Fixes windows configuration test

also fixes using ~ as database default for e.g. IDELauncher (does not work on all windows versions)

also fixes the HelpCommandTest, as approvalTests are now generated based on the OS the tests run

Closes #10246

Co-authored-by: Victor-Philipp Negoescu <victor-philipp.negoescu@iteratec.com>

quarkus/runtime/src/main/java/org/keycloak/quarkus/runtime/storage/database/Database.java

@@ -105,7 +105,7 @@ public final class Database {
                     @Override
                     public String apply(String alias) {
                         if ("dev-file".equalsIgnoreCase(alias)) {
-                            return "jdbc:h2:file:${kc.home.dir:${kc.db-url-path:~}}" + File.separator + "${kc.data.dir:data}"
+                            return "jdbc:h2:file:${kc.home.dir:${kc.db-url-path:" + System.getProperty("user.home") + "}}" + File.separator + "${kc.data.dir:data}"
                                     + File.separator + "h2" + File.separator
                                     + "keycloakdb${kc.db-url-properties:;;AUTO_SERVER=TRUE}";
                         }

quarkus/runtime/src/test/java/org/keycloak/quarkus/runtime/configuration/test/ConfigurationTest.java

@@ -237,7 +237,7 @@ public class ConfigurationTest {
         System.setProperty(CLI_ARGS, "--db=dev-file");
         SmallRyeConfig config = createConfig();
         assertEquals(QuarkusH2Dialect.class.getName(), config.getConfigValue("quarkus.hibernate-orm.dialect").getValue());
-        assertEquals("jdbc:h2:file:~/data/h2/keycloakdb;;AUTO_SERVER=TRUE", config.getConfigValue("quarkus.datasource.jdbc.url").getValue());
+        assertEquals("jdbc:h2:file:" + System.getProperty("user.home") + File.separator + "data" + File.separator + "h2" + File.separator + "keycloakdb;;AUTO_SERVER=TRUE", config.getConfigValue("quarkus.datasource.jdbc.url").getValue());
 
         System.setProperty(CLI_ARGS, "--db=dev-mem");
         config = createConfig();

quarkus/tests/integration/src/main/java/org/keycloak/it/junit5/extension/CLIResult.java

@@ -28,6 +28,8 @@ import com.fasterxml.jackson.databind.JsonNode;
 import com.fasterxml.jackson.databind.ObjectMapper;
 import org.approvaltests.Approvals;
 import io.quarkus.test.junit.main.LaunchResult;
+import org.approvaltests.namer.NamedEnvironment;
+import org.keycloak.it.junit5.extension.approvalTests.KcNamerFactory;
 
 public interface CLIResult extends LaunchResult {
 
@@ -72,7 +74,7 @@ public interface CLIResult extends LaunchResult {
     }
 
     default void assertHelp() {
-        try {
+        try (NamedEnvironment env = KcNamerFactory.asWindowsOsSpecificTest()) {
             Approvals.verify(getOutput());
         } catch (Exception cause) {
             throw new RuntimeException("Failed to assert help", cause);

quarkus/tests/integration/src/main/java/org/keycloak/it/junit5/extension/approvalTests/KcNamerFactory.java

@@ -0,0 +1,12 @@
+package org.keycloak.it.junit5.extension.approvalTests;
+
+import org.approvaltests.namer.NamedEnvironment;
+import org.approvaltests.namer.NamerFactory;
+
+public class KcNamerFactory extends NamerFactory {
+
+    public static NamedEnvironment asWindowsOsSpecificTest()
+    {
+        return asMachineSpecificTest(new WindowsOrUnixOsEnvironmentLabeller());
+    }
+}

quarkus/tests/integration/src/main/java/org/keycloak/it/junit5/extension/approvalTests/WindowsOrUnixOsEnvironmentLabeller.java

@@ -0,0 +1,24 @@
+package org.keycloak.it.junit5.extension.approvalTests;
+
+import org.lambda.functions.Function0;
+
+import java.util.Locale;
+
+public class WindowsOrUnixOsEnvironmentLabeller implements Function0<String> {
+
+    private static final String WINDOWS_NAME = "windows";
+    private static final String UNIX_NAME = "unix";
+
+    @Override
+    public String call()
+    {
+        String osName = System.getProperty("os.name");
+
+        if(osName.toLowerCase(Locale.ROOT).contains(WINDOWS_NAME)) {
+            return WINDOWS_NAME;
+        }
+
+        //unix suffices, as basically all other OSses use sh files
+        return UNIX_NAME;
+    }
+}

quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/approvals/cli/help/HelpCommandTest.testBuildHelp.windows.approved.txt

@@ -0,0 +1,107 @@
+Creates a new and optimized server image.
+
+Usage:
+
+kc.bat build [OPTIONS]
+
+Creates a new and optimized server image based on the configuration options
+passed to this command. Once created, the configuration will be persisted and
+read during startup without having to pass them over again.
+
+Some configuration options require this command to be executed in order to
+actually change a configuration. For instance
+
+- Change database vendor
+- Enable/disable features
+- Enable/Disable providers or set a default
+
+Consider running this command before running the server in production for an
+optimal runtime.
+
+Options:
+
+-h, --help           This help message.
+
+Cluster:
+
+--cache <type>       Defines the cache mechanism for high-availability. By default, a 'ispn' cache
+                       is used to create a cluster between multiple server nodes. A 'local' cache
+                       disables clustering and is intended for development and testing purposes.
+                       Default: ispn.
+--cache-config-file <file>
+                     Defines the file from which cache configuration should be loaded from.
+--cache-stack <stack>
+                     Define the default stack to use for cluster communication and node discovery.
+                       This option only takes effect if 'cache' is set to 'ispn'. Default: udp.
+
+Database:
+
+--db <vendor>        The database vendor. Possible values are: dev-file, dev-mem, mariadb, mssql,
+                       mysql, oracle, postgres
+
+Transaction:
+
+--transaction-xa-enabled <true|false>
+                     Manually override the transaction type. Transaction type XA and the
+                       appropriate driver is used by default. Default: true.
+
+Feature:
+
+--features <feature> Enables a set of one or more features.
+--features-disabled <feature>
+                     Disables a set of one or more features.
+
+HTTP/TLS:
+
+--http-relative-path <path>
+                     Set the path relative to '/' for serving resources. Default: /.
+
+Health:
+
+--health-enabled <true|false>
+                     If the server should expose health check endpoints. If enabled, health checks
+                       are available at the '/health', '/health/ready' and '/health/live'
+                       endpoints. Default: false.
+
+Metrics:
+
+--metrics-enabled <true|false>
+                     If the server should expose metrics. If enabled, metrics are available at the
+                       '/metrics' endpoint. Default: false.
+
+Vault:
+
+--vault <provider>   Enables a vault provider.
+
+Examples:
+
+  Change the database vendor:
+
+      $ kc.bat build --db=postgres
+
+  Enable a feature:
+
+      $ kc.bat build --features=<feature_name>
+
+  Or alternatively, enable all tech preview features:
+
+      $ kc.bat build --features=preview
+
+  Enable health endpoints:
+
+      $ kc.bat build --health-enabled=true
+
+  Enable metrics endpoints:
+
+      $ kc.bat build --metrics-enabled=true
+
+  Change the relative path:
+
+      $ kc.bat build --http-relative-path=/auth
+
+You can also use the "--auto-build" option when starting the server to avoid
+running this command every time you change a configuration:
+
+    $ kc.bat start --auto-build <OPTIONS>
+
+By doing that you have an additional overhead when the server is starting.

quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/approvals/cli/help/HelpCommandTest.testDefaultToHelp.windows.approved.txt

@@ -0,0 +1,55 @@
+Keycloak - Open Source Identity and Access Management
+
+Find more information at: https://www.keycloak.org/docs/latest
+
+Usage:
+
+kc.bat [OPTIONS] [COMMAND]
+
+Use this command-line tool to manage your Keycloak cluster.
+Make sure the command is available on your "PATH" or prefix it with "./" (e.g.:
+"./kc.bat") to execute from the current folder.
+
+Options:
+
+-cf, --config-file <file>
+                     Set the path to a configuration file. By default, configuration properties are
+                       read from the "keycloak.conf" file in the "conf" directory.
+-h, --help           This help message.
+-v, --verbose        Print out error details when running this command.
+-V, --version        Show version information
+
+Commands:
+
+  build                   Creates a new and optimized server image.
+  start                   Start the server.
+  start-dev               Start the server in development mode.
+  export                  Export data from realms to a file or directory.
+  import                  Import data from a directory or a file.
+  show-config             Print out the current configuration.
+  tools                   Utilities for use and interaction with the server.
+    completion            Generate bash/zsh completion script for kc.bat.
+
+Examples:
+
+  Start the server in development mode for local development or testing:
+
+      $ kc.bat start-dev
+
+  Building an optimized server runtime:
+
+      $ kc.bat build <OPTIONS>
+
+  Start the server in production mode:
+
+      $ kc.bat start <OPTIONS>
+
+  Enable auto-completion to bash/zsh:
+
+      $ source <(kc.bat tools completion)
+
+  Please, take a look at the documentation for more details before deploying in
+production.
+
+Use "kc.bat start --help" for the available options when starting the server.
+Use "kc.bat <command> --help" for more information about other commands.

quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/approvals/cli/help/HelpCommandTest.testHelp.windows.approved.txt

@@ -0,0 +1,55 @@
+Keycloak - Open Source Identity and Access Management
+
+Find more information at: https://www.keycloak.org/docs/latest
+
+Usage:
+
+kc.bat [OPTIONS] [COMMAND]
+
+Use this command-line tool to manage your Keycloak cluster.
+Make sure the command is available on your "PATH" or prefix it with "./" (e.g.:
+"./kc.bat") to execute from the current folder.
+
+Options:
+
+-cf, --config-file <file>
+                     Set the path to a configuration file. By default, configuration properties are
+                       read from the "keycloak.conf" file in the "conf" directory.
+-h, --help           This help message.
+-v, --verbose        Print out error details when running this command.
+-V, --version        Show version information
+
+Commands:
+
+  build                   Creates a new and optimized server image.
+  start                   Start the server.
+  start-dev               Start the server in development mode.
+  export                  Export data from realms to a file or directory.
+  import                  Import data from a directory or a file.
+  show-config             Print out the current configuration.
+  tools                   Utilities for use and interaction with the server.
+    completion            Generate bash/zsh completion script for kc.bat.
+
+Examples:
+
+  Start the server in development mode for local development or testing:
+
+      $ kc.bat start-dev
+
+  Building an optimized server runtime:
+
+      $ kc.bat build <OPTIONS>
+
+  Start the server in production mode:
+
+      $ kc.bat start <OPTIONS>
+
+  Enable auto-completion to bash/zsh:
+
+      $ source <(kc.bat tools completion)
+
+  Please, take a look at the documentation for more details before deploying in
+production.
+
+Use "kc.bat start --help" for the available options when starting the server.
+Use "kc.bat <command> --help" for more information about other commands.

quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/approvals/cli/help/HelpCommandTest.testHelpShort.windows.approved.txt

@@ -0,0 +1,55 @@
+Keycloak - Open Source Identity and Access Management
+
+Find more information at: https://www.keycloak.org/docs/latest
+
+Usage:
+
+kc.bat [OPTIONS] [COMMAND]
+
+Use this command-line tool to manage your Keycloak cluster.
+Make sure the command is available on your "PATH" or prefix it with "./" (e.g.:
+"./kc.bat") to execute from the current folder.
+
+Options:
+
+-cf, --config-file <file>
+                     Set the path to a configuration file. By default, configuration properties are
+                       read from the "keycloak.conf" file in the "conf" directory.
+-h, --help           This help message.
+-v, --verbose        Print out error details when running this command.
+-V, --version        Show version information
+
+Commands:
+
+  build                   Creates a new and optimized server image.
+  start                   Start the server.
+  start-dev               Start the server in development mode.
+  export                  Export data from realms to a file or directory.
+  import                  Import data from a directory or a file.
+  show-config             Print out the current configuration.
+  tools                   Utilities for use and interaction with the server.
+    completion            Generate bash/zsh completion script for kc.bat.
+
+Examples:
+
+  Start the server in development mode for local development or testing:
+
+      $ kc.bat start-dev
+
+  Building an optimized server runtime:
+
+      $ kc.bat build <OPTIONS>
+
+  Start the server in production mode:
+
+      $ kc.bat start <OPTIONS>
+
+  Enable auto-completion to bash/zsh:
+
+      $ source <(kc.bat tools completion)
+
+  Please, take a look at the documentation for more details before deploying in
+production.
+
+Use "kc.bat start --help" for the available options when starting the server.
+Use "kc.bat <command> --help" for more information about other commands.

quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/approvals/cli/help/HelpCommandTest.testStartDevHelp.windows.approved.txt

@@ -0,0 +1,132 @@
+Start the server in development mode.
+
+Usage:
+
+kc.bat start-dev [OPTIONS]
+
+Use this command if you want to run the server locally for development or
+testing purposes.
+
+Options:
+
+-h, --help           This help message.
+--help-all           This same help message but with additional options.
+--import-realm       Import realms during startup by reading any realm configuration file from the
+                       'data/import' directory.
+
+Database:
+
+--db-password <password>
+                     The password of the database user.
+--db-pool-initial-size <size>
+                     The initial size of the connection pool.
+--db-pool-max-size <size>
+                     The maximum size of the connection pool. Default: 100.
+--db-pool-min-size <size>
+                     The minimal size of the connection pool.
+--db-schema <schema> The database schema to be used.
+--db-url <jdbc-url>  The full database JDBC URL. If not provided, a default URL is set based on the
+                       selected database vendor. For instance, if using 'postgres', the default
+                       JDBC URL would be 'jdbc:postgresql://localhost/keycloak'.
+--db-url-database <dbname>
+                     Sets the database name of the default JDBC URL of the chosen vendor. If the
+                       `db-url` option is set, this option is ignored.
+--db-url-host <hostname>
+                     Sets the hostname of the default JDBC URL of the chosen vendor. If the
+                       `db-url` option is set, this option is ignored.
+--db-url-properties <properties>
+                     Sets the properties of the default JDBC URL of the chosen vendor. If the
+                       `db-url` option is set, this option is ignored.
+--db-username <username>
+                     The username of the database user.
+
+Hostname:
+
+--hostname <hostname>
+                     Hostname for the Keycloak server.
+--hostname-path <path>
+                     This should be set if proxy uses a different context-path for Keycloak.
+--hostname-port <port>
+                     The port used by the proxy when exposing the hostname. Set this option if the
+                       proxy uses a port other than the default HTTP and HTTPS ports. Default: -1.
+--hostname-strict <true|false>
+                     Disables dynamically resolving the hostname from request headers. Should
+                       always be set to true in production, unless proxy verifies the Host header.
+                       Default: true.
+--hostname-strict-backchannel <true|false>
+                     By default backchannel URLs are dynamically resolved from request headers to
+                       allow internal an external applications. If all applications use the public
+                       URL this option should be enabled. Default: false.
+
+HTTP/TLS:
+
+--http-enabled <true|false>
+                     Enables the HTTP listener. Default: false.
+--http-host <host>   The used HTTP Host. Default: 0.0.0.0.
+--http-port <port>   The used HTTP port. Default: 8080.
+--https-certificate-file <file>
+                     The file path to a server certificate or certificate chain in PEM format.
+--https-certificate-key-file <file>
+                     The file path to a private key in PEM format.
+--https-cipher-suites <ciphers>
+                     The cipher suites to use. If none is given, a reasonable default is selected.
+--https-client-auth <auth>
+                     Configures the server to require/request client authentication. Possible
+                       Values: none, request, required. Default: none.
+--https-key-store-file <file>
+                     The key store which holds the certificate information instead of specifying
+                       separate files.
+--https-key-store-password <password>
+                     The password of the key store file. Default: password.
+--https-key-store-type <type>
+                     The type of the key store file. If not given, the type is automatically
+                       detected based on the file name.
+--https-port <port>  The used HTTPS port. Default: 8443.
+--https-protocols <protocols>
+                     The list of protocols to explicitly enable. Default: TLSv1.3.
+--https-trust-store-file <file>
+                     The trust store which holds the certificate information of the certificates to
+                       trust.
+--https-trust-store-password <password>
+                     The password of the trust store file.
+--https-trust-store-type <type>
+                     The type of the trust store file. If not given, the type is automatically
+                       detected based on the file name.
+
+Proxy:
+
+--proxy <mode>       The proxy address forwarding mode if the server is behind a reverse proxy.
+                       Possible values are: edge,reencrypt,passthrough Default: none.
+
+Vault:
+
+--vault-dir <dir>    If set, secrets can be obtained by reading the content of files within the
+                       given directory.
+
+Logging:
+
+--log <handler>      Enable one or more log handlers in a comma-separated list. Available log
+                       handlers are: console,file Default: console.
+--log-console-color <true|false>
+                     Enable or disable colors when logging to console. Default: false.
+--log-console-format <format>
+                     The format of unstructured console log entries. If the format has spaces in
+                       it, escape the value using "<format>". Default: %d{yyyy-MM-dd HH:mm:ss,SSS} %
+                       -5p [%c] (%t) %s%e%n.
+--log-console-output <default|json>
+                     Set the log output to JSON or default (plain) unstructured logging. Default:
+                       default.
+--log-file <path>/<file-name>.log
+                     Set the log file path and filename. Default: data\log\keycloak.log.
+--log-file-format <format>
+                     Set a format specific to file log entries. Default: %d{yyyy-MM-dd HH:mm:ss,
+                       SSS} %-5p [%c] (%t) %s%e%n.
+--log-level <category:level>
+                     The log level of the root category or a comma-separated list of individual
+                       categories and their levels. For the root category, you don't need to
+                       specify a category. Default: info.
+
+Do NOT start the server using this command when deploying to production.
+
+Use 'kc.bat start-dev --help-all' to list all available options, including
+build options.

quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/approvals/cli/help/HelpCommandTest.testStartDevHelpAll.windows.approved.txt

@@ -0,0 +1,174 @@
+Start the server in development mode.
+
+Usage:
+
+kc.bat start-dev [OPTIONS]
+
+Use this command if you want to run the server locally for development or
+testing purposes.
+
+Options:
+
+-h, --help           This help message.
+--help-all           This same help message but with additional options.
+--import-realm       Import realms during startup by reading any realm configuration file from the
+                       'data/import' directory.
+
+Cluster:
+
+--cache <type>       Defines the cache mechanism for high-availability. By default, a 'ispn' cache
+                       is used to create a cluster between multiple server nodes. A 'local' cache
+                       disables clustering and is intended for development and testing purposes.
+                       Default: ispn.
+--cache-config-file <file>
+                     Defines the file from which cache configuration should be loaded from.
+--cache-stack <stack>
+                     Define the default stack to use for cluster communication and node discovery.
+                       This option only takes effect if 'cache' is set to 'ispn'. Default: udp.
+
+Database:
+
+--db <vendor>        The database vendor. Possible values are: dev-file, dev-mem, mariadb, mssql,
+                       mysql, oracle, postgres
+--db-password <password>
+                     The password of the database user.
+--db-pool-initial-size <size>
+                     The initial size of the connection pool.
+--db-pool-max-size <size>
+                     The maximum size of the connection pool. Default: 100.
+--db-pool-min-size <size>
+                     The minimal size of the connection pool.
+--db-schema <schema> The database schema to be used.
+--db-url <jdbc-url>  The full database JDBC URL. If not provided, a default URL is set based on the
+                       selected database vendor. For instance, if using 'postgres', the default
+                       JDBC URL would be 'jdbc:postgresql://localhost/keycloak'.
+--db-url-database <dbname>
+                     Sets the database name of the default JDBC URL of the chosen vendor. If the
+                       `db-url` option is set, this option is ignored.
+--db-url-host <hostname>
+                     Sets the hostname of the default JDBC URL of the chosen vendor. If the
+                       `db-url` option is set, this option is ignored.
+--db-url-properties <properties>
+                     Sets the properties of the default JDBC URL of the chosen vendor. If the
+                       `db-url` option is set, this option is ignored.
+--db-username <username>
+                     The username of the database user.
+
+Transaction:
+
+--transaction-xa-enabled <true|false>
+                     Manually override the transaction type. Transaction type XA and the
+                       appropriate driver is used by default. Default: true.
+
+Feature:
+
+--features <feature> Enables a set of one or more features.
+--features-disabled <feature>
+                     Disables a set of one or more features.
+
+Hostname:
+
+--hostname <hostname>
+                     Hostname for the Keycloak server.
+--hostname-path <path>
+                     This should be set if proxy uses a different context-path for Keycloak.
+--hostname-port <port>
+                     The port used by the proxy when exposing the hostname. Set this option if the
+                       proxy uses a port other than the default HTTP and HTTPS ports. Default: -1.
+--hostname-strict <true|false>
+                     Disables dynamically resolving the hostname from request headers. Should
+                       always be set to true in production, unless proxy verifies the Host header.
+                       Default: true.
+--hostname-strict-backchannel <true|false>
+                     By default backchannel URLs are dynamically resolved from request headers to
+                       allow internal an external applications. If all applications use the public
+                       URL this option should be enabled. Default: false.
+
+HTTP/TLS:
+
+--http-enabled <true|false>
+                     Enables the HTTP listener. Default: false.
+--http-host <host>   The used HTTP Host. Default: 0.0.0.0.
+--http-port <port>   The used HTTP port. Default: 8080.
+--http-relative-path <path>
+                     Set the path relative to '/' for serving resources. Default: /.
+--https-certificate-file <file>
+                     The file path to a server certificate or certificate chain in PEM format.
+--https-certificate-key-file <file>
+                     The file path to a private key in PEM format.
+--https-cipher-suites <ciphers>
+                     The cipher suites to use. If none is given, a reasonable default is selected.
+--https-client-auth <auth>
+                     Configures the server to require/request client authentication. Possible
+                       Values: none, request, required. Default: none.
+--https-key-store-file <file>
+                     The key store which holds the certificate information instead of specifying
+                       separate files.
+--https-key-store-password <password>
+                     The password of the key store file. Default: password.
+--https-key-store-type <type>
+                     The type of the key store file. If not given, the type is automatically
+                       detected based on the file name.
+--https-port <port>  The used HTTPS port. Default: 8443.
+--https-protocols <protocols>
+                     The list of protocols to explicitly enable. Default: TLSv1.3.
+--https-trust-store-file <file>
+                     The trust store which holds the certificate information of the certificates to
+                       trust.
+--https-trust-store-password <password>
+                     The password of the trust store file.
+--https-trust-store-type <type>
+                     The type of the trust store file. If not given, the type is automatically
+                       detected based on the file name.
+
+Health:
+
+--health-enabled <true|false>
+                     If the server should expose health check endpoints. If enabled, health checks
+                       are available at the '/health', '/health/ready' and '/health/live'
+                       endpoints. Default: false.
+
+Metrics:
+
+--metrics-enabled <true|false>
+                     If the server should expose metrics. If enabled, metrics are available at the
+                       '/metrics' endpoint. Default: false.
+
+Proxy:
+
+--proxy <mode>       The proxy address forwarding mode if the server is behind a reverse proxy.
+                       Possible values are: edge,reencrypt,passthrough Default: none.
+
+Vault:
+
+--vault <provider>   Enables a vault provider.
+--vault-dir <dir>    If set, secrets can be obtained by reading the content of files within the
+                       given directory.
+
+Logging:
+
+--log <handler>      Enable one or more log handlers in a comma-separated list. Available log
+                       handlers are: console,file Default: console.
+--log-console-color <true|false>
+                     Enable or disable colors when logging to console. Default: false.
+--log-console-format <format>
+                     The format of unstructured console log entries. If the format has spaces in
+                       it, escape the value using "<format>". Default: %d{yyyy-MM-dd HH:mm:ss,SSS} %
+                       -5p [%c] (%t) %s%e%n.
+--log-console-output <default|json>
+                     Set the log output to JSON or default (plain) unstructured logging. Default:
+                       default.
+--log-file <path>/<file-name>.log
+                     Set the log file path and filename. Default: data\log\keycloak.log.
+--log-file-format <format>
+                     Set a format specific to file log entries. Default: %d{yyyy-MM-dd HH:mm:ss,
+                       SSS} %-5p [%c] (%t) %s%e%n.
+--log-level <category:level>
+                     The log level of the root category or a comma-separated list of individual
+                       categories and their levels. For the root category, you don't need to
+                       specify a category. Default: info.
+
+Do NOT start the server using this command when deploying to production.
+
+Use 'kc.bat start-dev --help-all' to list all available options, including
+build options.

quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/approvals/cli/help/HelpCommandTest.testStartHelp.windows.approved.txt

@@ -0,0 +1,138 @@
+Start the server.
+
+Usage:
+
+kc.bat start [OPTIONS]
+
+Use this command to run the server in production.
+
+Options:
+
+-b, --auto-build     Automatically detects whether the server configuration changed and a new
+                       server image must be built prior to starting the server. This option
+                       provides an alternative to manually running the 'build' prior to starting
+                       the server. Use this configuration carefully in production as it might
+                       impact the startup time.
+-h, --help           This help message.
+--import-realm       Import realms during startup by reading any realm configuration file from the
+                       'data/import' directory.
+
+Database:
+
+--db-password <password>
+                     The password of the database user.
+--db-pool-initial-size <size>
+                     The initial size of the connection pool.
+--db-pool-max-size <size>
+                     The maximum size of the connection pool. Default: 100.
+--db-pool-min-size <size>
+                     The minimal size of the connection pool.
+--db-schema <schema> The database schema to be used.
+--db-url <jdbc-url>  The full database JDBC URL. If not provided, a default URL is set based on the
+                       selected database vendor. For instance, if using 'postgres', the default
+                       JDBC URL would be 'jdbc:postgresql://localhost/keycloak'.
+--db-url-database <dbname>
+                     Sets the database name of the default JDBC URL of the chosen vendor. If the
+                       `db-url` option is set, this option is ignored.
+--db-url-host <hostname>
+                     Sets the hostname of the default JDBC URL of the chosen vendor. If the
+                       `db-url` option is set, this option is ignored.
+--db-url-properties <properties>
+                     Sets the properties of the default JDBC URL of the chosen vendor. If the
+                       `db-url` option is set, this option is ignored.
+--db-username <username>
+                     The username of the database user.
+
+Hostname:
+
+--hostname <hostname>
+                     Hostname for the Keycloak server.
+--hostname-path <path>
+                     This should be set if proxy uses a different context-path for Keycloak.
+--hostname-port <port>
+                     The port used by the proxy when exposing the hostname. Set this option if the
+                       proxy uses a port other than the default HTTP and HTTPS ports. Default: -1.
+--hostname-strict <true|false>
+                     Disables dynamically resolving the hostname from request headers. Should
+                       always be set to true in production, unless proxy verifies the Host header.
+                       Default: true.
+--hostname-strict-backchannel <true|false>
+                     By default backchannel URLs are dynamically resolved from request headers to
+                       allow internal an external applications. If all applications use the public
+                       URL this option should be enabled. Default: false.
+
+HTTP/TLS:
+
+--http-enabled <true|false>
+                     Enables the HTTP listener. Default: false.
+--http-host <host>   The used HTTP Host. Default: 0.0.0.0.
+--http-port <port>   The used HTTP port. Default: 8080.
+--https-certificate-file <file>
+                     The file path to a server certificate or certificate chain in PEM format.
+--https-certificate-key-file <file>
+                     The file path to a private key in PEM format.
+--https-cipher-suites <ciphers>
+                     The cipher suites to use. If none is given, a reasonable default is selected.
+--https-client-auth <auth>
+                     Configures the server to require/request client authentication. Possible
+                       Values: none, request, required. Default: none.
+--https-key-store-file <file>
+                     The key store which holds the certificate information instead of specifying
+                       separate files.
+--https-key-store-password <password>
+                     The password of the key store file. Default: password.
+--https-key-store-type <type>
+                     The type of the key store file. If not given, the type is automatically
+                       detected based on the file name.
+--https-port <port>  The used HTTPS port. Default: 8443.
+--https-protocols <protocols>
+                     The list of protocols to explicitly enable. Default: TLSv1.3.
+--https-trust-store-file <file>
+                     The trust store which holds the certificate information of the certificates to
+                       trust.
+--https-trust-store-password <password>
+                     The password of the trust store file.
+--https-trust-store-type <type>
+                     The type of the trust store file. If not given, the type is automatically
+                       detected based on the file name.
+
+Proxy:
+
+--proxy <mode>       The proxy address forwarding mode if the server is behind a reverse proxy.
+                       Possible values are: edge,reencrypt,passthrough Default: none.
+
+Vault:
+
+--vault-dir <dir>    If set, secrets can be obtained by reading the content of files within the
+                       given directory.
+
+Logging:
+
+--log <handler>      Enable one or more log handlers in a comma-separated list. Available log
+                       handlers are: console,file Default: console.
+--log-console-color <true|false>
+                     Enable or disable colors when logging to console. Default: false.
+--log-console-format <format>
+                     The format of unstructured console log entries. If the format has spaces in
+                       it, escape the value using "<format>". Default: %d{yyyy-MM-dd HH:mm:ss,SSS} %
+                       -5p [%c] (%t) %s%e%n.
+--log-console-output <default|json>
+                     Set the log output to JSON or default (plain) unstructured logging. Default:
+                       default.
+--log-file <path>/<file-name>.log
+                     Set the log file path and filename. Default: data\log\keycloak.log.
+--log-file-format <format>
+                     Set a format specific to file log entries. Default: %d{yyyy-MM-dd HH:mm:ss,
+                       SSS} %-5p [%c] (%t) %s%e%n.
+--log-level <category:level>
+                     The log level of the root category or a comma-separated list of individual
+                       categories and their levels. For the root category, you don't need to
+                       specify a category. Default: info.
+
+You may use the "--auto-build" option when starting the server to avoid running
+the "build" command everytime you need to change a static property:
+
+      $ kc.bat start --auto-build <OPTIONS>
+
+By doing that you have an additional overhead when the server is starting. Run
+"kc.bat build -h" for more details.