List service accounts in the organization members API #244
Conversation
|
It may be interesting to do also a second PR to allow the service accounts to be listed in the "Add members" part, but as it's managed by the Keycloak API I guess it's more a frontend modification ? (Not really something I know well) |
|
We'd need to make sure any upstream users of this method aren't expecting it to be filtered. I know that the APIs assume that service accounts will not be returned/counted. |
|
Should it then be a new API endpoint or a parameter on the endpoint ? |
|
It should be a parameter that defaults to not showing/including them so that calling them as now produces the same result. |
|
Any preference for the name of the parameters ? Something like How should we do for the keycloak API endpoint used to display the list of users that can be added ? Likely it would be a frontend change instead ? |
You would need to extend Keycloak to do that. |
|
This should be ok with this updated endpoint ? For the frontend part I guess I should update this ? I took a look at the keycloak source code also to add the same parameter to the users endpoints but no luck so far finding where to add is, the code structure is much more complex. |
|
@xgp Let me know if you have any hints about anything else I would need to update. For the current API part, does that looks ok to you ? |
Yes. Current branch for
https://github.com/p2-inc/phasetwo-docs/blob/main/openapi.yaml#L613
Yes. As long as all tests are passing. |
|
For the frontend part, what should be the behaviour ? Display the service accounts by default ? |
|
Backwards compatible. The same behavior as before the change.
|
| @@ -198,8 +198,7 @@ public Long getMembersCount() { | |||
| public Stream<UserModel> getMembersStream() { | |||
There was a problem hiding this comment.
@xpg do we need to update getMembersCount?
I couldn't find the usage of /members/count endpoint
There was a problem hiding this comment.
Yes, this should be updated and tested also.
There was a problem hiding this comment.
@kedare Please update the /members/count method also
There was a problem hiding this comment.
Do you know if by default it already contains the service account ? Because it's a named query that counds entries on OrganizationMemberEntity so I guess yes ? (if not that would mean the service accounts are on another table?)
There was a problem hiding this comment.
By default the /members/count endpoint contains both users + service account users.
There was a problem hiding this comment.
I guess I have to check if getServiceAccountClientLink() is null ?
Also I see there are no relation defined between OrganizationMemberEntity and UserEntity (just the ID field buy no FK), is there any reason for this ? Should this be added? It's not 100% clear how to join them via HQL, it looks like the usual SQL join syntax would not work on this case ?
There was a problem hiding this comment.
What would be the best way to test HQL named queries ? Or I need to compile and run the whole test suite every time ?
There was a problem hiding this comment.
Maybe someone could write the HQL query directly ? I guess it would take less than a few minutes for someone that knows Hibernate well.
There was a problem hiding this comment.
Please let me know when you are able to find someone to complete this feature for you. I am closing the PR until that time.
|
Closing until it is possible to submit a completed PR. |
Fixes #163
Update the
https://{instance}/realms/{realm}/orgs/{realm_id}/members/endpoint to allow listing service-account users (removing the filter condition that would hide them)Before:
After:
The service user will also appear in the admin UI on the members list
This did not impact the tests, it looks like this part is not covered by unit testing ?