Extension for Change Management for keycloak REST Configuration API

Hi, looking for some pointers for a crazy idea
Ok, so I really love liquibase for all my DB Change Management.

Now I have to maintain the configuration of dozens of Keycloak Realms and would like to apply a similar approach to what you guys are doing with Liquibase.

So every so often I have to create/delete/update clients, groups, roles, etc in all Keycloak Realms.
I already have a Java lib that provides actions to be carried out on each of the elements.
Any idea if reusing/extending liquibase for this would be a good idea?
If not, any other project you’d recommend I take a look at?

A bit more detail.
So basically I would have changeSets like this (smaller probably):

<changeSet author="andi" id="1">
    <createRole roleName="subscriber"/>
    <createRole roleName="publisher"/>
    <createRole roleName="backend"/>

    <createGroup groupName="admin">
        <role roleName="subscriber"/>
        <role roleName="publisher"/>
        <role roleName="backend"/>

    <createGroup groupName="backoffice">
        <role roleName="subscriber"/>
        <role roleName="backend"/>

    <addMapper clientName="admin-cli">
        <mapper attribute="tenantId" claimName="tenant_id" protcol="openid-connect"/>
        <mapper attribute="businesId" claimName="business_id" protcol="openid-connect"/>

    <enableBuiltinMapper clientName="backoffice-cli">
        <mapper clientScope="profile" protocolMapperName="groups"/>

And these would then map to methods in the keycloak client lib I have developed.


Hey @kahennig - thanks for posting this question!

I’ve shared it with my team to see if anyone has any suggestions. I don’t know anything about keycloak, but my googling is top-notch, so I found this question on StackOverflow that may be relevant.

Keycloak in Spring Boot cannot apply Liquibase patches

1 Like

Thanks so much for your answer tabbyfoo…
The link you shared is regarding the use of liquibase por the keycloak DB.
What I want to implement is a keycloak rest client that can then be called by a liquibase extension in order to create, modifiy, delete realms, roles, gruops etc…
Thanks again.

1 Like

Have the same issue… anyone has any thoughts on this?