Hi. I’m using Keycloak NodeJS admin client (@keycloak/keycloak-admin-client)
To update policies of a permission, I use updatePermission:
await this.keycloakAdminClient.clients.updatePermission(
{
id: resourceServer.id,
permissionId: exist.id,
type: permission.type,
},
{ policies: ["id1", "id2"] },
);
The problem is, when I want to add a new policy to this permission, I have to fetch all it’s current policies first, then add new policy id to this list, before adding the whole list to update payload. Something like this:
const permission =
await this.keycloakAdminClient.clients.findOnePermission({
id: resourceServer.id,
permissionId: exist.id,
type,
});
// Get current policies of permission
const policies = permission.policies;
// Add new policy
policies.push(newId);
await this.keycloakAdminClient.clients.updatePermission(
{
id: resourceServer.id,
permissionId: exist.id,
type: permission.type,
},
// update the whole current policies
{ policies },
);
I think this is not optimize in term of memory, for example when there is hundreds or thousands policies attached into a permission. And it is not an atomic update.
Is there a function/api which only add a policy to or delete a policy from a permission?