generated from coulomb/repo-seed
feat: implement T16, T17 — Keycloak realm import transformer, LDIF generator
- T16: canonical → Keycloak realm JSON (profile-safe: no identity brokering, implicit flow always false) - T17: canonical → LDIF for openldap/389ds/ad targets with pre-validation 27 migration tests pass. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
@@ -3,11 +3,73 @@
|
||||
package main
|
||||
|
||||
import (
|
||||
"encoding/json"
|
||||
"flag"
|
||||
"fmt"
|
||||
"os"
|
||||
|
||||
"github.com/rs/zerolog"
|
||||
"gopkg.in/yaml.v3"
|
||||
|
||||
"keycape/internal/migration/lldapexport"
|
||||
"keycape/internal/migration/tokeycloak"
|
||||
"keycape/internal/server/telemetry"
|
||||
)
|
||||
|
||||
func main() {
|
||||
fmt.Fprintln(os.Stderr, "keycape-to-keycloak: not yet implemented (T06+)")
|
||||
os.Exit(1)
|
||||
inputFile := flag.String("input", "", "Path to canonical-export.yaml (required)")
|
||||
outputFile := flag.String("output", "keycloak-realm.json", "Path to write Keycloak realm import JSON")
|
||||
realmName := flag.String("realm", "netkingdom", "Keycloak realm name")
|
||||
issuer := flag.String("issuer", "", "OIDC issuer URL")
|
||||
flag.Parse()
|
||||
|
||||
if *inputFile == "" {
|
||||
fmt.Fprintln(os.Stderr, "keycape-to-keycloak: -input is required")
|
||||
flag.Usage()
|
||||
os.Exit(1)
|
||||
}
|
||||
|
||||
data, err := os.ReadFile(*inputFile)
|
||||
if err != nil {
|
||||
fmt.Fprintf(os.Stderr, "keycape-to-keycloak: read %q: %v\n", *inputFile, err)
|
||||
os.Exit(1)
|
||||
}
|
||||
|
||||
var export lldapexport.ExportResult
|
||||
if err := yaml.Unmarshal(data, &export); err != nil {
|
||||
fmt.Fprintf(os.Stderr, "keycape-to-keycloak: parse YAML: %v\n", err)
|
||||
os.Exit(1)
|
||||
}
|
||||
|
||||
log := zerolog.New(os.Stderr).With().Timestamp().Logger()
|
||||
em := telemetry.NewLogEmitter(log)
|
||||
tr := tokeycloak.New(tokeycloak.Config{
|
||||
RealmName: *realmName,
|
||||
Issuer: *issuer,
|
||||
}, em)
|
||||
|
||||
realm, err := tr.Transform(&export)
|
||||
if err != nil {
|
||||
fmt.Fprintf(os.Stderr, "keycape-to-keycloak: transform: %v\n", err)
|
||||
os.Exit(1)
|
||||
}
|
||||
|
||||
// Print validation report to stderr.
|
||||
report := tr.ValidationReport(&export, realm)
|
||||
for _, issue := range report {
|
||||
fmt.Fprintf(os.Stderr, "WARNING: %s\n", issue)
|
||||
}
|
||||
|
||||
out, err := json.MarshalIndent(realm, "", " ")
|
||||
if err != nil {
|
||||
fmt.Fprintf(os.Stderr, "keycape-to-keycloak: marshal JSON: %v\n", err)
|
||||
os.Exit(1)
|
||||
}
|
||||
|
||||
if err := os.WriteFile(*outputFile, out, 0o644); err != nil {
|
||||
fmt.Fprintf(os.Stderr, "keycape-to-keycloak: write %q: %v\n", *outputFile, err)
|
||||
os.Exit(1)
|
||||
}
|
||||
|
||||
fmt.Printf("keycape-to-keycloak: wrote %s (%d bytes)\n", *outputFile, len(out))
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user