[Hawkular-dev] Should Keycloak integration be optional?

Juraci Paixão Kröhling jpkroehling at redhat.com
Tue Jan 27 09:21:03 EST 2015 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 01/27/2015 10:34 AM, Thomas Segismont wrote:
> Le 26/01/2015 09:59, Thomas Heute a écrit :
>> In terms of priority, we should focus on Hawkular (not just
>> metrics)
> 
> Agreed
> 
>> with Keycloak support and having it optional is not the
>> priority.
> 
> Some more context maybe. I asked the question during the hangout
> and here's why. The PR as-is makes it impossible: * to start a
> development container without KC * to run tests/integration tests
> without KC * to install a metrics server without KC

While I agree that an optional KC would make the above points easier,
I'm failing to see the concrete advantages that it would bring,
specially considering that the main code will depend on features that
KC is today bringing (multi tenancy security, for one).

For instance, to start a development environment, one can run the
start.sh script that currently takes care of installing Wildfly and
Cassandra. With the PR, KC is added to this mix.

About the integration tests, I'd argue that the correct way to run the
integration tests is with the security framework enabled, whatever
this framework is. The reason being that this framework (plus the
container itself) would provide tenant information to the target code.
What we have on the PR is exactly this: the tests know nothing about
KC, the target code knows nothing about KC, but KC is installed on the
container and provides user information to the target code (or blocks
the request, if the wrong credentials are provided). For tests where
no tenant-specific logic is performed, a common credential can be used
for all tests, which would make more sense than disabling the security
framework for those tests.

I'm not sure what you mean in your last point, though.

> From my perspective, that's important enough to consider making it
> or optional or holding the merge to let us think more about the
> problem.
> 

Indeed! I think discussing this at this phase is critical, so that we
can get into a consensus about the expectations :-)

- - Juca.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQEcBAEBAgAGBQJUx57PAAoJECKM1e+fkPrXAo4H+we+iMpdNIiYhUAEzkssFNGh
jE2BdLmyUaKbciswTrxY8nC5xruqz3h77n5bNZhF/oyeygePxgB+MmIt14Bnrxej
ht35GzAZBLRiLz7Ybt9dubkiOc8D5fUUM7CmZjpQ7ZNwdOg2r0XRyh8DGfWV+nlV
BoaEV5HvxBu9FLIPhrY9Bc6woTv8H4vJdf1/VPU7c6+D55LHX8IL7tbxrQsmLYq1
QWq8h892fpLCOrbri6kw/o3xUV9X80As5ovIQUOzlGrvsuyT/PwwbmVwCjZ8hwfC
QnaiqKHfzadz8Wl3cuDSFU7/P5cC3SAWiOvZPXFXJ0CHu4Dk7UMQAevrwguHEFE=
=Hh/n
-----END PGP SIGNATURE-----

More information about the hawkular-dev mailing list