10:29 p.m.
Hello devs,
we implemented a custom resource type as an extension to keycloak.
For traceability reasons we would like to track actions for this custom resource type via
AdminEvents.
Unfortunately the resource type is represented by the enum ResourceType. Therefore no
AdminEvents for custom non standard resource types can be created.
It would be nice if it is possible to specify the resource type as string value also.
This is only a small change, because the resource type is only provided via enum but
handled as string value internally.
I provided a pull request for that enhancement:
https://github.com/keycloak/keycloak/pull/5882
May anybody have a look on that review?
Best regards,
Sebastian
4:42 a.m.
We can't accept the PR as is due to it breaking backwards compatibility of
the API.
Can you elaborate on your use-case? I'm far from convinced we should
support this level of customisation.
On Wed, 20 Feb 2019, 05:32 Lösch, Sebastian, <Sebastian.Loesch(a)governikus.de>
wrote:
Hello devs,
we implemented a custom resource type as an extension to keycloak.
For traceability reasons we would like to track actions for this custom
resource type via AdminEvents.
Unfortunately the resource type is represented by the enum ResourceType.
Therefore no AdminEvents for custom non standard resource types can be
created.
It would be nice if it is possible to specify the resource type as string
value also.
This is only a small change, because the resource type is only provided
via enum but handled as string value internally.
I provided a pull request for that enhancement:
https://github.com/keycloak/keycloak/pull/5882
May anybody have a look on that review?
Best regards,
Sebastian
_______________________________________________
keycloak-dev mailing list
keycloak-dev(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-dev
5:39 a.m.
We can't accept the PR as is due to it breaking backwards
compatibility of the API.
Ah, I overlooked the EventListenerProvider interface. That’s the point where AdminEvent
becomes public API, right?
Our use-case is as follows: we need to support user substitutions. User Jane goes for
vacation and nominates John as her substitute in a defined time period. John has all of
Janes Roles and is able to perform her tasks.
We implement this substitution as a keycloak extension. All substitutions must be tracked.
We want to implement this using the AdminEvents.
Do you have any other suggestions how we can accomplish tracking?
Best regards,
Sebastian
Von: Stian Thorgersen <sthorger(a)redhat.com>
Gesendet: Mittwoch, 20. Februar 2019 11:42
An: Lösch, Sebastian <Sebastian.Loesch(a)governikus.de>
Cc: keycloak-dev <keycloak-dev(a)lists.jboss.org>
Betreff: Re: [keycloak-dev] Allow AdminEvents for custom resource types
We can't accept the PR as is due to it breaking backwards compatibility of the API.
Can you elaborate on your use-case? I'm far from convinced we should support this
level of customisation.
On Wed, 20 Feb 2019, 05:32 Lösch, Sebastian,
<Sebastian.Loesch@governikus.de<mailto:Sebastian.Loesch@governikus.de>>
wrote:
Hello devs,
we implemented a custom resource type as an extension to keycloak.
For traceability reasons we would like to track actions for this custom resource type
via AdminEvents.
Unfortunately the resource type is represented by the enum ResourceType. Therefore no
AdminEvents for custom non standard resource types can be created.
It would be nice if it is possible to specify the resource type as string value also.
This is only a small change, because the resource type is only provided via enum but
handled as string value internally.
I provided a pull request for that enhancement:
https://github.com/keycloak/keycloak/pull/5882
May anybody have a look on that review?
Best regards,
Sebastian
_______________________________________________
keycloak-dev mailing list
keycloak-dev@lists.jboss.org<mailto:keycloak-dev@lists.jboss.org>
https://lists.jboss.org/mailman/listinfo/keycloak-dev
8:30 a.m.
On Wed, 20 Feb 2019 at 12:40, Lösch, Sebastian <
Sebastian.Loesch(a)governikus.de> wrote:
>We can't accept the PR as is due to it breaking backwards
compatibility
of the API.
Ah, I overlooked the EventListenerProvider interface. That’s the point
where AdminEvent becomes public API, right?
It's not really public, but loads of people still use it. So yes, that's
the main place.
Our use-case is as follows: we need to support user substitutions. User
Jane goes for vacation and nominates John as her substitute in a defined
time period. John has all of Janes Roles and is able to perform her tasks.
We implement this substitution as a keycloak extension. All substitutions
must be tracked. We want to implement this using the AdminEvents.
Do you have any other suggestions how we can accomplish tracking?
Contribute it directly to Keycloak? Depends obviously on how much changes
is needed, how it's designed, if can be properly documented and tested, etc.
Alternatively, you could find an alternative approach that is backwards
compatible. Perhaps ResourceType enum can be extended or somehow allowed to
add custom types to it?
Best regards,
Sebastian
*Von:* Stian Thorgersen <sthorger(a)redhat.com>
*Gesendet:* Mittwoch, 20. Februar 2019 11:42
*An:* Lösch, Sebastian <Sebastian.Loesch(a)governikus.de>
*Cc:* keycloak-dev <keycloak-dev(a)lists.jboss.org>
*Betreff:* Re: [keycloak-dev] Allow AdminEvents for custom resource types
We can't accept the PR as is due to it breaking backwards compatibility of
the API.
Can you elaborate on your use-case? I'm far from convinced we should
support this level of customisation.
On Wed, 20 Feb 2019, 05:32 Lösch, Sebastian, <
Sebastian.Loesch(a)governikus.de> wrote:
Hello devs,
we implemented a custom resource type as an extension to keycloak.
For traceability reasons we would like to track actions for this custom
resource type via AdminEvents.
Unfortunately the resource type is represented by the enum ResourceType.
Therefore no AdminEvents for custom non standard resource types can be
created.
It would be nice if it is possible to specify the resource type as string
value also.
This is only a small change, because the resource type is only provided
via enum but handled as string value internally.
I provided a pull request for that enhancement:
https://github.com/keycloak/keycloak/pull/5882
May anybody have a look on that review?
Best regards,
Sebastian
_______________________________________________
keycloak-dev mailing list
keycloak-dev(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-dev
5:17 a.m.
Hello devs,
I developed an alternative approach: https://github.com/keycloak/keycloak/pull/5907
It is backward compatible but open to new types of AdminEvent.
Is this suitable for you?
Best regards,
Sebastian
Von: Stian Thorgersen <sthorger(a)redhat.com>
Gesendet: Mittwoch, 20. Februar 2019 15:31
An: Lösch, Sebastian <Sebastian.Loesch(a)governikus.de>
Cc: keycloak-dev(a)lists.jboss.org
Betreff: Re: [keycloak-dev] Allow AdminEvents for custom resource types
On Wed, 20 Feb 2019 at 12:40, Lösch, Sebastian
<Sebastian.Loesch@governikus.de<mailto:Sebastian.Loesch@governikus.de>>
wrote:
We can't accept the PR as is due to it breaking backwards
compatibility of the API.
Ah, I overlooked the EventListenerProvider interface. That’s the point where AdminEvent
becomes public API, right?
It's not really public, but loads of people still use it. So yes, that's the
main place.
Our use-case is as follows: we need to support user substitutions. User Jane goes for
vacation and nominates John as her substitute in a defined time period. John has all of
Janes Roles and is able to perform her tasks.
We implement this substitution as a keycloak extension. All substitutions must be
tracked. We want to implement this using the AdminEvents.
Do you have any other suggestions how we can accomplish tracking?
Contribute it directly to Keycloak? Depends obviously on how much changes is needed,
how it's designed, if can be properly documented and tested, etc.
Alternatively, you could find an alternative approach that is backwards compatible.
Perhaps ResourceType enum can be extended or somehow allowed to add custom types to it?
Best regards,
Sebastian
Von: Stian Thorgersen <sthorger@redhat.com<mailto:sthorger@redhat.com>>
Gesendet: Mittwoch, 20. Februar 2019 11:42
An: Lösch, Sebastian
<Sebastian.Loesch@governikus.de<mailto:Sebastian.Loesch@governikus.de>>
Cc: keycloak-dev
<keycloak-dev@lists.jboss.org<mailto:keycloak-dev@lists.jboss.org>>
Betreff: Re: [keycloak-dev] Allow AdminEvents for custom resource types
We can't accept the PR as is due to it breaking backwards compatibility of the
API.
Can you elaborate on your use-case? I'm far from convinced we should support this
level of customisation.
On Wed, 20 Feb 2019, 05:32 Lösch, Sebastian,
<Sebastian.Loesch@governikus.de<mailto:Sebastian.Loesch@governikus.de>>
wrote:
Hello devs,
we implemented a custom resource type as an extension to keycloak.
For traceability reasons we would like to track actions for this custom resource
type via AdminEvents.
Unfortunately the resource type is represented by the enum ResourceType. Therefore
no AdminEvents for custom non standard resource types can be created.
It would be nice if it is possible to specify the resource type as string value
also.
This is only a small change, because the resource type is only provided via enum but
handled as string value internally.
I provided a pull request for that enhancement:
https://github.com/keycloak/keycloak/pull/5882
May anybody have a look on that review?
Best regards,
Sebastian
_______________________________________________
keycloak-dev mailing list
keycloak-dev@lists.jboss.org<mailto:keycloak-dev@lists.jboss.org>
https://lists.jboss.org/mailman/listinfo/keycloak-dev
1:19 p.m.
Sorry for the late reply, but your PR works for me. It's a bit ugly, but I
can't think of a better way to do it. There's a test failing on the PR
though.
On Wed, 6 Mar 2019 at 12:18, Lösch, Sebastian <
Sebastian.Loesch(a)governikus.de> wrote:
Hello devs,
I developed an alternative approach:
https://github.com/keycloak/keycloak/pull/5907
It is backward compatible but open to new types of AdminEvent.
Is this suitable for you?
Best regards,
Sebastian
*Von:* Stian Thorgersen <sthorger(a)redhat.com>
*Gesendet:* Mittwoch, 20. Februar 2019 15:31
*An:* Lösch, Sebastian <Sebastian.Loesch(a)governikus.de>
*Cc:* keycloak-dev(a)lists.jboss.org
*Betreff:* Re: [keycloak-dev] Allow AdminEvents for custom resource types
On Wed, 20 Feb 2019 at 12:40, Lösch, Sebastian <
Sebastian.Loesch(a)governikus.de> wrote:
>We can't accept the PR as is due to it breaking backwards compatibility
of the API.
Ah, I overlooked the EventListenerProvider interface. That’s the point
where AdminEvent becomes public API, right?
It's not really public, but loads of people still use it. So yes, that's
the main place.
Our use-case is as follows: we need to support user substitutions. User
Jane goes for vacation and nominates John as her substitute in a defined
time period. John has all of Janes Roles and is able to perform her tasks.
We implement this substitution as a keycloak extension. All substitutions
must be tracked. We want to implement this using the AdminEvents.
Do you have any other suggestions how we can accomplish tracking?
Contribute it directly to Keycloak? Depends obviously on how much changes
is needed, how it's designed, if can be properly documented and tested, etc.
Alternatively, you could find an alternative approach that is backwards
compatible. Perhaps ResourceType enum can be extended or somehow allowed to
add custom types to it?
Best regards,
Sebastian
*Von:* Stian Thorgersen <sthorger(a)redhat.com>
*Gesendet:* Mittwoch, 20. Februar 2019 11:42
*An:* Lösch, Sebastian <Sebastian.Loesch(a)governikus.de>
*Cc:* keycloak-dev <keycloak-dev(a)lists.jboss.org>
*Betreff:* Re: [keycloak-dev] Allow AdminEvents for custom resource types
We can't accept the PR as is due to it breaking backwards compatibility of
the API.
Can you elaborate on your use-case? I'm far from convinced we should
support this level of customisation.
On Wed, 20 Feb 2019, 05:32 Lösch, Sebastian, <
Sebastian.Loesch(a)governikus.de> wrote:
Hello devs,
we implemented a custom resource type as an extension to keycloak.
For traceability reasons we would like to track actions for this custom
resource type via AdminEvents.
Unfortunately the resource type is represented by the enum ResourceType.
Therefore no AdminEvents for custom non standard resource types can be
created.
It would be nice if it is possible to specify the resource type as string
value also.
This is only a small change, because the resource type is only provided
via enum but handled as string value internally.
I provided a pull request for that enhancement:
https://github.com/keycloak/keycloak/pull/5882
May anybody have a look on that review?
Best regards,
Sebastian
_______________________________________________
keycloak-dev mailing list
keycloak-dev(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-dev
2134
days inactive
2155
days old
5 comments
2 participants
participants (2)
-
Lösch, Sebastian -
Stian Thorgersen