[keycloak-dev] Batch import/export

Wed Oct 21 08:27:45 EDT 2015

I'd like to get import/export done properly. The addition of being able to
add bits and pieces to import in a directory would be really helpful on
Docker/OpenShift/etc..

Besides, CLI is on hold until we decide what to do. We're not going to
decide on that in the next week weeks. I'm not sure we have the resources
available to do CLI properly before Christmas, so it would probably be
better to wait.

On 21 October 2015 at 14:15, Stan Silvert <ssilvert at redhat.com> wrote:

> I like those ideas too.  Some have already been talked about but regarded
> as "nice to have".
>
> The question is do we want me to spend extra weeks on all those features
> or do we want to get started on CLI?
>
> Right now, I have batch import implemented for Users, Clients, and
> Identity Providers.  It's easy to add the replace, skip, error feature, so
> I'll probably spend a couple of extra hours today doing that.
>
> Personally, I think the best approach is to implement the simplest
> possible version of the feature and then get feedback to see what
> enhancements are really needed.  If you want to try out the import feature,
> It's here:
> https://github.com/ssilvert/keycloak/tree/user-import-export
>
>
> On 10/21/2015 6:00 AM, Stian Thorgersen wrote:
>
> Those are nice additional options we could have. Simply have a checkbox to
> re-generate realm keys and another checkbox to re-generate client secrets
> (if a client is using jwt auth then we shouldn't re-generate the keys for
> the client as we don't store the private key).
>
> On 21 October 2015 at 10:06, Thomas Raehalme <
> thomas.raehalme at aitiofinland.com> wrote:
>
>> I think all of these sound useful!
>>
>> May I suggest another useful option when importing realm or client, which
>> is to re-generate keys and secrets?
>>
>> Best regards,
>> Thomas
>>
>> On Wed, Oct 21, 2015 at 11:00 AM, Stian Thorgersen <sthorger at redhat.com>
>> wrote:
>>
>>> After your last email with regards to removing the import button from
>>> client create page I had an idea.
>>>
>>> How about we do the following:
>>>
>>>
>>> Import/export single
>>> --------------------------
>>> On realm, client, identity provider and user federation create pages we
>>> add the import button. This will prefill the form and let the user review
>>> before importing. This is how realm and client works now. We'd also add a
>>> link to export a single entity when displaying it in the admin console
>>> (next to the delete icon).
>>>
>>> Batch export
>>> -----------------
>>> When exporting a realm you can select what you want to export. The
>>> option would include realm settings, clients, identity brokers, user
>>> federation, users, credentials. Further there would be an option if export
>>> would be done to a file or a json download. If export to file is selected
>>> you would get the option to export credentials for users, if json download
>>> is selected that option would be disabled.
>>>
>>> Batch import
>>> -----------------
>>> We should have options to import a realm as well as import into an
>>> existing realm. For this we should have an option to select what happens if
>>> resources exists (for example client with client-id exists, or user with
>>> username exists). Options could be replace, skip, warn, error, etc..
>>>
>>>
>>> Finally I was also thinking about an option where we'd have a import
>>> directory on the server. Any files in this would be imported on startup.
>>> Once imported we'd add a "<filename>.imported" or "<filename>.failed". Same
>>> here it would be nice to be able to somehow specify the strategy if the
>>> resource exists.
>>>
>>> _______________________________________________
>>> keycloak-dev mailing list
>>> keycloak-dev at lists.jboss.org
>>> https://lists.jboss.org/mailman/listinfo/keycloak-dev
>>>
>>
>>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-dev/attachments/20151021/c4827fbb/attachment.html 