feat(keycloak): add seeding data to configuration

[ntruchsess]

Description

This new PR is opened as the original PR #800 was closed due to retirement of catenax-ng org.

The keycloak-seeder has been changed to (optionaly) read multiple json-files per realm and seeding-data from it's settings and merge this additional data with the one that is read from json before writing changes to keycloak. This allows to both separate seeding-data of different domains and override values in the keycloak-json by settings being passed as environment-variables (which can be defined via helm-chart).
The following client-properties can now be updated: RootUrl, BaseUrl, AdminUrl, RedirectUrls, Secret. (Before the change those values could only be initially set on creation of the respective entity)
KeecloakSeederSettings have been adjusted accordingly:

  "KeycloakSeeding": {
    "Realms": [
      {
        "Realm": "CX-Central",
        "InstanceName": "test",
        "DataPaths": [
          "realms/CX-Central-realm.json"
        ]
       "Id": "realms internal id",
       "DisplayName" "realms display name",
       ..... further realm configuration
       "Clients": [
       ],
       "IdentityProviders": [
       ],
       .... even further realm configuration...
      }
    ]
  }

Why

seeding e.g. secrets from json-files would uncover confidential data. It also is unflexible - settings defined by environment-variables can e.g. be defined in kubernetes secrets.

Issue

#438

Checklist

Please delete options that are not relevant.

• I have followed the contributing guidelines
• I have performed a self-review of my own code
• I have successfully tested my changes locally
• I have added tests that prove my changes work
• I have checked that new and existing tests pass locally with my changes
• I have commented my code, particularly in hard-to-understand areas

[sonarcloud]

Quality Gate failed

Failed conditions
3.0% Duplication on New Code (required ≤ 3%)
B Reliability Rating on New Code (required ≥ A)

See analysis details on SonarCloud

Catch issues before they fail your Quality Gate with our IDE extension SonarLint

[MaximilianHauer]

@ntruchsess could you check the quality gate ?

[ntruchsess]

@ntruchsess could you check the quality gate ?

done. After rebase solving the conflicts sonar did pick up the findings that were already fixed a while ago.
Cannot do a lot about the duplicates being slightly higher than the sonar limit. Those duplicates are caused by having many simmilar (but different in certain details) data-object classes (records) that cannot easily be changed as they are technically defined by the keycloak APIs

[Phil91]

Beside of the package version adjustment the pr looks good from my side (without testing the seeding itself)

[evegufy]

Hi @ntruchsess I just test again and I'm encountering an unhandled expection:
System.NullReferenceException: Object reference not set to an instance of an object.

logs.log

[ntruchsess]

Hi @ntruchsess I just test again and I'm encountering an unhandled expection: System.NullReferenceException: Object reference not set to an instance of an object.

logs.log

as discussed, configuration needs to be adjusted like so:

  "KeycloakSeeding": {
    "Realms": [
      {
        "Realm": "catenax",
        "InstanceName": "central",
        "DataPaths": [
          "realms/master-realm.json"
        ]
      }
    ]
  }

[evegufy]

During testing, I noticed an unhandled exception with status code 500 (Internal Server Error) during the deletion of assigned default client scopes:

"Exception":"Org.Eclipse.TractusX.Portal.Backend.Framework.ErrorHandling.ServiceException: Internal Server Error: http://sharedidp-keycloak/auth/admin/realms/master/clients/34e015a5-b944-46d8-a9f3-4bc8e856a727/default-client-scopes/ff556da8-6b2b-4fe3-97cf-4a9c93ffc3c1\n ---> Flurl.Http.FlurlHttpException: Call failed with status code 500 (Internal Server Error): DELETE http://sharedidp-keycloak/auth/admin/realms/master/clients/34e015a5-b944-46d8-a9f3-4bc8e856a727/default-client-scopes/ff556da8-6b2b-4fe3-97cf-4a9c93ffc3c1\n

Scenario:

• master-realm is created and to default clients admin-cli, account and security-admin-console the default client scope acr is assigned
• seeding job uses a json file for the master realm where the default client scope acr is not assigned to default clients admin-cli, account and security-admin-console
• seeding job runs into the exception above BUT only after successfully removing the assignments of the default client scope acr from default clients admin-cli, account and security-admin-console

Why is this exception thrown if the deletion is successful?

[sonarcloud]

Quality Gate failed

Failed conditions
3.1% Duplication on New Code (required ≤ 3%)

See analysis details on SonarCloud

[evegufy]

I created #1039 to follow up on #910 (review)