[keycloak-dev] Allow AdminEvents for custom resource types

[Lösch, Sebastian]

Hello devs,



I developed an alternative approach: https://github.com/keycloak/keycloak/pull/5907

It is backward compatible but open to new types of AdminEvent.



Is this suitable for you?



Best regards,

Sebastian





Von: Stian Thorgersen <sthorger at redhat.com>
Gesendet: Mittwoch, 20. Februar 2019 15:31
An: Lösch, Sebastian <Sebastian.Loesch at governikus.de>
Cc: keycloak-dev at lists.jboss.org
Betreff: Re: [keycloak-dev] Allow AdminEvents for custom resource types







On Wed, 20 Feb 2019 at 12:40, Lösch, Sebastian <Sebastian.Loesch at governikus.de<mailto:Sebastian.Loesch at governikus.de>> wrote:

   >We can't accept the PR as is due to it breaking backwards compatibility of the API.

   Ah, I overlooked the EventListenerProvider interface. That’s the point where AdminEvent becomes public API, right?



   It's not really public, but loads of people still use it. So yes, that's the main place.





   Our use-case is as follows: we need to support user substitutions. User Jane goes for vacation and nominates John as her substitute in a defined time period. John has all of Janes Roles and is able to perform her tasks.

   We implement this substitution as a keycloak extension. All substitutions must be tracked. We want to implement this using the AdminEvents.



   Do you have any other suggestions how we can accomplish tracking?



   Contribute it directly to Keycloak? Depends obviously on how much changes is needed, how it's designed, if can be properly documented and tested, etc.



   Alternatively, you could find an alternative approach that is backwards compatible. Perhaps ResourceType enum can be extended or somehow allowed to add custom types to it?





   Best regards,

   Sebastian



   Von: Stian Thorgersen <sthorger at redhat.com<mailto:sthorger at redhat.com>>
   Gesendet: Mittwoch, 20. Februar 2019 11:42
   An: Lösch, Sebastian <Sebastian.Loesch at governikus.de<mailto:Sebastian.Loesch at governikus.de>>
   Cc: keycloak-dev <keycloak-dev at lists.jboss.org<mailto:keycloak-dev at lists.jboss.org>>
   Betreff: Re: [keycloak-dev] Allow AdminEvents for custom resource types



   We can't accept the PR as is due to it breaking backwards compatibility of the API.



   Can you elaborate on your use-case? I'm far from convinced we should support this level of customisation.



   On Wed, 20 Feb 2019, 05:32 Lösch, Sebastian, <Sebastian.Loesch at governikus.de<mailto:Sebastian.Loesch at governikus.de>> wrote:

      Hello devs,

      we implemented a custom resource type as an extension to keycloak.
      For traceability reasons we would like to track actions for this custom resource type via AdminEvents.
      Unfortunately the resource type is represented by the enum ResourceType. Therefore no AdminEvents for custom non standard resource types can be created.
      It would be nice if it is possible to specify the resource type as string value also.

      This is only a small change, because the resource type is only provided via enum but handled as string value internally.
      I provided a pull request for that enhancement: https://github.com/keycloak/keycloak/pull/5882

      May anybody have a look on that review?

      Best regards,
      Sebastian



      _______________________________________________
      keycloak-dev mailing list
      keycloak-dev at lists.jboss.org<mailto:keycloak-dev at lists.jboss.org>
      https://lists.jboss.org/mailman/listinfo/keycloak-dev