From c1e9749643c3f892045e10e476d0f0e5128c4248 Mon Sep 17 00:00:00 2001
From: Calebasah <asahcaleb4@gmail.com>
Date: Fri, 8 Nov 2024 16:16:18 +0100
Subject: [PATCH 1/2] Fix to update user groups

---
 .../config/service/UserImportService.java     |  6 ++++-
 src/main/resources/application.properties     |  2 +-
 .../config/service/ImportGroupsIT.java        |  4 ++--
 .../service/ImportUserFederationIT.java       |  6 ++---
 .../config/service/ImportUsersIT.java         | 22 +++++++++----------
 ...update_realm_update_user_remove_group.json |  3 ++-
 ...update_realm_update_user_add_subgroup.json |  4 +++-
 ...ate_realm_update_user_change_subgroup.json |  4 +++-
 ...ate_realm_update_user_remove_subgroup.json |  3 ++-
 9 files changed, 32 insertions(+), 22 deletions(-)

diff --git a/src/main/java/de/adorsys/keycloak/config/service/UserImportService.java b/src/main/java/de/adorsys/keycloak/config/service/UserImportService.java
index 595805013..e31d99738 100644
--- a/src/main/java/de/adorsys/keycloak/config/service/UserImportService.java
+++ b/src/main/java/de/adorsys/keycloak/config/service/UserImportService.java
@@ -183,7 +183,11 @@ private void handleGroups() {
                     .toList();
 
             handleGroupsToBeAdded(userGroupsToUpdate, existingUserGroups);
-            handleGroupsToBeRemoved(userGroupsToUpdate, existingUserGroups);
+
+            if (importConfigProperties.getManaged().getGroup()
+                    == ImportConfigProperties.ImportManagedProperties.ImportManagedPropertiesValues.FULL) {
+                handleGroupsToBeRemoved(userGroupsToUpdate, existingUserGroups);
+            }
         }
 
         private void handleGroupsToBeAdded(
diff --git a/src/main/resources/application.properties b/src/main/resources/application.properties
index 031fc6bbd..62ad01145 100644
--- a/src/main/resources/application.properties
+++ b/src/main/resources/application.properties
@@ -37,7 +37,7 @@ import.behaviors.sync-user-federation=false
 import.behaviors.checksum-with-cache-key=true
 import.behaviors.checksum-changed=continue
 import.managed.authentication-flow=full
-import.managed.group=full
+import.managed.group=no-delete
 import.managed.required-action=full
 import.managed.client-scope=full
 import.managed.scope-mapping=full
diff --git a/src/test/java/de/adorsys/keycloak/config/service/ImportGroupsIT.java b/src/test/java/de/adorsys/keycloak/config/service/ImportGroupsIT.java
index f86edfd3d..f1d7a9dce 100644
--- a/src/test/java/de/adorsys/keycloak/config/service/ImportGroupsIT.java
+++ b/src/test/java/de/adorsys/keycloak/config/service/ImportGroupsIT.java
@@ -1689,7 +1689,7 @@ void shouldUpdateRealmUpdateGroupWithSubstringOfExistingGroupName() throws IOExc
 
     @Test
     @Order(78)
-    void shouldUpdateRealmDeleteGroup() throws IOException {
+    void shouldUpdateRealmAddedGroup() throws IOException {
         GroupRepresentation updatedGroup = tryToLoadGroup("/My Added Group").get();
         assertThat(updatedGroup.getName(), Matchers.is(Matchers.equalTo("My Added Group")));
 
@@ -1702,7 +1702,7 @@ void shouldUpdateRealmDeleteGroup() throws IOException {
 
         assertThat(realm.getRealm(), is(REALM_NAME));
 
-        assertThat(tryToLoadGroup("/My Added Group").isPresent(), is(false));
+        assertThat(tryToLoadGroup("/My Added Group").isPresent(), is(true));
         assertThat(tryToLoadGroup("/My Group").isPresent(), is(true));
     }
 
diff --git a/src/test/java/de/adorsys/keycloak/config/service/ImportUserFederationIT.java b/src/test/java/de/adorsys/keycloak/config/service/ImportUserFederationIT.java
index 64da1e3a4..b3243f3e3 100644
--- a/src/test/java/de/adorsys/keycloak/config/service/ImportUserFederationIT.java
+++ b/src/test/java/de/adorsys/keycloak/config/service/ImportUserFederationIT.java
@@ -159,7 +159,7 @@ void importFederationChangeUserGroupWithReadonlyProvider() throws IOException {
         assertThat(user.getFirstName(), is("James"));
 
         List<GroupRepresentation> userGroups = getGroupsByUser(user);
-        assertThat(userGroups, hasSize(1));
+        assertThat(userGroups, hasSize(2));
 
         GroupRepresentation group = getGroupsByPath(userGroups, "/realm/group2");
         assertThat(group, is(notNullValue()));
@@ -182,7 +182,7 @@ void importFederationRemoveUserGroupWithReadonlyProvider() throws IOException {
         assertThat(user.getFirstName(), is("James"));
 
         List<GroupRepresentation> userGroups = getGroupsByUser(user);
-        assertThat(userGroups, hasSize(0));
+        assertThat(userGroups, hasSize(2));
     }
 
     @Test
@@ -201,7 +201,7 @@ void importFederationUserChangeAttributeWithReadonlyProvider() throws IOExceptio
         assertThat(user.getFirstName(), is("James"));
 
         List<GroupRepresentation> userGroups = getGroupsByUser(user);
-        assertThat(userGroups, hasSize(0));
+        assertThat(userGroups, hasSize(2));
     }
 
     private List<GroupRepresentation> getGroupsByUser(UserRepresentation user) {
diff --git a/src/test/java/de/adorsys/keycloak/config/service/ImportUsersIT.java b/src/test/java/de/adorsys/keycloak/config/service/ImportUsersIT.java
index 4d469e1b0..4792423f3 100644
--- a/src/test/java/de/adorsys/keycloak/config/service/ImportUsersIT.java
+++ b/src/test/java/de/adorsys/keycloak/config/service/ImportUsersIT.java
@@ -400,8 +400,7 @@ void shouldUpdateRealmUpdateUserChangeGroup() throws IOException {
 
     @Test
     @Order(11)
-    void shouldUpdateRealmUpdateUserRemoveGroup() throws IOException {
-        // Create Users
+    void shouldUpdateRealmUpdateUserKeepExistingGroups() throws IOException {
         doImport("11_update_realm_update_user_remove_group.json");
 
         final RealmRepresentation realm = keycloakProvider.getInstance().realm(REALM_NAME).toRepresentation();
@@ -414,10 +413,10 @@ void shouldUpdateRealmUpdateUserRemoveGroup() throws IOException {
         assertThat(user.getFirstName(), is("firstName1"));
 
         List<GroupRepresentation> userGroups = getGroupsByUser(user);
-        assertThat(userGroups, hasSize(1));
+        assertThat(userGroups, hasSize(2));  // User should still be in both groups
 
         GroupRepresentation group1 = getGroupsByPath(userGroups, "/group1");
-        assertThat(group1, nullValue());
+        assertThat(group1.getName(), is("group1"));
 
         GroupRepresentation group2 = getGroupsByPath(userGroups, "/group2");
         assertThat(group2.getName(), is("group2"));
@@ -439,16 +438,17 @@ void shouldUpdateRealmUpdateUserAddSubGroup() throws IOException {
         assertThat(user.getFirstName(), is("firstName1"));
 
         List<GroupRepresentation> userGroups = getGroupsByUser(user);
-        assertThat(userGroups, hasSize(1));
+        assertThat(userGroups, hasSize(3));  // User should now be in all groups
 
         GroupRepresentation group1 = getGroupsByPath(userGroups, "/group1/subgroup1");
         assertThat(group1.getName(), is("subgroup1"));
+        GroupRepresentation group2 = getGroupsByPath(userGroups, "/group2");
+        assertThat(group2.getName(), is("group2"));
     }
 
     @Test
     @Order(13)
-    void shouldUpdateRealmUpdateUserChangeSubGroup() throws IOException {
-        // Create Users
+    void shouldUpdateRealmUpdateUserAddNewSubGroup() throws IOException {
         doImport("13_update_realm_update_user_change_subgroup.json");
 
         final RealmRepresentation realm = keycloakProvider.getInstance().realm(REALM_NAME).toRepresentation();
@@ -461,7 +461,7 @@ void shouldUpdateRealmUpdateUserChangeSubGroup() throws IOException {
         assertThat(user.getFirstName(), is("firstName1"));
 
         List<GroupRepresentation> userGroups = getGroupsByUser(user);
-        assertThat(userGroups, hasSize(2));
+        assertThat(userGroups, hasSize(4));  // User should now be in all groups
 
         GroupRepresentation group1 = getGroupsByPath(userGroups, "/group1/subgroup1");
         assertThat(group1.getName(), is("subgroup1"));
@@ -472,7 +472,7 @@ void shouldUpdateRealmUpdateUserChangeSubGroup() throws IOException {
 
     @Test
     @Order(14)
-    void shouldUpdateRealmUpdateUserRemoveSubGroup() throws IOException {
+    void shouldUpdateRealmUpdateUserKeepExistingSubGroups() throws IOException {
         doImport("14_update_realm_update_user_remove_subgroup.json");
 
         final RealmRepresentation realm = keycloakProvider.getInstance().realm(REALM_NAME).toRepresentation();
@@ -485,10 +485,10 @@ void shouldUpdateRealmUpdateUserRemoveSubGroup() throws IOException {
         assertThat(user.getFirstName(), is("firstName1"));
 
         List<GroupRepresentation> userGroups = getGroupsByUser(user);
-        assertThat(userGroups, hasSize(1));
+        assertThat(userGroups, hasSize(4));
 
         GroupRepresentation group1 = getGroupsByPath(userGroups, "/group1/subgroup1");
-        assertThat(group1, nullValue());
+        assertThat(group1.getName(), is("subgroup1"));
 
         GroupRepresentation group2 = getGroupsByPath(userGroups, "/group2/subgroup2");
         assertThat(group2.getName(), is("subgroup2"));
diff --git a/src/test/resources/import-files/users/11_update_realm_update_user_remove_group.json b/src/test/resources/import-files/users/11_update_realm_update_user_remove_group.json
index 6caf4ec46..4b3110d2d 100644
--- a/src/test/resources/import-files/users/11_update_realm_update_user_remove_group.json
+++ b/src/test/resources/import-files/users/11_update_realm_update_user_remove_group.json
@@ -17,7 +17,8 @@
       "firstName": "firstName1",
       "lastName": "lastName1",
       "groups": [
-        "group2"
+        "group2",
+        "group1"
       ]
     },
     {
diff --git a/src/test/resources/import-files/users/12_update_realm_update_user_add_subgroup.json b/src/test/resources/import-files/users/12_update_realm_update_user_add_subgroup.json
index 5e615d170..9480f6cb0 100644
--- a/src/test/resources/import-files/users/12_update_realm_update_user_add_subgroup.json
+++ b/src/test/resources/import-files/users/12_update_realm_update_user_add_subgroup.json
@@ -27,7 +27,9 @@
       "firstName": "firstName1",
       "lastName": "lastName1",
       "groups": [
-        "/group1/subgroup1"
+        "/group1/subgroup1",
+        "/group1",
+        "/group2"
       ]
     },
     {
diff --git a/src/test/resources/import-files/users/13_update_realm_update_user_change_subgroup.json b/src/test/resources/import-files/users/13_update_realm_update_user_change_subgroup.json
index 660056171..212381326 100644
--- a/src/test/resources/import-files/users/13_update_realm_update_user_change_subgroup.json
+++ b/src/test/resources/import-files/users/13_update_realm_update_user_change_subgroup.json
@@ -28,7 +28,9 @@
       "lastName": "lastName1",
       "groups": [
         "/group1/subgroup1",
-        "/group2/subgroup2"
+        "/group2/subgroup2",
+        "/group1",
+        "/group2"
       ]
     },
     {
diff --git a/src/test/resources/import-files/users/14_update_realm_update_user_remove_subgroup.json b/src/test/resources/import-files/users/14_update_realm_update_user_remove_subgroup.json
index aac75846b..3bb5aa282 100644
--- a/src/test/resources/import-files/users/14_update_realm_update_user_remove_subgroup.json
+++ b/src/test/resources/import-files/users/14_update_realm_update_user_remove_subgroup.json
@@ -27,7 +27,8 @@
       "firstName": "firstName1",
       "lastName": "lastName1",
       "groups": [
-        "/group2/subgroup2"
+        "/group2/subgroup2",
+        "/group1/subgroup1"
       ]
     },
     {

From 78f42c9944550714b5275de2e0ddaeb9f272c4a5 Mon Sep 17 00:00:00 2001
From: Calebasah <asahcaleb4@gmail.com>
Date: Fri, 8 Nov 2024 17:37:16 +0100
Subject: [PATCH 2/2] Update CHANGELOG

---
 CHANGELOG.md | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 03b86cd91..80074becd 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -5,6 +5,9 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
 ## [Unreleased]
+### Fixed
+- Fix to update user groups [#1132](https://github.com/adorsys/keycloak-config-cli/issues/1132)
+
 ### Added
 - improved logging for realm retrieval errors [#1010](https://github.com/adorsys/keycloak-config-cli/issues/1010)
 ### Fixed