I've been giving some thought to the Keycloak integration with WildFly CLI. There are two designs. Both involve a subsystem called "kcrest" with a resource called "server". You can define a server to talk to using these three attributes:
base-url ( value is something like http://localhost:8080/auth/admin/realms)
username
password
username and password are optional. If you don't mind having these values stored in standalone.xml/domain.xml you can specify them. That way, you don't have to include them with each request.
Design #1: Implement all of the Keycloak REST API in CLI
We build out resources for each REST path and put them in the management model. Then build out operations for everything. So a CLI session to create a client called "myclient" might look like this:
cd /subsystem=kcrest/server=foo
cd realm=myrealm
clients=myclient:add(enabled=true)
Design #2: Create a single generic operation that closely mimics the REST API
cd /subsystem=kcrest/server=foo
:submit(method=POST, path=/myrealm/clients,params={"clientId"=>"myclient","enabled"=>"true"})
Advantages of Design #1
- Looks and behaves just like other CLI resources
- Uses standard CLI operations
- Each resource and operation can contain help text
- Everything can be navigated from CLI command line or CLI GUI tree, making it easy to browse the model
Disadvantages of Design #1
- It might take a very long time to implement (2-3 months?)
- Ongoing maintenance. Every time REST API changes, you have to update subsystem code
Advantages of Design #2
- Quick to implement (2-3 weeks)
- Always works despite REST API changes
Disadvantages of Design #2
- :submit operations get long and ugly
- Can't specify help text for each resource
- Hard to browse the model. Need to submit "list" style REST invocations.
Note that it might be possible to auto-generate Design #1. If so, it would be the best of both worlds.
Whoever implements this should probably start with Design #2 and then spend some time researching auto-generation of Design #1.
Other thoughts?
_______________________________________________ keycloak-dev mailing list keycloak-dev@lists.jboss.org https://lists.jboss.org/mailman/listinfo/keycloak-dev