Re: [keycloak-dev] Import proposal

That would be really nice indeed ! But are the markers files not enough, instead of also having a table in the DB ?

On Mon, Nov 9, 2015 at 1:20 PM, Stian Thorgersen <sthorger(a)redhat.com&gt; wrote: > Currently we support importing a complete realm definition using the > import/export feature. Issues with the current approach is: > > * Only complete realm - not possible to add to an existing realm > * No good feedback if import was successful or not > * Use of system properties to initiate the import is not very user > friendly > * Not very elegant for provisioning. For example a Docker image that > want's to bundle some initial setup ends up always running the import of a > realm, which is skipped if realm exists > > To solve this I've come up with the following proposal: > > Allow dropping representations to be imported into 'standalone/import'. > This should support creating a new realm as well as importing into an > existing realm. When importing into an existing realm we will have an > import strategy that is used to configure what happens if a resource exists > (user, role, identity provider, user federtation provider). The import > strategies are: > > * Skip - existing resources are skipped, > * Fail - if any resource exists nothing is imported > * Overwrite - any existing resources are deleted. > > The directory will be scanned at startup, but there will also be an > option to monitor this directory at runtime. > > To prevent a file being imported multiple times (also to make sure only > one node in a cluster imports) we will have a table in the database that > contains what files was imported, from what node, date and result > (including a list of what resources where imported, which was not, and > stack trace if applicable). The primary key will be the checksum of the > file. We will also add marker files (<json file>.imported or <json > file>.failed). The contents of the marker files will be a json object with > date imported, outcome (including stack trace if applicable) as well as a > complete list of what resources was successfully imported, what where not. > > The files will also allow resolving system properties and environment > variables. For example: > > { > "secret": "${env.MYCLIENT_SECRET}" > } > > This will be very convenient for example with Docker as it would be very > easy to create a Docker image that extends ours to add a few clients and > users. > > It will also be convenient for examples as it will make it possible to > add the required clients and users to an existing realm. > > > > _______________________________________________ > keycloak-dev mailing list > keycloak-dev(a)lists.jboss.org > https://lists.jboss.org/mailman/listinfo/keycloak-dev >