push script import/export clients
This commit is contained in:
parent
d4d0022e73
commit
620df7add4
18
README.md
18
README.md
@ -22,6 +22,14 @@ nano .env
|
||||
docker-compose up -d
|
||||
```
|
||||
|
||||
### EXPORTER LES CLIENTS DU REALM
|
||||
|
||||
- Utiliser le script pour exporter les clients:
|
||||
```bash
|
||||
./keycloak-export-clients.sh
|
||||
export
|
||||
```
|
||||
|
||||
### IMPORTER DATABASE
|
||||
|
||||
- Copier la database de keycloak-openldap:
|
||||
@ -31,9 +39,13 @@ cp /chemin/vers/l'ancienne/ldap_db/*.mdb ./keycloak/ldap_db
|
||||
|
||||
> c'est là que sont les users
|
||||
|
||||
### IMPORTER REALM (CLIENTS)
|
||||
### IMPORTER LES CLIENTS DU REALM
|
||||
|
||||
> Cliquer sur le realm master, puis créer un realm et importer celui-ci d'un fichier d'export .json
|
||||
- Utiliser le script pour exporter les clients:
|
||||
```bash
|
||||
./keycloak-export-clients.sh
|
||||
import
|
||||
```
|
||||
|
||||
### IMPORTER USERS
|
||||
|
||||
@ -41,5 +53,5 @@ cp /chemin/vers/l'ancienne/ldap_db/*.mdb ./keycloak/ldap_db
|
||||
|
||||
## BUGS
|
||||
|
||||
- Clients secrets don't get exported (***********) -> maj (àregenérer)
|
||||
- Clients secrets don't get exported (***********) -> maj (script export à tester)
|
||||
- Users need get verified -> A faire manuellement sur chq user
|
||||
|
||||
5
clients-export.json
Normal file
5
clients-export.json
Normal file
@ -0,0 +1,5 @@
|
||||
[
|
||||
,
|
||||
,
|
||||
|
||||
]
|
||||
50
compose.yml
Normal file
50
compose.yml
Normal file
@ -0,0 +1,50 @@
|
||||
version: '3'
|
||||
|
||||
services:
|
||||
keycloak:
|
||||
image: quay.io/keycloak/keycloak:23.0.3
|
||||
container_name: keycloak
|
||||
restart: always
|
||||
command: start --proxy=edge
|
||||
# command: start-dev # pour debug
|
||||
ports:
|
||||
- 8080:8080
|
||||
depends_on:
|
||||
- keycloak_db
|
||||
env_file:
|
||||
- .env
|
||||
volumes:
|
||||
- ./keycloak/datas:/opt/keycloak/data/h2
|
||||
# volumes:
|
||||
# - ./keycloak/certs:/opt/jboss/keycloak/standalone/configuration/certs:ro
|
||||
# - ./keycloak/conf/standalone.xml:/opt/jboss/keycloak/standalone/configuration/standalone-ha.xml:ro
|
||||
|
||||
keycloak_db:
|
||||
image: postgres:13
|
||||
container_name: keycloak-db
|
||||
restart: always
|
||||
volumes:
|
||||
- ./postgres:/var/lib/postgresql/data
|
||||
ports:
|
||||
- 5435:5432
|
||||
env_file:
|
||||
- .env
|
||||
|
||||
openldap:
|
||||
image: osixia/openldap
|
||||
container_name: keycloak-openldap
|
||||
restart: always
|
||||
volumes:
|
||||
- ./keycloak/ldap_ldif:/container/service/slapd/assets/config/bootstrap/ldif/custom
|
||||
- ./keycloak/ldap_db:/var/lib/ldap
|
||||
- ./keycloak/ldap_conf:/etc/ldap/slapd.d
|
||||
command: ["--copy-service"]
|
||||
env_file:
|
||||
- .env
|
||||
tty: true
|
||||
stdin_open: true
|
||||
domainname: legaragenumerique.fr
|
||||
hostname: "ldap"
|
||||
ports:
|
||||
- "389:389"
|
||||
- "636:636"
|
||||
81
keycloak-adm-clients.sh
Executable file
81
keycloak-adm-clients.sh
Executable file
@ -0,0 +1,81 @@
|
||||
#!/bin/bash
|
||||
|
||||
# Configuration
|
||||
KEYCLOAK_CONTAINER="keycloak"
|
||||
KEYCLOAK_URL="http://localhost:8080"
|
||||
REALM="mon-realm"
|
||||
ADMIN_USER="admin"
|
||||
ADMIN_PASS="admin"
|
||||
CLIENT_IDS=("mon-client-1" "mon-client-2" "mon-client-3")
|
||||
# CLIENT_IDS=("adventure" "ai" "djangoquiz" "gitea" "glpi" "grafana" "leboard.legaragenumerique.fr" "netxcloud.legaragenumerique.fr" "odoo" "pdf" "penpot" "sshwifty" "synapse")
|
||||
EXPORT_FILE="clients-export.json"
|
||||
|
||||
# Fonction pour exécuter kcadm dans le conteneur
|
||||
kcadm() {
|
||||
docker exec -i "$KEYCLOAK_CONTAINER" /opt/keycloak/bin/kcadm.sh "$@"
|
||||
}
|
||||
|
||||
# Authentification
|
||||
login() {
|
||||
kcadm config credentials --server "$KEYCLOAK_URL" --realm master --user "$ADMIN_USER" --password "$ADMIN_PASS"
|
||||
}
|
||||
|
||||
# Export des clients
|
||||
export_clients() {
|
||||
echo "[" > "$EXPORT_FILE"
|
||||
for CLIENT_ID in "${CLIENT_IDS[@]}"; do
|
||||
echo "🔄 Export du client : $CLIENT_ID"
|
||||
CLIENT_JSON=$(kcadm get clients -r "$REALM" -q clientId="$CLIENT_ID" | jq '.[0]')
|
||||
CLIENT_UUID=$(echo "$CLIENT_JSON" | jq -r '.id')
|
||||
CLIENT_SECRET=$(kcadm get clients/"$CLIENT_UUID"/client-secret -r "$REALM" | jq -r '.value')
|
||||
CLIENT_JSON=$(echo "$CLIENT_JSON" | jq --arg secret "$CLIENT_SECRET" '.secret = $secret')
|
||||
echo "$CLIENT_JSON," >> "$EXPORT_FILE"
|
||||
done
|
||||
sed -i '$ s/,$//' "$EXPORT_FILE"
|
||||
echo "]" >> "$EXPORT_FILE"
|
||||
echo "✅ Export terminé → $EXPORT_FILE"
|
||||
}
|
||||
|
||||
# Import des clients
|
||||
import_clients() {
|
||||
jq -c '.[]' "$EXPORT_FILE" | while read -r CLIENT_JSON; do
|
||||
CLIENT_ID=$(echo "$CLIENT_JSON" | jq -r '.clientId')
|
||||
echo "⬇️ Import du client : $CLIENT_ID"
|
||||
|
||||
# Nettoyage des champs non valides
|
||||
CLEAN_JSON=$(echo "$CLIENT_JSON" | jq 'del(.id, .secret, .rootUrl, .baseUrl, .adminUrl, .attributes."client.secret.created.timestamp")')
|
||||
|
||||
# Création du client
|
||||
kcadm create clients -r "$REALM" -f - <<EOF
|
||||
$CLEAN_JSON
|
||||
EOF
|
||||
|
||||
# Mise à jour du secret
|
||||
CLIENT_SECRET=$(echo "$CLIENT_JSON" | jq -r '.secret')
|
||||
CLIENT_UUID=$(kcadm get clients -r "$REALM" -q clientId="$CLIENT_ID" | jq -r '.[0].id')
|
||||
kcadm update clients/"$CLIENT_UUID"/client-secret -r "$REALM" -s "value=$CLIENT_SECRET"
|
||||
|
||||
echo "✅ Importé : $CLIENT_ID"
|
||||
done
|
||||
}
|
||||
|
||||
# Affichage d'aide
|
||||
usage() {
|
||||
echo "Usage: $0 [export|import]"
|
||||
exit 1
|
||||
}
|
||||
|
||||
# Execution
|
||||
# login
|
||||
|
||||
case "$1" in
|
||||
export)
|
||||
export_clients
|
||||
;;
|
||||
import)
|
||||
import_clients
|
||||
;;
|
||||
*)
|
||||
usage
|
||||
;;
|
||||
esac
|
||||
Loading…
x
Reference in New Issue
Block a user
