search

mayope / keycloakmigration

Manage your Keycloak configuration with code.
https://mayope.net
MIT License
108 stars 22 forks source link

Update Authentication Flow #27

Closed gnunn1 closed 3 years ago

gnunn1 commented 3 years ago

I'm updating one of the authentication flows, first-broker-login, to disable the review profile. I can see in the documentation that there is the capability to Add Flow and Delete Flow but nothing for Update Flow. I suppose I could add a whole new flow which is a copy of the First Broker Login with the one change I want but I wonder if there is a better way to handle this.

The docs I'm referring to are here:

https://klg71.github.io/keycloakmigration/migrations/flow/

klg71 commented 3 years ago

Hey gnunn1,

Thanks for opening this issue :)

There is no real reason besides the lack of time from my side that there is currently not updateFlow command. I will to try to look into it in the next couple of days. :) If you already have an implementation idea feel free to draft an idea :)

gnunn1 commented 3 years ago

Thanks, I mostly just wanted to check that I wasn't missing anything obvious, there is no rush for this functionality on my part so please don't feel a need to work on this immediately. A bit of background, I'm using this tool as part of my gitops flow in kubernetes where I've deployed keycloak and am using this tool to provision realms, clients, IdPs, etc. It works wonderfully so thanks and kudos for a great tool, really appreciate it.

klg71 commented 3 years ago

I think i got a first version working. The api would look something like this:

id: update-flow
author: klg71
realm: integ-test
changes:
  - addFlow:
      alias: trust-foreign-idp
      executions:
        - requirement: ALTERNATIVE
          providerId: idp-create-user-if-unique
        - requirement: ALTERNATIVE
          providerId: idp-auto-link
  - updateFlow:
      alias: trust-foreign-idp
      newAlias: trust-foreign-idp-update
      description: new-description
      executions:
        - requirement: ALTERNATIVE
          providerId: idp-create-user-if-unique
        - requirement: REQUIRED
          providerId: console-username-password

However I can't replace the executions in place so i delete them all on the flow and add the provided. If will only update the fields you provide . The other fields are not updated.

gnunn1 commented 3 years ago

I'm not super deep in Keycloak flows so forgive me if I'm not following however does this create a whole new flow or is it simply deleting the execution in the existing flow and replacing it with a new one, just asking based on the newAlias field which implies a new flow?

klg71 commented 3 years ago

Yeah it replaces the existing executions. I need the newAlias field to be able to update the alias of the existing flow. Maybe we can name it updateAlias

klg71 commented 3 years ago

Released with version 0.2.18 if you have no objections @gnunn1 I will close this ticket in one week.

gnunn1 commented 3 years ago

Sounds good, thanks you for the quick turnaround!