added AccountResource SPI, Provider and ProviderFactory. #22317
Conversation
…untLoader to load provider(s) and check if it is compatible with the chosen theme.
…. added some debug logging.
There was a problem hiding this comment.
It strikes me that the AccountResourceProvider.useWithTheme(Theme theme) probably ends up with code that is hard-coded to a theme name?
So if you wanted your theme to change providers, you would need to rebuild the provider, right?
Maybe we should establish a convention that specifies a property in theme.properties for this.
So theme.properties would just have:
accountResourceProvider=org.myorg.MyAccountResourceProviderImpl
Then the impl would have something like:
public boolean useWithTheme(Theme theme) {
return theme.getProperties()
.getProperty("accountResourceProvider") == this.class.getName();
}
WDYT?
|
@ssilvert I was thinking a similar thing. I just updated the code to check |
|
@ssilvert updated it to be the default impl of the |
| // has the flaw that it will only return the first match. no provision for multiple providers | ||
| // that match the same theme. |
There was a problem hiding this comment.
I don't see this as an issue. Should be fine.
|
Thanks @ssilvert . For the quickstart, we were thinking of using the https://github.com/xgp/keycloak-account-v1/ repo which has an example of how to build a |
I think bringing back account v1 in a quickstart makes for a very good example. I was thinking that we should put the Quickstart in https://github.com/keycloak/keycloak-quickstarts. Then the tests that run against that repo would serve as a regression test for this PR. I'm not sure what @stianst thinks about that idea. The main test suite in keycloak/keycloak ensures that this didn't break anything. It makes sense to me for a quickstart to serve as the test suite for an example provider. |
|
Ok. I'll do a PR in https://github.com/keycloak/keycloak-quickstarts |
|
@ssilvert quickstart done here keycloak/keycloak-quickstarts#478 |
There was a problem hiding this comment.
I'd rather see the built-in provider converted to a default provider, then have the ability in the theme to select the theme provider by id. That allows directly retrieving the provider by id, instead of looping through all providers to select by class name.
Code in AccountLoader would be something like:
String accountResourceProviderId = theme.getProperty(accountResourceProvider);
accountResourceProvider accountResourceProvider = accountResourceProviderId != null ? session.getProvider(AccountResourceProvider.class, accountResourceProviderId) : session.getProvider(AccountResourceProvider.class);
A tricky thing that is needed here is we need to be able to test this stuff. Not really sure how we would achieve that as it's a bit complicated. Guess it would need a custom theme + a custom account resource provider of sorts.
One thing this doesn't cover is if there is a want to also provider custom rest endpoints, say for a completely custom SPA based account console that wants to use some custom rest endpoints. That can probably be ignored though, as it is somewhat achievable by disabling the account api feature and deploying a custom RealmResourceProvider.
@stianst This makes sense to me. I'll update the PR to reflect this.
Since we are giving the extension author the ability to return a resource for |
|
I made the update that makes the Regarding testing, I wasn't able to find where the current account console tests are. If you can point me to those, I can write a simple custom provider and add a test. |
server-spi-private/src/main/java/org/keycloak/services/resource/AccountResourceSpi.java
Outdated
Show resolved
Hide resolved
...spi-private/src/main/java/org/keycloak/services/resource/AccountResourceProviderFactory.java
Outdated
Show resolved
Hide resolved
@xgp With your latest changes the default AccountConsole now uses the provider. So the provider mechanism is already tested by default, right? |
|
@xgp What is the status of this? Is there something we are waiting on? |
|
@ssilvert Not that I know of. I made all of the suggested changes. AFAIK it is ready. |
|
@xgp Oh, I didn't see your comment from two days ago. Looks like you are waiting on us. @pedroigor @stianst I've kicked of CI. Is there anything you need to see before we merge this? |
|
@ssilvert No problem. Let me know if anything comes up that you need me to do. |
|
Ah. It looks like I missed pushing up one change. Just did abfc18f. My mistake |
|
@ssilvert It looks like there are some things running in CI that I'm missing in my local testing. Is there a guide somewhere on running those same tests locally, so I can make my way through the errors? Or should I just start going through everything that gets run in the I'm currently doing: |
|
@xgp I can see what's wrong with most of these. It's trying to go to the account console V2, which starts with an unsecured page if you hit it before login. Before logging in, go to something like http://localhost:8180/realms/master/account/ and you will see it. On that page is a title that says, "Welcome to Keycloak account management". That's what these tests are looking for to make sure that the test is starting on the correct page. But what is happening instead is that it is going to a login page. This likely means that the account console V2 is not active. Probably, your provider is taking over, which immediately needs a login to proceed. So I think the fix is probably to just make sure that your provider is only active during your specific tests. |
| @@ -0,0 +1 @@ | |||
| org.keycloak.testsuite.theme.CustomAccountResourceProviderFactory No newline at end of file | |||
There was a problem hiding this comment.
Related to what @ssilvert suggested.
This file should be in the same module where the custom provider is located. I think that is why the server can not find the provider at runtime. The custom providers are only resolved reading service files from JAR files deployed to the providers dir.
Here you have it in the test suite base module.
There was a problem hiding this comment.
This file should be org.keycloak.services.resource.AccountResourceProviderFactory.
… put custom AccountResourceProviderFactory for testing in the same project as the implementation.
|
@ssilvert @pedroigor Thanks for the help! I've made the changes to put the services files in the right places. I am still struggling a bit to understand how to run the offending tests locally. I have searched around, and other than this guide I can't find great guidance. And when I try what is in the |
|
Try this:
|
Unreported flaky test detectedIf the below flaky tests below are affected by the changes, please review and update the changes accordingly. Otherwise, a maintainer should report the flaky tests prior to merging the PR. org.keycloak.testsuite.ui.account2.DeleteAccountTest#navigationTestKeycloak CI - Account Console IT (chrome) |
services/src/main/java/org/keycloak/services/resources/account/AccountLoader.java
Show resolved
Hide resolved
|
Thank you all for this work on this! Keycloakify v9 has been released and it brings back support for Account theme in Keycloak 23! |
updated AccuntLoader to load provider(s) and check if it is compatible with the chosen theme.
Closes #22318