adorsys · StephanSchrader · May 10, 2024 · Jun 10, 2024
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -14,6 +14,8 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 - Upgrade to Spring Boot 3
     - This affects the capability of the path matcher
 
+- Added option to calculate checksum for each import file ([#1015](https://github.com/adorsys/keycloak-config-cli/issues/1015))
+
 ## [5.12.0] - 2024-03-28
 - Added support for managing message bundles
 

diff --git a/README.md b/README.md
diff --git a/src/main/java/de/adorsys/keycloak/config/model/RealmImport.java b/src/main/java/de/adorsys/keycloak/config/model/RealmImport.java
@@ -39,6 +39,7 @@ public class RealmImport extends RealmRepresentation {
     private Map<String, Map<String, String>> messageBundles;
 
     private String checksum;
+    private String source;
 
     @Override
     @SuppressWarnings("java:S1168")
@@ -54,12 +55,6 @@ public void setAuthenticationFlowImports(List<AuthenticationFlowImport> authenti
         this.authenticationFlowImports = authenticationFlowImports;
     }
 
-    @SuppressWarnings("unused")
-    @JsonSetter("userProfile")
-    public void setUserProfile(Map<String, List<Map<String, Object>>> userProfile) {
-        this.userProfile = userProfile;
-    }
-
     public Map<String, Map<String, String>> getMessageBundles() {
         return messageBundles;
     }
@@ -83,4 +78,14 @@ public String getChecksum() {
     public void setChecksum(String checksum) {
         this.checksum = checksum;
     }
+
+    @JsonIgnore
+    public String getSource() {
+        return source;
+    }
+
+    @JsonIgnore
+    public void setSource(String source) {
+        this.source = source;
+    }
 }
diff --git a/src/main/java/de/adorsys/keycloak/config/properties/ImportConfigProperties.java b/src/main/java/de/adorsys/keycloak/config/properties/ImportConfigProperties.java
@@ -342,10 +342,19 @@ public static class ImportBehaviorsProperties {
         @NotNull
         private final boolean skipAttributesForFederatedUser;
 
-        public ImportBehaviorsProperties(boolean syncUserFederation, boolean removeDefaultRoleFromUser, boolean skipAttributesForFederatedUser) {
+        @NotNull
+        private final boolean checksumWithCacheKey;
+
+        @NotNull
+        private final ChecksumChangedOption checksumChanged;
+
+        public ImportBehaviorsProperties(boolean syncUserFederation, boolean removeDefaultRoleFromUser, boolean skipAttributesForFederatedUser,
+                                         boolean checksumWithCacheKey, ChecksumChangedOption checksumChanged) {
             this.syncUserFederation = syncUserFederation;
             this.removeDefaultRoleFromUser = removeDefaultRoleFromUser;
             this.skipAttributesForFederatedUser = skipAttributesForFederatedUser;
+            this.checksumWithCacheKey = checksumWithCacheKey;
+            this.checksumChanged = checksumChanged;
         }
 
         public boolean isSyncUserFederation() {
@@ -359,6 +368,18 @@ public boolean isRemoveDefaultRoleFromUser() {
         public boolean isSkipAttributesForFederatedUser() {
             return skipAttributesForFederatedUser;
         }
+
+        public boolean isChecksumWithCacheKey() {
+            return checksumWithCacheKey;
+        }
+
+        public ChecksumChangedOption getChecksumChanged() {
+            return checksumChanged;
+        }
+
+        public enum ChecksumChangedOption {
+            CONTINUE, FAIL
+        }
     }
 
     @SuppressWarnings("unused")

diff --git a/src/main/java/de/adorsys/keycloak/config/provider/KeycloakImportProvider.java b/src/main/java/de/adorsys/keycloak/config/provider/KeycloakImportProvider.java
@@ -211,7 +211,10 @@ private Pair<String, List<RealmImport>> readRealmImportFromImportResource(Import
         } catch (Exception e) {
             throw new InvalidImportException("Unable to parse file '" + location + "': " + e.getMessage(), e);
         }
-        realmImports.forEach(realmImport -> realmImport.setChecksum(contentChecksum));
+        realmImports.forEach(realmImport -> {
+            realmImport.setChecksum(contentChecksum);
+            realmImport.setSource(location);
+        });
 
         return new ImmutablePair<>(location, realmImports);
     }

diff --git a/src/main/java/de/adorsys/keycloak/config/service/checksum/ChecksumService.java b/src/main/java/de/adorsys/keycloak/config/service/checksum/ChecksumService.java
@@ -20,9 +20,13 @@
 
 package de.adorsys.keycloak.config.service.checksum;
 
+import de.adorsys.keycloak.config.exception.InvalidImportException;
 import de.adorsys.keycloak.config.model.RealmImport;
 import de.adorsys.keycloak.config.properties.ImportConfigProperties;
+import de.adorsys.keycloak.config.properties.ImportConfigProperties.ImportBehaviorsProperties.ChecksumChangedOption;
 import de.adorsys.keycloak.config.repository.RealmRepository;
+import org.apache.commons.codec.digest.DigestUtils;
+import org.apache.commons.io.FilenameUtils;
 import org.keycloak.representations.idm.RealmRepresentation;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
@@ -51,25 +55,52 @@ public void doImport(RealmImport realmImport) {
         Map<String, String> customAttributes = existingRealm.getAttributes();
 
         String importChecksum = realmImport.getChecksum();
-        customAttributes.put(getCustomAttributeKey(), importChecksum);
+        String attributeKey = getCustomAttributeKey(realmImport);
+        customAttributes.put(attributeKey, importChecksum);
         realmRepository.update(existingRealm);
 
-        logger.debug("Updated import checksum of realm '{}' to '{}'", realmImport.getRealm(), importChecksum);
+        logger.debug("Updated import checksum of realm '{}' to '{}', attributeKey: '{}'", realmImport.getRealm(), importChecksum, attributeKey);
     }
 
     public boolean hasToBeUpdated(RealmImport realmImport) {
         RealmRepresentation existingRealm = realmRepository.get(realmImport.getRealm());
         Map<String, String> customAttributes = existingRealm.getAttributes();
 
-        String readChecksum = customAttributes.get(getCustomAttributeKey());
+        String readChecksum = customAttributes.get(getCustomAttributeKey(realmImport));
+        if (readChecksum == null) {
+            return true;
+        }
 
-        return !Objects.equals(realmImport.getChecksum(), readChecksum);
+        if (Objects.equals(realmImport.getChecksum(), readChecksum)) {
+            return false;
+        }
+
+        // checksum has changed
+        if (ChecksumChangedOption.CONTINUE.equals(importConfigProperties.getBehaviors().getChecksumChanged())) {
+            return true;
+        } else if (ChecksumChangedOption.FAIL.equals(importConfigProperties.getBehaviors().getChecksumChanged())) {
+            throw new InvalidImportException(
+                    String.format("The checksum of import '%s' has changed from: '%s', to: '%s'",
+                            realmImport.getSource(), readChecksum, realmImport.getChecksum())
+            );
+        } else {
+            throw new IllegalStateException("Unknown behavior constant: " + importConfigProperties.getBehaviors().getChecksumChanged());
+        }
     }
 
-    private String getCustomAttributeKey() {
+    @SuppressWarnings("java:S4790")
+    private String getCustomAttributeKey(RealmImport realmImport) {
+        String attributeSuffix;
+        if (importConfigProperties.getBehaviors().isChecksumWithCacheKey()) {
+            attributeSuffix = importConfigProperties.getCache().getKey();
+        } else {
+            attributeSuffix = FilenameUtils.getName(realmImport.getSource()) + "_" + DigestUtils.md5Hex(realmImport.getSource());
+        }
+
         return MessageFormat.format(
                 ImportConfigProperties.REALM_CHECKSUM_ATTRIBUTE_PREFIX_KEY,
-                importConfigProperties.getCache().getKey()
+                attributeSuffix
         );
     }
+
 }
diff --git a/src/main/resources/application.properties b/src/main/resources/application.properties
@@ -34,6 +34,8 @@ import.remote-state.encryption-salt=2B521C795FBE2F2425DB150CD3700BA9
 import.behaviors.remove-default-role-from-user=false
 import.behaviors.skip-attributes-for-federated-user=false
 import.behaviors.sync-user-federation=false
+import.behaviors.checksum-with-cache-key=true
+import.behaviors.checksum-changed=continue
 import.managed.authentication-flow=full
 import.managed.group=full
 import.managed.required-action=full

diff --git a/src/test/java/de/adorsys/keycloak/config/properties/ImportConfigPropertiesTest.java b/src/test/java/de/adorsys/keycloak/config/properties/ImportConfigPropertiesTest.java
@@ -22,6 +22,7 @@
 
 import de.adorsys.keycloak.config.extensions.GithubActionsExtension;
 import de.adorsys.keycloak.config.properties.ImportConfigProperties.ImportManagedProperties.ImportManagedPropertiesValues;
+import de.adorsys.keycloak.config.properties.ImportConfigProperties.ImportBehaviorsProperties.ChecksumChangedOption;
 import org.junit.jupiter.api.Test;
 import org.junit.jupiter.api.extension.ExtendWith;
 import org.springframework.beans.factory.annotation.Autowired;
@@ -72,6 +73,8 @@
         "import.behaviors.sync-user-federation=true",
         "import.behaviors.remove-default-role-from-user=true",
         "import.behaviors.skip-attributes-for-federated-user=true",
+        "import.behaviors.checksum-with-cache-key=true",
+        "import.behaviors.checksum-changed=fail"
 })
 class ImportConfigPropertiesTest {
 
@@ -112,6 +115,8 @@ void shouldPopulateConfigurationProperties() {
         assertThat(properties.getBehaviors().isSyncUserFederation(), is(true));
         assertThat(properties.getBehaviors().isRemoveDefaultRoleFromUser(), is(true));
         assertThat(properties.getBehaviors().isSkipAttributesForFederatedUser(), is(true));
+        assertThat(properties.getBehaviors().isChecksumWithCacheKey(), is(true));
+        assertThat(properties.getBehaviors().getChecksumChanged(), is(ChecksumChangedOption.FAIL));
     }
 
     @EnableConfigurationProperties(ImportConfigProperties.class)