[keycloak-dev] Export/import into representations

Marek Posolda mposolda at redhat.com
Tue Jul 15 10:50:32 EDT 2014 

I've sent PR https://github.com/keycloak/keycloak/pull/523 for 
export/import with same representation as admin realm.

- It's still possible to export into encrypted ZIP file (default 
possibility), into directory or all realms into single JSON file.

- With export to directory, data of each realm are exported into 
separate file and users are also exported into separate file. It's 
configurable how many users will be in single file (By default it's 5000 
users per file) and it's using separate transaction per each file (set 
of users). So for example if you have realm with 20.000 users the realm 
will be exported into 5 separate files (1 file like "demo-realm.json" 
for realm data and 4 files like "demo-users-0.json", "demo-users-1.json" 
etc for users).

- Export to encrypted ZIP is quite similar like export to directory 
(realms and users in separate files inside ZIP), but all data are 
canonicalized. This is default possibility and is intended for 
production use

- Export into single JSON file allows to export all realms including 
users into single JSON file (array of RealmRepresentations). This is 
intended to be used mainly for development

- I've moved some code from "services" module as from there it's not 
available to export/import. I've moved class ModelToRepresentation to 
model/api and I've also extracted some code from managers (RealmManager, 
ApplicationManager, OAuthClientManager, RolesManager) to 
RepresentationToModel class.

- I've moved tests to testsuite/integration . Right now there is 
ExportImportTest, which tests all 3 providers (zip, dir, singleFile).

- Question: Is it plan to move some manager classes like RealmManager, 
ApplicationManager, OAuthClientManager and RolesManager to model/api as 
well? These don't have dependencies on other stuff in "services" and it 
will be useful for stuff like export/import to have them available. For 
example export/import may need the code for setup masterAdmin 
application (as if I import realm, I've need to check if particular 
master application like "demo-realm" exists in master realm and create 
it if doesn't, so I've needed to move some related code from 
RealmManager for setup this too).

- Export/import is still checked at server startup with system properties.
Question: How big priority it is to support export from admin console? 
TBH it shouldn't be hard to add it but it seems to me that this option 
is useful more for development than production as during export from 
admin console could be realm data edited in the meantime (For example if 
some other user registers himself in the meantime when admin triggered 
export). The solution might be JAX-RS or Http Filter, which will refuse 
request to realm when export is in progress. Do we want to go that way? 
Maybe just possibility to export current realm to single JSON file is 
sufficient in admin console?

Let me know if you have some other ideas/proposals

Thanks,
Marek

More information about the keycloak-dev mailing list