User update without groups deletes previously set groups from user

[juthilo]

Current Behavior

When I include an existing user in my import file and don't list any groups, the CLI removes all of the previously set groups for that user.

Expected Behavior

For lower levels as well, the CLI should only update and delete resources or attributes if a certain key is set at all. I.e., if no groups key is set on a user, the import should leave the existing user's groups untouched.

(This assumption according to the behavior listed in docs/MANAGED.md )

Steps To Reproduce

1. Create a user `user@example.com`.
2. Add the user to the import file, leave out groups key
3. Run import
4. Groups will be deleted even though no groups key was present:

Environment

• Keycloak Version: 25.0.2
• keycloak-config-cli Version: v6.1.5
• Java Version: 21

Anything else?

Example user yaml without groups:

- username: user@example.com
 enabled: true
 emailVerified: true
 firstName: User
 lastName: Example
 email: user@example.com
 realmRoles:
   - ...

Example log statements showing deletion of previously assigned group:

No need to update user 'user@example.com' in realm 'realm'
Remove groups [/xyz] from user 'user@example.com' in realm 'realm'