Re: [keycloak-user] How to migrate users and roles from in-house storage

Oh, awesome! Going to add tests, open JIRA ticket and update PR. Thanks Stian, Pires On Thu, Jul 21, 2016 at 1:13 PM Stian Thorgersen <sthorger(a)redhat.com&gt; wrote: > We like cowboy style :) > > Could you add a JIRA please? > > Also you could add tests to > https://github.com/keycloak/keycloak/blob/master/testsuite/integration-ar... > > On 21 July 2016 at 13:13, Paulo Pires <pires(a)littlebits.cc&gt; wrote: > >> I went ahead, cowboy style and opened a PR for it >> https://github.com/keycloak/keycloak/pull/3056 >> >> Couldn't find tests so didn't add any. >> >> Pires >> >> On Thu, Jul 21, 2016 at 12:06 PM Paulo Pires <pires(a)littlebits.cc&gt; >> wrote: >> >>> Something like this should work though: >>> >>> @GET >>> @Produces({"application/json"}) >>> @Path("default-roles") >>> List<RoleRepresentation> getDefaultRoles(); >>> >>> @PUT >>> @Path("default-roles/{roleId}") >>> void addDefaultRole(@PathParam("roleId") String roleId); >>> >>> @DELETE >>> @Path("default-roles/{roleId}") >>> void removeDefaultRole(@PathParam("roleId") String roleId); >>> >>> On Thu, Jul 21, 2016 at 12:03 PM Paulo Pires <pires(a)littlebits.cc&gt; >>> wrote: >>> >>>> It's working like a charm :) >>>> >>>> Some things I learned: >>>> * Need to import resteasy deps for keycloak-admin-cli explicitly >>>> * Methods won't return errors but will throw InvocationTargetException >>>> (must be checked) >>>> >>>> Question: is there a way to set default roles? I can't seem to find it >>>> in the Java code but it is available through REST. >>>> >>>> Thanks, >>>> Pires >>>> >>>> On Thu, Jul 21, 2016 at 8:47 AM Paulo Pires <pires(a)littlebits.cc&gt; >>>> wrote: >>>> >>>>> Thank you Bruno, I haven't been able to verify your code but I assume >>>>> you're sharing it because it works. >>>>> >>>>> It seems pretty trivial, awesome! >>>>> >>>>> Cheers, >>>>> Pires >>>>> >>>>> On Wed, Jul 20, 2016 at 9:30 PM Bruno Oliveira <bruno(a)abstractj.org&gt; >>>>> wrote: >>>>> >>>>>> Note sure if it helps, but an example about how to do it >>>>>> programatically is here[1]. >>>>>> >>>>>> I just adapted from the admin-client[2]. >>>>>> >>>>>> >>>>>> [1] - >>>>>> https://gist.github.com/abstractj/78b127e8c9273cdcea6eb82a1cfc153c >>>>>> [2] - >>>>>> https://github.com/keycloak/keycloak/tree/master/examples/admin-client >>>>>> >>>>>> On 2016-07-20, Paulo Pires wrote: >>>>>> > I did check the admin-cli JAR but it's not clear how to add roles >>>>>> and >>>>>> > users, or if it's even implemented (I did check the REST API and >>>>>> there's >>>>>> > endpoints for that). >>>>>> > >>>>>> > Thank you very much for clarifying, >>>>>> > Pires >>>>>> > >>>>>> > On Wed, Jul 20, 2016 at 2:52 PM Stian Thorgersen < >>>>>> sthorger(a)redhat.com&gt; >>>>>> > wrote: >>>>>> > >>>>>> > > Yep, take a look at >>>>>> > > >>>>>> https://keycloak.gitbooks.io/server-developer-guide/content/topics/admin-... >>>>>> > > >>>>>> > > On 20 July 2016 at 15:33, Paulo Pires <pires(a)littlebits.cc&gt; >>>>>> wrote: >>>>>> > > >>>>>> > >> More than 150k. Is there a Java library for the REST api? >>>>>> > >> >>>>>> > >> On Jul 20, 2016 13:56, "Stian Thorgersen" <sthorger(a)redhat.com&gt; >>>>>> wrote: >>>>>> > >> >>>>>> > >>> Depending on the amount of users I'd use either partial import >>>>>> through >>>>>> > >>> the admin console (if you don't have more than a thousand or >>>>>> so users) or >>>>>> > >>> use the admin REST endpoints if you have quite a lot of users. >>>>>> > >>> >>>>>> > >>> On 20 July 2016 at 11:52, Paulo Pires <pires(a)littlebits.cc&gt; >>>>>> wrote: >>>>>> > >>> >>>>>> > >>>> Hi all, >>>>>> > >>>> >>>>>> > >>>> I'm in the process of migrating from an in-house user-role >>>>>> storage to >>>>>> > >>>> Keycloak and I'm looking for programmatic (Java) ways to >>>>>> migrate all >>>>>> > >>>> current users to the new storage. And I need your help to >>>>>> figure out the >>>>>> > >>>> best approach. >>>>>> > >>>> >>>>>> > >>>> At first, when reading KC documentation, I believed I could >>>>>> easily >>>>>> > >>>> achieve this by implementing a User Federation provider but >>>>>> after diving a >>>>>> > >>>> little more into it, and looking for examples, I can't see a >>>>>> way to migrate >>>>>> > >>>> all users on-demand but simply one user at a time, possible >>>>>> during log-in. >>>>>> > >>>> >>>>>> > >>>> Next, I tried and look into ways, such as admin-cli, REST, >>>>>> etc but >>>>>> > >>>> nothing strikes me as the solution to use. >>>>>> > >>>> >>>>>> > >>>> Here's what I was hoping to deliver: >>>>>> > >>>> * Get all roles and users from my soon-to-be deprecated >>>>>> storage, e.g. >>>>>> > >>>> MySQL tables >>>>>> > >>>> * Add roles to KC >>>>>> > >>>> * Iterate users and add user to KC + map roles + update >>>>>> password hashes >>>>>> > >>>> (here I know I need to implement a HashProvider) >>>>>> > >>>> >>>>>> > >>>> Any hints will be appreciated! >>>>>> > >>>> >>>>>> > >>>> Pires >>>>>> > >>>> >>>>>> > >>>> _______________________________________________ >>>>>> > >>>> keycloak-user mailing list >>>>>> > >>>> keycloak-user(a)lists.jboss.org >>>>>> > >>>> https://lists.jboss.org/mailman/listinfo/keycloak-user >>>>>> > >>>> >>>>>> > >>> >>>>>> > >>> >>>>>> > > >>>>>> >>>>>> > _______________________________________________ >>>>>> > keycloak-user mailing list >>>>>> > keycloak-user(a)lists.jboss.org >>>>>> > https://lists.jboss.org/mailman/listinfo/keycloak-user >>>>>> >>>>>> >>>>>> -- >>>>>> >>>>>> abstractj >>>>>> PGP: 0x84DC9914 >>>>>> >>>>> >