eclipse-tractusx
diff --git a/‎src/keycloak/Keycloak.Seeding/BusinessLogic/AuthenticationFlowsUpdater.cs‎
Lines changed: 86 additions & 86 deletions b/‎src/keycloak/Keycloak.Seeding/BusinessLogic/AuthenticationFlowsUpdater.cs‎
Lines changed: 86 additions & 86 deletions
diff --git a/‎src/keycloak/Keycloak.Seeding/BusinessLogic/ClientScopeMapperUpdater.cs‎
Lines changed: 20 additions & 19 deletions b/‎src/keycloak/Keycloak.Seeding/BusinessLogic/ClientScopeMapperUpdater.cs‎
Lines changed: 20 additions & 19 deletions
diff --git a/‎src/keycloak/Keycloak.Seeding/BusinessLogic/ClientScopesUpdater.cs‎
Lines changed: 49 additions & 36 deletions b/‎src/keycloak/Keycloak.Seeding/BusinessLogic/ClientScopesUpdater.cs‎
Lines changed: 49 additions & 36 deletions
@@ -22,27 +22,22 @@
 using Org.Eclipse.TractusX.Portal.Backend.Keycloak.Factory;
 using Org.Eclipse.TractusX.Portal.Backend.Keycloak.Library;
 using Org.Eclipse.TractusX.Portal.Backend.Keycloak.Library.Models.Roles;
+using Org.Eclipse.TractusX.Portal.Backend.Keycloak.Seeding.Extensions;
+using Org.Eclipse.TractusX.Portal.Backend.Keycloak.Seeding.Models;
 
 namespace Org.Eclipse.TractusX.Portal.Backend.Keycloak.Seeding.BusinessLogic;
 
-public class ClientScopeMapperUpdater : IClientScopeMapperUpdater
+public class ClientScopeMapperUpdater(IKeycloakFactory keycloakFactory, ISeedDataHandler seedDataHandler)
+    : IClientScopeMapperUpdater
 {
-    private readonly IKeycloakFactory _keycloakFactory;
-    private readonly ISeedDataHandler _seedData;
-
-    public ClientScopeMapperUpdater(IKeycloakFactory keycloakFactory, ISeedDataHandler seedDataHandler)
-    {
-        _keycloakFactory = keycloakFactory;
-        _seedData = seedDataHandler;
-    }
-
     public async Task UpdateClientScopeMapper(string instanceName, CancellationToken cancellationToken)
     {
-        var keycloak = _keycloakFactory.CreateKeycloakClient(instanceName);
-        var realm = _seedData.Realm;
+        var keycloak = keycloakFactory.CreateKeycloakClient(instanceName);
+        var realm = seedDataHandler.Realm;
+        var seederConfig = seedDataHandler.GetSpecificConfiguration(ConfigurationKey.ClientScopes);
 
         var clients = await keycloak.GetClientsAsync(realm, null, true, cancellationToken).ConfigureAwait(ConfigureAwaitOptions.None);
-        foreach (var (clientName, mappingModels) in _seedData.ClientScopeMappings)
+        foreach (var (clientName, mappingModels) in seedDataHandler.ClientScopeMappings)
         {
             var client = clients.SingleOrDefault(x => x.ClientId == clientName);
             if (client?.Id is null)
@@ -60,17 +55,23 @@ public async Task UpdateClientScopeMapper(string instanceName, CancellationToken
                 }
                 var clientRoles = await keycloak.GetClientRolesScopeMappingsForClientAsync(realm, clientScope.Id, client.Id, cancellationToken).ConfigureAwait(ConfigureAwaitOptions.None);
                 var mappingModelRoles = mappingModel.Roles?.Select(roleName => roles.SingleOrDefault(r => r.Name == roleName) ?? throw new ConflictException($"No role with name {roleName} found")) ?? Enumerable.Empty<Role>();
-                await AddAndDeleteRoles(keycloak, realm, clientScope.Id, client.Id, clientRoles, mappingModelRoles, cancellationToken).ConfigureAwait(ConfigureAwaitOptions.None);
+                await AddAndDeleteRoles(keycloak, realm, clientScope.Id, client.Id, clientRoles, mappingModelRoles, seederConfig, cancellationToken).ConfigureAwait(ConfigureAwaitOptions.None);
             }
         }
     }
 
-    private static async Task AddAndDeleteRoles(KeycloakClient keycloak, string realm, string clientScopeId, string clientId, IEnumerable<Role> roles, IEnumerable<Role> updateRoles, CancellationToken cancellationToken)
+    private static async Task AddAndDeleteRoles(KeycloakClient keycloak, string realm, string clientScopeId, string clientId, IEnumerable<Role> roles, IEnumerable<Role> updateRoles, KeycloakSeederConfigModel seederConfig, CancellationToken cancellationToken)
     {
-        await updateRoles.ExceptBy(roles.Select(role => role.Name), roleModel => roleModel.Name).IfAnyAwait(rolesToAdd =>
-            keycloak.AddClientRolesScopeMappingToClientAsync(realm, clientScopeId, clientId, rolesToAdd, cancellationToken)).ConfigureAwait(false);
+        await updateRoles
+            .Where(x => seederConfig.ModificationAllowed(ModificationType.Create, x.Name))
+            .ExceptBy(roles.Select(role => role.Name), roleModel => roleModel.Name)
+            .IfAnyAwait(rolesToAdd =>
+                keycloak.AddClientRolesScopeMappingToClientAsync(realm, clientScopeId, clientId, rolesToAdd, cancellationToken)).ConfigureAwait(false);
 
-        await roles.ExceptBy(updateRoles.Select(roleModel => roleModel.Name), role => role.Name).IfAnyAwait(rolesToDelete =>
-            keycloak.RemoveClientRolesFromClientScopeForClientAsync(realm, clientScopeId, clientId, rolesToDelete, cancellationToken)).ConfigureAwait(false);
+        await roles
+            .Where(x => seederConfig.ModificationAllowed(ModificationType.Delete, x.Name))
+            .ExceptBy(updateRoles.Select(roleModel => roleModel.Name), role => role.Name)
+            .IfAnyAwait(rolesToDelete =>
+                keycloak.RemoveClientRolesFromClientScopeForClientAsync(realm, clientScopeId, clientId, rolesToDelete, cancellationToken)).ConfigureAwait(false);
     }
 }
@@ -22,37 +22,38 @@
 using Org.Eclipse.TractusX.Portal.Backend.Keycloak.Library;
 using Org.Eclipse.TractusX.Portal.Backend.Keycloak.Library.Models.ClientScopes;
 using Org.Eclipse.TractusX.Portal.Backend.Keycloak.Library.Models.ProtocolMappers;
+using Org.Eclipse.TractusX.Portal.Backend.Keycloak.Seeding.Extensions;
 using Org.Eclipse.TractusX.Portal.Backend.Keycloak.Seeding.Models;
 
 namespace Org.Eclipse.TractusX.Portal.Backend.Keycloak.Seeding.BusinessLogic;
 
-public class ClientScopesUpdater : IClientScopesUpdater
+public class ClientScopesUpdater(IKeycloakFactory keycloakFactory, ISeedDataHandler seedDataHandler)
+    : IClientScopesUpdater
 {
-    private readonly IKeycloakFactory _keycloakFactory;
-    private readonly ISeedDataHandler _seedData;
-
-    public ClientScopesUpdater(IKeycloakFactory keycloakFactory, ISeedDataHandler seedDataHandler)
-    {
-        _keycloakFactory = keycloakFactory;
-        _seedData = seedDataHandler;
-    }
-
     public async Task UpdateClientScopes(string instanceName, CancellationToken cancellationToken)
     {
-        var keycloak = _keycloakFactory.CreateKeycloakClient(instanceName);
-        var realm = _seedData.Realm;
+        var keycloak = keycloakFactory.CreateKeycloakClient(instanceName);
+        var realm = seedDataHandler.Realm;
+        var seederConfig = seedDataHandler.GetSpecificConfiguration(ConfigurationKey.ClientScopes);
 
         var clientScopes = await keycloak.GetClientScopesAsync(realm, cancellationToken).ConfigureAwait(ConfigureAwaitOptions.None);
-        var seedClientScopes = _seedData.ClientScopes;
+        var seedClientScopes = seedDataHandler.ClientScopes;
 
-        await RemoveObsoleteClientScopes(keycloak, realm, clientScopes, seedClientScopes, cancellationToken).ConfigureAwait(ConfigureAwaitOptions.None);
-        await CreateMissingClientScopes(keycloak, realm, clientScopes, seedClientScopes, cancellationToken).ConfigureAwait(ConfigureAwaitOptions.None);
-        await UpdateExistingClientScopes(keycloak, realm, clientScopes, seedClientScopes, cancellationToken).ConfigureAwait(ConfigureAwaitOptions.None);
+        await CheckAndExecute(ModificationType.Delete, keycloak, realm, clientScopes, seedClientScopes, seederConfig, cancellationToken, RemoveObsoleteClientScopes).ConfigureAwait(ConfigureAwaitOptions.None);
+        await CheckAndExecute(ModificationType.Create, keycloak, realm, clientScopes, seedClientScopes, seederConfig, cancellationToken, CreateMissingClientScopes).ConfigureAwait(ConfigureAwaitOptions.None);
+        await CheckAndExecute(ModificationType.Update, keycloak, realm, clientScopes, seedClientScopes, seederConfig, cancellationToken, UpdateExistingClientScopes).ConfigureAwait(ConfigureAwaitOptions.None);
     }
 
-    private static async Task RemoveObsoleteClientScopes(KeycloakClient keycloak, string realm, IEnumerable<ClientScope> clientScopes, IEnumerable<ClientScopeModel> seedClientScopes, CancellationToken cancellationToken)
+    private static Task CheckAndExecute(ModificationType modificationType, KeycloakClient keycloak, string realm, IEnumerable<ClientScope> clientScopes, IEnumerable<ClientScopeModel> seedClientScopes, KeycloakSeederConfigModel seederConfig, CancellationToken cancellationToken, Func<KeycloakClient, string, IEnumerable<ClientScope>, IEnumerable<ClientScopeModel>, KeycloakSeederConfigModel, CancellationToken, Task> executeLogic) =>
+        seederConfig.ModificationAllowed(modificationType)
+            ? executeLogic(keycloak, realm, clientScopes, seedClientScopes, seederConfig, cancellationToken)
+            : Task.CompletedTask;
+
+    private static async Task RemoveObsoleteClientScopes(KeycloakClient keycloak, string realm, IEnumerable<ClientScope> clientScopes, IEnumerable<ClientScopeModel> seedClientScopes, KeycloakSeederConfigModel seederConfig, CancellationToken cancellationToken)
     {
-        foreach (var deleteScope in clientScopes.ExceptBy(seedClientScopes.Select(x => x.Name), x => x.Name))
+        foreach (var deleteScope in clientScopes
+                     .Where(x => seederConfig.ModificationAllowed(ModificationType.Delete, x.Name))
+                     .ExceptBy(seedClientScopes.Select(x => x.Name), x => x.Name))
         {
             await keycloak.DeleteClientScopeAsync(
                 realm,
@@ -61,32 +62,38 @@ await keycloak.DeleteClientScopeAsync(
         }
     }
 
-    private static async Task CreateMissingClientScopes(KeycloakClient keycloak, string realm, IEnumerable<ClientScope> clientScopes, IEnumerable<ClientScopeModel> seedClientScopes, CancellationToken cancellationToken)
+    private static async Task CreateMissingClientScopes(KeycloakClient keycloak, string realm, IEnumerable<ClientScope> clientScopes, IEnumerable<ClientScopeModel> seedClientScopes, KeycloakSeederConfigModel seederConfig, CancellationToken cancellationToken)
     {
-        foreach (var addScope in seedClientScopes.ExceptBy(clientScopes.Select(x => x.Name), x => x.Name))
+        foreach (var addScope in seedClientScopes
+                     .Where(x => seederConfig.ModificationAllowed(ModificationType.Create, x.Name))
+                     .ExceptBy(clientScopes.Select(x => x.Name), x => x.Name))
         {
             await keycloak.CreateClientScopeAsync(realm, CreateClientScope(null, addScope, true), cancellationToken).ConfigureAwait(ConfigureAwaitOptions.None);
         }
     }
 
-    private static async Task UpdateExistingClientScopes(KeycloakClient keycloak, string realm, IEnumerable<ClientScope> clientScopes, IEnumerable<ClientScopeModel> seedClientScopes, CancellationToken cancellationToken)
+    private static async Task UpdateExistingClientScopes(KeycloakClient keycloak, string realm, IEnumerable<ClientScope> clientScopes, IEnumerable<ClientScopeModel> seedClientScopes, KeycloakSeederConfigModel seederConfig, CancellationToken cancellationToken)
     {
         foreach (var (clientScope, update) in clientScopes
+            .Where(x => seederConfig.ModificationAllowed(ModificationType.Update, x.Name))
             .Join(
                 seedClientScopes,
                 x => x.Name,
                 x => x.Name,
                 (clientScope, update) => (ClientScope: clientScope, Update: update)))
         {
-            await UpdateClientScopeWithProtocolMappers(keycloak, realm, clientScope, update, cancellationToken).ConfigureAwait(ConfigureAwaitOptions.None);
+            await UpdateClientScopeWithProtocolMappers(keycloak, realm, clientScope, update, seederConfig, cancellationToken).ConfigureAwait(ConfigureAwaitOptions.None);
         }
     }
 
-    private static async Task UpdateClientScopeWithProtocolMappers(KeycloakClient keycloak, string realm, ClientScope clientScope, ClientScopeModel update, CancellationToken cancellationToken)
+    private static async Task UpdateClientScopeWithProtocolMappers(KeycloakClient keycloak, string realm, ClientScope clientScope, ClientScopeModel update, KeycloakSeederConfigModel seederConfig, CancellationToken cancellationToken)
     {
         if (clientScope.Id == null)
             throw new ConflictException($"clientScope.Id is null: {clientScope.Name}");
 
+        if (clientScope.Name == null)
+            throw new ConflictException($"clientScope.Name is null: {clientScope.Name}");
+
         if (!CompareClientScope(clientScope, update))
         {
             await keycloak.UpdateClientScopeAsync(
@@ -99,14 +106,16 @@ await keycloak.UpdateClientScopeAsync(
         var mappers = clientScope.ProtocolMappers ?? Enumerable.Empty<ProtocolMapper>();
         var updateMappers = update.ProtocolMappers ?? Enumerable.Empty<ProtocolMapperModel>();
 
-        await DeleteObsoleteProtocolMappers(keycloak, realm, clientScope.Id, mappers, updateMappers, cancellationToken).ConfigureAwait(ConfigureAwaitOptions.None);
-        await CreateMissingProtocolMappers(keycloak, realm, clientScope.Id, mappers, updateMappers, cancellationToken).ConfigureAwait(ConfigureAwaitOptions.None);
-        await UpdateExistingProtocolMappers(keycloak, realm, clientScope.Id, mappers, updateMappers, cancellationToken).ConfigureAwait(ConfigureAwaitOptions.None);
+        await DeleteObsoleteProtocolMappers(keycloak, realm, clientScope.Name, clientScope.Id, mappers, updateMappers, seederConfig, cancellationToken).ConfigureAwait(ConfigureAwaitOptions.None);
+        await CreateMissingProtocolMappers(keycloak, realm, clientScope.Name, clientScope.Id, mappers, updateMappers, seederConfig, cancellationToken).ConfigureAwait(ConfigureAwaitOptions.None);
+        await UpdateExistingProtocolMappers(keycloak, realm, clientScope.Name, clientScope.Id, mappers, updateMappers, seederConfig, cancellationToken).ConfigureAwait(ConfigureAwaitOptions.None);
     }
 
-    private static async Task DeleteObsoleteProtocolMappers(KeycloakClient keycloak, string realm, string clientScopeId, IEnumerable<ProtocolMapper> mappers, IEnumerable<ProtocolMapperModel> updateMappers, CancellationToken cancellationToken)
+    private static async Task DeleteObsoleteProtocolMappers(KeycloakClient keycloak, string realm, string clientScopeName, string clientScopeId, IEnumerable<ProtocolMapper> mappers, IEnumerable<ProtocolMapperModel> updateMappers, KeycloakSeederConfigModel seederConfig, CancellationToken cancellationToken)
     {
-        foreach (var mapper in mappers.ExceptBy(updateMappers.Select(x => x.Name), x => x.Name))
+        foreach (var mapper in mappers
+                     .Where(x => seederConfig.ModificationAllowed(clientScopeName, ConfigurationKey.ProtocolMappers, ModificationType.Delete, x.Name))
+                     .ExceptBy(updateMappers.Select(x => x.Name), x => x.Name))
         {
             await keycloak.DeleteProtocolMapperAsync(
                 realm,
@@ -116,9 +125,11 @@ await keycloak.DeleteProtocolMapperAsync(
         }
     }
 
-    private static async Task CreateMissingProtocolMappers(KeycloakClient keycloak, string realm, string clientScopeId, IEnumerable<ProtocolMapper> mappers, IEnumerable<ProtocolMapperModel> updateMappers, CancellationToken cancellationToken)
+    private static async Task CreateMissingProtocolMappers(KeycloakClient keycloak, string realm, string clientScopeName, string clientScopeId, IEnumerable<ProtocolMapper> mappers, IEnumerable<ProtocolMapperModel> updateMappers, KeycloakSeederConfigModel seederConfig, CancellationToken cancellationToken)
     {
-        foreach (var update in updateMappers.ExceptBy(mappers.Select(x => x.Name), x => x.Name))
+        foreach (var update in updateMappers
+                     .Where(x => seederConfig.ModificationAllowed(clientScopeName, ConfigurationKey.ProtocolMappers, ModificationType.Create, x.Name))
+                     .ExceptBy(mappers.Select(x => x.Name), x => x.Name))
         {
             await keycloak.CreateProtocolMapperAsync(
                 realm,
@@ -128,13 +139,15 @@ await keycloak.CreateProtocolMapperAsync(
         }
     }
 
-    private static async Task UpdateExistingProtocolMappers(KeycloakClient keycloak, string realm, string clientScopeId, IEnumerable<ProtocolMapper> mappers, IEnumerable<ProtocolMapperModel> updateMappers, CancellationToken cancellationToken)
+    private static async Task UpdateExistingProtocolMappers(KeycloakClient keycloak, string realm, string clientScopeName, string clientScopeId, IEnumerable<ProtocolMapper> mappers, IEnumerable<ProtocolMapperModel> updateMappers, KeycloakSeederConfigModel seederConfig, CancellationToken cancellationToken)
     {
-        foreach (var (mapper, update) in mappers.Join(
-            updateMappers,
-            x => x.Name,
-            x => x.Name,
-            (mapper, update) => (Mapper: mapper, Update: update))
+        foreach (var (mapper, update) in mappers
+            .Where(x => seederConfig.ModificationAllowed(clientScopeName, ConfigurationKey.ProtocolMappers, ModificationType.Update, x.Name))
+            .Join(
+                updateMappers,
+                x => x.Name,
+                x => x.Name,
+                (mapper, update) => (Mapper: mapper, Update: update))
             .Where(x => !ProtocolMappersUpdater.CompareProtocolMapper(x.Mapper, x.Update)))
         {
             await keycloak.UpdateProtocolMapperAsync(
Original file line number	Diff line number	Diff line change
`@@ -22,37 +22,38 @@`
`22`	`22`	`using Org.Eclipse.TractusX.Portal.Backend.Keycloak.Library;`
`23`	`23`	`using Org.Eclipse.TractusX.Portal.Backend.Keycloak.Library.Models.ClientScopes;`
`24`	`24`	`using Org.Eclipse.TractusX.Portal.Backend.Keycloak.Library.Models.ProtocolMappers;`
	`25`	`+using Org.Eclipse.TractusX.Portal.Backend.Keycloak.Seeding.Extensions;`
`25`	`26`	`using Org.Eclipse.TractusX.Portal.Backend.Keycloak.Seeding.Models;`
`26`	`27`
`27`	`28`	`namespace Org.Eclipse.TractusX.Portal.Backend.Keycloak.Seeding.BusinessLogic;`
`28`	`29`
`29`		`-public class ClientScopesUpdater : IClientScopesUpdater`
	`30`	`+public class ClientScopesUpdater(IKeycloakFactory keycloakFactory, ISeedDataHandler seedDataHandler)`
	`31`	`+ : IClientScopesUpdater`
`30`	`32`	`{`
`31`		`- private readonly IKeycloakFactory _keycloakFactory;`
`32`		`- private readonly ISeedDataHandler _seedData;`
`33`		`-`
`34`		`- public ClientScopesUpdater(IKeycloakFactory keycloakFactory, ISeedDataHandler seedDataHandler)`
`35`		`- {`
`36`		`- _keycloakFactory = keycloakFactory;`
`37`		`- _seedData = seedDataHandler;`
`38`		`- }`
`39`		`-`
`40`	`33`	`public async Task UpdateClientScopes(string instanceName, CancellationToken cancellationToken)`
`41`	`34`	`{`
`42`		`- var keycloak = _keycloakFactory.CreateKeycloakClient(instanceName);`
`43`		`- var realm = _seedData.Realm;`
	`35`	`+ var keycloak = keycloakFactory.CreateKeycloakClient(instanceName);`
	`36`	`+ var realm = seedDataHandler.Realm;`
	`37`	`+ var seederConfig = seedDataHandler.GetSpecificConfiguration(ConfigurationKey.ClientScopes);`
`44`	`38`
`45`	`39`	`var clientScopes = await keycloak.GetClientScopesAsync(realm, cancellationToken).ConfigureAwait(ConfigureAwaitOptions.None);`
`46`		`- var seedClientScopes = _seedData.ClientScopes;`
	`40`	`+ var seedClientScopes = seedDataHandler.ClientScopes;`
`47`	`41`
`48`		`- await RemoveObsoleteClientScopes(keycloak, realm, clientScopes, seedClientScopes, cancellationToken).ConfigureAwait(ConfigureAwaitOptions.None);`
`49`		`- await CreateMissingClientScopes(keycloak, realm, clientScopes, seedClientScopes, cancellationToken).ConfigureAwait(ConfigureAwaitOptions.None);`
`50`		`- await UpdateExistingClientScopes(keycloak, realm, clientScopes, seedClientScopes, cancellationToken).ConfigureAwait(ConfigureAwaitOptions.None);`
	`42`	`+ await CheckAndExecute(ModificationType.Delete, keycloak, realm, clientScopes, seedClientScopes, seederConfig, cancellationToken, RemoveObsoleteClientScopes).ConfigureAwait(ConfigureAwaitOptions.None);`
	`43`	`+ await CheckAndExecute(ModificationType.Create, keycloak, realm, clientScopes, seedClientScopes, seederConfig, cancellationToken, CreateMissingClientScopes).ConfigureAwait(ConfigureAwaitOptions.None);`
	`44`	`+ await CheckAndExecute(ModificationType.Update, keycloak, realm, clientScopes, seedClientScopes, seederConfig, cancellationToken, UpdateExistingClientScopes).ConfigureAwait(ConfigureAwaitOptions.None);`
`51`	`45`	`}`
`52`	`46`
`53`		`- private static async Task RemoveObsoleteClientScopes(KeycloakClient keycloak, string realm, IEnumerable<ClientScope> clientScopes, IEnumerable<ClientScopeModel> seedClientScopes, CancellationToken cancellationToken)`
	`47`	`+ private static Task CheckAndExecute(ModificationType modificationType, KeycloakClient keycloak, string realm, IEnumerable<ClientScope> clientScopes, IEnumerable<ClientScopeModel> seedClientScopes, KeycloakSeederConfigModel seederConfig, CancellationToken cancellationToken, Func<KeycloakClient, string, IEnumerable<ClientScope>, IEnumerable<ClientScopeModel>, KeycloakSeederConfigModel, CancellationToken, Task> executeLogic) =>`
	`48`	`+ seederConfig.ModificationAllowed(modificationType)`
	`49`	`+ ? executeLogic(keycloak, realm, clientScopes, seedClientScopes, seederConfig, cancellationToken)`
	`50`	`+ : Task.CompletedTask;`
	`51`	`+`
	`52`	`+ private static async Task RemoveObsoleteClientScopes(KeycloakClient keycloak, string realm, IEnumerable<ClientScope> clientScopes, IEnumerable<ClientScopeModel> seedClientScopes, KeycloakSeederConfigModel seederConfig, CancellationToken cancellationToken)`
`54`	`53`	`{`
`55`		`- foreach (var deleteScope in clientScopes.ExceptBy(seedClientScopes.Select(x => x.Name), x => x.Name))`
	`54`	`+ foreach (var deleteScope in clientScopes`
	`55`	`+ .Where(x => seederConfig.ModificationAllowed(ModificationType.Delete, x.Name))`
	`56`	`+ .ExceptBy(seedClientScopes.Select(x => x.Name), x => x.Name))`
`56`	`57`	`{`
`57`	`58`	`await keycloak.DeleteClientScopeAsync(`
`58`	`59`	`realm,`
`@@ -61,32 +62,38 @@ await keycloak.DeleteClientScopeAsync(`
`61`	`62`	`}`
`62`	`63`	`}`
`63`	`64`
`64`		`- private static async Task CreateMissingClientScopes(KeycloakClient keycloak, string realm, IEnumerable<ClientScope> clientScopes, IEnumerable<ClientScopeModel> seedClientScopes, CancellationToken cancellationToken)`
	`65`	`+ private static async Task CreateMissingClientScopes(KeycloakClient keycloak, string realm, IEnumerable<ClientScope> clientScopes, IEnumerable<ClientScopeModel> seedClientScopes, KeycloakSeederConfigModel seederConfig, CancellationToken cancellationToken)`
`65`	`66`	`{`
`66`		`- foreach (var addScope in seedClientScopes.ExceptBy(clientScopes.Select(x => x.Name), x => x.Name))`
	`67`	`+ foreach (var addScope in seedClientScopes`
	`68`	`+ .Where(x => seederConfig.ModificationAllowed(ModificationType.Create, x.Name))`
	`69`	`+ .ExceptBy(clientScopes.Select(x => x.Name), x => x.Name))`
`67`	`70`	`{`
`68`	`71`	`await keycloak.CreateClientScopeAsync(realm, CreateClientScope(null, addScope, true), cancellationToken).ConfigureAwait(ConfigureAwaitOptions.None);`
`69`	`72`	`}`
`70`	`73`	`}`
`71`	`74`
`72`		`- private static async Task UpdateExistingClientScopes(KeycloakClient keycloak, string realm, IEnumerable<ClientScope> clientScopes, IEnumerable<ClientScopeModel> seedClientScopes, CancellationToken cancellationToken)`
	`75`	`+ private static async Task UpdateExistingClientScopes(KeycloakClient keycloak, string realm, IEnumerable<ClientScope> clientScopes, IEnumerable<ClientScopeModel> seedClientScopes, KeycloakSeederConfigModel seederConfig, CancellationToken cancellationToken)`
`73`	`76`	`{`
`74`	`77`	`foreach (var (clientScope, update) in clientScopes`
	`78`	`+ .Where(x => seederConfig.ModificationAllowed(ModificationType.Update, x.Name))`
`75`	`79`	`.Join(`
`76`	`80`	`seedClientScopes,`
`77`	`81`	`x => x.Name,`
`78`	`82`	`x => x.Name,`
`79`	`83`	`(clientScope, update) => (ClientScope: clientScope, Update: update)))`
`80`	`84`	`{`
`81`		`- await UpdateClientScopeWithProtocolMappers(keycloak, realm, clientScope, update, cancellationToken).ConfigureAwait(ConfigureAwaitOptions.None);`
	`85`	`+ await UpdateClientScopeWithProtocolMappers(keycloak, realm, clientScope, update, seederConfig, cancellationToken).ConfigureAwait(ConfigureAwaitOptions.None);`
`82`	`86`	`}`
`83`	`87`	`}`
`84`	`88`
`85`		`- private static async Task UpdateClientScopeWithProtocolMappers(KeycloakClient keycloak, string realm, ClientScope clientScope, ClientScopeModel update, CancellationToken cancellationToken)`
	`89`	`+ private static async Task UpdateClientScopeWithProtocolMappers(KeycloakClient keycloak, string realm, ClientScope clientScope, ClientScopeModel update, KeycloakSeederConfigModel seederConfig, CancellationToken cancellationToken)`
`86`	`90`	`{`
`87`	`91`	`if (clientScope.Id == null)`
`88`	`92`	`throw new ConflictException($"clientScope.Id is null: {clientScope.Name}");`
`89`	`93`
	`94`	`+ if (clientScope.Name == null)`
	`95`	`+ throw new ConflictException($"clientScope.Name is null: {clientScope.Name}");`
	`96`	`+`
`90`	`97`	`if (!CompareClientScope(clientScope, update))`
`91`	`98`	`{`
`92`	`99`	`await keycloak.UpdateClientScopeAsync(`
`@@ -99,14 +106,16 @@ await keycloak.UpdateClientScopeAsync(`
`99`	`106`	`var mappers = clientScope.ProtocolMappers ?? Enumerable.Empty<ProtocolMapper>();`
`100`	`107`	`var updateMappers = update.ProtocolMappers ?? Enumerable.Empty<ProtocolMapperModel>();`
`101`	`108`
`102`		`- await DeleteObsoleteProtocolMappers(keycloak, realm, clientScope.Id, mappers, updateMappers, cancellationToken).ConfigureAwait(ConfigureAwaitOptions.None);`
`103`		`- await CreateMissingProtocolMappers(keycloak, realm, clientScope.Id, mappers, updateMappers, cancellationToken).ConfigureAwait(ConfigureAwaitOptions.None);`
`104`		`- await UpdateExistingProtocolMappers(keycloak, realm, clientScope.Id, mappers, updateMappers, cancellationToken).ConfigureAwait(ConfigureAwaitOptions.None);`
	`109`	`+ await DeleteObsoleteProtocolMappers(keycloak, realm, clientScope.Name, clientScope.Id, mappers, updateMappers, seederConfig, cancellationToken).ConfigureAwait(ConfigureAwaitOptions.None);`
	`110`	`+ await CreateMissingProtocolMappers(keycloak, realm, clientScope.Name, clientScope.Id, mappers, updateMappers, seederConfig, cancellationToken).ConfigureAwait(ConfigureAwaitOptions.None);`
	`111`	`+ await UpdateExistingProtocolMappers(keycloak, realm, clientScope.Name, clientScope.Id, mappers, updateMappers, seederConfig, cancellationToken).ConfigureAwait(ConfigureAwaitOptions.None);`
`105`	`112`	`}`
`106`	`113`
`107`		`- private static async Task DeleteObsoleteProtocolMappers(KeycloakClient keycloak, string realm, string clientScopeId, IEnumerable<ProtocolMapper> mappers, IEnumerable<ProtocolMapperModel> updateMappers, CancellationToken cancellationToken)`
	`114`	`+ private static async Task DeleteObsoleteProtocolMappers(KeycloakClient keycloak, string realm, string clientScopeName, string clientScopeId, IEnumerable<ProtocolMapper> mappers, IEnumerable<ProtocolMapperModel> updateMappers, KeycloakSeederConfigModel seederConfig, CancellationToken cancellationToken)`
`108`	`115`	`{`
`109`		`- foreach (var mapper in mappers.ExceptBy(updateMappers.Select(x => x.Name), x => x.Name))`
	`116`	`+ foreach (var mapper in mappers`
	`117`	`+ .Where(x => seederConfig.ModificationAllowed(clientScopeName, ConfigurationKey.ProtocolMappers, ModificationType.Delete, x.Name))`
	`118`	`+ .ExceptBy(updateMappers.Select(x => x.Name), x => x.Name))`
`110`	`119`	`{`
`111`	`120`	`await keycloak.DeleteProtocolMapperAsync(`
`112`	`121`	`realm,`
`@@ -116,9 +125,11 @@ await keycloak.DeleteProtocolMapperAsync(`
`116`	`125`	`}`
`117`	`126`	`}`
`118`	`127`
`119`		`- private static async Task CreateMissingProtocolMappers(KeycloakClient keycloak, string realm, string clientScopeId, IEnumerable<ProtocolMapper> mappers, IEnumerable<ProtocolMapperModel> updateMappers, CancellationToken cancellationToken)`
	`128`	`+ private static async Task CreateMissingProtocolMappers(KeycloakClient keycloak, string realm, string clientScopeName, string clientScopeId, IEnumerable<ProtocolMapper> mappers, IEnumerable<ProtocolMapperModel> updateMappers, KeycloakSeederConfigModel seederConfig, CancellationToken cancellationToken)`
`120`	`129`	`{`
`121`		`- foreach (var update in updateMappers.ExceptBy(mappers.Select(x => x.Name), x => x.Name))`
	`130`	`+ foreach (var update in updateMappers`
	`131`	`+ .Where(x => seederConfig.ModificationAllowed(clientScopeName, ConfigurationKey.ProtocolMappers, ModificationType.Create, x.Name))`
	`132`	`+ .ExceptBy(mappers.Select(x => x.Name), x => x.Name))`
`122`	`133`	`{`
`123`	`134`	`await keycloak.CreateProtocolMapperAsync(`
`124`	`135`	`realm,`
`@@ -128,13 +139,15 @@ await keycloak.CreateProtocolMapperAsync(`
`128`	`139`	`}`
`129`	`140`	`}`
`130`	`141`
`131`		`- private static async Task UpdateExistingProtocolMappers(KeycloakClient keycloak, string realm, string clientScopeId, IEnumerable<ProtocolMapper> mappers, IEnumerable<ProtocolMapperModel> updateMappers, CancellationToken cancellationToken)`
	`142`	`+ private static async Task UpdateExistingProtocolMappers(KeycloakClient keycloak, string realm, string clientScopeName, string clientScopeId, IEnumerable<ProtocolMapper> mappers, IEnumerable<ProtocolMapperModel> updateMappers, KeycloakSeederConfigModel seederConfig, CancellationToken cancellationToken)`
`132`	`143`	`{`
`133`		`- foreach (var (mapper, update) in mappers.Join(`
`134`		`- updateMappers,`
`135`		`- x => x.Name,`
`136`		`- x => x.Name,`
`137`		`- (mapper, update) => (Mapper: mapper, Update: update))`
	`144`	`+ foreach (var (mapper, update) in mappers`
	`145`	`+ .Where(x => seederConfig.ModificationAllowed(clientScopeName, ConfigurationKey.ProtocolMappers, ModificationType.Update, x.Name))`
	`146`	`+ .Join(`
	`147`	`+ updateMappers,`
	`148`	`+ x => x.Name,`
	`149`	`+ x => x.Name,`
	`150`	`+ (mapper, update) => (Mapper: mapper, Update: update))`
`138`	`151`	`.Where(x => !ProtocolMappersUpdater.CompareProtocolMapper(x.Mapper, x.Update)))`
`139`	`152`	`{`
`140`	`153`	`await keycloak.UpdateProtocolMapperAsync(`