Open rgarrigue opened 12 months ago
In my project, I also have similar concerns, the full export of Keycloak always involves full data (with thousands of lines of property and values) and cannot be re-applied multiple times.
Unfortunately, I also don't have a good solution for that yet, we are doing it manually.
What I did was:
I would also love to know if anyone has suggestions on this. (This could be hard to implement since Keycloak could introduce breaking changes about their default properties).
I also does that manually. I could not find any other better approach.
I get some help using this jq command
jq 'del(.id, .realm, .accessTokenLifespanForImplicitFlow,
.accessTokenLifespanForWebApps, .accessTokenLifespan,
.offlineSessionIdleTimeout, .accessTokenLifespanInSeconds,
.ssoSessionIdleTimeout, .ssoSessionMaxLifespan,
.ssoSessionIdleTimeoutRememberMe, .ssoSessionMaxLifespanRememberMe,
.accessCodeLifespan, .accessCodeLifespanLogin, .accessCodeLifespanUserAction,
.accessCodeLifespanMobile, .notBefore, .registrationAllowed,
.registrationEmailAsUsername, .rememberMe, .verifyEmail, .resetPasswordFlow,
.editUsernameAllowed, .bruteForceProtected, .permanentLockout, .maxFailureWaitSeconds,
.minimumQuickLoginWaitSeconds, .waitIncrementSeconds, .quickLoginCheckMilliSeconds,
.maxDeltaTimeSeconds, .failureFactor, .requiredCredentials, .otpPolicyType,
.otpPolicyAlgorithm, .otpPolicyInitialCounter, .otpPolicyDigits, .otpPolicyLookAheadWindow,
.otpPolicyPeriod, .otpSupportedApplications, .webAuthnPolicyRpEntityName,
.webAuthnPolicyAttestationConveyancePreference, .webAuthnPolicyAuthenticatorAttachment,
.webAuthnPolicyRequireResidentKey, .webAuthnPolicyUserVerificationRequirement,
.webAuthnPolicyCreateTimeout, .webAuthnPolicyAssertionTimeout,
.webAuthnPolicyRegistrationRecoveryEnabled, .webAuthnPolicyRegistrationRecoveryCodesQuantity,
.webAuthnPolicyRegistrationTokenBindingRequired, .webAuthnPolicyRegistrationAttestationConveyancePreference,
.webAuthnPolicyRegistrationAuthenticatorSelectionCriteria,
.keys)' < keycloak-realm-export.json > keycloak-realm-export-new.json
Nice, this jq deserve a spot in the documentation :)
I am also thinking of an approach how to do this. This is the manual approach I see atm:
Problem Statement
The doc says
Our legacy Keycloak export is 3000 lines long, so I'ld like to do exactly that, but I don't see how I can get there. Tried to make some three way diff between
Couldn't achieve a result : list are unordered in the export, for a given realm I don't know if I can remove all the roles that seems to be default or not ... and you end up with an invalid JSON because always end up removing a ) or a , somewhere you shouldn't.
Any recommendation, a script, any tools here ? Just an export without the default included would be enough
Proposed Solution
I've no idea of a solution atm
Environment
Additional information
No response
Acceptance Criteria
No response