keycloak-documentation icon indicating copy to clipboard operation
keycloak-documentation copied to clipboard
verified publisher icon keycloak

Impossible to filter group by name using kcadm get groups with -q flag

Open J-Are opened this issue 3 years ago • 1 comments

Describe the bug

Hi, I am trying to get information of specific group using this command from a Kubernetes pod using docker.io/jboss/keycloak:14.0.0 image:kcadm get groups -r <my_realm> -q name=<groupname> (kcadm is an alias for /opt/jboss/keycloak/bin/kcadm.sh_). Unfortunately, the comand returns all the groups in my realm but it did not filter by name as expected.

Another strange thing is if I run with -q flag setted on toto, it also returns all the groups: kcadm get groups -r <my_realm> -q name=toto

I don't understand why -q flag works for get users command, e.g: kcadm get users -r <my_realm> -q username=<username>

Thank you in advance for your help Julien

Version

14.0.0

Expected behavior

bash-4.4$ kcadm get groups -r sdp -q name=group-one [ { "id" : "<id_1>", "name" : "group-one", "path" : "/group-one", "subGroups" : [ ] } ]

Actual behavior

bash-4.4$ kcadm get groups -r sdp -q name=group-one [ { "id" : "<id_1>", "name" : "group-one", "path" : "/group-one", "subGroups" : [ ] }, { "id" : "<id_2>", "name" : "group-two", "path" : "/group-two", "subGroups" : [ ] }, { "id" : "<id_3>", "name" : "group-three", "path" : "/group-three", "subGroups" : [ ] } ]

How to Reproduce?

  • Deploy a keycloak install with 14.0.0 version.
  • Run a container from docker.io/jboss/keycloak:14.0.0 image
  • kcadm config credentials --server <url_of_your_keycloak_server>/auth --realm master --user <keycloak_admin_user> --password <keycloak_admin_password>
  • Create multiple realm groups
  • Run kcadm get groups -r <my_realm> -q name=

Anything else?

No response

J-Are avatar Jan 12 '22 10:01 J-Are

I've recreated the same issue against 19.0.1

./kcadm.sh create groups -r myrealm -s name=mygroup
./kcadm.sh create groups -r myrealm -s name=engineers
./kcadm.sh create groups -r myrealm -s name=managers

# query SHOULD limit to single group, instead shows all
$ ./kcadm.sh get groups -r myrealm -q name=engineers
[ {
  "id" : "15604bf8-f64d-4fb4-8f82-c124cef52541",
  "name" : "engineers",
  "path" : "/engineers",
  "subGroups" : [ ]
}, {
  "id" : "afcb35c7-ca86-4fd4-8344-4ae7a5ca0bcc",
  "name" : "managers",
  "path" : "/managers",
  "subGroups" : [ ]
}, {
  "id" : "6e747246-93e6-4c59-a11b-e219cfa52b58",
  "name" : "mygroup",
  "path" : "/mygroup",
  "subGroups" : [ ]
} ]

fabianlee avatar Sep 08 '22 11:09 fabianlee