object is deleted from JSON file - it is not deleted from the keycloak on the json file import #914

Open roman-aleksejuk-telia opened 10 months ago

roman-aleksejuk-telia commented 10 months ago

Current Behavior

If the whole realm object is deleted from JSON file - it is not deleted from the keycloak on the json file import

Expected Behavior

As the imported JSON files are being considered as a single source of truth and the desired state - we could not rely on this concept anymore, as the config in JSON files does not reflect the actual config in the keycloak.

Please note that the "import.remote-state.enabled" is set to "false". So theoretically it should purge all the condfiguration that is not in the JSON file.

Steps To Reproduce

1. Deploy Keycloak
2. Run importer and import multiple realms
3. Delete one realm JSON object from file
4. It is still seen in the GUI after re-importing the JSON

Environment

Anything else?

No response

jonasvoelcker commented 3 months ago

Hi @roman-aleksejuk-telia, this tool is meant to only change realms which are provided in the import. I also can't imagine any use case why a realm should be deleted through automation. Just in case someone would mess up the file this would mean that all of your users would be deleted, it's not a good idea to add this feature 😉