Conversation
| @@ -0,0 +1,31 @@ | |||
| FROM quay.io/ecosystem-appeng/keycloak-source:latest as keycloak | |||
|
|
|||
| FROM registry.access.redhat.com/ubi9/openjdk-11-runtime | |||
There was a problem hiding this comment.
Why did you pick this image?
i don't think it's the latest
There was a problem hiding this comment.
i did not chose it. i Reused from
https://github.com/dmartinol/keycloak-change-admin-kcadm/tree/main/docker
youe mean the openjdk or the Keycloak one?
| RUN chmod +x /opt/keycloak/bin/user-import.sh | ||
| RUN chmod +x /opt/keycloak/bin/user-export.sh | ||
| RUN chmod +x /opt/keycloak/bin/groups-ids-wrapper.sh | ||
|
|
There was a problem hiding this comment.
Every line in the docker file adds a layer in the docker image, increasing the size.
https://docs.docker.com/build/guide/layers/
e.g try to cluster the copy commands
| @@ -0,0 +1,17 @@ | |||
| #!/bin/bash | |||
|
|
|||
There was a problem hiding this comment.
That's the main file and the only one visible in the root folder - rename it to keyclock-user-cli or similar
| elif [ "$1" = "export" ]; then | ||
| echo "Performing export..." | ||
| export WORK_DIRECTORY=/home/default/EXPORT_DIR | ||
| user-export.sh |
There was a problem hiding this comment.
Move user-export.sh and user-import.sh and accordingly change path
also i would add an "help" option
There was a problem hiding this comment.
i didnt understand
`
Move user-export.sh and user-import.sh and accordingly change path
`
There was a problem hiding this comment.
Goes with the previous comment
user-export. sh and user-import. sh should not be in the root folder as you don't expect users to use them directly
There was a problem hiding this comment.
you mean in the repo?
because the code you commented about is relevant only inside the container,
There was a problem hiding this comment.
Is there an example of the user.csv file?
There was a problem hiding this comment.
yep, it is a json not a csv
-
below is the username/id for all server users
[ {
"id" : "c29a1789-fb7f-4e11-a0a0-61f2d30fe009",
"username" : "kcm"
}, {
"id" : "1a468df5-1ab1-4144-9d8c-736dac74181b",
"username" : "names"
}, {
"id" : "31d4e96a-c982-450b-9dec-d6639c23d65a",
"username" : "namess"
} ] -
this is an example of a single user
{
"username" : "kcm",
"enabled" : true,
"totp" : false,
"emailVerified" : true,
"firstName" : "KCM",
"lastName" : "Admin",
"email" : "temp@test.com",
"attributes" : {
"test" : [ "test" ]
},
"disableableCredentialTypes" : [ ],
"requiredActions" : [ ],
"notBefore" : 0,
"access" : {
"manageGroupMembership" : true,
"view" : true,
"mapRoles" : true,
"impersonate" : true,
"manage" : true
}
}
| kcadm.sh get users/$user_id --fields '*(*(*(*(*(*))))),-id,-createdTimestamp' --realm $EXPORT_REALM --server $EXPORT_KEYCLOAK_SERVER --token $EXPORT_TOKEN --no-config > $WORK_DIRECTORY/$username/USER.json | ||
|
|
||
| # If failed to get user, skip the current iteration | ||
| if [ $? -ne 0 ]; then |
There was a problem hiding this comment.
Consider writing to a log file
There was a problem hiding this comment.
sure, will make it through the Makefile
(container output redirect), where ir un the container in interactive mode
There was a problem hiding this comment.
its again based on Danielles Dockerfile, and the lib dir is from the official Keycloak release,
but tried to remove the library and nothing got broken ...
, move scripts to scripts directory, remove all the keycloak libs/modules, as we will be geting them always from the image
replaced the authentication method to the one requested by Babak in the ticket
removed the central control script
containerized the application
added Makefile for make easy run
reduced the number of needed parameters