I have been experimenting with import/exports more.
Essentially my end goal is, I want to get the JSON of the changes that I have done on UI
so that I can import it to other Keycloak instances in other environments. For instance I
can do my changes on test environment and then just import them to production environment,
without manually doing these changes through UI.
In terms of exporting it seems like only command line option exists. In terms of
importing, there is an import via UI and import via command line.
Command line import doesn’t really work if the realm already exists. You can opt in to
overwrite existing realm; but that actually removes the entire realm with the users; where
the old users are not retrieved back.
Importing via UI, seems like this can be done with two options, first one is via create
realm; which works perfectly fine.
However, if I have an existing realm, and I want to overwrite some changes, then it only
works for clients, IDPs, realm roles and client roles. For instance, if I were to enable
brute force detection, there is no way to import this setting to an existing realm.
So this is basically what I want to accomplish. I want to be able to copy changed UI
configurations to another keycloak instance, so that I would avoid manual UI
configurations.
Next thing I will be trying is to see if this endpoint for updating configuration works:
http://www.keycloak.org/docs-api/2.5/rest-api/index.html#_update_the_top_...
Otherwise, I do not really see any other way to get that changed.
Thanks,
Sarp
On 2/15/2017 1:06 AM, Sarp Kaya wrote:
Hello,
I?m aware of keycloak import/export functionality but when I export keycloak
configuration it exports with bunch of ids. I?m guessing this is useful for back-ups or
duplicating the entire environment.
My problem is, say if you have different environments with slight configuration
differences (because environments probably have different keys, URLs etc.) but would like
to keep majority of the configuration the same; then this export/import becomes unusable:
1) Everything has an id, so therefore just exporting and then importing singular
item will not work due to id mismatch.
If I recall, if you remove an id, a new one
will be created. However,
sometimes an id is used to refer to other things in the data structure
so you have to be careful (Again, going from memory here. Test early
and often).
2) During the import, it?s not possible to select what can be overwritten and what
can be skipped. Importing condition applies for all.
My question is, what is the best practice to configure keycloak in multiple environments?
This can get incredibly complex due to dependencies between entities.
But if you keep it simple enough the current import facilities can suffice.
The best answer I can give is that it just depends on what you are
trying to do.