-
Notifications
You must be signed in to change notification settings - Fork 150
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Service Account User always triggers UPDATE USER in keycloak during import #878
Comments
Hi @srose I created a fix for your use case with the user by excluding the |
When applying a JSON or YAML configuration to Keycloak, a comparison is made between the realm defined in the Keycloak console and the configuration you are attempting to import. This process can lead to unintended updates due to additional configurations that Keycloak automatically includes during the import process. For example, if you apply a simple and empty realm configuration like this:
At first glance, it may seem like you’ve only created an empty realm. However, if you export this same realm after the import, you’ll notice that Keycloak has added extra configurations beyond what you initially defined. These additional configurations are automatically provided by Keycloak and can cause unwanted or unnecessary updates during subsequent imports. It’s important to understand that these changes are inherent to how Keycloak operates. While some of these attributes can be safely ignored, others may require proper handling or adjustments in your configuration to prevent issues. For example, certain scenarios can be addressed correctly or fixed, as demonstrated in specific cases like #883 |
Current Behavior
When importing a user configuration that represent a service account, they must have a serviceAccountClientId attribute. This attribute points to the clientId of the client to which this user belongs.
When importing, the user is retrieved and compared, the retrieved user does not contain the serviceAccountClientId attribute. Therefore, the comparison between the user being imported and the existing user always hits as a change and an update is called even though there is no change.
Expected Behavior
The overall idea of keycloak-config-cli means, that api-calls are only triggered in case of a real change.
Steps To Reproduce
Environment
Anything else?
Would be great to get some discussion/adivce:
The text was updated successfully, but these errors were encountered: