[keycloak-dev] Allow AdminEvents for custom resource types
Stian Thorgersen
sthorger at redhat.com
Wed Mar 13 14:19:55 EDT 2019
Sorry for the late reply, but your PR works for me. It's a bit ugly, but I
can't think of a better way to do it. There's a test failing on the PR
though.
On Wed, 6 Mar 2019 at 12:18, Lösch, Sebastian <
Sebastian.Loesch at governikus.de> wrote:
> Hello devs,
>
>
>
> I developed an alternative approach:
> https://github.com/keycloak/keycloak/pull/5907
>
> It is backward compatible but open to new types of AdminEvent.
>
>
>
> Is this suitable for you?
>
>
>
> Best regards,
>
> Sebastian
>
>
>
>
>
> *Von:* Stian Thorgersen <sthorger at redhat.com>
> *Gesendet:* Mittwoch, 20. Februar 2019 15:31
> *An:* Lösch, Sebastian <Sebastian.Loesch at governikus.de>
> *Cc:* keycloak-dev at lists.jboss.org
> *Betreff:* Re: [keycloak-dev] Allow AdminEvents for custom resource types
>
>
>
>
>
>
>
> On Wed, 20 Feb 2019 at 12:40, Lösch, Sebastian <
> Sebastian.Loesch at governikus.de> wrote:
>
> >We can't accept the PR as is due to it breaking backwards compatibility
> of the API.
>
> Ah, I overlooked the EventListenerProvider interface. That’s the point
> where AdminEvent becomes public API, right?
>
>
>
> It's not really public, but loads of people still use it. So yes, that's
> the main place.
>
>
>
>
>
> Our use-case is as follows: we need to support user substitutions. User
> Jane goes for vacation and nominates John as her substitute in a defined
> time period. John has all of Janes Roles and is able to perform her tasks.
>
> We implement this substitution as a keycloak extension. All substitutions
> must be tracked. We want to implement this using the AdminEvents.
>
>
>
> Do you have any other suggestions how we can accomplish tracking?
>
>
>
> Contribute it directly to Keycloak? Depends obviously on how much changes
> is needed, how it's designed, if can be properly documented and tested, etc.
>
>
>
> Alternatively, you could find an alternative approach that is backwards
> compatible. Perhaps ResourceType enum can be extended or somehow allowed to
> add custom types to it?
>
>
>
>
>
> Best regards,
>
> Sebastian
>
>
>
> *Von:* Stian Thorgersen <sthorger at redhat.com>
> *Gesendet:* Mittwoch, 20. Februar 2019 11:42
> *An:* Lösch, Sebastian <Sebastian.Loesch at governikus.de>
> *Cc:* keycloak-dev <keycloak-dev at lists.jboss.org>
> *Betreff:* Re: [keycloak-dev] Allow AdminEvents for custom resource types
>
>
>
> We can't accept the PR as is due to it breaking backwards compatibility of
> the API.
>
>
>
> Can you elaborate on your use-case? I'm far from convinced we should
> support this level of customisation.
>
>
>
> On Wed, 20 Feb 2019, 05:32 Lösch, Sebastian, <
> Sebastian.Loesch at governikus.de> wrote:
>
> Hello devs,
>
> we implemented a custom resource type as an extension to keycloak.
> For traceability reasons we would like to track actions for this custom
> resource type via AdminEvents.
> Unfortunately the resource type is represented by the enum ResourceType.
> Therefore no AdminEvents for custom non standard resource types can be
> created.
> It would be nice if it is possible to specify the resource type as string
> value also.
>
> This is only a small change, because the resource type is only provided
> via enum but handled as string value internally.
> I provided a pull request for that enhancement:
> https://github.com/keycloak/keycloak/pull/5882
>
> May anybody have a look on that review?
>
> Best regards,
> Sebastian
>
>
>
> _______________________________________________
> keycloak-dev mailing list
> keycloak-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-dev
>
>
More information about the keycloak-dev
mailing list