<div dir="ltr">Being a KC user and possibly one of those pesky external contributors, I'd like to throw in a few cents...<div><br></div><div>1. Github is key to open source developers, but at least 50% of the "Senior Software Developers" I work with have no clue about it, Linux, tar, or pipes. These developers have always worked for companies developing closed source software, know git only because we have a local git repo and someone wrote a wiki page on how to use it from IntelliJ, and aren't the ones selecting 3rd party libraries to use (which are then loaded into our Nexus repo and magically show up in their builds.)<br></div><div>2. We have a home-grown authentication / authorization system that is extremely similar to KC. We used Spring Security OAuth, but almost all layers of it were replaced by custom implementations to make it hook into our legacy login system, build tokens with a ton of data in them, and integrate with SAML. I think we have close to a million users on our production system.</div><div>3. The main reason I picked KC over using Spring Security OAuth for the home project I'm working on were the instructional videos Bill did. More than any example can possibly do, they helped jump start my understanding of KC and showed how to integrate it. After watching those, the examples turned into a library to copy and paste from.</div><div>4. For projects which don't have much documentation (KC is extremely well documented), cloning an example and playing with it is my preferred way of getting to know a new library/solution. To that extent, having the examples in a separate Git repo (or one repo per platform the exampled target) does help.</div><div><br></div><div>Alain</div><div><br></div></div><div class="gmail_extra"><br><div class="gmail_quote">On Wed, Dec 3, 2014 at 7:28 AM, Stian Thorgersen <span dir="ltr"><<a href="mailto:stian@redhat.com" target="_blank">stian@redhat.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><span class=""><br>
<br>
----- Original Message -----<br>
> From: "Bill Burke" <<a href="mailto:bburke@redhat.com">bburke@redhat.com</a>><br>
> To: "Stian Thorgersen" <<a href="mailto:stian@redhat.com">stian@redhat.com</a>><br>
> Cc: <a href="mailto:keycloak-dev@lists.jboss.org">keycloak-dev@lists.jboss.org</a><br>
</span><div><div class="h5">> Sent: Wednesday, 3 December, 2014 3:03:51 PM<br>
> Subject: Re: [keycloak-dev] release? Stan?<br>
><br>
><br>
><br>
> On 12/3/2014 2:38 AM, Stian Thorgersen wrote:<br>
> ><br>
> ><br>
> > ----- Original Message -----<br>
> >> From: "Bill Burke" <<a href="mailto:bburke@redhat.com">bburke@redhat.com</a>><br>
> >> To: "Stian Thorgersen" <<a href="mailto:stian@redhat.com">stian@redhat.com</a>><br>
> >> Cc: <a href="mailto:keycloak-dev@lists.jboss.org">keycloak-dev@lists.jboss.org</a><br>
> >> Sent: Tuesday, 2 December, 2014 5:31:12 PM<br>
> >> Subject: Re: [keycloak-dev] release? Stan?<br>
> >><br>
> >><br>
> >><br>
> >> On 12/2/2014 10:53 AM, Stian Thorgersen wrote:<br>
> >>><br>
> >>><br>
> >>> ----- Original Message -----<br>
> >>>> From: "Bill Burke" <<a href="mailto:bburke@redhat.com">bburke@redhat.com</a>><br>
> >>>> To: "Stian Thorgersen" <<a href="mailto:stian@redhat.com">stian@redhat.com</a>><br>
> >>>> Cc: <a href="mailto:keycloak-dev@lists.jboss.org">keycloak-dev@lists.jboss.org</a><br>
> >>>> Sent: Tuesday, 2 December, 2014 4:11:19 PM<br>
> >>>> Subject: Re: [keycloak-dev] release? Stan?<br>
> >>>><br>
> >>>><br>
> >>>><br>
> >>>> On 12/2/2014 9:02 AM, Stian Thorgersen wrote:<br>
> >>>>><br>
> >>>>><br>
> >>>>> ----- Original Message -----<br>
> >>>>>> From: "Bill Burke" <<a href="mailto:bburke@redhat.com">bburke@redhat.com</a>><br>
> >>>>>> To: <a href="mailto:keycloak-dev@lists.jboss.org">keycloak-dev@lists.jboss.org</a><br>
> >>>>>> Sent: Tuesday, 2 December, 2014 2:38:32 PM<br>
> >>>>>> Subject: Re: [keycloak-dev] release? Stan?<br>
> >>>>>><br>
> >>>>>><br>
> >>>>>><br>
> >>>>>> On 12/2/2014 7:55 AM, Stan Silvert wrote:<br>
> >>>>>>> On 12/2/2014 4:52 AM, Stian Thorgersen wrote:<br>
> >>>>>>>> Should we upgrade to WF 8.2 and also do some changes to the distro<br>
> >>>>>>>> before<br>
> >>>>>>>> release?<br>
> >>>>>>> I don't see a reason not to go to WF 8.2. If we do that, let me know<br>
> >>>>>>> so<br>
> >>>>>>> I can run a quick smoke test on the subsystem before we release.<br>
> >>>>>>>><br>
> >>>>>>>> With regards to distro we should move the adapters and examples into<br>
> >>>>>>>> separate downloads. Also, we should move the examples into a<br>
> >>>>>>>> separate<br>
> >>>>>>>> github project (keycloak/keycloak-examples). This will make it<br>
> >>>>>>>> easier<br>
> >>>>>>>> for<br>
> >>>>>>>> those that wants to fork the examples separately.<br>
> >>>>>>>><br>
> >>>>>>>> Also, we should consider a download based on the web-lite profile.<br>
> >>>>>>>> For<br>
> >>>>>>>> non-JavaEE apps, containers (Docker) and those that want to run a<br>
> >>>>>>>> standalone KC server it would be nice to have a small as possible<br>
> >>>>>>>> distro.<br>
> >>>>>>> Depending on how the feature pack turns out, we might be able to<br>
> >>>>>>> offer<br>
> >>>>>>> many flavors of the appliance distro without any additional effort.<br>
> >>>>>>> We<br>
> >>>>>>> could have:<br>
> >>>>>>> EAP6 + Keycloak<br>
> >>>>>>> AS7 + Keycloak<br>
> >>>>>>> WF8 (web) + Keycloak<br>
> >>>>>>> WF8 (full) + Keycloak<br>
> >>>>>>> WF 9 beta (web) + Keycloak<br>
> >>>>>>> WF 9 beta (full) + Keycloak<br>
> >>>>>>> etc.<br>
> >>>>>>><br>
> >>>>>><br>
> >>>>>> IMO, we just need:<br>
> >>>>>> * war-dist<br>
> >>>>>> * appliance-dist<br>
> >>>>>><br>
> >>>>>> Appliance distribution would have the most stable platform available.<br>
> >>>>>> Since we can't distribute EAP, then it would be the most stable and<br>
> >>>>>> maintained version of Wildfly that allows us to cluster and deploy<br>
> >>>>>> Keycloak.<br>
> >>>>><br>
> >>>>> Our download at the moment is 160MB and is really aimed at the<br>
> >>>>> first-time<br>
> >>>>> JavaEE user (bundled with examples and documentation). Why should we<br>
> >>>>> require someone that just wants to upgrade their server to download all<br>
> >>>>> of<br>
> >>>>> that? There'll also be loads of people that don't need the JavaEE<br>
> >>>>> parts,<br>
> >>>>> a<br>
> >>>>> NodeJS developer or deploying to cloud for example. I think we could<br>
> >>>>> easily have a standalone Keycloak server download that'd be around<br>
> >>>>> 30MB.<br>
> >>>>><br>
> >>>>> IMO we should have:<br>
> >>>>><br>
> >>>>> * Minimal server (based on WildFly web/core)<br>
> >>>>> * Full server (based on WildFly full)<br>
> >>>>> * Feature pack - to easily install onto other version of WF, EAP, etc.<br>
> >>>>><br>
> >>>>> Neither of those downloads should include docs or examples. As we don't<br>
> >>>>> really support installing onto Tomcat or Jetty, why have a war-dist?<br>
> >>>>><br>
> >>>><br>
> >>>> I disagree. At least one download should have everything: docs,<br>
> >>>> examples, and a distro that can run the examples. Reducing even simple<br>
> >>>> steps for 1st time users is crucial to adoption. How fast a first time<br>
> >>>> user can get "hello world" running is crucial. BTW, That's a major<br>
> >>>> reason why your suggestion earlier of having examples on Github is not a<br>
> >>>> great idea.<br>
> >>><br>
> >>> WildFly, PicketLink, Infinispan, etc. all use the same approach for<br>
> >>> quickstarts. They're in GitHub in a separate project, which can easily be<br>
> >>> forked/cloned by users. This is IMO a much better way to get started than<br>
> >>> downloading a zip. Problem is that currently we don't cater for those<br>
> >>> that<br>
> >>> want to fork/clone the examples as they have to do everything, which<br>
> >>> would<br>
> >>> at least stop me from doing it. If we put it in a separate project that<br>
> >>> doesn't stop us from releasing a bundle with everything in it. It just<br>
> >>> adds an extra step to the releasing, which could be automated with a<br>
> >>> script.<br>
> >>><br>
> >><br>
> >> Just because everybody does it doesn't mean it is a good idea. I really<br>
> >> hate that they do that and have run into problems. Let me give more<br>
> >> reasons why it is a bad idea:<br>
> >><br>
> >> * A user may never have used github<br>
> ><br>
> > Sure, so let's have a download from them as well. In fact you can download<br>
> > a github repo with a single click.<br>
> ><br>
> >> * There may be an incompatibility with the version developer is using<br>
> >> vs. the master example branch.<br>
> >> * Requires user to either edit example pom to point to desired project<br>
> >> version or to checkout correct tag.<br>
> ><br>
> > I agree with versions being a bit of an issue, but that's easily fixed with<br>
> > tags. Also, I'm fine with having a bundle with everything in it as well<br>
> > for those that want that. I just want to cater for those that don't as<br>
> > well.<br>
> ><br>
> >> * Keycloak examples are currently active modules in our main git repo.<br>
> >> They load up as a module in our IDE. Examples are targeted for refactor<br>
> >> events just like any other project.<br>
> ><br>
> > You can import multiple mvn projects into the same IDE project.<br>
> ><br>
><br>
> We can barely get contributors to perform a build before submitting a PR.<br>
<br>
</div></div>And you expect external contributors to do large changes to API's or refactor code?<br>
<br>
With proper CI integration we can build automatically on PRs so contributors don't have to run tests at all. Which we should do in either case as we can't just merge an external PR without at least checking it builds and tests pass first.<br>
<span class=""><br>
><br>
> >> * Keycloak examples are built with build. Thus catching any compiler<br>
> >> bugs that often happen when refactoring Keycloak SPIs, APIs, or whatever.<br>
> ><br>
> > See above + we should have continuous integration running tests on examples<br>
> > against head of KC<br>
> ><br>
><br>
> So, more infrastructure to support something that is already done?<br>
<br>
</span>There's nothing extra - we don't test examples currently, and testing examples whether or not they're part of the core code or a separate project makes no difference IMO.<br>
<span class=""><br>
><br>
> I just don't see how a git repo for examples gives you any advantages<br>
> over the current situation. It just complicates things all around both<br>
> for users and keycloak contributors. Seriously what are the advantages<br>
> other than saving a few meg in a distro?<br>
<br>
</span>More and more people are used to GitHub these days, especially in Open Source. I certainly wouldn't want to clone a large code-base to get just the examples. With a GitHub fork of examples users can fork the examples and play with them, instead of having to extract the zip then commit it to a separate GitHub. It also lets you add examples or fix examples after a release.<br>
<br>
For automation/scripting things there's a lot more steps involved, as well as a longer spin-up time of images. The more docs (and images) and examples we add the bigger the distro. As a user of Keycloak I would actually have ended up with repackaging KC server for distribution internally as ours isn't suitable for it. This may be a Linux thing, but I have loads of scripts that automate things for me.<br>
<br>
With the distro I'm looking for I can script installation of KC to just:<br>
<br>
curl <KEYCLOAK DOWNLOAD URL> | tar zx<br>
<br>
While with our current distro I need to do:<br>
<br>
curl -O <KEYCLOAK DOWNLOAD URL><br>
unzip keycloak-appliance-dist-all-<KEYCLOAK_VERSION>.zip<br>
mv keycloak-appliance-dist-all-<KEYCLOAK_VERSION>/keycloak keycloak-<KEYCLOAK_VERSION><br>
rm -rf keycloak-appliance-dist-all-<KEYCLOAK_VERSION><br>
<br>
It would also be nice to have a similar developer experience to other JBoss projects.<br>
<div class="HOEnZb"><div class="h5"><br>
><br>
><br>
><br>
> --<br>
> Bill Burke<br>
> JBoss, a division of Red Hat<br>
> <a href="http://bill.burkecentral.com" target="_blank">http://bill.burkecentral.com</a><br>
><br>
_______________________________________________<br>
keycloak-dev mailing list<br>
<a href="mailto:keycloak-dev@lists.jboss.org">keycloak-dev@lists.jboss.org</a><br>
<a href="https://lists.jboss.org/mailman/listinfo/keycloak-dev" target="_blank">https://lists.jboss.org/mailman/listinfo/keycloak-dev</a><br>
</div></div></blockquote></div><br></div>