OpenIAM provides a utility to import and export system objects such as roles, groups, organizations, resources, and authentication or content providers using dedicated Python scripts. This feature is ideal for migrating configurations between environments (e.g., dev → staging → prod), performing bulk updates, or backing up configuration state.

Overview

The utility includes two Python scripts: • export.py — Exports the specified object type(s) from a source database • import.py — Imports object data into a target database

Both scripts use a shared configuration file to define connection parameters and behavior.

Configuration File

The configuration file (in .json or .yaml format) defines:

• Source and target database connections
• Object type(s) to process
• Whether to update existing objects on import
• The destination directory for exported data

{
  "source_db": {
    "host": "localhost",
    "port": 5432,
    "database": "openiam_dev",
    "user": "openiam",
    "password": "devpass"
  },
  "target_db": {
    "host": "localhost",
    "port": 5432,
    "database": "openiam_prod",
    "user": "openiam",
    "password": "prodpass"
  },
  "object": "role",
  "update_existing": true,
  "export_path": "./exports"
}

Supported Object Types

Executing the script

python export.py --config config.json

python import.py --config config.json

Recommendations

• Always validate objects in a lower environment before importing into production
• Ensure the source and target OpenIAM versions are compatible
• Use separate config files or folders for each object type or environment
• Avoid setting update_existing: true unless you’re certain that changes should overwrite existing definitions
• Store exported files in version control (if needed) to track configuration changes