-
Notifications
You must be signed in to change notification settings - Fork 0
code refactor #1
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
base: main
Are you sure you want to change the base?
Changes from all commits
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,29 @@ | ||
| FROM quay.io/ecosystem-appeng/keycloak-source:latest as keycloak | ||
|
|
||
| FROM registry.access.redhat.com/ubi9/openjdk-11-runtime | ||
| WORKDIR /opt/keycloak/bin | ||
| ARG KEYCLOAK_VERSION=21.1.1 | ||
|
|
||
| USER root | ||
| # COPY ca-bundle.crt /etc/pki/ca-trust/source/anchors | ||
| # RUN update-ca-trust extract | ||
| # RUN trust list --filter=ca-anchors | grep ingress -A3 | ||
|
|
||
| RUN microdnf install -y jq | ||
| RUN mkdir -p /opt/keycloak/bin/client/lib/ | ||
|
|
||
| COPY --from=keycloak /opt/keycloak/bin/client/keycloak-admin-cli-${KEYCLOAK_VERSION}.jar client | ||
| COPY --from=keycloak /opt/keycloak/bin/client/lib/ client/lib/ | ||
| COPY --from=keycloak /opt/keycloak/bin/kcadm.sh . | ||
|
|
||
| COPY scripts/*.sh /opt/keycloak/bin/ | ||
|
|
||
|
|
||
| RUN chmod +x /opt/keycloak/bin/Entrypoint.sh && \ | ||
| chmod +x /opt/keycloak/bin/kcadm.sh && \ | ||
| chmod +x /opt/keycloak/bin/user-import.sh && \ | ||
| chmod +x /opt/keycloak/bin/user-export.sh && \ | ||
| chmod +x /opt/keycloak/bin/groups-ids-wrapper.sh | ||
|
|
||
|
Collaborator
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Every line in the docker file adds a layer in the docker image, increasing the size.
Owner
Author
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Sure |
||
| USER 185 | ||
| ENTRYPOINT ["/opt/keycloak/bin/Entrypoint.sh"] | ||
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,36 @@ | ||
|
|
||
| help: ## Prints help for targets with comments | ||
| @grep -E '^[a-zA-Z0-9.\ _-]+:.*?## .*$$' $(MAKEFILE_LIST) | sort | awk 'BEGIN {FS = ":.*?## "}; {printf "\033[36m%-30s\033[0m %s\n", $$1, $$2}' | ||
|
|
||
| build: | ||
| docker build -t kc-exim:latest . | ||
|
|
||
| export: ## run an export job, exports remote server users into local filesystem | ||
|
|
||
|
|
||
| docker run -it \ | ||
| -e EXPORT_KEYCLOAK_SERVER=$(EXPORT_KEYCLOAK_SERVER) \ | ||
| -e EXPORT_REALM=$(EXPORT_REALM) \ | ||
| -e EXPORT_TOKEN=$(token) \ | ||
| -v $(WORK_DIRECTORY):/home/default/EXPORT_DIR \ | ||
| kc-exim:latest export | ||
|
|
||
| # export: ## run an export job, exports remote server users into local filesystem | ||
|
|
||
|
|
||
| # CONTAINER_ID=$$(docker run -d \ | ||
| # -e EXPORT_KEYCLOAK_SERVER=$(EXPORT_KEYCLOAK_SERVER) \ | ||
| # -e EXPORT_REALM=$(EXPORT_REALM) \ | ||
| # -e EXPORT_TOKEN=$(token) \ | ||
| # -v $(WORK_DIRECTORY):/home/default/EXPORT_DIR \ | ||
| # kc-exim:latest export); \ | ||
| # docker wait $${CONTAINER_ID} | ||
|
|
||
| import: ## run an import job, imports local users/groups into a remote server | ||
|
|
||
| docker run -it \ | ||
| -e IMPORT_KEYCLOAK_SERVER=$(IMPORT_KEYCLOAK_SERVER) \ | ||
| -e IMPORT_REALM=$(IMPORT_REALM) \ | ||
| -e IMPORT_TOKEN=$(token) \ | ||
| -v $(WORK_DIRECTORY):/home/default/IMPORT_DIR \ | ||
| kc-exim:latest import |
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,69 +1,50 @@ | ||
| # kcum | ||
| key cloak user migrationr shell scripts | ||
| # kc-exim | ||
| KeyCloak user Export/Import tool | ||
|
|
||
| ## about | ||
| this app contains the kcadm.sh and its dependincies script provided with the latest Keycloak distibution. | ||
| in addition a customized scripts that uses the kcadm.sh to export/import keycloak users from a server/realm into a target server/realm | ||
| it does export relevant user infor including attributes | ||
| it does export group paths | ||
| during the import, the same groups expected to pre-exist in the target server, and the newly migrated users will join the target groups according to the target server group ids, (automatically) | ||
| ## how to run **docker-needed** | ||
|
|
||
| ## how to run | ||
| ### build | ||
| ``` | ||
| make build | ||
| ``` | ||
|
|
||
| 1. clone | ||
|
|
||
| ``` | ||
| ### EXPORT | ||
|
|
||
| git clone git@github.com:nemerna/kcum.git | ||
| 1. prepare variables | ||
| ``` | ||
| # export the following env variables | ||
| EXPORT_KEYCLOAK_SERVER=http://localhost:2020 | ||
| EXPORT_REALM=kcm | ||
| EXPORT_TOKEN=xxxxx | ||
| WORK_DIRECTORY=$(pwd)/some-dir | ||
| ``` | ||
| 2. move to the project dir directory | ||
|
|
||
| 2. start the EXPORT job | ||
| ``` | ||
| cd kcum | ||
| make export | ||
| ``` | ||
|
|
||
| 3. add the bin to your PATH | ||
|
|
||
| ### IMPORT | ||
|
|
||
| 1. prepare variables | ||
| ``` | ||
| export PATH=$PATH:$(pwd)/bin | ||
| # export the following env variables | ||
| IMPORT_KEYCLOAK_SERVER=http://localhost:1010 | ||
| IMPORT_REALM=kcm | ||
| IMPORT_TOKEN=xxxxx | ||
| WORK_DIRECTORY=$(pwd)/some-dir-that-contain-previous-export | ||
|
|
||
| ``` | ||
|
|
||
| 4. export relevant env vars | ||
|
|
||
| 2. start the IMPORT job | ||
| ``` | ||
| make import | ||
| ``` | ||
|
|
||
| #the work directory to proccess directory (always should be set) | ||
| export WORK_DIRECTORY=./USERMANAGER_EXPORT | ||
|
|
||
| # the source server url (copy from) | ||
| export IMPORT_KEYCLOAK_SERVER=https://src-server.com | ||
|
|
||
| # the realm of the source server (copy from) | ||
| export IMPORT_REALM=src-realm | ||
|
|
||
| # the client-id of the source server (copy from) | ||
| export IMPORT_CLIENT=src-client | ||
|
|
||
| # the client secret of the source server (copy from) | ||
| export IMPORT_SECRET=src-secret | ||
|
|
||
|
|
||
| # the target server url (create in) | ||
| export EXPORT_KEYCLOAK_SERVER=https://target-server.com | ||
|
|
||
| # the realm of the target server (create in) | ||
| export EXPORT_REALM=target-realm | ||
|
|
||
| # the client-id of the target server (create in) | ||
| export EXPORT_CLIENT=target-client | ||
|
|
||
| # the client secret of the target server (create in) | ||
| export EXPORT_SECRET=target-secret | ||
| ### obtaining a token | ||
|
|
||
| ``` | ||
| 4. run the user manager | ||
|
|
||
| ``` | ||
| user-manager.sh [export | import | migrate] | ||
| ``` | ||
| **NOTE: when you export, only export parameters needed, when import then only import parameters are needed, when igrate you need to specify both export and import related variables** | ||
| ``` | ||
| export token=$(curl -X POST --location "https://your-keyclaok-server/realms/kcm/protocol/openid-connect/token" -H "Content-Type: application/x-www-form-urlencoded" -d "grant_type=password&username=your-user-name&password=no-one-knows&client_id=your-client-id" | jq -r .access_token) | ||
| ``` |
This file was deleted.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Why did you pick this image?
i don't think it's the latest
Uh oh!
There was an error while loading. Please reload this page.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
i did not chose it. i Reused from
https://github.com/dmartinol/keycloak-change-admin-kcadm/tree/main/docker
youe mean the openjdk or the Keycloak one?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
latest compatible