Re: [pmg-devel] [PATCH pmg-api/pmg-gui v4 0/3] add default realm option and OIDC configuration panel

From: Thomas Lamprecht <t.lamprecht@proxmox.com>
To: Christoph Heiss <c.heiss@proxmox.com>,
	Markus Frank <m.frank@proxmox.com>
Cc: pmg-devel <pmg-devel@lists.proxmox.com>
Subject: Re: [pmg-devel] [PATCH pmg-api/pmg-gui v4 0/3] add default realm option and OIDC configuration panel
Date: Wed, 26 Mar 2025 08:41:20 +0100	[thread overview]
Message-ID: <804b4047-e0c1-447c-aab2-6a69e284afd6@proxmox.com> (raw)
In-Reply-To: <D8KZPW853GO0.3E6H7ZAY2QKNI@proxmox.com>

Am 20.03.25 um 10:36 schrieb Christoph Heiss:
> W.r.t patch #3: Extending the `AuthEditOpenId` panel from
> proxmox-widget-toolkit would probably be more work than its worth,
> FWICS? No hard feelings from my side, looking at the required changes,
> just that duplicating mostly-similar code is always bit of a PITA, if it
> can be avoided.

It's a trade-off and IME coupling is a much bigger and active PITA than
having some code duplicated.
I think we should consider moving bigger widgets to common libraries
like widget-toolkit on a case-by-case basis to ensure it actually brings
a net benefit and not lots of edge cases that are all relevant only for
a specific implementation in a product and needs to be chained through
multiple components.

Note that I do not propose that we should not share anything, but rather
prioritize sharing the smaller building blocks like fields and keep the
bigger ones that are only used once or twice in a product and just use
these smaller building blocks to create a local copy that targets the
specific capabilities of the product. Or, if two products not only use
basically the same backend but also share feature/implementation goals
then share between them but keep a dedicated local implementation for
another UI for a different product instead of adding chained-through
edge cases to the common implementation.

Anyway, this is definitively something that needs a rather nuanced view
and where there often is no very clear answer, but when integrating
Markus' OIDC implementation in PMG it noticed quite some friction
stemming from using the common bigger components.

> And there isn't any documentation about the role assignment feature yet,
> right? That should be done too, although a separate patch would be
> enough too IMO, in case you don't respin this series.

Yeah, that would be nice to have.

> Just a short explanation and mentioning the available values for the
> role assignment from an OIDC claim.
> 
> In any case, please consider this series:
> 
> Tested-by: Christoph Heiss <c.heiss@proxmox.com>
> Reviewed-by: Christoph Heiss <c.heiss@proxmox.com>

_______________________________________________
pmg-devel mailing list
pmg-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pmg-devel