Skip to content

Commit

Permalink
State management (adorsys#102)
Browse files Browse the repository at this point in the history
  • Loading branch information
jkroepke authored Jun 16, 2020
1 parent 39eaadd commit d8e712f
Show file tree
Hide file tree
Showing 112 changed files with 1,054 additions and 331 deletions.
12 changes: 12 additions & 0 deletions .editorconfig
Original file line number Diff line number Diff line change
@@ -0,0 +1,12 @@
root = true

[*]
end_of_line = lf
trim_trailing_whitespace = true
insert_final_newline = true
indent_style = space
indent_size = 4

[*.json]
indent_size = 2

16 changes: 9 additions & 7 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
Expand Up @@ -12,24 +12,26 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
- `import.file` is removed. Use `import.path` instead for files and directories.
- `keycloak.migrationKey` is removed. Use `import.cache-key` instead.
- `keycloak.realm` is removed. Use `import.login-realm` to define the realm to login.
- If you have defined requiredActions, components or subcomponents in your realm configure, make sure you have defined all in your json files. All not defined
actions will removed now by keycloak-config-cli. See: [docs/MANAGED.md](docs/MANAGED.md)
- If you have defined requiredActions, components, authentications flows or subcomponents in your realm configure, make sure you have defined all in your json files. All not defined
actions will removed now by keycloak-config-cli unless `import.state=true` is set (default). See: [docs/MANAGED.md](docs/MANAGED.md)

### Added

- PMD for static source code analysis
- _Experimental_ GraalVM support. Run keycloak-config-cli without Java!
- Throw errors on unknown properties in config files
- Add, update and remove clientScopes
- Removed required actions if they not defined in import json.
- Removed components if they not defined in import json.
- Removed subcomponents if they not defined in import json.
- Contrib behaivor of purging ressource via `import.manage.<type>` property. See: [docs/MANAGED.md](docs/MANAGED.md)
- Remove required actions if they not defined in import json.
- Remove components if they not defined in import json.
- Remove subcomponents if they not defined in import json.
- Remove authentication flows if they not defined in import json.
- Control behavior of purging ressource via `import.manage.<type>` property. See: [docs/MANAGED.md](docs/MANAGED.md)
- State management for `requriedActions`, `clients`, `components`

### Changed

- Reduce docker image size
- Bump SpringBoot from 2.2.7 to 2.3.0
- Bump SpringBoot from 2.2.7 to 2.3.1
- Bump keycloak from 10.0.0 to 10.0.2
- Used keycloak parent pom instead manage versions of 3rd party libs
- Add experimental profile for spring native builds
Expand Down
26 changes: 13 additions & 13 deletions CODE_OF_CONDUCT.md
Original file line number Diff line number Diff line change
Expand Up @@ -14,22 +14,22 @@ appearance, race, religion, or sexual identity and orientation.
Examples of behavior that contributes to creating a positive environment
include:

* Using welcoming and inclusive language
* Being respectful of differing viewpoints and experiences
* Gracefully accepting constructive criticism
* Focusing on what is best for the community
* Showing empathy towards other community members
- Using welcoming and inclusive language
- Being respectful of differing viewpoints and experiences
- Gracefully accepting constructive criticism
- Focusing on what is best for the community
- Showing empathy towards other community members

Examples of unacceptable behavior by participants include:

* The use of sexualized language or imagery and unwelcome sexual attention or
advances
* Trolling, insulting/derogatory comments, and personal or political attacks
* Public or private harassment
* Publishing others' private information, such as a physical or electronic
address, without explicit permission
* Other conduct which could reasonably be considered inappropriate in a
professional setting
- The use of sexualized language or imagery and unwelcome sexual attention or
advances
- Trolling, insulting/derogatory comments, and personal or political attacks
- Public or private harassment
- Publishing others' private information, such as a physical or electronic
address, without explicit permission
- Other conduct which could reasonably be considered inappropriate in a
professional setting

## Our Responsibilities

Expand Down
4 changes: 2 additions & 2 deletions CONTRIBUTING.md
Original file line number Diff line number Diff line change
@@ -1,11 +1,11 @@
# Contributing

When contributing to this repository, please first discuss the change you wish to make via issue before making a change.
When contributing to this repository, please first discuss the change you wish to make via issue before making a change.

Please note we have a code of conduct, please follow it in all your interactions with the project.

## Pull Request Process

1. Update the [README.md](README.md) or [DOCUMENTATION.md](DOCUMENTATION.md) with details of changes to the interface, this includes new environment
1. Update the [README.md](README.md) or [DOCUMENTATION.md](DOCUMENTATION.md) with details of changes to the interface, this includes new environment
variables, useful file locations and other parameters.
2. If possible add test casse to cover the issues or new feature.
25 changes: 13 additions & 12 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -85,18 +85,19 @@ $ docker run \

#### Environment Variables

| Variable | Description | Default |
| -------------------- | ------------------------------------------------------- | ----------- |
| WAIT_TIME_IN_SECONDS | Timeout in seconds for waiting keycloak until reachable | `120` |
| KEYCLOAK_URL | Keycloak Url without `/auth` | - |
| KEYCLOAK_USER | login user name | `admin` |
| KEYCLOAK_PASSWORD | login user name | - |
| KEYCLOAK_CLIENTID | login clientId | `admin-cli` |
| KEYCLOAK_LOGINREALM | login realm | `master` |
| KEYCLOAK_SSLVERIFY | Verify ssl connection to keycloak | `true` |
| IMPORT_PATH | Location of config files | `/config` |
| IMPORT_FORCE | Enable force import of realm config | `false` |
| IMPORT_CACHEKEY | Cache key for importing config. | `default` |
| Variable | Description | Default |
| -------------------- | ---------------------------------------------------------------------------- | ----------- |
| WAIT_TIME_IN_SECONDS | Timeout in seconds for waiting keycloak until reachable | `120` |
| KEYCLOAK_URL | Keycloak Url without `/auth` | - |
| KEYCLOAK_USER | login user name | `admin` |
| KEYCLOAK_PASSWORD | login user name | - |
| KEYCLOAK_CLIENTID | login clientId | `admin-cli` |
| KEYCLOAK_LOGINREALM | login realm | `master` |
| KEYCLOAK_SSLVERIFY | Verify ssl connection to keycloak | `true` |
| IMPORT_PATH | Location of config files | `/config` |
| IMPORT_FORCE | Enable force import of realm config | `false` |
| IMPORT_CACHEKEY | Cache key for importing config. | `default` |
| IMPORT_STATE | Enable state management. Purge only resources managed by kecloak-config-cli. | `true` |

### Experimental native build

Expand Down
16 changes: 8 additions & 8 deletions contrib/native/test-with-import-files.sh
Original file line number Diff line number Diff line change
Expand Up @@ -9,13 +9,13 @@ export SPRING_PROFILES_ACTIVE=dev
./target/keycloak-config-cli-native --import.force=true

while read -r file; do
./target/keycloak-config-cli-native --import.path="${file}"
./target/keycloak-config-cli-native --import.path="${file}"
done < <(
find src/test/resources/import-files \
-type f \
-name '*.json' \
! -path '*cli*' \
-and ! -path '*exported-realm*' \
-and ! -name '*invalid*' \
-and ! -name '*try*' | sort -n
find src/test/resources/import-files \
-type f \
-name '*.json' \
! -path '*/cli/*' \
-and ! -path '*exported-realm*' \
-and ! -name '*invalid*' \
-and ! -name '*try*' | sort -n
)
1 change: 1 addition & 0 deletions docs/FEATURES.md
Original file line number Diff line number Diff line change
Expand Up @@ -16,6 +16,7 @@
| Remove role from user | 1.0.0 | Remove realm-level or client-level roles from user while updating realm |
| Add authentication flows and executions | 1.0.0 | Add authentication flows and executions while creating or updating realms |
| Update authentication flows and executions | 1.0.0 | Update authentication flow properties and executions while updating realms |
| Remove authentication flows and executions | 2.0.0 | Remove existing authentication flow properties and executions while updating realms |
| Add components | 1.0.0 | Add components while creating or updating realms |
| Update components | 1.0.0 | Update components properties while updating realms |
| Remove components | 2.0.0 | Remove existing sub-components while creating or updating realms |
Expand Down
30 changes: 22 additions & 8 deletions docs/MANAGED.md
Original file line number Diff line number Diff line change
Expand Up @@ -24,16 +24,30 @@ For example if you define `groups` but set an empty array, keycloak will delete

## Supported full managed entities

| Type | Additional Information |
| ---------------- | ----------------------------------------------------------- |
| Groups | - |
| Required Actions | You have to copy the default one to you import json. |
| Client Scopes | - |
| Scope Mappings | - |
| Components | You have to copy the default components to you import json. |
| Sub Components | You have to copy the default components to you import json. |
| Type | Additional Information |
| -------------------- | ----------------------------------------------------------- |
| Groups | - |
| Required Actions | You have to copy the default one to you import json. |
| Client Scopes | - |
| Scope Mappings | - |
| Components | You have to copy the default components to you import json. |
| Sub Components | You have to copy the default components to you import json. |
| Authentication Flows | You have to copy the default components to you import json. |

## Disable deletion of managed entities

If you won't delete properties of a specific type, you can disable this behavior by default a properties like `import.managed.<entity>=<full|no-delete>`, e.g.:
`import.managed.required-actions=no-delete`

## State management

If `import.state` is set to `true` (default value), keycloak-config-cli will purge only resources they created before by keycloak-config-cli.
If `import.state` is set to `false`, keycloak-config-cli will purge all existing entities if they not defined in import json.

### Supported entities

Following entities does have saved state:

* Required Actions
* Clients
* Components
52 changes: 26 additions & 26 deletions pom.xml
Original file line number Diff line number Diff line change
Expand Up @@ -113,11 +113,11 @@
</dependency>

<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-validation</artifactId>
</dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-validation</artifactId>
</dependency>

<dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-configuration-processor</artifactId>
<optional>true</optional>
Expand All @@ -142,16 +142,16 @@
<exclusion>
<groupId>org.junit.vintage</groupId>
<artifactId>junit-vintage-engine</artifactId>
</exclusion>
</exclusions>
</dependency>
</exclusion>
</exclusions>
</dependency>

<dependency>
<groupId>org.testcontainers</groupId>
<artifactId>testcontainers</artifactId>
<version>${testcontainers.version}</version>
<scope>test</scope>
</dependency>
<dependency>
<groupId>org.testcontainers</groupId>
<artifactId>testcontainers</artifactId>
<version>${testcontainers.version}</version>
<scope>test</scope>
</dependency>

<dependency>
<groupId>org.testcontainers</groupId>
Expand Down Expand Up @@ -364,19 +364,19 @@
</profile>
<profile>
<id>pmd</id>
<build>
<plugins>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-pmd-plugin</artifactId>
<version>3.13.0</version>
<configuration>
<linkXRef>false</linkXRef>
</configuration>
<executions>
<execution>
<goals>
<goal>check</goal>
<build>
<plugins>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-pmd-plugin</artifactId>
<version>3.13.0</version>
<configuration>
<linkXRef>false</linkXRef>
</configuration>
<executions>
<execution>
<goals>
<goal>check</goal>
</goals>
</execution>
</executions>
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -25,7 +25,6 @@
import org.springframework.stereotype.Component;

import java.util.ArrayList;
import java.util.Collections;
import java.util.List;

@Component
Expand All @@ -41,7 +40,7 @@ public class RealmImport extends RealmRepresentation {
public List<AuthenticationFlowRepresentation> getAuthenticationFlows() {
List<AuthenticationFlowRepresentation> result;
if (authenticationFlowImports == null) {
result = Collections.emptyList();
result = null;
} else {
result = new ArrayList<>(authenticationFlowImports);
}
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -30,6 +30,7 @@
@Validated
public class ImportConfigProperties {
public static final String REALM_CHECKSUM_ATTRIBUTE_PREFIX_KEY = "de.adorsys.keycloak.config.import-checksum-{0}";
public static final String REALM_STATE_ATTRIBUTE_PREFIX_KEY = "de.adorsys.keycloak.config.state-{0}-{1}";

@NotBlank
private final String path;
Expand All @@ -40,12 +41,16 @@ public class ImportConfigProperties {
@NotBlank
private final String cacheKey;

@NotNull
private final boolean state;

private final ImportManagedProperties managed;

public ImportConfigProperties(String path, boolean force, String cacheKey, ImportManagedProperties managed) {
public ImportConfigProperties(String path, boolean force, String cacheKey, boolean state, ImportManagedProperties managed) {
this.path = path;
this.force = force;
this.cacheKey = cacheKey;
this.state = state;
this.managed = managed;
}

Expand All @@ -65,12 +70,16 @@ public ImportManagedProperties getManaged() {
return managed;
}

public boolean isState() {
return state;
}

public static class ImportManagedProperties {
@NotNull
private final ImportManagedPropertiesValues group;
private final ImportManagedPropertiesValues requiredAction;

@NotNull
private final ImportManagedPropertiesValues requiredAction;
private final ImportManagedPropertiesValues group;

@NotNull
private final ImportManagedPropertiesValues clientScope;
Expand All @@ -84,21 +93,21 @@ public static class ImportManagedProperties {
@NotNull
private final ImportManagedPropertiesValues subComponent;

@NotNull
private final ImportManagedPropertiesValues authenticationFlow;

public ImportManagedProperties(
ImportManagedPropertiesValues group, ImportManagedPropertiesValues requiredAction,
ImportManagedPropertiesValues clientScope, ImportManagedPropertiesValues scopeMapping,
ImportManagedPropertiesValues component, ImportManagedPropertiesValues subComponent
) {
this.group = group;
ImportManagedPropertiesValues requiredAction, ImportManagedPropertiesValues group,
ImportManagedPropertiesValues clientScope, ImportManagedPropertiesValues scopeMapping,
ImportManagedPropertiesValues component, ImportManagedPropertiesValues subComponent,
ImportManagedPropertiesValues authenticationFlow) {
this.requiredAction = requiredAction;
this.group = group;
this.clientScope = clientScope;
this.scopeMapping = scopeMapping;
this.component = component;
this.subComponent = subComponent;
}

public ImportManagedPropertiesValues getGroup() {
return group;
this.authenticationFlow = authenticationFlow;
}

public ImportManagedPropertiesValues getRequiredAction() {
Expand All @@ -121,6 +130,14 @@ public ImportManagedPropertiesValues getSubComponent() {
return subComponent;
}

public ImportManagedPropertiesValues getAuthenticationFlow() {
return authenticationFlow;
}

public ImportManagedPropertiesValues getGroup() {
return group;
}

public enum ImportManagedPropertiesValues {
FULL,
NO_DELETE
Expand Down
Loading

0 comments on commit d8e712f

Please sign in to comment.