Narrative

Currently, it is not possible in Keycloak to configure a realm specific objects via the Admin REST API.
For instance, users can obtain a keycloak json file that contains the realm configuration (e.g by doing a realm export via UI). But when adjusted the json configuration file and uploaded it using CLI tool for Admin REST API operations, then every object gets updated.
again via "kcadm.sh update realms/..." command. In the current state of the kcadm-tool / rest api, this is not possible since not every object gets updated.

For their functional requirements perspective, customers would want to have every object to be updatable via the REST API interfaces.

For example, a customer may want Keycloak to fulfil the following use-case scenario:

• Do a realm export via the Admin UI to obtain the json file
• define or update the 'defaultOptionalClientScopes' in the json file
• remove one of the default listed scopes (e.g. 'offline_access')
• upload json file via CLI using 'kcadm.sh update realms/master ...'
• Check in the Admin UI if the 'offline_access' scope got removed from the default optional client scopes attribute.

Value proposition

• Enables a strong infrastructure as code pattern
• Provides the ability to maintain and update a keycloak instance by code
• This is in-line with the work planned to support the Operator's Realm and Client CRs (aka, the effort put into redesigning the APIs for a v2)

Acceptance Criteria

• TBD