[keycloak-dev] Batch import/export

Stan Silvert ssilvert at redhat.com
Wed Oct 21 08:15:56 EDT 2015


I like those ideas too.  Some have already been talked about but 
regarded as "nice to have".

The question is do we want me to spend extra weeks on all those features 
or do we want to get started on CLI?

Right now, I have batch import implemented for Users, Clients, and 
Identity Providers.  It's easy to add the replace, skip, error feature, 
so I'll probably spend a couple of extra hours today doing that.

Personally, I think the best approach is to implement the simplest 
possible version of the feature and then get feedback to see what 
enhancements are really needed.  If you want to try out the import 
feature, It's here:
https://github.com/ssilvert/keycloak/tree/user-import-export

On 10/21/2015 6:00 AM, Stian Thorgersen wrote:
> Those are nice additional options we could have. Simply have a 
> checkbox to re-generate realm keys and another checkbox to re-generate 
> client secrets (if a client is using jwt auth then we shouldn't 
> re-generate the keys for the client as we don't store the private key).
>
> On 21 October 2015 at 10:06, Thomas Raehalme 
> <thomas.raehalme at aitiofinland.com 
> <mailto:thomas.raehalme at aitiofinland.com>> wrote:
>
>     I think all of these sound useful!
>
>     May I suggest another useful option when importing realm or
>     client, which is to re-generate keys and secrets?
>
>     Best regards,
>     Thomas
>
>     On Wed, Oct 21, 2015 at 11:00 AM, Stian Thorgersen
>     <sthorger at redhat.com <mailto:sthorger at redhat.com>> wrote:
>
>         After your last email with regards to removing the import
>         button from client create page I had an idea.
>
>         How about we do the following:
>
>
>         Import/export single
>         --------------------------
>         On realm, client, identity provider and user federation create
>         pages we add the import button. This will prefill the form and
>         let the user review before importing. This is how realm and
>         client works now. We'd also add a link to export a single
>         entity when displaying it in the admin console (next to the
>         delete icon).
>
>         Batch export
>         -----------------
>         When exporting a realm you can select what you want to export.
>         The option would include realm settings, clients, identity
>         brokers, user federation, users, credentials. Further there
>         would be an option if export would be done to a file or a json
>         download. If export to file is selected you would get the
>         option to export credentials for users, if json download is
>         selected that option would be disabled.
>
>         Batch import
>         -----------------
>         We should have options to import a realm as well as import
>         into an existing realm. For this we should have an option to
>         select what happens if resources exists (for example client
>         with client-id exists, or user with username exists). Options
>         could be replace, skip, warn, error, etc..
>
>
>         Finally I was also thinking about an option where we'd have a
>         import directory on the server. Any files in this would be
>         imported on startup. Once imported we'd add a
>         "<filename>.imported" or "<filename>.failed". Same here it
>         would be nice to be able to somehow specify the strategy if
>         the resource exists.
>
>         _______________________________________________
>         keycloak-dev mailing list
>         keycloak-dev at lists.jboss.org <mailto:keycloak-dev at lists.jboss.org>
>         https://lists.jboss.org/mailman/listinfo/keycloak-dev
>
>
>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-dev/attachments/20151021/0cae5025/attachment.html 


More information about the keycloak-dev mailing list