KEYCLOAK-6058 Partial import should ignore built-in clients

services/src/main/java/org/keycloak/partialimport/ClientsPartialImport.java

@@ -17,7 +17,9 @@
 
 package org.keycloak.partialimport;
 
+import org.jboss.logging.Logger;
 import org.keycloak.models.ClientModel;
+import org.keycloak.models.Constants;
 import org.keycloak.models.KeycloakSession;
 import org.keycloak.models.RealmModel;
 import org.keycloak.models.utils.KeycloakModelUtils;
@@ -26,7 +28,11 @@ import org.keycloak.representations.idm.ClientRepresentation;
 import org.keycloak.representations.idm.PartialImportRepresentation;
 import org.keycloak.representations.idm.ProtocolMapperRepresentation;
 
+import java.util.ArrayList;
+import java.util.Collections;
+import java.util.HashSet;
 import java.util.List;
+import java.util.Set;
 
 /**
  * PartialImport handler for Clients.
@@ -35,9 +41,28 @@ import java.util.List;
  */
 public class ClientsPartialImport extends AbstractPartialImport<ClientRepresentation> {
 
+    private static Set<String> INTERNAL_CLIENTS = Collections.unmodifiableSet(new HashSet(Constants.defaultClients));
+
+    private static Logger logger = Logger.getLogger(ClientsPartialImport.class);
+
     @Override
     public List<ClientRepresentation> getRepList(PartialImportRepresentation partialImportRep) {
-        return partialImportRep.getClients();
+        List<ClientRepresentation> clients = partialImportRep.getClients();
+        if (clients == null || clients.size() == 0) {
+            return clients;
+        }
+
+        // filter out internal clients
+        List<ClientRepresentation> ret = new ArrayList();
+
+        for (ClientRepresentation c: clients) {
+            if (!isInternalClient(c.getClientId())) {
+                ret.add(c);
+            } else {
+                logger.debugv("Internal client {0} will not be processed", c.getClientId());
+            }
+        }
+        return ret;
     }
 
     @Override
@@ -85,4 +110,10 @@ public class ClientsPartialImport extends AbstractPartialImport<ClientRepresenta
         RepresentationToModel.createClient(session, realm, clientRep, true);
     }
 
+    public static boolean isInternalClient(String clientId) {
+        if (clientId != null && clientId.endsWith("-realm")) {
+            return true;
+        }
+        return INTERNAL_CLIENTS.contains(clientId);
+    }
 }

testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/partialimport/PartialImportTest.java

@@ -645,4 +645,17 @@ public class PartialImportTest extends AbstractAuthTest {
                 
         doImport();
     }
+
+    // KEYCLOAK-6058
+    @Test
+    public void testOverwriteExistingInternalClient() {
+        setOverwrite();
+        ClientRepresentation client = adminClient.realm(MASTER).clients().findByClientId("security-admin-console").get(0);
+        ClientRepresentation client2 = adminClient.realm(MASTER).clients().findByClientId("master-realm").get(0);
+        piRep.setClients(Arrays.asList(client, client2));
+
+        PartialImportResults result = doImport();
+        Assert.assertEquals(0, result.getOverwritten());
+    }
+
 }