Resolved errors during component import referencing groups
Whenever a component being imported contained a reference to a group also being imported, the group was not found because groups were being imported after components by DefaultImportExportManager Closes #10730 Signed-off-by: Kyale <github@chalkyweb.com>
This commit is contained in:
parent
8d314a69a0
commit
a35edeb488
3 changed files with 222 additions and 7 deletions
|
@ -419,6 +419,13 @@ public class DefaultExportImportManager implements ExportImportManager {
|
|||
newRealm.setBrowserSecurityHeaders(BrowserSecurityHeaders.realmDefaultHeaders);
|
||||
}
|
||||
|
||||
if (rep.getGroups() != null) {
|
||||
importGroups(newRealm, rep);
|
||||
if (rep.getDefaultGroups() != null) {
|
||||
KeycloakModelUtils.setDefaultGroups(session, newRealm, rep.getDefaultGroups().stream());
|
||||
}
|
||||
}
|
||||
|
||||
if (rep.getComponents() != null) {
|
||||
MultivaluedHashMap<String, ComponentExportRepresentation> components = rep.getComponents();
|
||||
String parentId = newRealm.getId();
|
||||
|
@ -427,12 +434,6 @@ public class DefaultExportImportManager implements ExportImportManager {
|
|||
|
||||
importUserFederationProvidersAndMappers(session, rep, newRealm);
|
||||
|
||||
if (rep.getGroups() != null) {
|
||||
importGroups(newRealm, rep);
|
||||
if (rep.getDefaultGroups() != null) {
|
||||
KeycloakModelUtils.setDefaultGroups(session, newRealm, rep.getDefaultGroups().stream());
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
// create users and their role mappings and social mappings
|
||||
|
@ -663,7 +664,6 @@ public class DefaultExportImportManager implements ExportImportManager {
|
|||
}
|
||||
}
|
||||
|
||||
|
||||
public static void renameRealm(RealmModel realm, String name) {
|
||||
if (name.equals(realm.getName())) {
|
||||
return;
|
||||
|
|
|
@ -25,6 +25,7 @@ import org.junit.runners.MethodSorters;
|
|||
import org.keycloak.authorization.AuthorizationProvider;
|
||||
import org.keycloak.authorization.model.ResourceServer;
|
||||
import org.keycloak.common.Profile;
|
||||
import org.keycloak.component.ComponentModel;
|
||||
import org.keycloak.exportimport.Strategy;
|
||||
import org.keycloak.exportimport.util.ImportUtils;
|
||||
import org.keycloak.models.ClientModel;
|
||||
|
@ -49,6 +50,7 @@ import java.nio.charset.StandardCharsets;
|
|||
import java.util.Collection;
|
||||
import java.util.Map;
|
||||
import java.util.Objects;
|
||||
import java.util.Optional;
|
||||
import java.util.concurrent.atomic.AtomicReference;
|
||||
import java.util.stream.Collectors;
|
||||
|
||||
|
@ -155,6 +157,23 @@ public class ImportTest extends AbstractTestRealmKeycloakTest {
|
|||
});
|
||||
}
|
||||
|
||||
// https://github.com/keycloak/keycloak/issues/10730
|
||||
@Test
|
||||
public void importLdapWithReferenceToGroupBeingImported() {
|
||||
RealmRepresentation testRealm = loadJson(getClass().getResourceAsStream("/model/testrealm-ldap-group.json"), RealmRepresentation.class);
|
||||
adminClient.realms().create(testRealm);
|
||||
testingClient.server().run(session -> {
|
||||
RealmModel realm = session.realms().getRealmByName("ldap-group-import-bug");
|
||||
|
||||
Optional<ComponentModel> hardCodedGroup = realm.getComponentsStream()
|
||||
.filter((component) -> component.getName().equals("hard-coded-group"))
|
||||
.findFirst();
|
||||
|
||||
|
||||
Assert.assertTrue(hardCodedGroup.isPresent());
|
||||
});
|
||||
}
|
||||
|
||||
@Test
|
||||
public void importUserProfile() throws Exception {
|
||||
final String realmString = IOUtils.toString(getClass().getResourceAsStream("/model/import-userprofile.json"), StandardCharsets.UTF_8);
|
||||
|
|
|
@ -0,0 +1,196 @@
|
|||
{
|
||||
"realm": "ldap-group-import-bug",
|
||||
"enabled": true,
|
||||
"accessTokenLifespan": 300,
|
||||
"accessCodeLifespan": 10,
|
||||
"accessCodeLifespanUserAction": 600,
|
||||
"sslRequired": "external",
|
||||
"requiredCredentials": [
|
||||
"password"
|
||||
],
|
||||
"users": [
|
||||
{
|
||||
"username": "kyale",
|
||||
"enabled": true,
|
||||
"email": "kyale@foo.bar",
|
||||
"credentials": [
|
||||
{
|
||||
"type": "Password",
|
||||
"value": "password"
|
||||
}
|
||||
],
|
||||
"realmRoles": [
|
||||
"user"
|
||||
]
|
||||
}
|
||||
],
|
||||
"oauthClients": [
|
||||
{
|
||||
"name": "third-party",
|
||||
"enabled": true,
|
||||
"secret": "password"
|
||||
}
|
||||
],
|
||||
"roles": {
|
||||
"realm": [
|
||||
{
|
||||
"name": "user",
|
||||
"description": "Have User privileges"
|
||||
},
|
||||
{
|
||||
"name": "admin",
|
||||
"description": "Have Administrator privileges"
|
||||
}
|
||||
]
|
||||
},
|
||||
"groups": [
|
||||
{
|
||||
"name": "hardcoded",
|
||||
"path": "/hardcoded",
|
||||
"subGroups": [],
|
||||
"attributes": {},
|
||||
"realmRoles": [],
|
||||
"clientRoles": {}
|
||||
}
|
||||
],
|
||||
"scopeMappings": [
|
||||
{
|
||||
"client": "third-party",
|
||||
"roles": [
|
||||
"user"
|
||||
]
|
||||
}
|
||||
],
|
||||
"applications": [
|
||||
{
|
||||
"name": "customer-portal",
|
||||
"enabled": true,
|
||||
"adminUrl": "http://localhost:8080/customer-portal/j_admin_request",
|
||||
"secret": "password"
|
||||
},
|
||||
{
|
||||
"name": "product-portal",
|
||||
"enabled": true,
|
||||
"adminUrl": "http://localhost:8080/product-portal/j_admin_request",
|
||||
"secret": "password"
|
||||
}
|
||||
],
|
||||
"components": {
|
||||
"org.keycloak.storage.UserStorageProvider": [
|
||||
{
|
||||
"id": "34192d41-8e0d-4a2f-916e-7061de988801",
|
||||
"name": "LDAP Login",
|
||||
"providerId": "ldap",
|
||||
"subComponents": {
|
||||
"org.keycloak.storage.ldap.mappers.LDAPStorageMapper": [
|
||||
{
|
||||
"name": "hard-coded-group",
|
||||
"providerId": "hardcoded-ldap-group-mapper",
|
||||
"subComponents": {},
|
||||
"config": {
|
||||
"group": [
|
||||
"hardcoded"
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"config": {
|
||||
"fullSyncPeriod": [
|
||||
"-1"
|
||||
],
|
||||
"pagination": [
|
||||
"false"
|
||||
],
|
||||
"startTls": [
|
||||
"false"
|
||||
],
|
||||
"connectionPooling": [
|
||||
"true"
|
||||
],
|
||||
"usersDn": [
|
||||
"OU=users,DC=apmoller,DC=local"
|
||||
],
|
||||
"cachePolicy": [
|
||||
"DEFAULT"
|
||||
],
|
||||
"useKerberosForPasswordAuthentication": [
|
||||
"false"
|
||||
],
|
||||
"importEnabled": [
|
||||
"false"
|
||||
],
|
||||
"enabled": [
|
||||
"true"
|
||||
],
|
||||
"bindDn": [
|
||||
"CN=admin,DC=apmoller,DC=local"
|
||||
],
|
||||
"changedSyncPeriod": [
|
||||
"-1"
|
||||
],
|
||||
"bindCredential": [
|
||||
"**********"
|
||||
],
|
||||
"usernameLDAPAttribute": [
|
||||
"uid"
|
||||
],
|
||||
"vendor": [
|
||||
"other"
|
||||
],
|
||||
"uuidLDAPAttribute": [
|
||||
"entryUUID"
|
||||
],
|
||||
"allowKerberosAuthentication": [
|
||||
"false"
|
||||
],
|
||||
"connectionUrl": [
|
||||
"ldap://mock-ldap.apmt-dpos.svc.cluster.local:389"
|
||||
],
|
||||
"syncRegistrations": [
|
||||
"false"
|
||||
],
|
||||
"authType": [
|
||||
"simple"
|
||||
],
|
||||
"krbPrincipalAttribute": [
|
||||
"userPrincipalName"
|
||||
],
|
||||
"customUserSearchFilter": [
|
||||
"(objectClass=*)"
|
||||
],
|
||||
"searchScope": [
|
||||
"2"
|
||||
],
|
||||
"useTruststoreSpi": [
|
||||
"always"
|
||||
],
|
||||
"usePasswordModifyExtendedOp": [
|
||||
"false"
|
||||
],
|
||||
"trustEmail": [
|
||||
"false"
|
||||
],
|
||||
"userObjectClasses": [
|
||||
"inetOrgPerson"
|
||||
],
|
||||
"rdnLDAPAttribute": [
|
||||
"uid"
|
||||
],
|
||||
"referral": [
|
||||
"ignore"
|
||||
],
|
||||
"readTimeout": [
|
||||
"5000"
|
||||
],
|
||||
"editMode": [
|
||||
"READ_ONLY"
|
||||
],
|
||||
"validatePasswordPolicy": [
|
||||
"false"
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
Loading…
Reference in a new issue