[keycloak-dev] Allow AdminEvents for custom resource types
Lösch, Sebastian
Sebastian.Loesch at governikus.de
Wed Mar 6 06:17:24 EST 2019
Hello devs,
I developed an alternative approach: https://github.com/keycloak/keycloak/pull/5907
It is backward compatible but open to new types of AdminEvent.
Is this suitable for you?
Best regards,
Sebastian
Von: Stian Thorgersen <sthorger at redhat.com>
Gesendet: Mittwoch, 20. Februar 2019 15:31
An: Lösch, Sebastian <Sebastian.Loesch at governikus.de>
Cc: keycloak-dev at lists.jboss.org
Betreff: Re: [keycloak-dev] Allow AdminEvents for custom resource types
On Wed, 20 Feb 2019 at 12:40, Lösch, Sebastian <Sebastian.Loesch at governikus.de<mailto:Sebastian.Loesch at governikus.de>> wrote:
>We can't accept the PR as is due to it breaking backwards compatibility of the API.
Ah, I overlooked the EventListenerProvider interface. That’s the point where AdminEvent becomes public API, right?
It's not really public, but loads of people still use it. So yes, that's the main place.
Our use-case is as follows: we need to support user substitutions. User Jane goes for vacation and nominates John as her substitute in a defined time period. John has all of Janes Roles and is able to perform her tasks.
We implement this substitution as a keycloak extension. All substitutions must be tracked. We want to implement this using the AdminEvents.
Do you have any other suggestions how we can accomplish tracking?
Contribute it directly to Keycloak? Depends obviously on how much changes is needed, how it's designed, if can be properly documented and tested, etc.
Alternatively, you could find an alternative approach that is backwards compatible. Perhaps ResourceType enum can be extended or somehow allowed to add custom types to it?
Best regards,
Sebastian
Von: Stian Thorgersen <sthorger at redhat.com<mailto:sthorger at redhat.com>>
Gesendet: Mittwoch, 20. Februar 2019 11:42
An: Lösch, Sebastian <Sebastian.Loesch at governikus.de<mailto:Sebastian.Loesch at governikus.de>>
Cc: keycloak-dev <keycloak-dev at lists.jboss.org<mailto:keycloak-dev at lists.jboss.org>>
Betreff: Re: [keycloak-dev] Allow AdminEvents for custom resource types
We can't accept the PR as is due to it breaking backwards compatibility of the API.
Can you elaborate on your use-case? I'm far from convinced we should support this level of customisation.
On Wed, 20 Feb 2019, 05:32 Lösch, Sebastian, <Sebastian.Loesch at governikus.de<mailto:Sebastian.Loesch at governikus.de>> wrote:
Hello devs,
we implemented a custom resource type as an extension to keycloak.
For traceability reasons we would like to track actions for this custom resource type via AdminEvents.
Unfortunately the resource type is represented by the enum ResourceType. Therefore no AdminEvents for custom non standard resource types can be created.
It would be nice if it is possible to specify the resource type as string value also.
This is only a small change, because the resource type is only provided via enum but handled as string value internally.
I provided a pull request for that enhancement: https://github.com/keycloak/keycloak/pull/5882
May anybody have a look on that review?
Best regards,
Sebastian
_______________________________________________
keycloak-dev mailing list
keycloak-dev at lists.jboss.org<mailto:keycloak-dev at lists.jboss.org>
https://lists.jboss.org/mailman/listinfo/keycloak-dev
More information about the keycloak-dev
mailing list