Skip to content
Open
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Binary file added .DS_Store
Binary file not shown.
29 changes: 29 additions & 0 deletions Dockerfile
Original file line number Diff line number Diff line change
@@ -0,0 +1,29 @@
FROM quay.io/ecosystem-appeng/keycloak-source:latest as keycloak

FROM registry.access.redhat.com/ubi9/openjdk-11-runtime

Copy link
Copy Markdown
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Why did you pick this image?
i don't think it's the latest

@nemerna nemerna Jul 9, 2023

Copy link
Copy Markdown
Owner Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

i did not chose it. i Reused from
https://github.com/dmartinol/keycloak-change-admin-kcadm/tree/main/docker

youe mean the openjdk or the Keycloak one?

Copy link
Copy Markdown
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

latest compatible

WORKDIR /opt/keycloak/bin
ARG KEYCLOAK_VERSION=21.1.1

USER root
# COPY ca-bundle.crt /etc/pki/ca-trust/source/anchors
# RUN update-ca-trust extract
# RUN trust list --filter=ca-anchors | grep ingress -A3

RUN microdnf install -y jq
RUN mkdir -p /opt/keycloak/bin/client/lib/

COPY --from=keycloak /opt/keycloak/bin/client/keycloak-admin-cli-${KEYCLOAK_VERSION}.jar client
COPY --from=keycloak /opt/keycloak/bin/client/lib/ client/lib/
COPY --from=keycloak /opt/keycloak/bin/kcadm.sh .

COPY scripts/*.sh /opt/keycloak/bin/


RUN chmod +x /opt/keycloak/bin/Entrypoint.sh && \
chmod +x /opt/keycloak/bin/kcadm.sh && \
chmod +x /opt/keycloak/bin/user-import.sh && \
chmod +x /opt/keycloak/bin/user-export.sh && \
chmod +x /opt/keycloak/bin/groups-ids-wrapper.sh

Copy link
Copy Markdown
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Every line in the docker file adds a layer in the docker image, increasing the size.
https://docs.docker.com/build/guide/layers/
e.g try to cluster the copy commands

Copy link
Copy Markdown
Owner Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Sure

USER 185
ENTRYPOINT ["/opt/keycloak/bin/Entrypoint.sh"]
36 changes: 36 additions & 0 deletions Makefile
Original file line number Diff line number Diff line change
@@ -0,0 +1,36 @@

help: ## Prints help for targets with comments
@grep -E '^[a-zA-Z0-9.\ _-]+:.*?## .*$$' $(MAKEFILE_LIST) | sort | awk 'BEGIN {FS = ":.*?## "}; {printf "\033[36m%-30s\033[0m %s\n", $$1, $$2}'

build:
docker build -t kc-exim:latest .

export: ## run an export job, exports remote server users into local filesystem


docker run -it \
-e EXPORT_KEYCLOAK_SERVER=$(EXPORT_KEYCLOAK_SERVER) \
-e EXPORT_REALM=$(EXPORT_REALM) \
-e EXPORT_TOKEN=$(token) \
-v $(WORK_DIRECTORY):/home/default/EXPORT_DIR \
kc-exim:latest export

# export: ## run an export job, exports remote server users into local filesystem


# CONTAINER_ID=$$(docker run -d \
# -e EXPORT_KEYCLOAK_SERVER=$(EXPORT_KEYCLOAK_SERVER) \
# -e EXPORT_REALM=$(EXPORT_REALM) \
# -e EXPORT_TOKEN=$(token) \
# -v $(WORK_DIRECTORY):/home/default/EXPORT_DIR \
# kc-exim:latest export); \
# docker wait $${CONTAINER_ID}

import: ## run an import job, imports local users/groups into a remote server

docker run -it \
-e IMPORT_KEYCLOAK_SERVER=$(IMPORT_KEYCLOAK_SERVER) \
-e IMPORT_REALM=$(IMPORT_REALM) \
-e IMPORT_TOKEN=$(token) \
-v $(WORK_DIRECTORY):/home/default/IMPORT_DIR \
kc-exim:latest import
85 changes: 33 additions & 52 deletions README.md
Original file line number Diff line number Diff line change
@@ -1,69 +1,50 @@
# kcum
key cloak user migrationr shell scripts
# kc-exim
KeyCloak user Export/Import tool

## about
this app contains the kcadm.sh and its dependincies script provided with the latest Keycloak distibution.
in addition a customized scripts that uses the kcadm.sh to export/import keycloak users from a server/realm into a target server/realm
it does export relevant user infor including attributes
it does export group paths
during the import, the same groups expected to pre-exist in the target server, and the newly migrated users will join the target groups according to the target server group ids, (automatically)
## how to run **docker-needed**

## how to run
### build
```
make build
```

1. clone

```
### EXPORT

git clone git@github.com:nemerna/kcum.git
1. prepare variables
```
# export the following env variables
EXPORT_KEYCLOAK_SERVER=http://localhost:2020
EXPORT_REALM=kcm
EXPORT_TOKEN=xxxxx
WORK_DIRECTORY=$(pwd)/some-dir
```
2. move to the project dir directory

2. start the EXPORT job
```
cd kcum
make export
```

3. add the bin to your PATH

### IMPORT

1. prepare variables
```
export PATH=$PATH:$(pwd)/bin
# export the following env variables
IMPORT_KEYCLOAK_SERVER=http://localhost:1010
IMPORT_REALM=kcm
IMPORT_TOKEN=xxxxx
WORK_DIRECTORY=$(pwd)/some-dir-that-contain-previous-export

```

4. export relevant env vars

2. start the IMPORT job
```
make import
```

#the work directory to proccess directory (always should be set)
export WORK_DIRECTORY=./USERMANAGER_EXPORT

# the source server url (copy from)
export IMPORT_KEYCLOAK_SERVER=https://src-server.com

# the realm of the source server (copy from)
export IMPORT_REALM=src-realm

# the client-id of the source server (copy from)
export IMPORT_CLIENT=src-client

# the client secret of the source server (copy from)
export IMPORT_SECRET=src-secret


# the target server url (create in)
export EXPORT_KEYCLOAK_SERVER=https://target-server.com

# the realm of the target server (create in)
export EXPORT_REALM=target-realm

# the client-id of the target server (create in)
export EXPORT_CLIENT=target-client

# the client secret of the target server (create in)
export EXPORT_SECRET=target-secret
### obtaining a token

```
4. run the user manager

```
user-manager.sh [export | import | migrate]
```
**NOTE: when you export, only export parameters needed, when import then only import parameters are needed, when igrate you need to specify both export and import related variables**
```
export token=$(curl -X POST --location "https://your-keyclaok-server/realms/kcm/protocol/openid-connect/token" -H "Content-Type: application/x-www-form-urlencoded" -d "grant_type=password&username=your-user-name&password=no-one-knows&client_id=your-client-id" | jq -r .access_token)
```
Binary file removed bin/client/keycloak-admin-cli-21.1.2.jar
Binary file not shown.
Binary file not shown.
Binary file removed bin/client/lib/bcprov-jdk15on-1.70.jar
Binary file not shown.
Binary file removed bin/client/lib/keycloak-crypto-default-21.1.2.jar
Binary file not shown.
Binary file removed bin/client/lib/keycloak-crypto-fips1402-21.1.2.jar
Binary file not shown.
175 changes: 0 additions & 175 deletions bin/kc.bat

This file was deleted.

Loading