[keycloak-dev] Allow AdminEvents for custom resource types

Stian Thorgersen sthorger at redhat.com
Wed Feb 20 09:30:34 EST 2019


On Wed, 20 Feb 2019 at 12:40, Lösch, Sebastian <
Sebastian.Loesch at governikus.de> wrote:

> >We can't accept the PR as is due to it breaking backwards compatibility
> of the API.
>
> Ah, I overlooked the EventListenerProvider interface. That’s the point
> where AdminEvent becomes public API, right?
>

It's not really public, but loads of people still use it. So yes, that's
the main place.


>
>
> Our use-case is as follows: we need to support user substitutions. User
> Jane goes for vacation and nominates John as her substitute in a defined
> time period. John has all of Janes Roles and is able to perform her tasks.
>
> We implement this substitution as a keycloak extension. All substitutions
> must be tracked. We want to implement this using the AdminEvents.
>
>
>
> Do you have any other suggestions how we can accomplish tracking?
>

Contribute it directly to Keycloak? Depends obviously on how much changes
is needed, how it's designed, if can be properly documented and tested, etc.

Alternatively, you could find an alternative approach that is backwards
compatible. Perhaps ResourceType enum can be extended or somehow allowed to
add custom types to it?


>
>
> Best regards,
>
> Sebastian
>
>
>
> *Von:* Stian Thorgersen <sthorger at redhat.com>
> *Gesendet:* Mittwoch, 20. Februar 2019 11:42
> *An:* Lösch, Sebastian <Sebastian.Loesch at governikus.de>
> *Cc:* keycloak-dev <keycloak-dev at lists.jboss.org>
> *Betreff:* Re: [keycloak-dev] Allow AdminEvents for custom resource types
>
>
>
> We can't accept the PR as is due to it breaking backwards compatibility of
> the API.
>
>
>
> Can you elaborate on your use-case? I'm far from convinced we should
> support this level of customisation.
>
>
>
> On Wed, 20 Feb 2019, 05:32 Lösch, Sebastian, <
> Sebastian.Loesch at governikus.de> wrote:
>
> Hello devs,
>
> we implemented a custom resource type as an extension to keycloak.
> For traceability reasons we would like to track actions for this custom
> resource type via AdminEvents.
> Unfortunately the resource type is represented by the enum ResourceType.
> Therefore no AdminEvents for custom non standard resource types can be
> created.
> It would be nice if it is possible to specify the resource type as string
> value also.
>
> This is only a small change, because the resource type is only provided
> via enum but handled as string value internally.
> I provided a pull request for that enhancement:
> https://github.com/keycloak/keycloak/pull/5882
>
> May anybody have a look on that review?
>
> Best regards,
> Sebastian
>
>
>
> _______________________________________________
> keycloak-dev mailing list
> keycloak-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-dev
>
>


More information about the keycloak-dev mailing list