Skip to content

Commit

Permalink
Add import.validate flag
Browse files Browse the repository at this point in the history
  • Loading branch information
@jkroepke
jkroepke committed Jan 11, 2022
1 parent cfb99f7 commit fc0117f
Show file tree
Hide file tree
Showing 6 changed files with 17 additions and 3 deletions.
1 change: 1 addition & 0 deletions CHANGELOG.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -8,6 +8,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),

### Changes

- Add `--import.validate` flag to disable pre validation checks inside keycloak-config-cli.
- Change maven wrapper to official one (https://maven.apache.org/wrapper/)

## [4.5.0] - 2021-12-19
Expand Down
1 change: 1 addition & 0 deletions README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -228,6 +228,7 @@ Checkout helm docs about [chart dependencies](https://helm.sh/docs/topics/charts
| --keycloak.availability-check.timeout | KEYCLOAK_AVAILABILITYCHECK_TIMEOUT | Wait timeout for keycloak availability check | `120s` | |
| --import.path | IMPORT_PATH | Location of config files (if location is a directory, all files will be imported) | `/config` | [Spring ResourceLoader](https://docs.spring.io/spring-framework/docs/current/reference/html/core.html#resources-resourceloader) |
| --import.force | IMPORT_FORCE | Import realm even if config from `--import.path` is unchanged | `false` | |
| --import.validate | IMPORT_VALIDATE | Validate configuration settings | `false` | |
| --import.cache-key | IMPORT_CACHEKEY | Cache key for importing config. | `default` | |
| --import.state | IMPORT_STATE | Enable state management. Purge only resources managed by kecloak-config-cli. S. | `true` | [MANAGED.md](docs/MANAGED.md) |
| --import.state-encryption-key | IMPORT_STATEENCRYPTIONKEY | Enables state in encrypted format. If unset, state will be stored in plain | - | |
Expand Down
9 changes: 9 additions & 0 deletions src/main/java/de/adorsys/keycloak/config/properties/ImportConfigProperties.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -48,6 +48,9 @@ public class ImportConfigProperties {
@NotNull
private final boolean force;

@NotNull
private final boolean validate;

@NotBlank
private final String cacheKey;

Expand Down Expand Up @@ -93,6 +96,7 @@ public ImportConfigProperties(
String path,
boolean varSubstitution,
boolean force,
boolean validate,
String cacheKey,
boolean state,
String stateEncryptionKey,
Expand All @@ -110,6 +114,7 @@ public ImportConfigProperties(
this.path = path;
this.varSubstitution = varSubstitution;
this.force = force;
this.validate = validate;
this.cacheKey = cacheKey;
this.state = state;
this.stateEncryptionKey = stateEncryptionKey;
Expand All @@ -134,6 +139,10 @@ public boolean isForce() {
return force;
}

public boolean isValidate() {
return validate;
}

public boolean isVarSubstitution() {
return varSubstitution;
}
Expand Down
4 changes: 2 additions & 2 deletions src/main/java/de/adorsys/keycloak/config/service/ClientImportService.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -145,7 +145,7 @@ private void createOrUpdateClient(
) {
String realmName = realmImport.getRealm();

if (client.getAuthorizationSettings() != null) {
if (importConfigProperties.isValidate() && client.getAuthorizationSettings() != null) {
if (TRUE.equals(client.isBearerOnly()) || TRUE.equals(client.isPublicClient())) {
throw new ImportProcessingException(String.format(
"Unsupported authorization settings for client '%s' in realm '%s': "
Expand Down Expand Up @@ -273,7 +273,7 @@ private void updateAuthorization(
ClientRepresentation client,
ResourceServerRepresentation authorizationSettingsToImport
) {
if (TRUE.equals(client.isBearerOnly()) || TRUE.equals(client.isPublicClient())) {
if (importConfigProperties.isValidate() && (TRUE.equals(client.isBearerOnly()) || TRUE.equals(client.isPublicClient()))) {
throw new ImportProcessingException(String.format(
"Unsupported authorization settings for client '%s' in realm '%s': "
+ "client must be confidential.",
Expand Down
1 change: 1 addition & 0 deletions src/main/resources/application.properties
View file
Original file line number Diff line number Diff line change
Expand Up @@ -21,6 +21,7 @@ import.var-substitution-undefined-throws-exceptions=true
import.var-substitution-prefix=$(
import.var-substitution-suffix=)
import.force=false
import.validate=true
import.state=true
import.sync-user-federation=false
# For security reasons, change this value if you want to encrypt the state
Expand Down
4 changes: 3 additions & 1 deletion src/test/java/de/adorsys/keycloak/config/properties/ImportConfigPropertiesTest.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -46,6 +46,7 @@
"import.var-substitution-prefix=$(",
"import.var-substitution-suffix=)",
"import.force=true",
"import.validate=false",
"import.path=other",
"import.state=false",
"import.state-encryption-key=password",
Expand All @@ -66,7 +67,7 @@
"import.managed.client=no-delete",
"import.sync-user-federation=true",
"import.remove-default-role-from-user=true",
"import.skip-attributes-for-federated-user=true"
"import.skip-attributes-for-federated-user=true",
})
class ImportConfigPropertiesTest {

Expand All @@ -83,6 +84,7 @@ void shouldPopulateConfigurationProperties() {
assertThat(properties.getVarSubstitutionPrefix(), is("$("));
assertThat(properties.getVarSubstitutionSuffix(), is(")"));
assertThat(properties.isForce(), is(true));
assertThat(properties.isValidate(), is(false));
assertThat(properties.getCacheKey(), is("custom"));
assertThat(properties.isState(), is(false));
assertThat(properties.getStateEncryptionKey(), is("password"));
Expand Down

0 comments on commit fc0117f

Please sign in to comment.