search

crossplane-contrib / provider-keycloak

Apache License 2.0
21 stars 12 forks source link

feature: Import objects via <realm/name> instead of <uuid> #126

Open Breee opened 3 months ago

Breee commented 3 months ago

Currently we have to import resources using keycloaks UUIDs, i.e. 

apiVersion: role.keycloak.crossplane.io/v1alpha1
kind: Role
metadata:
  annotations:
    crossplane.io/external-name: 182b0c9b-197f-45e3-8f4a-386cd6890d73
  name: builtin-master-realm-role-uma-authorization
spec:
  deletionPolicy: Orphan
  forProvider:
    name: uma_authorization
    realmId: master
  managementPolicies:
  - Observe
  providerConfigRef:
    name: keycloak-provider-config

It would be better to have something like: 

apiVersion: role.keycloak.crossplane.io/v1alpha1
kind: Role
metadata:
  annotations:
    crossplane.io/external-name: master/uma_authorization
  name: builtin-master-realm-role-uma-authorization
spec:
  deletionPolicy: Orphan
  forProvider:
    name: uma_authorization
    realmId: master
  managementPolicies:
  - Observe
  providerConfigRef:
    name: keycloak-provider-config

to make it more resilient for disaster recovery

TomBillietKlarrio commented 3 months ago

I was wondering, what would be the behavior if in external_name.go the config is changed to config.NameAsIdentifier https://github.com/crossplane-contrib/provider-keycloak/blob/9be1e151a09440e0bbdd02c6c4f1e1294a41c11a/config/external_name.go#L26

Would it try to reconcile based on the name instead of the UUID? I was trying it myself, but did not figure out how to run a custom built version on my kind cluster

Breee commented 3 months ago

afaik config.NameAsIdentifier would remove all "name" fields from the forProvider and use the K8s object name as identifier. that's not what we search i think -> we'll find a smooth way to get rid of the uuids in the future. To this date this does not exist.