Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Import Role by Name #206

Draft
wants to merge 1 commit into
base: main
Choose a base branch
from

Conversation

denniskniep
Copy link
Contributor

@denniskniep denniskniep commented Jan 13, 2025

Description of your changes

There is a feature request around how to import objects via <realm/name> instead of < uuid >

see: #126

There are already some workarounds in place:

  1. Using terraform import property (only a few resources supports that!)
  2. Using crossplane functions to import the built-in objects of keycloak (see here)

This is a proposal how to import resources by name. Code changes are only affecting role resource as an example and foundation for discussions.

We could use a custom implementation of ExternalName config (see here and here)

  • GetIDFn: Use defined props to lookup the Id used in the specific keycloak instance for that resource (i.e. by realmId, clientId & roleId). This could be done by using the terraform projects´s keycloakClient (i.e. kcClient.GetRoleByName(ctx, realmId.(string), clientId.(string), name.(string)))
  • GetExternalNameFn: Builds the ExternalName based on deterministic props (i.e. <realmId>/<clientId>/<roleId>)

What do you think about this approach?

Topics to clarify:

  • External Name and some props are overlapping. In case of role resource realmId, clientId & roleId are specified in properties as well as in external name. As far as I know there is a concept to mitigate that: OmittedFields & SetIdentifierArgumentFn. Issue with that is, that we can´t specify ClientIDRef which is a big downside!

Fixes #126

@Breee
Copy link
Collaborator

Breee commented Jan 22, 2025

i like the idea.

Importing by <realmId>/<clientId>/<roleId> would be perfect, especially if there are no weird keycloak UUIDS involved.

Changing this might break this function:

https://gitlab.com/corewire/images/crossplane/function-keycloak-builtin-objects

but we have to test it

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

feature: Import objects via <realm/name> instead of <uuid>
2 participants