[KEYCLOAK-19303] - Allow managing providers through CLI #328
+83
−0
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -563,6 +563,89 @@ Examples of commands are: | |
| Commands may support additional options to change how they are executed and behavior. For that, commands should provide the | ||
| help and usage messages to document how they can be used as well as the different options they support. | ||
|
|
||
| ### The `provider` command | ||
|
|
||
| The `provider` command provides utilities to query, (un)install, and enable/disable providers. The usage of this command is the following: | ||
|
|
||
| ``` | ||
| kc.[sh|bat] spi [list-spi|list] [ | ||
| ``` | ||
|
|
||
| By running `kc.[sh|bat] provider`, the CLI should list all installed providers: | ||
|
|
||
| ``` | ||
| Listing installed providers (see --help for more options): | ||
|
|
||
| hostname | ||
| Default: default | ||
| Provider (name: default, factory: class org.keycloak.url.DefaultHostnameProviderFactory) | ||
|
|
||
| localeSelector | ||
| Default: default | ||
| Provider (name: default, factory: class org.keycloak.locale.DefaultLocaleSelectorProviderFactory) | ||
|
|
||
| localeUpdater | ||
| Default: default | ||
| Provider (name: default, factory: class org.keycloak.locale.DefaultLocaleUpdaterProviderFactory) | ||
|
|
||
| To get more information, including the complete list of providers for a SPI, append `--full` to your command line. | ||
|
There was a problem hiding this comment. maybe "...including a complete list of available providers..." is more concise here? Also: What does "all installed" mean. All "used at the moment", or "all which are installed in general for Keycloak.X" - from the result I think it's the former, which I'd also prefer. Just want to double-check. There was a problem hiding this comment. Installed means those Keycloak is using, those you have at runtime. The available providers (even those not installed) should be there when using |
||
|
|
||
| To get information about providers for a specific SPI, append `--spi <spi>` to your command line. | ||
| ``` | ||
|
|
||
| To get more information about each SPI, it should be possible to run `kc.[sh|bat] list-spi`: | ||
|
|
||
| ``` | ||
| Listing available SPI (see --help for more options) | ||
|
There was a problem hiding this comment. I'm not sure if this makes sense at all without the information provided by --full. Can you clarify the use case of just running There was a problem hiding this comment. Yeah, it kinds of lacks some value. But the design is based on incremental steps:
Note that regardless of the approach, the value-added is still not great. IMO, the reasons are:
I'm also not sure about |
||
|
|
||
| role | ||
|
|
||
| loginFailure | ||
|
|
||
| userCache SPI | ||
|
|
||
| cekmanagement SPI | ||
|
|
||
| To get more information, append `--full` to your command line. | ||
| ``` | ||
|
|
||
| When running `list-spi` with the `--full` option, more details are displayed as follows: | ||
|
|
||
| ``` | ||
| localeUpdater | ||
| Factory: interface org.keycloak.locale.LocaleUpdaterProviderFactory | ||
| Interface: interface org.keycloak.locale.LocaleUpdaterProvider | ||
| Enabled: true | ||
|
|
||
| storage | ||
| Factory: interface org.keycloak.storage.UserStorageProviderFactory | ||
| Interface: interface org.keycloak.storage.UserStorageProvider | ||
| Enabled: true | ||
|
|
||
| themeSelector | ||
| Factory: interface org.keycloak.theme.ThemeSelectorProviderFactory | ||
| Interface: interface org.keycloak.theme.ThemeSelectorProvider | ||
| Enabled: true | ||
| ``` | ||
|
|
||
| In order to obtain details about providers for a specific SPI, it should be possible to run `kc.[sh|bat] provider --spi cekmanagement --full`: | ||
|
|
||
| ``` | ||
| Current providers installed for "cekmanagement" SPI: | ||
|
|
||
| Default: undefined | ||
| Provider (name: RSA-OAEP, factory: class org.keycloak.crypto.RsaesOaepCekManagementProviderFactory) | ||
| Provider (name: RSA-OAEP-256, factory: class org.keycloak.crypto.RsaesOaep256CekManagementProviderFactory) | ||
| Provider (name: RSA1_5, factory: class org.keycloak.crypto.RsaesPkcs1CekManagementProviderFactory) | ||
| ``` | ||
|
|
||
| The `provider` command should provide the following sub-commands: | ||
|
|
||
| * `enable`, to enabled providers | ||
| * `disable`, to disabled providers | ||
| * 'install', to install a provider | ||
| * 'uninstall', to install a provider | ||
|
|
||
|
|
||
| ## Documentation | ||
|
|
||
| All options and commands should be documented properly to make it easy for users to discover what can be configured and which actions can be performed. This | ||
|
|
||
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Does
provider installcommand allow to add custom provider implementation with java classes in some jar file or source repo into the KC image?There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yeah, that is the idea. It would be a more clean alternative to deploying jars directly into the
providersdirectory.We could also:
But initially, I'm not sure if it makes sense to provide the installation commands. But focus on troubleshooting and querying the distribution for details about what is installed.