coulomb/key-cape
2
0
Fork 0
generated from coulomb/repo-seed
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
fa27adbc77afdd7316a7333f3ac6a386b1aebf82
key-cape/src/cmd/keycape-to-keycloak/main.go
tegwick fa27adbc77 feat: implement T16, T17 — Keycloak realm import transformer, LDIF generator 
- T16: canonical → Keycloak realm JSON (profile-safe: no identity brokering, implicit flow always false)
- T17: canonical → LDIF for openldap/389ds/ad targets with pre-validation

27 migration tests pass.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-03-13 02:13:04 +01:00

76 lines
2.0 KiB
Go
Raw Blame History

// keycape-to-keycloak migrates a KeyCape canonical snapshot to a Keycloak
// realm export format. Part of the NetKingdom IAM migration contract.
package main
import (
"encoding/json"
"flag"
"fmt"
"os"
"github.com/rs/zerolog"
"gopkg.in/yaml.v3"
"keycape/internal/migration/lldapexport"
"keycape/internal/migration/tokeycloak"
"keycape/internal/server/telemetry"
)
func main() {
inputFile := flag.String("input", "", "Path to canonical-export.yaml (required)")
outputFile := flag.String("output", "keycloak-realm.json", "Path to write Keycloak realm import JSON")
realmName := flag.String("realm", "netkingdom", "Keycloak realm name")
issuer := flag.String("issuer", "", "OIDC issuer URL")
flag.Parse()
if *inputFile == "" {
fmt.Fprintln(os.Stderr, "keycape-to-keycloak: -input is required")
flag.Usage()
os.Exit(1)
}
data, err := os.ReadFile(*inputFile)
if err != nil {
fmt.Fprintf(os.Stderr, "keycape-to-keycloak: read %q: %v\n", *inputFile, err)
os.Exit(1)
}
var export lldapexport.ExportResult
if err := yaml.Unmarshal(data, &export); err != nil {
fmt.Fprintf(os.Stderr, "keycape-to-keycloak: parse YAML: %v\n", err)
os.Exit(1)
}
log := zerolog.New(os.Stderr).With().Timestamp().Logger()
em := telemetry.NewLogEmitter(log)
tr := tokeycloak.New(tokeycloak.Config{
RealmName: *realmName,
Issuer: *issuer,
}, em)
realm, err := tr.Transform(&export)
if err != nil {
fmt.Fprintf(os.Stderr, "keycape-to-keycloak: transform: %v\n", err)
os.Exit(1)
}
// Print validation report to stderr.
report := tr.ValidationReport(&export, realm)
for _, issue := range report {
fmt.Fprintf(os.Stderr, "WARNING: %s\n", issue)
}
out, err := json.MarshalIndent(realm, "", " ")
if err != nil {
fmt.Fprintf(os.Stderr, "keycape-to-keycloak: marshal JSON: %v\n", err)
os.Exit(1)
}
if err := os.WriteFile(*outputFile, out, 0o644); err != nil {
fmt.Fprintf(os.Stderr, "keycape-to-keycloak: write %q: %v\n", *outputFile, err)
os.Exit(1)
}
fmt.Printf("keycape-to-keycloak: wrote %s (%d bytes)\n", *outputFile, len(out))
}
Reference in New Issue View Git Blame Copy Permalink