-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathconfig.yaml
More file actions
95 lines (84 loc) · 2.98 KB
/
Copy pathconfig.yaml
File metadata and controls
95 lines (84 loc) · 2.98 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
# =============================================================================
# WebProtégé MongoDB → Keycloak User Migration Configuration
# =============================================================================
mongodb:
uri: "${MONGODB_URI}"
database: "webprotege"
collection: "Users"
batch_size: 500
keycloak:
base_url: "http://webprotege-local.edu/keycloak"
realm: "webprotege"
# Admin credentials (client_credentials grant)
admin_realm: "master"
client_id: "admin-cli"
username: "${KEYCLOAK_ADMIN_USERNAME}"
password: "${KEYCLOAK_ADMIN_PASSWORD}"
# Throttle delay between API calls (seconds)
request_delay: 0.1
# Retry settings
max_retries: 3
retry_backoff: 2.0
# ---- Filter Configuration ---------------------------------------------------
# Each filter has: name, enabled, type (exclude|disable|include), and optional params.
#
# Three filter types control migration outcome:
# exclude — matched users are NOT migrated (OR logic: any match → skip)
# disable — matched users are migrated but DISABLED in Keycloak (OR logic)
# include — user must pass ALL enabled include filters to be migrated (AND logic)
#
# Evaluation order: exclude → disable → include (most restrictive wins).
filters:
# -- Exclude filters (enabled by default) --
- name: xss_injection
enabled: true
type: exclude
description: "Exclude users with HTML/script injection patterns in any field"
- name: invalid_email
enabled: true
type: exclude
description: "Exclude users with empty or structurally invalid email addresses"
- name: username_too_long
enabled: false
type: exclude
params:
max_length: 255
description: "Exclude usernames exceeding max length"
- name: regex_username_blocklist
enabled: false
type: exclude
params:
patterns:
- '^\s*$' # blank or whitespace-only
- '^guest\d*$' # guest accounts
description: "Exclude usernames matching any blocklist regex"
- name: duplicate_email
enabled: true
type: exclude
description: "Keep user with the most projects per duplicate email, skip the rest"
# -- Disable filters: matched users are migrated but DISABLED in Keycloak --
# (Add your own disable filters here. Example:)
# - name: no_recent_login
# enabled: true
# type: disable
# params:
# days_since_last_login: 365
# description: "Disable users who haven't logged in for over a year"
# -- Include filters (disabled by default) --
- name: email_domain_whitelist
enabled: false
type: include
params:
domains:
- "example.edu"
description: "Only migrate users from specified email domains"
- name: username_regex_whitelist
enabled: false
type: include
params:
pattern: "^[a-zA-Z].*"
description: "Only migrate usernames matching the regex pattern"
# ---- Progress / Output -------------------------------------------------------
progress:
state_file: "migration_state.json"
log_dir: "logs"