keycloak-config-cli icon indicating copy to clipboard operation
keycloak-config-cli copied to clipboard

Published 20 hours ago verified publisher icon adorsys

--import.managed.required-action=no-delete doesn't seem to prevent deletion

Open akikoskinen opened this issue 2 years ago • 1 comments

Current Behavior

Keycloak-config-cli deletes all existing required actions, only leaving or creating the one mentioned in the realm JSON.

Expected Behavior

Keycloak-config-cli should leave the existing required actions untouched.

Steps To Reproduce

The realm JSON contains one required action:

...
  "requiredActions": [
    {
      "alias": "verify-email-code-action",
      "name": "Verify email by code",
      "providerId": "verify-email-code-action",
      "enabled": true,
      "defaultAction": false,
      "priority": 1001,
      "config": {}
    }
  ]
...

When running Keycloak-config-cli, the --import.managed.required-action=no-delete option is given.

Environment

  • Keycloak Version: 19.0.2
  • keycloak-config-cli Version: 5.5.0
  • Java Version: 17

Anything else?

To me it looks like RequiredActionsImportService looks for the property for client scopes, while it should probably check the required actions property.

akikoskinen avatar Feb 27 '23 16:02 akikoskinen

Indeed it looks like giving the --import.managed.client-scope=no-delete option prevents deletion of pre-existing required actions.

akikoskinen avatar Feb 27 '23 16:02 akikoskinen