This project is inspired by the database migration tool liquibase. It aims to provide a similar mechanism for Keycloak.
The main repository is located at keycloak_migration. This repository contains only the gradle plugin.
To version 0.1.0 there has been a major change to the hashing logic and you need to update all your hashes!
plugins {
id "de.klg71.keycloakmigrationplugin" version "x.x.x"
}
task keycloakMigrateLocal(type: KeycloakMigrationTask) {
group = "keycloak"
description = "Migrate the keycloak instance"
migrationFile = "migration/keycloak-changelog.yml"
adminUser = "admin"
adminPassword = "admin"
baseUrl = "http://localhost:8080"
realm = "master"
parameters = [USERNAME: "testUser", PASSWORD: "testPassword"]
waitForKeycloak = false
waitForKeycloakTimeout = 0L // infinit wait time
}
Ignore and replace failing hashes:
task keycloakMigrateCorrectHashesLocal(type: KeycloakMigrationCorrectHashesTask) {
group = "keycloak"
description = "Migrate the keycloak instance"
migrationFile = "migration/keycloak-changelog.yml"
adminUser = "admin"
adminPassword = "admin"
baseUrl = "http://localhost:8080"
realm = "master"
parameters = [USERNAME: "testUser", PASSWORD: "testPassword"]
}
Don't use this task in build pipelines! This ist just for manual hash migration.
register<KeycloakMigrationTask>("keycloakMigrateLocal") {
group = "keycloak"
description = "Migrate the keycloak instance"
migrationFile = "migration/keycloak-changelog.yml"
adminUser = "admin"
adminPassword = "admin"
baseUrl = "http://localhost:8080/auth"
realm = "master"
parameters = mapOf(
"USER_NAME" to "testUser",
"PASSWORD" to "password"
)
waitForKeycloak = false
waitForKeycloakTimeout = 0L // infinit wait time
}
Ignore and replace failing hashes:
register<KeycloakMigrationCorrectHashesTask>("keycloakMigrateCorrectHashesLocal") {
group = "keycloak"
description = "Migrate the keycloak instance"
migrationFile = "migration/keycloak-changelog.yml"
adminUser = "admin"
adminPassword = "admin"
baseUrl = "http://localhost:8080/auth"
realm = "master"
parameters = mapOf(
"USER_NAME" to "testUser",
"PASSWORD" to "password"
)
}
Don't use this task in build pipelines! This ist just for manual hash migration.
For usage information of the migration api please see the containing repository: keycloak_migration
According to container spec: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.10/ (Container v1 core)
With a volume migration-volume
containing the files:
- build.gradle.kts (or build.gradle)
- settings.gradle.kts (or settings.gradle)
- keycloak-change.yml
- name: keycloak-migration
image: gradle:6.2.2-jre11
command: ['/bin/bash','-c','cp ./project/* . && gradle keycloakMigrateK8s --stacktrace --info && tail -f /dev/null']
workingDir: /home/gradle
securityContext:
runAsUser: 0
volumeMounts:
- name: migration-volume
mountPath: /home/gradle/project
Notes
You can't run the container as init container because it needs keycloak up and running
The addition
&& tail -f /dev/null
is needed so that Kubernetes wont restart this container forever. Alternatively you can implement it as Job