diff --git a/.github/dependabot.yml b/.github/dependabot.yml index 9cb1a31fe7..a8597c199e 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -22,17 +22,6 @@ updates: labels: - area/dependencies - team/ui - - package-ecosystem: npm - directory: /themes/src/main/resources/theme/keycloak.v2/welcome - schedule: - interval: daily - time: "00:00" - timezone: Etc/GMT - open-pull-requests-limit: 999 - rebase-strategy: disabled - labels: - - area/dependencies - - team/ui - package-ecosystem: npm directory: js open-pull-requests-limit: 999 diff --git a/.github/workflows/js-ci.yml b/.github/workflows/js-ci.yml index 4ed4d83d29..2f0cd8c82f 100644 --- a/.github/workflows/js-ci.yml +++ b/.github/workflows/js-ci.yml @@ -49,7 +49,7 @@ jobs: - name: Build Keycloak run: | - ./mvnw clean install --batch-mode --errors -DskipTests -DskipTestsuite -DskipExamples -DskipAccount2 -DskipWelcome2 -DskipCommon -Pdistribution + ./mvnw clean install --batch-mode --errors -DskipTests -DskipTestsuite -DskipExamples -DskipAccount2 -DskipCommon -Pdistribution mv ./quarkus/dist/target/keycloak-999.0.0-SNAPSHOT.tar.gz ./keycloak-999.0.0-SNAPSHOT.tar.gz - name: Upload Keycloak dist diff --git a/common/src/main/java/org/keycloak/common/Profile.java b/common/src/main/java/org/keycloak/common/Profile.java index f430b45de0..417ae6302d 100755 --- a/common/src/main/java/org/keycloak/common/Profile.java +++ b/common/src/main/java/org/keycloak/common/Profile.java @@ -63,8 +63,6 @@ public class Profile { WEB_AUTHN("W3C Web Authentication (WebAuthn)", Type.DEFAULT), - LEGACY_WELCOME("Disables the new 'welcome' theme, and restores the legacy version.", Type.DEPRECATED), - CLIENT_POLICIES("Client configuration policies", Type.DEFAULT), CIBA("OpenID Connect Client Initiated Backchannel Authentication (CIBA)", Type.DEFAULT), diff --git a/common/src/test/java/org/keycloak/common/ProfileTest.java b/common/src/test/java/org/keycloak/common/ProfileTest.java index 0852e317f0..cbf9c80fdb 100644 --- a/common/src/test/java/org/keycloak/common/ProfileTest.java +++ b/common/src/test/java/org/keycloak/common/ProfileTest.java @@ -80,7 +80,6 @@ public class ProfileTest { Profile.Feature.RECOVERY_CODES, Profile.Feature.SCRIPTS, Profile.Feature.TOKEN_EXCHANGE, - Profile.Feature.LEGACY_WELCOME, Profile.Feature.MAP_STORAGE, Profile.Feature.DECLARATIVE_USER_PROFILE, Profile.Feature.CLIENT_SECRET_ROTATION, diff --git a/quarkus/tests/integration/src/test/java/org/keycloak/it/cli/dist/HostnameDistTest.java b/quarkus/tests/integration/src/test/java/org/keycloak/it/cli/dist/HostnameDistTest.java index 9c21543cbd..5b615d3115 100644 --- a/quarkus/tests/integration/src/test/java/org/keycloak/it/cli/dist/HostnameDistTest.java +++ b/quarkus/tests/integration/src/test/java/org/keycloak/it/cli/dist/HostnameDistTest.java @@ -25,7 +25,6 @@ import org.junit.jupiter.api.BeforeAll; import org.junit.jupiter.api.Test; import org.keycloak.it.junit5.extension.DistributionTest; import org.keycloak.it.junit5.extension.RawDistOnly; -import org.keycloak.it.junit5.extension.WithEnvVars; import org.keycloak.protocol.oidc.representations.OIDCConfigurationRepresentation; import org.keycloak.quarkus.runtime.services.resources.DebugHostnameSettingsResource; @@ -109,7 +108,6 @@ public class HostnameDistTest { } @Test - @WithEnvVars({ "KEYCLOAK_ADMIN", "admin", "KEYCLOAK_ADMIN_PASSWORD", "admin" }) @Launch({ "start", "--hostname=mykeycloak.org", "--hostname-port=8543" }) public void testWelcomePageAdminUrl() { when().get("http://mykeycloak.org:8080").then().body(Matchers.containsString("http://mykeycloak.org:8080/admin/")); @@ -170,7 +168,6 @@ public class HostnameDistTest { } @Test - @WithEnvVars({ "KEYCLOAK_ADMIN", "admin", "KEYCLOAK_ADMIN_PASSWORD", "admin" }) @Launch({ "start", "--proxy=edge", "--hostname=mykeycloak.org", "--hostname-admin-url=http://mykeycloakadmin.org:1234" }) public void testAdminUrl() { when().get("https://mykeycloak.org:8443").then().body(Matchers.containsString("http://mykeycloakadmin.org:1234/admin/")); diff --git a/quarkus/tests/integration/src/test/java/org/keycloak/it/cli/dist/ProxyDistTest.java b/quarkus/tests/integration/src/test/java/org/keycloak/it/cli/dist/ProxyDistTest.java index e3d587d7a9..93a761357a 100644 --- a/quarkus/tests/integration/src/test/java/org/keycloak/it/cli/dist/ProxyDistTest.java +++ b/quarkus/tests/integration/src/test/java/org/keycloak/it/cli/dist/ProxyDistTest.java @@ -26,7 +26,6 @@ import org.junit.jupiter.api.BeforeAll; import org.junit.jupiter.api.Test; import org.keycloak.it.junit5.extension.DistributionTest; import org.keycloak.it.junit5.extension.RawDistOnly; -import org.keycloak.it.junit5.extension.WithEnvVars; import org.keycloak.protocol.oidc.representations.OIDCConfigurationRepresentation; import io.quarkus.test.junit.main.Launch; @@ -57,7 +56,6 @@ public class ProxyDistTest { } @Test - @WithEnvVars({ "KEYCLOAK_ADMIN", "admin", "KEYCLOAK_ADMIN_PASSWORD", "admin" }) @Launch({ "start-dev", "--hostname=mykeycloak.org", "--proxy=edge" }) public void testForwardedHeadersWithEdge() { given().header("Forwarded", "for=12.34.56.78;host=test:1234;proto=https, for=23.45.67.89").when().get("http://mykeycloak.org:8080").then().body(containsString("https://test:1234/admin")); diff --git a/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testBuildHelp.unix.approved.txt b/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testBuildHelp.unix.approved.txt index d3ca291539..b5af1a0423 100644 --- a/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testBuildHelp.unix.approved.txt +++ b/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testBuildHelp.unix.approved.txt @@ -48,16 +48,16 @@ Feature: account2, account3, admin-api, admin-fine-grained-authz, admin2, authorization, ciba, client-policies, client-secret-rotation, declarative-user-profile, docker, dpop, dynamic-scopes, fips, impersonation, - js-adapter, kerberos, legacy-welcome, linkedin-oauth, map-storage, par, - preview, recovery-codes, scripts, step-up-authentication, token-exchange, + js-adapter, kerberos, linkedin-oauth, map-storage, par, preview, + recovery-codes, scripts, step-up-authentication, token-exchange, update-email, web-authn. --features-disabled Disables a set of one or more features. Possible values are: account-api, account2, account3, admin-api, admin-fine-grained-authz, admin2, authorization, ciba, client-policies, client-secret-rotation, declarative-user-profile, docker, dpop, dynamic-scopes, fips, impersonation, - js-adapter, kerberos, legacy-welcome, linkedin-oauth, map-storage, par, - preview, recovery-codes, scripts, step-up-authentication, token-exchange, + js-adapter, kerberos, linkedin-oauth, map-storage, par, preview, + recovery-codes, scripts, step-up-authentication, token-exchange, update-email, web-authn. HTTP/TLS: diff --git a/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testBuildHelp.windows.approved.txt b/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testBuildHelp.windows.approved.txt index d44cec56e5..4e37256ddf 100644 --- a/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testBuildHelp.windows.approved.txt +++ b/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testBuildHelp.windows.approved.txt @@ -1,119 +1,119 @@ -Creates a new and optimized server image. - -Usage: - -kc.bat build [OPTIONS] - -Creates a new and optimized server image based on the configuration options -passed to this command. Once created, the configuration will be persisted and -read during startup without having to pass them over again. - -Consider running this command before running the server in production for an -optimal runtime. - -Options: - --h, --help This help message. ---help-all This same help message but with additional options. - -Cache: - ---cache Defines the cache mechanism for high-availability. By default in production - mode, a 'ispn' cache is used to create a cluster between multiple server - nodes. By default in development mode, a 'local' cache disables clustering - and is intended for development and testing purposes. Possible values are: - ispn, local. Default: ispn. ---cache-config-file - Defines the file from which cache configuration should be loaded from. The - configuration file is relative to the 'conf/' directory. ---cache-stack - Define the default stack to use for cluster communication and node discovery. - This option only takes effect if 'cache' is set to 'ispn'. Default: udp. - Possible values are: tcp, udp, kubernetes, ec2, azure, google. - -Database: - ---db The database vendor. Possible values are: dev-file, dev-mem, mariadb, mssql, - mysql, oracle, postgres. Default: dev-file. - -Transaction: - ---transaction-xa-enabled - If set to false, Keycloak uses a non-XA datasource in case the database does - not support XA transactions. Default: true. - -Feature: - ---features Enables a set of one or more features. Possible values are: account-api, - account2, account3, admin-api, admin-fine-grained-authz, admin2, - authorization, ciba, client-policies, client-secret-rotation, - declarative-user-profile, docker, dpop, dynamic-scopes, fips, impersonation, - js-adapter, kerberos, legacy-welcome, linkedin-oauth, map-storage, par, - preview, recovery-codes, scripts, step-up-authentication, token-exchange, - update-email, web-authn. ---features-disabled - Disables a set of one or more features. Possible values are: account-api, - account2, account3, admin-api, admin-fine-grained-authz, admin2, - authorization, ciba, client-policies, client-secret-rotation, - declarative-user-profile, docker, dpop, dynamic-scopes, fips, impersonation, - js-adapter, kerberos, legacy-welcome, linkedin-oauth, map-storage, par, - preview, recovery-codes, scripts, step-up-authentication, token-exchange, - update-email, web-authn. - -HTTP/TLS: - ---http-relative-path - Set the path relative to '/' for serving resources. The path must start with a - '/'. Default: /. - -Health: - ---health-enabled - If the server should expose health check endpoints. If enabled, health checks - are available at the '/health', '/health/ready' and '/health/live' - endpoints. Default: false. - -Metrics: - ---metrics-enabled - If the server should expose metrics. If enabled, metrics are available at the - '/metrics' endpoint. Default: false. - -Vault: - ---vault Enables a vault provider. Possible values are: file, keystore. - -Security: - ---fips-mode Sets the FIPS mode. If 'non-strict' is set, FIPS is enabled but on - non-approved mode. For full FIPS compliance, set 'strict' to run on approved - mode. This option defaults to 'disabled' when 'fips' feature is disabled, - which is by default. This option defaults to 'non-strict' when 'fips' - feature is enabled. Possible values are: non-strict, strict. Default: - disabled. - -Examples: - - Change the database vendor: - - $ kc.bat build --db=postgres - - Enable a feature: - - $ kc.bat build --features= - - Or alternatively, enable all tech preview features: - - $ kc.bat build --features=preview - - Enable health endpoints: - - $ kc.bat build --health-enabled=true - - Enable metrics endpoints: - - $ kc.bat build --metrics-enabled=true - - Change the relative path: - - $ kc.bat build --http-relative-path=/auth +Creates a new and optimized server image. + +Usage: + +kc.bat build [OPTIONS] + +Creates a new and optimized server image based on the configuration options +passed to this command. Once created, the configuration will be persisted and +read during startup without having to pass them over again. + +Consider running this command before running the server in production for an +optimal runtime. + +Options: + +-h, --help This help message. +--help-all This same help message but with additional options. + +Cache: + +--cache Defines the cache mechanism for high-availability. By default in production + mode, a 'ispn' cache is used to create a cluster between multiple server + nodes. By default in development mode, a 'local' cache disables clustering + and is intended for development and testing purposes. Possible values are: + ispn, local. Default: ispn. +--cache-config-file + Defines the file from which cache configuration should be loaded from. The + configuration file is relative to the 'conf/' directory. +--cache-stack + Define the default stack to use for cluster communication and node discovery. + This option only takes effect if 'cache' is set to 'ispn'. Default: udp. + Possible values are: tcp, udp, kubernetes, ec2, azure, google. + +Database: + +--db The database vendor. Possible values are: dev-file, dev-mem, mariadb, mssql, + mysql, oracle, postgres. Default: dev-file. + +Transaction: + +--transaction-xa-enabled + If set to false, Keycloak uses a non-XA datasource in case the database does + not support XA transactions. Default: true. + +Feature: + +--features Enables a set of one or more features. Possible values are: account-api, + account2, account3, admin-api, admin-fine-grained-authz, admin2, + authorization, ciba, client-policies, client-secret-rotation, + declarative-user-profile, docker, dpop, dynamic-scopes, fips, impersonation, + js-adapter, kerberos, linkedin-oauth, map-storage, par, preview, + recovery-codes, scripts, step-up-authentication, token-exchange, + update-email, web-authn. +--features-disabled + Disables a set of one or more features. Possible values are: account-api, + account2, account3, admin-api, admin-fine-grained-authz, admin2, + authorization, ciba, client-policies, client-secret-rotation, + declarative-user-profile, docker, dpop, dynamic-scopes, fips, impersonation, + js-adapter, kerberos, linkedin-oauth, map-storage, par, preview, + recovery-codes, scripts, step-up-authentication, token-exchange, + update-email, web-authn. + +HTTP/TLS: + +--http-relative-path + Set the path relative to '/' for serving resources. The path must start with a + '/'. Default: /. + +Health: + +--health-enabled + If the server should expose health check endpoints. If enabled, health checks + are available at the '/health', '/health/ready' and '/health/live' + endpoints. Default: false. + +Metrics: + +--metrics-enabled + If the server should expose metrics. If enabled, metrics are available at the + '/metrics' endpoint. Default: false. + +Vault: + +--vault Enables a vault provider. Possible values are: file. + +Security: + +--fips-mode Sets the FIPS mode. If 'non-strict' is set, FIPS is enabled but on + non-approved mode. For full FIPS compliance, set 'strict' to run on approved + mode. This option defaults to 'disabled' when 'fips' feature is disabled, + which is by default. This option defaults to 'non-strict' when 'fips' + feature is enabled. Possible values are: non-strict, strict. Default: + disabled. + +Examples: + + Change the database vendor: + + $ kc.bat build --db=postgres + + Enable a feature: + + $ kc.bat build --features= + + Or alternatively, enable all tech preview features: + + $ kc.bat build --features=preview + + Enable health endpoints: + + $ kc.bat build --health-enabled=true + + Enable metrics endpoints: + + $ kc.bat build --metrics-enabled=true + + Change the relative path: + + $ kc.bat build --http-relative-path=/auth diff --git a/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testDefaultToHelp.windows.approved.txt b/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testDefaultToHelp.windows.approved.txt index b330d8cdcb..7705feb2aa 100644 --- a/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testDefaultToHelp.windows.approved.txt +++ b/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testDefaultToHelp.windows.approved.txt @@ -1,53 +1,55 @@ -Keycloak - Open Source Identity and Access Management - -Find more information at: https://www.keycloak.org/docs/latest - -Usage: - -kc.bat [OPTIONS] [COMMAND] - -Use this command-line tool to manage your Keycloak cluster. - -Options: - --cf, --config-file - Set the path to a configuration file. By default, configuration properties are - read from the "keycloak.conf" file in the "conf" directory. --h, --help This help message. --v, --verbose Print out error details when running this command. --V, --version Show version information - -Commands: - - build Creates a new and optimized server image. - start Start the server. - start-dev Start the server in development mode. - export Export data from realms to a file or directory. - import Import data from a directory or a file. - show-config Print out the current configuration. - tools Utilities for use and interaction with the server. - completion Generate bash/zsh completion script for kc.bat. - -Examples: - - Start the server in development mode for local development or testing: - - $ kc.bat start-dev - - Building an optimized server runtime: - - $ kc.bat build - - Start the server in production mode: - - $ kc.bat start - - Enable auto-completion to bash/zsh: - - $ source <(kc.bat tools completion) - - Please, take a look at the documentation for more details before deploying in -production. - -Use "kc.bat start --help" for the available options when starting the server. -Use "kc.bat --help" for more information about other commands. \ No newline at end of file +Keycloak - Open Source Identity and Access Management + +Find more information at: https://www.keycloak.org/docs/latest + +Usage: + +kc.bat [OPTIONS] [COMMAND] + +Use this command-line tool to manage your Keycloak cluster. +Make sure the command is available on your "PATH" or prefix it with "./" (e.g.: +"./kc.bat") to execute from the current folder. + +Options: + +-cf, --config-file + Set the path to a configuration file. By default, configuration properties are + read from the "keycloak.conf" file in the "conf" directory. +-h, --help This help message. +-v, --verbose Print out error details when running this command. +-V, --version Show version information + +Commands: + + build Creates a new and optimized server image. + start Start the server. + start-dev Start the server in development mode. + export Export data from realms to a file or directory. + import Import data from a directory or a file. + show-config Print out the current configuration. + tools Utilities for use and interaction with the server. + completion Generate bash/zsh completion script for kc.bat. + +Examples: + + Start the server in development mode for local development or testing: + + $ kc.bat start-dev + + Building an optimized server runtime: + + $ kc.bat build + + Start the server in production mode: + + $ kc.bat start + + Enable auto-completion to bash/zsh: + + $ source <(kc.bat tools completion) + + Please, take a look at the documentation for more details before deploying in +production. + +Use "kc.bat start --help" for the available options when starting the server. +Use "kc.bat --help" for more information about other commands. \ No newline at end of file diff --git a/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testExportHelp.unix.approved.txt b/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testExportHelp.unix.approved.txt index afc9b30201..92813778bb 100644 --- a/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testExportHelp.unix.approved.txt +++ b/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testExportHelp.unix.approved.txt @@ -59,16 +59,16 @@ Feature: account2, account3, admin-api, admin-fine-grained-authz, admin2, authorization, ciba, client-policies, client-secret-rotation, declarative-user-profile, docker, dpop, dynamic-scopes, fips, impersonation, - js-adapter, kerberos, legacy-welcome, linkedin-oauth, map-storage, par, - preview, recovery-codes, scripts, step-up-authentication, token-exchange, + js-adapter, kerberos, linkedin-oauth, map-storage, par, preview, + recovery-codes, scripts, step-up-authentication, token-exchange, update-email, web-authn. --features-disabled Disables a set of one or more features. Possible values are: account-api, account2, account3, admin-api, admin-fine-grained-authz, admin2, authorization, ciba, client-policies, client-secret-rotation, declarative-user-profile, docker, dpop, dynamic-scopes, fips, impersonation, - js-adapter, kerberos, legacy-welcome, linkedin-oauth, map-storage, par, - preview, recovery-codes, scripts, step-up-authentication, token-exchange, + js-adapter, kerberos, linkedin-oauth, map-storage, par, preview, + recovery-codes, scripts, step-up-authentication, token-exchange, update-email, web-authn. Config: @@ -142,4 +142,4 @@ Export: --users-per-file Set the number of users per file. It is used only if 'users' is set to 'different_files'. Increasing this number leads to exponentially increasing - export times. Default: 50. \ No newline at end of file + export times. Default: 50. diff --git a/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testExportHelp.windows.approved.txt b/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testExportHelp.windows.approved.txt deleted file mode 100644 index d5adfa7108..0000000000 --- a/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testExportHelp.windows.approved.txt +++ /dev/null @@ -1,145 +0,0 @@ -Export data from realms to a file or directory. - -Usage: - -kc.bat export [OPTIONS] - -Export data from realms to a file or directory. - -Options: - --h, --help This help message. ---help-all This same help message but with additional options. ---optimized Use this option to achieve an optimal startup time if you have previously - built a server image using the 'build' command. - -Database: - ---db The database vendor. Possible values are: dev-file, dev-mem, mariadb, mssql, - mysql, oracle, postgres. Default: dev-file. ---db-driver The fully qualified class name of the JDBC driver. If not set, a default - driver is set accordingly to the chosen database. ---db-password - The password of the database user. ---db-pool-initial-size - The initial size of the connection pool. ---db-pool-max-size - The maximum size of the connection pool. Default: 100. ---db-pool-min-size - The minimal size of the connection pool. ---db-schema The database schema to be used. ---db-url The full database JDBC URL. If not provided, a default URL is set based on the - selected database vendor. For instance, if using 'postgres', the default - JDBC URL would be 'jdbc:postgresql://localhost/keycloak'. ---db-url-database - Sets the database name of the default JDBC URL of the chosen vendor. If the - `db-url` option is set, this option is ignored. ---db-url-host - Sets the hostname of the default JDBC URL of the chosen vendor. If the - `db-url` option is set, this option is ignored. ---db-url-port Sets the port of the default JDBC URL of the chosen vendor. If the `db-url` - option is set, this option is ignored. ---db-url-properties - Sets the properties of the default JDBC URL of the chosen vendor. Make sure to - set the properties accordingly to the format expected by the database - vendor, as well as appending the right character at the beginning of this - property value. If the `db-url` option is set, this option is ignored. ---db-username - The username of the database user. - -Transaction: - ---transaction-xa-enabled - If set to false, Keycloak uses a non-XA datasource in case the database does - not support XA transactions. Default: true. - -Feature: - ---features Enables a set of one or more features. Possible values are: account-api, - account2, account3, admin-api, admin-fine-grained-authz, admin2, - authorization, ciba, client-policies, client-secret-rotation, - declarative-user-profile, docker, dpop, dynamic-scopes, fips, impersonation, - js-adapter, kerberos, legacy-welcome, linkedin-oauth, map-storage, par, - preview, recovery-codes, scripts, step-up-authentication, token-exchange, - update-email, web-authn. ---features-disabled - Disables a set of one or more features. Possible values are: account-api, - account2, account3, admin-api, admin-fine-grained-authz, admin2, - authorization, ciba, client-policies, client-secret-rotation, - declarative-user-profile, docker, dpop, dynamic-scopes, fips, impersonation, - js-adapter, kerberos, legacy-welcome, linkedin-oauth, map-storage, par, - preview, recovery-codes, scripts, step-up-authentication, token-exchange, - update-email, web-authn. - -Config: - ---config-keystore - Specifies a path to the KeyStore Configuration Source. ---config-keystore-password - Specifies a password to the KeyStore Configuration Source. ---config-keystore-type - Specifies a type of the KeyStore Configuration Source. Default: PKCS12. - -Logging: - ---log Enable one or more log handlers in a comma-separated list. Possible values - are: console, file, gelf. Default: console. ---log-console-color - Enable or disable colors when logging to console. Default: false. ---log-console-format - The format of unstructured console log entries. If the format has spaces in - it, escape the value using "". Default: %d{yyyy-MM-dd HH:mm:ss,SSS} % - -5p [%c] (%t) %s%e%n. ---log-console-output - Set the log output to JSON or default (plain) unstructured logging. Possible - values are: default, json. Default: default. ---log-file Set the log file path and filename. Default: data\log\keycloak.log. ---log-file-format - Set a format specific to file log entries. Default: %d{yyyy-MM-dd HH:mm:ss, - SSS} %-5p [%c] (%t) %s%e%n. ---log-file-output - Set the log output to JSON or default (plain) unstructured logging. Possible - values are: default, json. Default: default. ---log-gelf-facility - The facility (name of the process) that sends the message. Default: keycloak. ---log-gelf-host - Hostname of the Logstash or Graylog Host. By default UDP is used, prefix the - host with 'tcp:' to switch to TCP. Example: 'tcp:localhost' Default: - localhost. ---log-gelf-include-location - Include source code location. Default: true. ---log-gelf-include-message-parameters - Include message parameters from the log event. Default: true. ---log-gelf-include-stack-trace - If set to true, occuring stack traces are included in the 'StackTrace' field - in the GELF output. Default: true. ---log-gelf-level - The log level specifying which message levels will be logged by the GELF - logger. Message levels lower than this value will be discarded. Default: - INFO. ---log-gelf-max-message-size - Maximum message size (in bytes). If the message size is exceeded, GELF will - submit the message in multiple chunks. Default: 8192. ---log-gelf-port - The port the Logstash or Graylog Host is called on. Default: 12201. ---log-gelf-timestamp-format - Set the format for the GELF timestamp field. Uses Java SimpleDateFormat - pattern. Default: yyyy-MM-dd HH:mm:ss,SSS. ---log-level - The log level of the root category or a comma-separated list of individual - categories and their levels. For the root category, you don't need to - specify a category. Default: info. - -Export: - ---dir Set the path to a directory where files will be created with the exported data. ---file Set the path to a file that will be created with the exported data. To export - more than 500 users, export to a directory with different files instead. ---realm Set the name of the realm to export. If not set, all realms are going to be - exported. ---users Set how users should be exported. Possible values are: skip, realm_file, - same_file, different_files. Default: different_files. ---users-per-file - Set the number of users per file. It is used only if 'users' is set to - 'different_files'. Increasing this number leads to exponentially increasing - export times. Default: 50. \ No newline at end of file diff --git a/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testExportHelpAll.unix.approved.txt b/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testExportHelpAll.unix.approved.txt index 6e97324915..3cee62a54d 100644 --- a/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testExportHelpAll.unix.approved.txt +++ b/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testExportHelpAll.unix.approved.txt @@ -122,16 +122,16 @@ Feature: account2, account3, admin-api, admin-fine-grained-authz, admin2, authorization, ciba, client-policies, client-secret-rotation, declarative-user-profile, docker, dpop, dynamic-scopes, fips, impersonation, - js-adapter, kerberos, legacy-welcome, linkedin-oauth, map-storage, par, - preview, recovery-codes, scripts, step-up-authentication, token-exchange, + js-adapter, kerberos, linkedin-oauth, map-storage, par, preview, + recovery-codes, scripts, step-up-authentication, token-exchange, update-email, web-authn. --features-disabled Disables a set of one or more features. Possible values are: account-api, account2, account3, admin-api, admin-fine-grained-authz, admin2, authorization, ciba, client-policies, client-secret-rotation, declarative-user-profile, docker, dpop, dynamic-scopes, fips, impersonation, - js-adapter, kerberos, legacy-welcome, linkedin-oauth, map-storage, par, - preview, recovery-codes, scripts, step-up-authentication, token-exchange, + js-adapter, kerberos, linkedin-oauth, map-storage, par, preview, + recovery-codes, scripts, step-up-authentication, token-exchange, update-email, web-authn. Config: @@ -205,4 +205,4 @@ Export: --users-per-file Set the number of users per file. It is used only if 'users' is set to 'different_files'. Increasing this number leads to exponentially increasing - export times. Default: 50. \ No newline at end of file + export times. Default: 50. diff --git a/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testExportHelpAll.windows.approved.txt b/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testExportHelpAll.windows.approved.txt deleted file mode 100644 index ed9043477d..0000000000 --- a/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testExportHelpAll.windows.approved.txt +++ /dev/null @@ -1,208 +0,0 @@ -Export data from realms to a file or directory. - -Usage: - -kc.bat export [OPTIONS] - -Export data from realms to a file or directory. - -Options: - --h, --help This help message. ---help-all This same help message but with additional options. ---optimized Use this option to achieve an optimal startup time if you have previously - built a server image using the 'build' command. - -Storage (Experimental): - ---storage Experimental: Sets the default storage mechanism for all areas. Possible - values are: jpa, chm, hotrod, file. ---storage-area-auth-session - Experimental: Sets a storage mechanism for authentication sessions. Possible - values are: jpa, chm, hotrod, file. ---storage-area-authorization - Experimental: Sets a storage mechanism for authorizations. Possible values - are: jpa, chm, hotrod, file. ---storage-area-client - Experimental: Sets a storage mechanism for clients. Possible values are: jpa, - chm, hotrod, file. ---storage-area-client-scope - Experimental: Sets a storage mechanism for client scopes. Possible values are: - jpa, chm, hotrod, file. ---storage-area-event-admin - Experimental: Sets a storage mechanism for admin events. Possible values are: - jpa, chm, hotrod, file. ---storage-area-event-auth - Experimental: Sets a storage mechanism for authentication and authorization - events. Possible values are: jpa, chm, hotrod, file. ---storage-area-group - Experimental: Sets a storage mechanism for groups. Possible values are: jpa, - chm, hotrod, file. ---storage-area-login-failure - Experimental: Sets a storage mechanism for login failures. Possible values - are: jpa, chm, hotrod, file. ---storage-area-realm - Experimental: Sets a storage mechanism for realms. Possible values are: jpa, - chm, hotrod, file. ---storage-area-role - Experimental: Sets a storage mechanism for roles. Possible values are: jpa, - chm, hotrod, file. ---storage-area-single-use-object - Experimental: Sets a storage mechanism for single use objects. Possible values - are: jpa, chm, hotrod. ---storage-area-user - Experimental: Sets a storage mechanism for users. Possible values are: jpa, - chm, hotrod, file. ---storage-area-user-session - Experimental: Sets a storage mechanism for user and client sessions. Possible - values are: jpa, chm, hotrod, file. ---storage-deployment-state-version-seed - Experimental: Secret that serves as a seed to mask the version number of - Keycloak in URLs. Need to be identical across all servers in the cluster. - Will default to a random number generated when starting the server which is - secure but will lead to problems when a loadbalancer without sticky sessions - is used or nodes are restarted. ---storage-file-dir - Experimental: Root directory for file map store. ---storage-hotrod-host - Experimental: Sets the host of the Infinispan server. ---storage-hotrod-password - Experimental: Sets the password of the Infinispan user. ---storage-hotrod-port - Experimental: Sets the port of the Infinispan server. ---storage-hotrod-username - Experimental: Sets the username of the Infinispan user. ---storage-jpa-db - Experimental: The database vendor for jpa map storage. Possible values are: - postgres, cockroach. Default: postgres. - -Database: - ---db The database vendor. Possible values are: dev-file, dev-mem, mariadb, mssql, - mysql, oracle, postgres. Default: dev-file. ---db-driver The fully qualified class name of the JDBC driver. If not set, a default - driver is set accordingly to the chosen database. ---db-password - The password of the database user. ---db-pool-initial-size - The initial size of the connection pool. ---db-pool-max-size - The maximum size of the connection pool. Default: 100. ---db-pool-min-size - The minimal size of the connection pool. ---db-schema The database schema to be used. ---db-url The full database JDBC URL. If not provided, a default URL is set based on the - selected database vendor. For instance, if using 'postgres', the default - JDBC URL would be 'jdbc:postgresql://localhost/keycloak'. ---db-url-database - Sets the database name of the default JDBC URL of the chosen vendor. If the - `db-url` option is set, this option is ignored. ---db-url-host - Sets the hostname of the default JDBC URL of the chosen vendor. If the - `db-url` option is set, this option is ignored. ---db-url-port Sets the port of the default JDBC URL of the chosen vendor. If the `db-url` - option is set, this option is ignored. ---db-url-properties - Sets the properties of the default JDBC URL of the chosen vendor. Make sure to - set the properties accordingly to the format expected by the database - vendor, as well as appending the right character at the beginning of this - property value. If the `db-url` option is set, this option is ignored. ---db-username - The username of the database user. - -Transaction: - ---transaction-xa-enabled - If set to false, Keycloak uses a non-XA datasource in case the database does - not support XA transactions. Default: true. - -Feature: - ---features Enables a set of one or more features. Possible values are: account-api, - account2, account3, admin-api, admin-fine-grained-authz, admin2, - authorization, ciba, client-policies, client-secret-rotation, - declarative-user-profile, docker, dpop, dynamic-scopes, fips, impersonation, - js-adapter, kerberos, legacy-welcome, linkedin-oauth, map-storage, par, - preview, recovery-codes, scripts, step-up-authentication, token-exchange, - update-email, web-authn. ---features-disabled - Disables a set of one or more features. Possible values are: account-api, - account2, account3, admin-api, admin-fine-grained-authz, admin2, - authorization, ciba, client-policies, client-secret-rotation, - declarative-user-profile, docker, dpop, dynamic-scopes, fips, impersonation, - js-adapter, kerberos, legacy-welcome, linkedin-oauth, map-storage, par, - preview, recovery-codes, scripts, step-up-authentication, token-exchange, - update-email, web-authn. - -Config: - ---config-keystore - Specifies a path to the KeyStore Configuration Source. ---config-keystore-password - Specifies a password to the KeyStore Configuration Source. ---config-keystore-type - Specifies a type of the KeyStore Configuration Source. Default: PKCS12. - -Logging: - ---log Enable one or more log handlers in a comma-separated list. Possible values - are: console, file, gelf. Default: console. ---log-console-color - Enable or disable colors when logging to console. Default: false. ---log-console-format - The format of unstructured console log entries. If the format has spaces in - it, escape the value using "". Default: %d{yyyy-MM-dd HH:mm:ss,SSS} % - -5p [%c] (%t) %s%e%n. ---log-console-output - Set the log output to JSON or default (plain) unstructured logging. Possible - values are: default, json. Default: default. ---log-file Set the log file path and filename. Default: data\log\keycloak.log. ---log-file-format - Set a format specific to file log entries. Default: %d{yyyy-MM-dd HH:mm:ss, - SSS} %-5p [%c] (%t) %s%e%n. ---log-file-output - Set the log output to JSON or default (plain) unstructured logging. Possible - values are: default, json. Default: default. ---log-gelf-facility - The facility (name of the process) that sends the message. Default: keycloak. ---log-gelf-host - Hostname of the Logstash or Graylog Host. By default UDP is used, prefix the - host with 'tcp:' to switch to TCP. Example: 'tcp:localhost' Default: - localhost. ---log-gelf-include-location - Include source code location. Default: true. ---log-gelf-include-message-parameters - Include message parameters from the log event. Default: true. ---log-gelf-include-stack-trace - If set to true, occuring stack traces are included in the 'StackTrace' field - in the GELF output. Default: true. ---log-gelf-level - The log level specifying which message levels will be logged by the GELF - logger. Message levels lower than this value will be discarded. Default: - INFO. ---log-gelf-max-message-size - Maximum message size (in bytes). If the message size is exceeded, GELF will - submit the message in multiple chunks. Default: 8192. ---log-gelf-port - The port the Logstash or Graylog Host is called on. Default: 12201. ---log-gelf-timestamp-format - Set the format for the GELF timestamp field. Uses Java SimpleDateFormat - pattern. Default: yyyy-MM-dd HH:mm:ss,SSS. ---log-level - The log level of the root category or a comma-separated list of individual - categories and their levels. For the root category, you don't need to - specify a category. Default: info. - -Export: - ---dir Set the path to a directory where files will be created with the exported data. ---file Set the path to a file that will be created with the exported data. To export - more than 500 users, export to a directory with different files instead. ---realm Set the name of the realm to export. If not set, all realms are going to be - exported. ---users Set how users should be exported. Possible values are: skip, realm_file, - same_file, different_files. Default: different_files. ---users-per-file - Set the number of users per file. It is used only if 'users' is set to - 'different_files'. Increasing this number leads to exponentially increasing - export times. Default: 50. \ No newline at end of file diff --git a/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testHelp.windows.approved.txt b/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testHelp.windows.approved.txt index b330d8cdcb..7705feb2aa 100644 --- a/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testHelp.windows.approved.txt +++ b/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testHelp.windows.approved.txt @@ -1,53 +1,55 @@ -Keycloak - Open Source Identity and Access Management - -Find more information at: https://www.keycloak.org/docs/latest - -Usage: - -kc.bat [OPTIONS] [COMMAND] - -Use this command-line tool to manage your Keycloak cluster. - -Options: - --cf, --config-file - Set the path to a configuration file. By default, configuration properties are - read from the "keycloak.conf" file in the "conf" directory. --h, --help This help message. --v, --verbose Print out error details when running this command. --V, --version Show version information - -Commands: - - build Creates a new and optimized server image. - start Start the server. - start-dev Start the server in development mode. - export Export data from realms to a file or directory. - import Import data from a directory or a file. - show-config Print out the current configuration. - tools Utilities for use and interaction with the server. - completion Generate bash/zsh completion script for kc.bat. - -Examples: - - Start the server in development mode for local development or testing: - - $ kc.bat start-dev - - Building an optimized server runtime: - - $ kc.bat build - - Start the server in production mode: - - $ kc.bat start - - Enable auto-completion to bash/zsh: - - $ source <(kc.bat tools completion) - - Please, take a look at the documentation for more details before deploying in -production. - -Use "kc.bat start --help" for the available options when starting the server. -Use "kc.bat --help" for more information about other commands. \ No newline at end of file +Keycloak - Open Source Identity and Access Management + +Find more information at: https://www.keycloak.org/docs/latest + +Usage: + +kc.bat [OPTIONS] [COMMAND] + +Use this command-line tool to manage your Keycloak cluster. +Make sure the command is available on your "PATH" or prefix it with "./" (e.g.: +"./kc.bat") to execute from the current folder. + +Options: + +-cf, --config-file + Set the path to a configuration file. By default, configuration properties are + read from the "keycloak.conf" file in the "conf" directory. +-h, --help This help message. +-v, --verbose Print out error details when running this command. +-V, --version Show version information + +Commands: + + build Creates a new and optimized server image. + start Start the server. + start-dev Start the server in development mode. + export Export data from realms to a file or directory. + import Import data from a directory or a file. + show-config Print out the current configuration. + tools Utilities for use and interaction with the server. + completion Generate bash/zsh completion script for kc.bat. + +Examples: + + Start the server in development mode for local development or testing: + + $ kc.bat start-dev + + Building an optimized server runtime: + + $ kc.bat build + + Start the server in production mode: + + $ kc.bat start + + Enable auto-completion to bash/zsh: + + $ source <(kc.bat tools completion) + + Please, take a look at the documentation for more details before deploying in +production. + +Use "kc.bat start --help" for the available options when starting the server. +Use "kc.bat --help" for more information about other commands. \ No newline at end of file diff --git a/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testHelpShort.windows.approved.txt b/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testHelpShort.windows.approved.txt index b330d8cdcb..7705feb2aa 100644 --- a/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testHelpShort.windows.approved.txt +++ b/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testHelpShort.windows.approved.txt @@ -1,53 +1,55 @@ -Keycloak - Open Source Identity and Access Management - -Find more information at: https://www.keycloak.org/docs/latest - -Usage: - -kc.bat [OPTIONS] [COMMAND] - -Use this command-line tool to manage your Keycloak cluster. - -Options: - --cf, --config-file - Set the path to a configuration file. By default, configuration properties are - read from the "keycloak.conf" file in the "conf" directory. --h, --help This help message. --v, --verbose Print out error details when running this command. --V, --version Show version information - -Commands: - - build Creates a new and optimized server image. - start Start the server. - start-dev Start the server in development mode. - export Export data from realms to a file or directory. - import Import data from a directory or a file. - show-config Print out the current configuration. - tools Utilities for use and interaction with the server. - completion Generate bash/zsh completion script for kc.bat. - -Examples: - - Start the server in development mode for local development or testing: - - $ kc.bat start-dev - - Building an optimized server runtime: - - $ kc.bat build - - Start the server in production mode: - - $ kc.bat start - - Enable auto-completion to bash/zsh: - - $ source <(kc.bat tools completion) - - Please, take a look at the documentation for more details before deploying in -production. - -Use "kc.bat start --help" for the available options when starting the server. -Use "kc.bat --help" for more information about other commands. \ No newline at end of file +Keycloak - Open Source Identity and Access Management + +Find more information at: https://www.keycloak.org/docs/latest + +Usage: + +kc.bat [OPTIONS] [COMMAND] + +Use this command-line tool to manage your Keycloak cluster. +Make sure the command is available on your "PATH" or prefix it with "./" (e.g.: +"./kc.bat") to execute from the current folder. + +Options: + +-cf, --config-file + Set the path to a configuration file. By default, configuration properties are + read from the "keycloak.conf" file in the "conf" directory. +-h, --help This help message. +-v, --verbose Print out error details when running this command. +-V, --version Show version information + +Commands: + + build Creates a new and optimized server image. + start Start the server. + start-dev Start the server in development mode. + export Export data from realms to a file or directory. + import Import data from a directory or a file. + show-config Print out the current configuration. + tools Utilities for use and interaction with the server. + completion Generate bash/zsh completion script for kc.bat. + +Examples: + + Start the server in development mode for local development or testing: + + $ kc.bat start-dev + + Building an optimized server runtime: + + $ kc.bat build + + Start the server in production mode: + + $ kc.bat start + + Enable auto-completion to bash/zsh: + + $ source <(kc.bat tools completion) + + Please, take a look at the documentation for more details before deploying in +production. + +Use "kc.bat start --help" for the available options when starting the server. +Use "kc.bat --help" for more information about other commands. \ No newline at end of file diff --git a/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testImportHelp.unix.approved.txt b/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testImportHelp.unix.approved.txt index c54a84da3d..eb7672e078 100644 --- a/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testImportHelp.unix.approved.txt +++ b/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testImportHelp.unix.approved.txt @@ -59,16 +59,16 @@ Feature: account2, account3, admin-api, admin-fine-grained-authz, admin2, authorization, ciba, client-policies, client-secret-rotation, declarative-user-profile, docker, dpop, dynamic-scopes, fips, impersonation, - js-adapter, kerberos, legacy-welcome, linkedin-oauth, map-storage, par, - preview, recovery-codes, scripts, step-up-authentication, token-exchange, + js-adapter, kerberos, linkedin-oauth, map-storage, par, preview, + recovery-codes, scripts, step-up-authentication, token-exchange, update-email, web-authn. --features-disabled Disables a set of one or more features. Possible values are: account-api, account2, account3, admin-api, admin-fine-grained-authz, admin2, authorization, ciba, client-policies, client-secret-rotation, declarative-user-profile, docker, dpop, dynamic-scopes, fips, impersonation, - js-adapter, kerberos, legacy-welcome, linkedin-oauth, map-storage, par, - preview, recovery-codes, scripts, step-up-authentication, token-exchange, + js-adapter, kerberos, linkedin-oauth, map-storage, par, preview, + recovery-codes, scripts, step-up-authentication, token-exchange, update-email, web-authn. Config: @@ -136,4 +136,4 @@ Import: --file Set the path to a file that will be read. --override Set if existing data should be overwritten. If set to false, data will be - ignored. Default: true. \ No newline at end of file + ignored. Default: true. diff --git a/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testImportHelp.windows.approved.txt b/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testImportHelp.windows.approved.txt deleted file mode 100644 index 1b64590589..0000000000 --- a/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testImportHelp.windows.approved.txt +++ /dev/null @@ -1,139 +0,0 @@ -Import data from a directory or a file. - -Usage: - -kc.bat import [OPTIONS] - -Import data from a directory or a file. - -Options: - --h, --help This help message. ---help-all This same help message but with additional options. ---optimized Use this option to achieve an optimal startup time if you have previously - built a server image using the 'build' command. - -Database: - ---db The database vendor. Possible values are: dev-file, dev-mem, mariadb, mssql, - mysql, oracle, postgres. Default: dev-file. ---db-driver The fully qualified class name of the JDBC driver. If not set, a default - driver is set accordingly to the chosen database. ---db-password - The password of the database user. ---db-pool-initial-size - The initial size of the connection pool. ---db-pool-max-size - The maximum size of the connection pool. Default: 100. ---db-pool-min-size - The minimal size of the connection pool. ---db-schema The database schema to be used. ---db-url The full database JDBC URL. If not provided, a default URL is set based on the - selected database vendor. For instance, if using 'postgres', the default - JDBC URL would be 'jdbc:postgresql://localhost/keycloak'. ---db-url-database - Sets the database name of the default JDBC URL of the chosen vendor. If the - `db-url` option is set, this option is ignored. ---db-url-host - Sets the hostname of the default JDBC URL of the chosen vendor. If the - `db-url` option is set, this option is ignored. ---db-url-port Sets the port of the default JDBC URL of the chosen vendor. If the `db-url` - option is set, this option is ignored. ---db-url-properties - Sets the properties of the default JDBC URL of the chosen vendor. Make sure to - set the properties accordingly to the format expected by the database - vendor, as well as appending the right character at the beginning of this - property value. If the `db-url` option is set, this option is ignored. ---db-username - The username of the database user. - -Transaction: - ---transaction-xa-enabled - If set to false, Keycloak uses a non-XA datasource in case the database does - not support XA transactions. Default: true. - -Feature: - ---features Enables a set of one or more features. Possible values are: account-api, - account2, account3, admin-api, admin-fine-grained-authz, admin2, - authorization, ciba, client-policies, client-secret-rotation, - declarative-user-profile, docker, dpop, dynamic-scopes, fips, impersonation, - js-adapter, kerberos, legacy-welcome, linkedin-oauth, map-storage, par, - preview, recovery-codes, scripts, step-up-authentication, token-exchange, - update-email, web-authn. ---features-disabled - Disables a set of one or more features. Possible values are: account-api, - account2, account3, admin-api, admin-fine-grained-authz, admin2, - authorization, ciba, client-policies, client-secret-rotation, - declarative-user-profile, docker, dpop, dynamic-scopes, fips, impersonation, - js-adapter, kerberos, legacy-welcome, linkedin-oauth, map-storage, par, - preview, recovery-codes, scripts, step-up-authentication, token-exchange, - update-email, web-authn. - -Config: - ---config-keystore - Specifies a path to the KeyStore Configuration Source. ---config-keystore-password - Specifies a password to the KeyStore Configuration Source. ---config-keystore-type - Specifies a type of the KeyStore Configuration Source. Default: PKCS12. - -Logging: - ---log Enable one or more log handlers in a comma-separated list. Possible values - are: console, file, gelf. Default: console. ---log-console-color - Enable or disable colors when logging to console. Default: false. ---log-console-format - The format of unstructured console log entries. If the format has spaces in - it, escape the value using "". Default: %d{yyyy-MM-dd HH:mm:ss,SSS} % - -5p [%c] (%t) %s%e%n. ---log-console-output - Set the log output to JSON or default (plain) unstructured logging. Possible - values are: default, json. Default: default. ---log-file Set the log file path and filename. Default: data\log\keycloak.log. ---log-file-format - Set a format specific to file log entries. Default: %d{yyyy-MM-dd HH:mm:ss, - SSS} %-5p [%c] (%t) %s%e%n. ---log-file-output - Set the log output to JSON or default (plain) unstructured logging. Possible - values are: default, json. Default: default. ---log-gelf-facility - The facility (name of the process) that sends the message. Default: keycloak. ---log-gelf-host - Hostname of the Logstash or Graylog Host. By default UDP is used, prefix the - host with 'tcp:' to switch to TCP. Example: 'tcp:localhost' Default: - localhost. ---log-gelf-include-location - Include source code location. Default: true. ---log-gelf-include-message-parameters - Include message parameters from the log event. Default: true. ---log-gelf-include-stack-trace - If set to true, occuring stack traces are included in the 'StackTrace' field - in the GELF output. Default: true. ---log-gelf-level - The log level specifying which message levels will be logged by the GELF - logger. Message levels lower than this value will be discarded. Default: - INFO. ---log-gelf-max-message-size - Maximum message size (in bytes). If the message size is exceeded, GELF will - submit the message in multiple chunks. Default: 8192. ---log-gelf-port - The port the Logstash or Graylog Host is called on. Default: 12201. ---log-gelf-timestamp-format - Set the format for the GELF timestamp field. Uses Java SimpleDateFormat - pattern. Default: yyyy-MM-dd HH:mm:ss,SSS. ---log-level - The log level of the root category or a comma-separated list of individual - categories and their levels. For the root category, you don't need to - specify a category. Default: info. - -Import: - ---dir Set the path to a directory where files will be read from. ---file Set the path to a file that will be read. ---override - Set if existing data should be overwritten. If set to false, data will be - ignored. Default: true. \ No newline at end of file diff --git a/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testImportHelpAll.unix.approved.txt b/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testImportHelpAll.unix.approved.txt index 75d93c3320..8916753a65 100644 --- a/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testImportHelpAll.unix.approved.txt +++ b/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testImportHelpAll.unix.approved.txt @@ -122,16 +122,16 @@ Feature: account2, account3, admin-api, admin-fine-grained-authz, admin2, authorization, ciba, client-policies, client-secret-rotation, declarative-user-profile, docker, dpop, dynamic-scopes, fips, impersonation, - js-adapter, kerberos, legacy-welcome, linkedin-oauth, map-storage, par, - preview, recovery-codes, scripts, step-up-authentication, token-exchange, + js-adapter, kerberos, linkedin-oauth, map-storage, par, preview, + recovery-codes, scripts, step-up-authentication, token-exchange, update-email, web-authn. --features-disabled Disables a set of one or more features. Possible values are: account-api, account2, account3, admin-api, admin-fine-grained-authz, admin2, authorization, ciba, client-policies, client-secret-rotation, declarative-user-profile, docker, dpop, dynamic-scopes, fips, impersonation, - js-adapter, kerberos, legacy-welcome, linkedin-oauth, map-storage, par, - preview, recovery-codes, scripts, step-up-authentication, token-exchange, + js-adapter, kerberos, linkedin-oauth, map-storage, par, preview, + recovery-codes, scripts, step-up-authentication, token-exchange, update-email, web-authn. Config: @@ -199,4 +199,4 @@ Import: --file Set the path to a file that will be read. --override Set if existing data should be overwritten. If set to false, data will be - ignored. Default: true. \ No newline at end of file + ignored. Default: true. diff --git a/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testImportHelpAll.windows.approved.txt b/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testImportHelpAll.windows.approved.txt deleted file mode 100644 index ddff31bbba..0000000000 --- a/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testImportHelpAll.windows.approved.txt +++ /dev/null @@ -1,202 +0,0 @@ -Import data from a directory or a file. - -Usage: - -kc.bat import [OPTIONS] - -Import data from a directory or a file. - -Options: - --h, --help This help message. ---help-all This same help message but with additional options. ---optimized Use this option to achieve an optimal startup time if you have previously - built a server image using the 'build' command. - -Storage (Experimental): - ---storage Experimental: Sets the default storage mechanism for all areas. Possible - values are: jpa, chm, hotrod, file. ---storage-area-auth-session - Experimental: Sets a storage mechanism for authentication sessions. Possible - values are: jpa, chm, hotrod, file. ---storage-area-authorization - Experimental: Sets a storage mechanism for authorizations. Possible values - are: jpa, chm, hotrod, file. ---storage-area-client - Experimental: Sets a storage mechanism for clients. Possible values are: jpa, - chm, hotrod, file. ---storage-area-client-scope - Experimental: Sets a storage mechanism for client scopes. Possible values are: - jpa, chm, hotrod, file. ---storage-area-event-admin - Experimental: Sets a storage mechanism for admin events. Possible values are: - jpa, chm, hotrod, file. ---storage-area-event-auth - Experimental: Sets a storage mechanism for authentication and authorization - events. Possible values are: jpa, chm, hotrod, file. ---storage-area-group - Experimental: Sets a storage mechanism for groups. Possible values are: jpa, - chm, hotrod, file. ---storage-area-login-failure - Experimental: Sets a storage mechanism for login failures. Possible values - are: jpa, chm, hotrod, file. ---storage-area-realm - Experimental: Sets a storage mechanism for realms. Possible values are: jpa, - chm, hotrod, file. ---storage-area-role - Experimental: Sets a storage mechanism for roles. Possible values are: jpa, - chm, hotrod, file. ---storage-area-single-use-object - Experimental: Sets a storage mechanism for single use objects. Possible values - are: jpa, chm, hotrod. ---storage-area-user - Experimental: Sets a storage mechanism for users. Possible values are: jpa, - chm, hotrod, file. ---storage-area-user-session - Experimental: Sets a storage mechanism for user and client sessions. Possible - values are: jpa, chm, hotrod, file. ---storage-deployment-state-version-seed - Experimental: Secret that serves as a seed to mask the version number of - Keycloak in URLs. Need to be identical across all servers in the cluster. - Will default to a random number generated when starting the server which is - secure but will lead to problems when a loadbalancer without sticky sessions - is used or nodes are restarted. ---storage-file-dir - Experimental: Root directory for file map store. ---storage-hotrod-host - Experimental: Sets the host of the Infinispan server. ---storage-hotrod-password - Experimental: Sets the password of the Infinispan user. ---storage-hotrod-port - Experimental: Sets the port of the Infinispan server. ---storage-hotrod-username - Experimental: Sets the username of the Infinispan user. ---storage-jpa-db - Experimental: The database vendor for jpa map storage. Possible values are: - postgres, cockroach. Default: postgres. - -Database: - ---db The database vendor. Possible values are: dev-file, dev-mem, mariadb, mssql, - mysql, oracle, postgres. Default: dev-file. ---db-driver The fully qualified class name of the JDBC driver. If not set, a default - driver is set accordingly to the chosen database. ---db-password - The password of the database user. ---db-pool-initial-size - The initial size of the connection pool. ---db-pool-max-size - The maximum size of the connection pool. Default: 100. ---db-pool-min-size - The minimal size of the connection pool. ---db-schema The database schema to be used. ---db-url The full database JDBC URL. If not provided, a default URL is set based on the - selected database vendor. For instance, if using 'postgres', the default - JDBC URL would be 'jdbc:postgresql://localhost/keycloak'. ---db-url-database - Sets the database name of the default JDBC URL of the chosen vendor. If the - `db-url` option is set, this option is ignored. ---db-url-host - Sets the hostname of the default JDBC URL of the chosen vendor. If the - `db-url` option is set, this option is ignored. ---db-url-port Sets the port of the default JDBC URL of the chosen vendor. If the `db-url` - option is set, this option is ignored. ---db-url-properties - Sets the properties of the default JDBC URL of the chosen vendor. Make sure to - set the properties accordingly to the format expected by the database - vendor, as well as appending the right character at the beginning of this - property value. If the `db-url` option is set, this option is ignored. ---db-username - The username of the database user. - -Transaction: - ---transaction-xa-enabled - If set to false, Keycloak uses a non-XA datasource in case the database does - not support XA transactions. Default: true. - -Feature: - ---features Enables a set of one or more features. Possible values are: account-api, - account2, account3, admin-api, admin-fine-grained-authz, admin2, - authorization, ciba, client-policies, client-secret-rotation, - declarative-user-profile, docker, dpop, dynamic-scopes, fips, impersonation, - js-adapter, kerberos, legacy-welcome, linkedin-oauth, map-storage, par, - preview, recovery-codes, scripts, step-up-authentication, token-exchange, - update-email, web-authn. ---features-disabled - Disables a set of one or more features. Possible values are: account-api, - account2, account3, admin-api, admin-fine-grained-authz, admin2, - authorization, ciba, client-policies, client-secret-rotation, - declarative-user-profile, docker, dpop, dynamic-scopes, fips, impersonation, - js-adapter, kerberos, legacy-welcome, linkedin-oauth, map-storage, par, - preview, recovery-codes, scripts, step-up-authentication, token-exchange, - update-email, web-authn. - -Config: - ---config-keystore - Specifies a path to the KeyStore Configuration Source. ---config-keystore-password - Specifies a password to the KeyStore Configuration Source. ---config-keystore-type - Specifies a type of the KeyStore Configuration Source. Default: PKCS12. - -Logging: - ---log Enable one or more log handlers in a comma-separated list. Possible values - are: console, file, gelf. Default: console. ---log-console-color - Enable or disable colors when logging to console. Default: false. ---log-console-format - The format of unstructured console log entries. If the format has spaces in - it, escape the value using "". Default: %d{yyyy-MM-dd HH:mm:ss,SSS} % - -5p [%c] (%t) %s%e%n. ---log-console-output - Set the log output to JSON or default (plain) unstructured logging. Possible - values are: default, json. Default: default. ---log-file Set the log file path and filename. Default: data\log\keycloak.log. ---log-file-format - Set a format specific to file log entries. Default: %d{yyyy-MM-dd HH:mm:ss, - SSS} %-5p [%c] (%t) %s%e%n. ---log-file-output - Set the log output to JSON or default (plain) unstructured logging. Possible - values are: default, json. Default: default. ---log-gelf-facility - The facility (name of the process) that sends the message. Default: keycloak. ---log-gelf-host - Hostname of the Logstash or Graylog Host. By default UDP is used, prefix the - host with 'tcp:' to switch to TCP. Example: 'tcp:localhost' Default: - localhost. ---log-gelf-include-location - Include source code location. Default: true. ---log-gelf-include-message-parameters - Include message parameters from the log event. Default: true. ---log-gelf-include-stack-trace - If set to true, occuring stack traces are included in the 'StackTrace' field - in the GELF output. Default: true. ---log-gelf-level - The log level specifying which message levels will be logged by the GELF - logger. Message levels lower than this value will be discarded. Default: - INFO. ---log-gelf-max-message-size - Maximum message size (in bytes). If the message size is exceeded, GELF will - submit the message in multiple chunks. Default: 8192. ---log-gelf-port - The port the Logstash or Graylog Host is called on. Default: 12201. ---log-gelf-timestamp-format - Set the format for the GELF timestamp field. Uses Java SimpleDateFormat - pattern. Default: yyyy-MM-dd HH:mm:ss,SSS. ---log-level - The log level of the root category or a comma-separated list of individual - categories and their levels. For the root category, you don't need to - specify a category. Default: info. - -Import: - ---dir Set the path to a directory where files will be read from. ---file Set the path to a file that will be read. ---override - Set if existing data should be overwritten. If set to false, data will be - ignored. Default: true. \ No newline at end of file diff --git a/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testStartDevHelp.unix.approved.txt b/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testStartDevHelp.unix.approved.txt index 909c0b0a71..b8460e04b3 100644 --- a/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testStartDevHelp.unix.approved.txt +++ b/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testStartDevHelp.unix.approved.txt @@ -75,16 +75,16 @@ Feature: account2, account3, admin-api, admin-fine-grained-authz, admin2, authorization, ciba, client-policies, client-secret-rotation, declarative-user-profile, docker, dpop, dynamic-scopes, fips, impersonation, - js-adapter, kerberos, legacy-welcome, linkedin-oauth, map-storage, par, - preview, recovery-codes, scripts, step-up-authentication, token-exchange, + js-adapter, kerberos, linkedin-oauth, map-storage, par, preview, + recovery-codes, scripts, step-up-authentication, token-exchange, update-email, web-authn. --features-disabled Disables a set of one or more features. Possible values are: account-api, account2, account3, admin-api, admin-fine-grained-authz, admin2, authorization, ciba, client-policies, client-secret-rotation, declarative-user-profile, docker, dpop, dynamic-scopes, fips, impersonation, - js-adapter, kerberos, legacy-welcome, linkedin-oauth, map-storage, par, - preview, recovery-codes, scripts, step-up-authentication, token-exchange, + js-adapter, kerberos, linkedin-oauth, map-storage, par, preview, + recovery-codes, scripts, step-up-authentication, token-exchange, update-email, web-authn. Hostname: @@ -254,4 +254,4 @@ Security: Do NOT start the server using this command when deploying to production. Use 'kc.sh start-dev --help-all' to list all available options, including build -options. \ No newline at end of file +options. diff --git a/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testStartDevHelp.windows.approved.txt b/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testStartDevHelp.windows.approved.txt index cefb913807..fa2ed54f60 100644 --- a/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testStartDevHelp.windows.approved.txt +++ b/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testStartDevHelp.windows.approved.txt @@ -1,257 +1,240 @@ -Start the server in development mode. - -Usage: - -kc.bat start-dev [OPTIONS] - -Use this command if you want to run the server locally for development or -testing purposes. - -Options: - --h, --help This help message. ---help-all This same help message but with additional options. ---import-realm Import realms during startup by reading any realm configuration file from the - 'data/import' directory. - -Cache: - ---cache Defines the cache mechanism for high-availability. By default in production - mode, a 'ispn' cache is used to create a cluster between multiple server - nodes. By default in development mode, a 'local' cache disables clustering - and is intended for development and testing purposes. Possible values are: - ispn, local. Default: ispn. ---cache-config-file - Defines the file from which cache configuration should be loaded from. The - configuration file is relative to the 'conf/' directory. ---cache-stack - Define the default stack to use for cluster communication and node discovery. - This option only takes effect if 'cache' is set to 'ispn'. Default: udp. - Possible values are: tcp, udp, kubernetes, ec2, azure, google. - -Database: - ---db The database vendor. Possible values are: dev-file, dev-mem, mariadb, mssql, - mysql, oracle, postgres. Default: dev-file. ---db-driver The fully qualified class name of the JDBC driver. If not set, a default - driver is set accordingly to the chosen database. ---db-password - The password of the database user. ---db-pool-initial-size - The initial size of the connection pool. ---db-pool-max-size - The maximum size of the connection pool. Default: 100. ---db-pool-min-size - The minimal size of the connection pool. ---db-schema The database schema to be used. ---db-url The full database JDBC URL. If not provided, a default URL is set based on the - selected database vendor. For instance, if using 'postgres', the default - JDBC URL would be 'jdbc:postgresql://localhost/keycloak'. ---db-url-database - Sets the database name of the default JDBC URL of the chosen vendor. If the - `db-url` option is set, this option is ignored. ---db-url-host - Sets the hostname of the default JDBC URL of the chosen vendor. If the - `db-url` option is set, this option is ignored. ---db-url-port Sets the port of the default JDBC URL of the chosen vendor. If the `db-url` - option is set, this option is ignored. ---db-url-properties - Sets the properties of the default JDBC URL of the chosen vendor. Make sure to - set the properties accordingly to the format expected by the database - vendor, as well as appending the right character at the beginning of this - property value. If the `db-url` option is set, this option is ignored. ---db-username - The username of the database user. - -Transaction: - ---transaction-xa-enabled - If set to false, Keycloak uses a non-XA datasource in case the database does - not support XA transactions. Default: true. - -Feature: - ---features Enables a set of one or more features. Possible values are: account-api, - account2, account3, admin-api, admin-fine-grained-authz, admin2, - authorization, ciba, client-policies, client-secret-rotation, - declarative-user-profile, docker, dpop, dynamic-scopes, fips, impersonation, - js-adapter, kerberos, legacy-welcome, linkedin-oauth, map-storage, par, - preview, recovery-codes, scripts, step-up-authentication, token-exchange, - update-email, web-authn. ---features-disabled - Disables a set of one or more features. Possible values are: account-api, - account2, account3, admin-api, admin-fine-grained-authz, admin2, - authorization, ciba, client-policies, client-secret-rotation, - declarative-user-profile, docker, dpop, dynamic-scopes, fips, impersonation, - js-adapter, kerberos, legacy-welcome, linkedin-oauth, map-storage, par, - preview, recovery-codes, scripts, step-up-authentication, token-exchange, - update-email, web-authn. - -Hostname: - ---hostname - Hostname for the Keycloak server. ---hostname-admin - The hostname for accessing the administration console. Use this option if you - are exposing the administration console using a hostname other than the - value set to the 'hostname' option. ---hostname-admin-url - Set the base URL for accessing the administration console, including scheme, - host, port and path ---hostname-debug - Toggle the hostname debug page that is accessible at - /realms/master/hostname-debug Default: false. ---hostname-path - This should be set if proxy uses a different context-path for Keycloak. ---hostname-port - The port used by the proxy when exposing the hostname. Set this option if the - proxy uses a port other than the default HTTP and HTTPS ports. Default: -1. ---hostname-strict - Disables dynamically resolving the hostname from request headers. Should - always be set to true in production, unless proxy verifies the Host header. - Default: true. ---hostname-strict-backchannel - By default backchannel URLs are dynamically resolved from request headers to - allow internal and external applications. If all applications use the public - URL this option should be enabled. Default: false. ---hostname-url Set the base URL for frontend URLs, including scheme, host, port and path. - -HTTP/TLS: - ---http-enabled - Enables the HTTP listener. Default: false. ---http-host The used HTTP Host. Default: 0.0.0.0. ---http-port The used HTTP port. Default: 8080. ---http-relative-path - Set the path relative to '/' for serving resources. The path must start with a - '/'. Default: /. ---https-certificate-file - The file path to a server certificate or certificate chain in PEM format. ---https-certificate-key-file - The file path to a private key in PEM format. ---https-cipher-suites - The cipher suites to use. If none is given, a reasonable default is selected. ---https-client-auth - Configures the server to require/request client authentication. Possible - values are: none, request, required. Default: none. ---https-key-store-file - The key store which holds the certificate information instead of specifying - separate files. ---https-key-store-password - The password of the key store file. Default: password. ---https-key-store-type - The type of the key store file. If not given, the type is automatically - detected based on the file name. If 'fips-mode' is set to 'strict' and no - value is set, it defaults to 'BCFKS'. ---https-port The used HTTPS port. Default: 8443. ---https-protocols - The list of protocols to explicitly enable. Default: TLSv1.3,TLSv1.2. ---https-trust-store-file - The trust store which holds the certificate information of the certificates to - trust. ---https-trust-store-password - The password of the trust store file. ---https-trust-store-type - The type of the trust store file. If not given, the type is automatically - detected based on the file name. If 'fips-mode' is set to 'strict' and no - value is set, it defaults to 'BCFKS'. - -Health: - ---health-enabled - If the server should expose health check endpoints. If enabled, health checks - are available at the '/health', '/health/ready' and '/health/live' - endpoints. Default: false. - -Config: - ---config-keystore - Specifies a path to the KeyStore Configuration Source. ---config-keystore-password - Specifies a password to the KeyStore Configuration Source. ---config-keystore-type - Specifies a type of the KeyStore Configuration Source. Default: PKCS12. - -Metrics: - ---metrics-enabled - If the server should expose metrics. If enabled, metrics are available at the - '/metrics' endpoint. Default: false. - -Proxy: - ---proxy The proxy address forwarding mode if the server is behind a reverse proxy. - Possible values are: none, edge, reencrypt, passthrough. Default: none. - -Vault: - ---vault Enables a vault provider. Possible values are: file, keystore. ---vault-dir If set, secrets can be obtained by reading the content of files within the - given directory. ---vault-file Path to the keystore file. ---vault-pass Password for the vault keystore. ---vault-type Specifies the type of the keystore file. Default: PKCS12. - -Logging: - ---log Enable one or more log handlers in a comma-separated list. Possible values - are: console, file, gelf. Default: console. ---log-console-color - Enable or disable colors when logging to console. Default: false. ---log-console-format - The format of unstructured console log entries. If the format has spaces in - it, escape the value using "". Default: %d{yyyy-MM-dd HH:mm:ss,SSS} % - -5p [%c] (%t) %s%e%n. ---log-console-output - Set the log output to JSON or default (plain) unstructured logging. Possible - values are: default, json. Default: default. ---log-file Set the log file path and filename. Default: data\log\keycloak.log. ---log-file-format - Set a format specific to file log entries. Default: %d{yyyy-MM-dd HH:mm:ss, - SSS} %-5p [%c] (%t) %s%e%n. ---log-file-output - Set the log output to JSON or default (plain) unstructured logging. Possible - values are: default, json. Default: default. ---log-gelf-facility - The facility (name of the process) that sends the message. Default: keycloak. ---log-gelf-host - Hostname of the Logstash or Graylog Host. By default UDP is used, prefix the - host with 'tcp:' to switch to TCP. Example: 'tcp:localhost' Default: - localhost. ---log-gelf-include-location - Include source code location. Default: true. ---log-gelf-include-message-parameters - Include message parameters from the log event. Default: true. ---log-gelf-include-stack-trace - If set to true, occuring stack traces are included in the 'StackTrace' field - in the GELF output. Default: true. ---log-gelf-level - The log level specifying which message levels will be logged by the GELF - logger. Message levels lower than this value will be discarded. Default: - INFO. ---log-gelf-max-message-size - Maximum message size (in bytes). If the message size is exceeded, GELF will - submit the message in multiple chunks. Default: 8192. ---log-gelf-port - The port the Logstash or Graylog Host is called on. Default: 12201. ---log-gelf-timestamp-format - Set the format for the GELF timestamp field. Uses Java SimpleDateFormat - pattern. Default: yyyy-MM-dd HH:mm:ss,SSS. ---log-level - The log level of the root category or a comma-separated list of individual - categories and their levels. For the root category, you don't need to - specify a category. Default: info. - -Security: - ---fips-mode Sets the FIPS mode. If 'non-strict' is set, FIPS is enabled but on - non-approved mode. For full FIPS compliance, set 'strict' to run on approved - mode. This option defaults to 'disabled' when 'fips' feature is disabled, - which is by default. This option defaults to 'non-strict' when 'fips' - feature is enabled. Possible values are: non-strict, strict. Default: - disabled. - -Do NOT start the server using this command when deploying to production. - -Use 'kc.bat start-dev --help-all' to list all available options, including -build options. \ No newline at end of file +Start the server in development mode. + +Usage: + +kc.bat start-dev [OPTIONS] + +Use this command if you want to run the server locally for development or +testing purposes. + +Options: + +-h, --help This help message. +--help-all This same help message but with additional options. +--import-realm Import realms during startup by reading any realm configuration file from the + 'data/import' directory. + +Cache: + +--cache Defines the cache mechanism for high-availability. By default in production + mode, a 'ispn' cache is used to create a cluster between multiple server + nodes. By default in development mode, a 'local' cache disables clustering + and is intended for development and testing purposes. Possible values are: + ispn, local. Default: ispn. +--cache-config-file + Defines the file from which cache configuration should be loaded from. The + configuration file is relative to the 'conf/' directory. +--cache-stack + Define the default stack to use for cluster communication and node discovery. + This option only takes effect if 'cache' is set to 'ispn'. Default: udp. + Possible values are: tcp, udp, kubernetes, ec2, azure, google. + +Database: + +--db The database vendor. Possible values are: dev-file, dev-mem, mariadb, mssql, + mysql, oracle, postgres. Default: dev-file. +--db-driver The fully qualified class name of the JDBC driver. If not set, a default + driver is set accordingly to the chosen database. +--db-password + The password of the database user. +--db-pool-initial-size + The initial size of the connection pool. +--db-pool-max-size + The maximum size of the connection pool. Default: 100. +--db-pool-min-size + The minimal size of the connection pool. +--db-schema The database schema to be used. +--db-url The full database JDBC URL. If not provided, a default URL is set based on the + selected database vendor. For instance, if using 'postgres', the default + JDBC URL would be 'jdbc:postgresql://localhost/keycloak'. +--db-url-database + Sets the database name of the default JDBC URL of the chosen vendor. If the + `db-url` option is set, this option is ignored. +--db-url-host + Sets the hostname of the default JDBC URL of the chosen vendor. If the + `db-url` option is set, this option is ignored. +--db-url-port Sets the port of the default JDBC URL of the chosen vendor. If the `db-url` + option is set, this option is ignored. +--db-url-properties + Sets the properties of the default JDBC URL of the chosen vendor. If the + `db-url` option is set, this option is ignored. +--db-username + The username of the database user. + +Transaction: + +--transaction-xa-enabled + If set to false, Keycloak uses a non-XA datasource in case the database does + not support XA transactions. Default: true. + +Feature: + +--features Enables a set of one or more features. Possible values are: account-api, + account2, account3, admin-api, admin-fine-grained-authz, admin2, + authorization, ciba, client-policies, client-secret-rotation, + declarative-user-profile, docker, dpop, dynamic-scopes, fips, impersonation, + js-adapter, kerberos, linkedin-oauth, map-storage, par, preview, + recovery-codes, scripts, step-up-authentication, token-exchange, + update-email, web-authn. +--features-disabled + Disables a set of one or more features. Possible values are: account-api, + account2, account3, admin-api, admin-fine-grained-authz, admin2, + authorization, ciba, client-policies, client-secret-rotation, + declarative-user-profile, docker, dpop, dynamic-scopes, fips, impersonation, + js-adapter, kerberos, linkedin-oauth, map-storage, par, preview, + recovery-codes, scripts, step-up-authentication, token-exchange, + update-email, web-authn. + +Hostname: + +--hostname + Hostname for the Keycloak server. +--hostname-admin + The hostname for accessing the administration console. Use this option if you + are exposing the administration console using a hostname other than the + value set to the 'hostname' option. +--hostname-admin-url + Set the base URL for accessing the administration console, including scheme, + host, port and path +--hostname-path + This should be set if proxy uses a different context-path for Keycloak. +--hostname-port + The port used by the proxy when exposing the hostname. Set this option if the + proxy uses a port other than the default HTTP and HTTPS ports. Default: -1. +--hostname-strict + Disables dynamically resolving the hostname from request headers. Should + always be set to true in production, unless proxy verifies the Host header. + Default: true. +--hostname-strict-backchannel + By default backchannel URLs are dynamically resolved from request headers to + allow internal and external applications. If all applications use the public + URL this option should be enabled. Default: false. +--hostname-url Set the base URL for frontend URLs, including scheme, host, port and path. + +HTTP/TLS: + +--http-enabled + Enables the HTTP listener. Default: false. +--http-host The used HTTP Host. Default: 0.0.0.0. +--http-port The used HTTP port. Default: 8080. +--http-relative-path + Set the path relative to '/' for serving resources. The path must start with a + '/'. Default: /. +--https-certificate-file + The file path to a server certificate or certificate chain in PEM format. +--https-certificate-key-file + The file path to a private key in PEM format. +--https-cipher-suites + The cipher suites to use. If none is given, a reasonable default is selected. +--https-client-auth + Configures the server to require/request client authentication. Possible + values are: none, request, required. Default: none. +--https-key-store-file + The key store which holds the certificate information instead of specifying + separate files. +--https-key-store-password + The password of the key store file. Default: password. +--https-key-store-type + The type of the key store file. If not given, the type is automatically + detected based on the file name. If 'fips-mode' is set to 'strict' and no + value is set, it defaults to 'BCFKS'. +--https-port The used HTTPS port. Default: 8443. +--https-protocols + The list of protocols to explicitly enable. Default: TLSv1.3,TLSv1.2. +--https-trust-store-file + The trust store which holds the certificate information of the certificates to + trust. +--https-trust-store-password + The password of the trust store file. +--https-trust-store-type + The type of the trust store file. If not given, the type is automatically + detected based on the file name. If 'fips-mode' is set to 'strict' and no + value is set, it defaults to 'BCFKS'. + +Health: + +--health-enabled + If the server should expose health check endpoints. If enabled, health checks + are available at the '/health', '/health/ready' and '/health/live' + endpoints. Default: false. + +Metrics: + +--metrics-enabled + If the server should expose metrics. If enabled, metrics are available at the + '/metrics' endpoint. Default: false. + +Proxy: + +--proxy The proxy address forwarding mode if the server is behind a reverse proxy. + Possible values are: none, edge, reencrypt, passthrough. Default: none. + +Vault: + +--vault Enables a vault provider. Possible values are: file. +--vault-dir If set, secrets can be obtained by reading the content of files within the + given directory. + +Logging: + +--log Enable one or more log handlers in a comma-separated list. Possible values + are: console, file, gelf. Default: console. +--log-console-color + Enable or disable colors when logging to console. Default: false. +--log-console-format + The format of unstructured console log entries. If the format has spaces in + it, escape the value using "". Default: %d{yyyy-MM-dd HH:mm:ss,SSS} % + -5p [%c] (%t) %s%e%n. +--log-console-output + Set the log output to JSON or default (plain) unstructured logging. Possible + values are: default, json. Default: default. +--log-file Set the log file path and filename. Default: data/log/keycloak.log. +--log-file-format + Set a format specific to file log entries. Default: %d{yyyy-MM-dd HH:mm:ss, + SSS} %-5p [%c] (%t) %s%e%n. +--log-file-output + Set the log output to JSON or default (plain) unstructured logging. Possible + values are: default, json. Default: default. +--log-gelf-facility + The facility (name of the process) that sends the message. Default: keycloak. +--log-gelf-host + Hostname of the Logstash or Graylog Host. By default UDP is used, prefix the + host with 'tcp:' to switch to TCP. Example: 'tcp:localhost' Default: + localhost. +--log-gelf-include-location + Include source code location. Default: true. +--log-gelf-include-message-parameters + Include message parameters from the log event. Default: true. +--log-gelf-include-stack-trace + If set to true, occuring stack traces are included in the 'StackTrace' field + in the GELF output. Default: true. +--log-gelf-level + The log level specifying which message levels will be logged by the GELF + logger. Message levels lower than this value will be discarded. Default: + INFO. +--log-gelf-max-message-size + Maximum message size (in bytes). If the message size is exceeded, GELF will + submit the message in multiple chunks. Default: 8192. +--log-gelf-port + The port the Logstash or Graylog Host is called on. Default: 12201. +--log-gelf-timestamp-format + Set the format for the GELF timestamp field. Uses Java SimpleDateFormat + pattern. Default: yyyy-MM-dd HH:mm:ss,SSS. +--log-level + The log level of the root category or a comma-separated list of individual + categories and their levels. For the root category, you don't need to + specify a category. Default: info. + +Security: + +--fips-mode Sets the FIPS mode. If 'non-strict' is set, FIPS is enabled but on + non-approved mode. For full FIPS compliance, set 'strict' to run on approved + mode. This option defaults to 'disabled' when 'fips' feature is disabled, + which is by default. This option defaults to 'non-strict' when 'fips' + feature is enabled. Possible values are: non-strict, strict. Default: + disabled. + +Do NOT start the server using this command when deploying to production. + +Use 'kc.bat start-dev --help-all' to list all available options, including +build options. diff --git a/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testStartDevHelpAll.unix.approved.txt b/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testStartDevHelpAll.unix.approved.txt index 1af936a52e..cf00c3b44d 100644 --- a/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testStartDevHelpAll.unix.approved.txt +++ b/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testStartDevHelpAll.unix.approved.txt @@ -138,16 +138,16 @@ Feature: account2, account3, admin-api, admin-fine-grained-authz, admin2, authorization, ciba, client-policies, client-secret-rotation, declarative-user-profile, docker, dpop, dynamic-scopes, fips, impersonation, - js-adapter, kerberos, legacy-welcome, linkedin-oauth, map-storage, par, - preview, recovery-codes, scripts, step-up-authentication, token-exchange, + js-adapter, kerberos, linkedin-oauth, map-storage, par, preview, + recovery-codes, scripts, step-up-authentication, token-exchange, update-email, web-authn. --features-disabled Disables a set of one or more features. Possible values are: account-api, account2, account3, admin-api, admin-fine-grained-authz, admin2, authorization, ciba, client-policies, client-secret-rotation, declarative-user-profile, docker, dpop, dynamic-scopes, fips, impersonation, - js-adapter, kerberos, legacy-welcome, linkedin-oauth, map-storage, par, - preview, recovery-codes, scripts, step-up-authentication, token-exchange, + js-adapter, kerberos, linkedin-oauth, map-storage, par, preview, + recovery-codes, scripts, step-up-authentication, token-exchange, update-email, web-authn. Hostname: @@ -317,4 +317,4 @@ Security: Do NOT start the server using this command when deploying to production. Use 'kc.sh start-dev --help-all' to list all available options, including build -options. \ No newline at end of file +options. diff --git a/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testStartDevHelpAll.windows.approved.txt b/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testStartDevHelpAll.windows.approved.txt index a984ec9133..6683b55441 100644 --- a/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testStartDevHelpAll.windows.approved.txt +++ b/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testStartDevHelpAll.windows.approved.txt @@ -1,320 +1,303 @@ -Start the server in development mode. - -Usage: - -kc.bat start-dev [OPTIONS] - -Use this command if you want to run the server locally for development or -testing purposes. - -Options: - --h, --help This help message. ---help-all This same help message but with additional options. ---import-realm Import realms during startup by reading any realm configuration file from the - 'data/import' directory. - -Cache: - ---cache Defines the cache mechanism for high-availability. By default in production - mode, a 'ispn' cache is used to create a cluster between multiple server - nodes. By default in development mode, a 'local' cache disables clustering - and is intended for development and testing purposes. Possible values are: - ispn, local. Default: ispn. ---cache-config-file - Defines the file from which cache configuration should be loaded from. The - configuration file is relative to the 'conf/' directory. ---cache-stack - Define the default stack to use for cluster communication and node discovery. - This option only takes effect if 'cache' is set to 'ispn'. Default: udp. - Possible values are: tcp, udp, kubernetes, ec2, azure, google. - -Storage (Experimental): - ---storage Experimental: Sets the default storage mechanism for all areas. Possible - values are: jpa, chm, hotrod, file. ---storage-area-auth-session - Experimental: Sets a storage mechanism for authentication sessions. Possible - values are: jpa, chm, hotrod, file. ---storage-area-authorization - Experimental: Sets a storage mechanism for authorizations. Possible values - are: jpa, chm, hotrod, file. ---storage-area-client - Experimental: Sets a storage mechanism for clients. Possible values are: jpa, - chm, hotrod, file. ---storage-area-client-scope - Experimental: Sets a storage mechanism for client scopes. Possible values are: - jpa, chm, hotrod, file. ---storage-area-event-admin - Experimental: Sets a storage mechanism for admin events. Possible values are: - jpa, chm, hotrod, file. ---storage-area-event-auth - Experimental: Sets a storage mechanism for authentication and authorization - events. Possible values are: jpa, chm, hotrod, file. ---storage-area-group - Experimental: Sets a storage mechanism for groups. Possible values are: jpa, - chm, hotrod, file. ---storage-area-login-failure - Experimental: Sets a storage mechanism for login failures. Possible values - are: jpa, chm, hotrod, file. ---storage-area-realm - Experimental: Sets a storage mechanism for realms. Possible values are: jpa, - chm, hotrod, file. ---storage-area-role - Experimental: Sets a storage mechanism for roles. Possible values are: jpa, - chm, hotrod, file. ---storage-area-single-use-object - Experimental: Sets a storage mechanism for single use objects. Possible values - are: jpa, chm, hotrod. ---storage-area-user - Experimental: Sets a storage mechanism for users. Possible values are: jpa, - chm, hotrod, file. ---storage-area-user-session - Experimental: Sets a storage mechanism for user and client sessions. Possible - values are: jpa, chm, hotrod, file. ---storage-deployment-state-version-seed - Experimental: Secret that serves as a seed to mask the version number of - Keycloak in URLs. Need to be identical across all servers in the cluster. - Will default to a random number generated when starting the server which is - secure but will lead to problems when a loadbalancer without sticky sessions - is used or nodes are restarted. ---storage-file-dir - Experimental: Root directory for file map store. ---storage-hotrod-host - Experimental: Sets the host of the Infinispan server. ---storage-hotrod-password - Experimental: Sets the password of the Infinispan user. ---storage-hotrod-port - Experimental: Sets the port of the Infinispan server. ---storage-hotrod-username - Experimental: Sets the username of the Infinispan user. ---storage-jpa-db - Experimental: The database vendor for jpa map storage. Possible values are: - postgres, cockroach. Default: postgres. - -Database: - ---db The database vendor. Possible values are: dev-file, dev-mem, mariadb, mssql, - mysql, oracle, postgres. Default: dev-file. ---db-driver The fully qualified class name of the JDBC driver. If not set, a default - driver is set accordingly to the chosen database. ---db-password - The password of the database user. ---db-pool-initial-size - The initial size of the connection pool. ---db-pool-max-size - The maximum size of the connection pool. Default: 100. ---db-pool-min-size - The minimal size of the connection pool. ---db-schema The database schema to be used. ---db-url The full database JDBC URL. If not provided, a default URL is set based on the - selected database vendor. For instance, if using 'postgres', the default - JDBC URL would be 'jdbc:postgresql://localhost/keycloak'. ---db-url-database - Sets the database name of the default JDBC URL of the chosen vendor. If the - `db-url` option is set, this option is ignored. ---db-url-host - Sets the hostname of the default JDBC URL of the chosen vendor. If the - `db-url` option is set, this option is ignored. ---db-url-port Sets the port of the default JDBC URL of the chosen vendor. If the `db-url` - option is set, this option is ignored. ---db-url-properties - Sets the properties of the default JDBC URL of the chosen vendor. Make sure to - set the properties accordingly to the format expected by the database - vendor, as well as appending the right character at the beginning of this - property value. If the `db-url` option is set, this option is ignored. ---db-username - The username of the database user. - -Transaction: - ---transaction-xa-enabled - If set to false, Keycloak uses a non-XA datasource in case the database does - not support XA transactions. Default: true. - -Feature: - ---features Enables a set of one or more features. Possible values are: account-api, - account2, account3, admin-api, admin-fine-grained-authz, admin2, - authorization, ciba, client-policies, client-secret-rotation, - declarative-user-profile, docker, dpop, dynamic-scopes, fips, impersonation, - js-adapter, kerberos, legacy-welcome, linkedin-oauth, map-storage, par, - preview, recovery-codes, scripts, step-up-authentication, token-exchange, - update-email, web-authn. ---features-disabled - Disables a set of one or more features. Possible values are: account-api, - account2, account3, admin-api, admin-fine-grained-authz, admin2, - authorization, ciba, client-policies, client-secret-rotation, - declarative-user-profile, docker, dpop, dynamic-scopes, fips, impersonation, - js-adapter, kerberos, legacy-welcome, linkedin-oauth, map-storage, par, - preview, recovery-codes, scripts, step-up-authentication, token-exchange, - update-email, web-authn. - -Hostname: - ---hostname - Hostname for the Keycloak server. ---hostname-admin - The hostname for accessing the administration console. Use this option if you - are exposing the administration console using a hostname other than the - value set to the 'hostname' option. ---hostname-admin-url - Set the base URL for accessing the administration console, including scheme, - host, port and path ---hostname-debug - Toggle the hostname debug page that is accessible at - /realms/master/hostname-debug Default: false. ---hostname-path - This should be set if proxy uses a different context-path for Keycloak. ---hostname-port - The port used by the proxy when exposing the hostname. Set this option if the - proxy uses a port other than the default HTTP and HTTPS ports. Default: -1. ---hostname-strict - Disables dynamically resolving the hostname from request headers. Should - always be set to true in production, unless proxy verifies the Host header. - Default: true. ---hostname-strict-backchannel - By default backchannel URLs are dynamically resolved from request headers to - allow internal and external applications. If all applications use the public - URL this option should be enabled. Default: false. ---hostname-url Set the base URL for frontend URLs, including scheme, host, port and path. - -HTTP/TLS: - ---http-enabled - Enables the HTTP listener. Default: false. ---http-host The used HTTP Host. Default: 0.0.0.0. ---http-port The used HTTP port. Default: 8080. ---http-relative-path - Set the path relative to '/' for serving resources. The path must start with a - '/'. Default: /. ---https-certificate-file - The file path to a server certificate or certificate chain in PEM format. ---https-certificate-key-file - The file path to a private key in PEM format. ---https-cipher-suites - The cipher suites to use. If none is given, a reasonable default is selected. ---https-client-auth - Configures the server to require/request client authentication. Possible - values are: none, request, required. Default: none. ---https-key-store-file - The key store which holds the certificate information instead of specifying - separate files. ---https-key-store-password - The password of the key store file. Default: password. ---https-key-store-type - The type of the key store file. If not given, the type is automatically - detected based on the file name. If 'fips-mode' is set to 'strict' and no - value is set, it defaults to 'BCFKS'. ---https-port The used HTTPS port. Default: 8443. ---https-protocols - The list of protocols to explicitly enable. Default: TLSv1.3,TLSv1.2. ---https-trust-store-file - The trust store which holds the certificate information of the certificates to - trust. ---https-trust-store-password - The password of the trust store file. ---https-trust-store-type - The type of the trust store file. If not given, the type is automatically - detected based on the file name. If 'fips-mode' is set to 'strict' and no - value is set, it defaults to 'BCFKS'. - -Health: - ---health-enabled - If the server should expose health check endpoints. If enabled, health checks - are available at the '/health', '/health/ready' and '/health/live' - endpoints. Default: false. - -Config: - ---config-keystore - Specifies a path to the KeyStore Configuration Source. ---config-keystore-password - Specifies a password to the KeyStore Configuration Source. ---config-keystore-type - Specifies a type of the KeyStore Configuration Source. Default: PKCS12. - -Metrics: - ---metrics-enabled - If the server should expose metrics. If enabled, metrics are available at the - '/metrics' endpoint. Default: false. - -Proxy: - ---proxy The proxy address forwarding mode if the server is behind a reverse proxy. - Possible values are: none, edge, reencrypt, passthrough. Default: none. - -Vault: - ---vault Enables a vault provider. Possible values are: file, keystore. ---vault-dir If set, secrets can be obtained by reading the content of files within the - given directory. ---vault-file Path to the keystore file. ---vault-pass Password for the vault keystore. ---vault-type Specifies the type of the keystore file. Default: PKCS12. - -Logging: - ---log Enable one or more log handlers in a comma-separated list. Possible values - are: console, file, gelf. Default: console. ---log-console-color - Enable or disable colors when logging to console. Default: false. ---log-console-format - The format of unstructured console log entries. If the format has spaces in - it, escape the value using "". Default: %d{yyyy-MM-dd HH:mm:ss,SSS} % - -5p [%c] (%t) %s%e%n. ---log-console-output - Set the log output to JSON or default (plain) unstructured logging. Possible - values are: default, json. Default: default. ---log-file Set the log file path and filename. Default: data\log\keycloak.log. ---log-file-format - Set a format specific to file log entries. Default: %d{yyyy-MM-dd HH:mm:ss, - SSS} %-5p [%c] (%t) %s%e%n. ---log-file-output - Set the log output to JSON or default (plain) unstructured logging. Possible - values are: default, json. Default: default. ---log-gelf-facility - The facility (name of the process) that sends the message. Default: keycloak. ---log-gelf-host - Hostname of the Logstash or Graylog Host. By default UDP is used, prefix the - host with 'tcp:' to switch to TCP. Example: 'tcp:localhost' Default: - localhost. ---log-gelf-include-location - Include source code location. Default: true. ---log-gelf-include-message-parameters - Include message parameters from the log event. Default: true. ---log-gelf-include-stack-trace - If set to true, occuring stack traces are included in the 'StackTrace' field - in the GELF output. Default: true. ---log-gelf-level - The log level specifying which message levels will be logged by the GELF - logger. Message levels lower than this value will be discarded. Default: - INFO. ---log-gelf-max-message-size - Maximum message size (in bytes). If the message size is exceeded, GELF will - submit the message in multiple chunks. Default: 8192. ---log-gelf-port - The port the Logstash or Graylog Host is called on. Default: 12201. ---log-gelf-timestamp-format - Set the format for the GELF timestamp field. Uses Java SimpleDateFormat - pattern. Default: yyyy-MM-dd HH:mm:ss,SSS. ---log-level - The log level of the root category or a comma-separated list of individual - categories and their levels. For the root category, you don't need to - specify a category. Default: info. - -Security: - ---fips-mode Sets the FIPS mode. If 'non-strict' is set, FIPS is enabled but on - non-approved mode. For full FIPS compliance, set 'strict' to run on approved - mode. This option defaults to 'disabled' when 'fips' feature is disabled, - which is by default. This option defaults to 'non-strict' when 'fips' - feature is enabled. Possible values are: non-strict, strict. Default: - disabled. - -Do NOT start the server using this command when deploying to production. - -Use 'kc.bat start-dev --help-all' to list all available options, including -build options. \ No newline at end of file +Start the server in development mode. + +Usage: + +kc.bat start-dev [OPTIONS] + +Use this command if you want to run the server locally for development or +testing purposes. + +Options: + +-h, --help This help message. +--help-all This same help message but with additional options. +--import-realm Import realms during startup by reading any realm configuration file from the + 'data/import' directory. + +Cache: + +--cache Defines the cache mechanism for high-availability. By default in production + mode, a 'ispn' cache is used to create a cluster between multiple server + nodes. By default in development mode, a 'local' cache disables clustering + and is intended for development and testing purposes. Possible values are: + ispn, local. Default: ispn. +--cache-config-file + Defines the file from which cache configuration should be loaded from. The + configuration file is relative to the 'conf/' directory. +--cache-stack + Define the default stack to use for cluster communication and node discovery. + This option only takes effect if 'cache' is set to 'ispn'. Default: udp. + Possible values are: tcp, udp, kubernetes, ec2, azure, google. + +Storage (Experimental): + +--storage Experimental: Sets the default storage mechanism for all areas. Possible + values are: jpa, chm, hotrod, file. +--storage-area-auth-session + Experimental: Sets a storage mechanism for authentication sessions. Possible + values are: jpa, chm, hotrod, file. +--storage-area-authorization + Experimental: Sets a storage mechanism for authorizations. Possible values + are: jpa, chm, hotrod, file. +--storage-area-client + Experimental: Sets a storage mechanism for clients. Possible values are: jpa, + chm, hotrod, file. +--storage-area-client-scope + Experimental: Sets a storage mechanism for client scopes. Possible values are: + jpa, chm, hotrod, file. +--storage-area-event-admin + Experimental: Sets a storage mechanism for admin events. Possible values are: + jpa, chm, hotrod, file. +--storage-area-event-auth + Experimental: Sets a storage mechanism for authentication and authorization + events. Possible values are: jpa, chm, hotrod, file. +--storage-area-group + Experimental: Sets a storage mechanism for groups. Possible values are: jpa, + chm, hotrod, file. +--storage-area-login-failure + Experimental: Sets a storage mechanism for login failures. Possible values + are: jpa, chm, hotrod, file. +--storage-area-realm + Experimental: Sets a storage mechanism for realms. Possible values are: jpa, + chm, hotrod, file. +--storage-area-role + Experimental: Sets a storage mechanism for roles. Possible values are: jpa, + chm, hotrod, file. +--storage-area-single-use-object + Experimental: Sets a storage mechanism for single use objects. Possible values + are: jpa, chm, hotrod. +--storage-area-user + Experimental: Sets a storage mechanism for users. Possible values are: jpa, + chm, hotrod, file. +--storage-area-user-session + Experimental: Sets a storage mechanism for user and client sessions. Possible + values are: jpa, chm, hotrod, file. +--storage-deployment-state-version-seed + Experimental: Secret that serves as a seed to mask the version number of + Keycloak in URLs. Need to be identical across all servers in the cluster. + Will default to a random number generated when starting the server which is + secure but will lead to problems when a loadbalancer without sticky sessions + is used or nodes are restarted. +--storage-file-dir + Experimental: Root directory for file map store. +--storage-hotrod-host + Experimental: Sets the host of the Infinispan server. +--storage-hotrod-password + Experimental: Sets the password of the Infinispan user. +--storage-hotrod-port + Experimental: Sets the port of the Infinispan server. +--storage-hotrod-username + Experimental: Sets the username of the Infinispan user. +--storage-jpa-db + Experimental: The database vendor for jpa map storage. Possible values are: + postgres, cockroach. Default: postgres. + +Database: + +--db The database vendor. Possible values are: dev-file, dev-mem, mariadb, mssql, + mysql, oracle, postgres. Default: dev-file. +--db-driver The fully qualified class name of the JDBC driver. If not set, a default + driver is set accordingly to the chosen database. +--db-password + The password of the database user. +--db-pool-initial-size + The initial size of the connection pool. +--db-pool-max-size + The maximum size of the connection pool. Default: 100. +--db-pool-min-size + The minimal size of the connection pool. +--db-schema The database schema to be used. +--db-url The full database JDBC URL. If not provided, a default URL is set based on the + selected database vendor. For instance, if using 'postgres', the default + JDBC URL would be 'jdbc:postgresql://localhost/keycloak'. +--db-url-database + Sets the database name of the default JDBC URL of the chosen vendor. If the + `db-url` option is set, this option is ignored. +--db-url-host + Sets the hostname of the default JDBC URL of the chosen vendor. If the + `db-url` option is set, this option is ignored. +--db-url-port Sets the port of the default JDBC URL of the chosen vendor. If the `db-url` + option is set, this option is ignored. +--db-url-properties + Sets the properties of the default JDBC URL of the chosen vendor. If the + `db-url` option is set, this option is ignored. +--db-username + The username of the database user. + +Transaction: + +--transaction-xa-enabled + If set to false, Keycloak uses a non-XA datasource in case the database does + not support XA transactions. Default: true. + +Feature: + +--features Enables a set of one or more features. Possible values are: account-api, + account2, account3, admin-api, admin-fine-grained-authz, admin2, + authorization, ciba, client-policies, client-secret-rotation, + declarative-user-profile, docker, dpop, dynamic-scopes, fips, impersonation, + js-adapter, kerberos, linkedin-oauth, map-storage, par, preview, + recovery-codes, scripts, step-up-authentication, token-exchange, + update-email, web-authn. +--features-disabled + Disables a set of one or more features. Possible values are: account-api, + account2, account3, admin-api, admin-fine-grained-authz, admin2, + authorization, ciba, client-policies, client-secret-rotation, + declarative-user-profile, docker, dpop, dynamic-scopes, fips, impersonation, + js-adapter, kerberos, linkedin-oauth, map-storage, par, preview, + recovery-codes, scripts, step-up-authentication, token-exchange, + update-email, web-authn. + +Hostname: + +--hostname + Hostname for the Keycloak server. +--hostname-admin + The hostname for accessing the administration console. Use this option if you + are exposing the administration console using a hostname other than the + value set to the 'hostname' option. +--hostname-admin-url + Set the base URL for accessing the administration console, including scheme, + host, port and path +--hostname-path + This should be set if proxy uses a different context-path for Keycloak. +--hostname-port + The port used by the proxy when exposing the hostname. Set this option if the + proxy uses a port other than the default HTTP and HTTPS ports. Default: -1. +--hostname-strict + Disables dynamically resolving the hostname from request headers. Should + always be set to true in production, unless proxy verifies the Host header. + Default: true. +--hostname-strict-backchannel + By default backchannel URLs are dynamically resolved from request headers to + allow internal and external applications. If all applications use the public + URL this option should be enabled. Default: false. +--hostname-url Set the base URL for frontend URLs, including scheme, host, port and path. + +HTTP/TLS: + +--http-enabled + Enables the HTTP listener. Default: false. +--http-host The used HTTP Host. Default: 0.0.0.0. +--http-port The used HTTP port. Default: 8080. +--http-relative-path + Set the path relative to '/' for serving resources. The path must start with a + '/'. Default: /. +--https-certificate-file + The file path to a server certificate or certificate chain in PEM format. +--https-certificate-key-file + The file path to a private key in PEM format. +--https-cipher-suites + The cipher suites to use. If none is given, a reasonable default is selected. +--https-client-auth + Configures the server to require/request client authentication. Possible + values are: none, request, required. Default: none. +--https-key-store-file + The key store which holds the certificate information instead of specifying + separate files. +--https-key-store-password + The password of the key store file. Default: password. +--https-key-store-type + The type of the key store file. If not given, the type is automatically + detected based on the file name. If 'fips-mode' is set to 'strict' and no + value is set, it defaults to 'BCFKS'. +--https-port The used HTTPS port. Default: 8443. +--https-protocols + The list of protocols to explicitly enable. Default: TLSv1.3,TLSv1.2. +--https-trust-store-file + The trust store which holds the certificate information of the certificates to + trust. +--https-trust-store-password + The password of the trust store file. +--https-trust-store-type + The type of the trust store file. If not given, the type is automatically + detected based on the file name. If 'fips-mode' is set to 'strict' and no + value is set, it defaults to 'BCFKS'. + +Health: + +--health-enabled + If the server should expose health check endpoints. If enabled, health checks + are available at the '/health', '/health/ready' and '/health/live' + endpoints. Default: false. + +Metrics: + +--metrics-enabled + If the server should expose metrics. If enabled, metrics are available at the + '/metrics' endpoint. Default: false. + +Proxy: + +--proxy The proxy address forwarding mode if the server is behind a reverse proxy. + Possible values are: none, edge, reencrypt, passthrough. Default: none. + +Vault: + +--vault Enables a vault provider. Possible values are: file. +--vault-dir If set, secrets can be obtained by reading the content of files within the + given directory. + +Logging: + +--log Enable one or more log handlers in a comma-separated list. Possible values + are: console, file, gelf. Default: console. +--log-console-color + Enable or disable colors when logging to console. Default: false. +--log-console-format + The format of unstructured console log entries. If the format has spaces in + it, escape the value using "". Default: %d{yyyy-MM-dd HH:mm:ss,SSS} % + -5p [%c] (%t) %s%e%n. +--log-console-output + Set the log output to JSON or default (plain) unstructured logging. Possible + values are: default, json. Default: default. +--log-file Set the log file path and filename. Default: data/log/keycloak.log. +--log-file-format + Set a format specific to file log entries. Default: %d{yyyy-MM-dd HH:mm:ss, + SSS} %-5p [%c] (%t) %s%e%n. +--log-file-output + Set the log output to JSON or default (plain) unstructured logging. Possible + values are: default, json. Default: default. +--log-gelf-facility + The facility (name of the process) that sends the message. Default: keycloak. +--log-gelf-host + Hostname of the Logstash or Graylog Host. By default UDP is used, prefix the + host with 'tcp:' to switch to TCP. Example: 'tcp:localhost' Default: + localhost. +--log-gelf-include-location + Include source code location. Default: true. +--log-gelf-include-message-parameters + Include message parameters from the log event. Default: true. +--log-gelf-include-stack-trace + If set to true, occuring stack traces are included in the 'StackTrace' field + in the GELF output. Default: true. +--log-gelf-level + The log level specifying which message levels will be logged by the GELF + logger. Message levels lower than this value will be discarded. Default: + INFO. +--log-gelf-max-message-size + Maximum message size (in bytes). If the message size is exceeded, GELF will + submit the message in multiple chunks. Default: 8192. +--log-gelf-port + The port the Logstash or Graylog Host is called on. Default: 12201. +--log-gelf-timestamp-format + Set the format for the GELF timestamp field. Uses Java SimpleDateFormat + pattern. Default: yyyy-MM-dd HH:mm:ss,SSS. +--log-level + The log level of the root category or a comma-separated list of individual + categories and their levels. For the root category, you don't need to + specify a category. Default: info. + +Security: + +--fips-mode Sets the FIPS mode. If 'non-strict' is set, FIPS is enabled but on + non-approved mode. For full FIPS compliance, set 'strict' to run on approved + mode. This option defaults to 'disabled' when 'fips' feature is disabled, + which is by default. This option defaults to 'non-strict' when 'fips' + feature is enabled. Possible values are: non-strict, strict. Default: + disabled. + +Do NOT start the server using this command when deploying to production. + +Use 'kc.bat start-dev --help-all' to list all available options, including +build options. diff --git a/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testStartHelp.unix.approved.txt b/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testStartHelp.unix.approved.txt index 5f76ef51ec..84f2a21deb 100644 --- a/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testStartHelp.unix.approved.txt +++ b/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testStartHelp.unix.approved.txt @@ -81,16 +81,16 @@ Feature: account2, account3, admin-api, admin-fine-grained-authz, admin2, authorization, ciba, client-policies, client-secret-rotation, declarative-user-profile, docker, dpop, dynamic-scopes, fips, impersonation, - js-adapter, kerberos, legacy-welcome, linkedin-oauth, map-storage, par, - preview, recovery-codes, scripts, step-up-authentication, token-exchange, + js-adapter, kerberos, linkedin-oauth, map-storage, par, preview, + recovery-codes, scripts, step-up-authentication, token-exchange, update-email, web-authn. --features-disabled Disables a set of one or more features. Possible values are: account-api, account2, account3, admin-api, admin-fine-grained-authz, admin2, authorization, ciba, client-policies, client-secret-rotation, declarative-user-profile, docker, dpop, dynamic-scopes, fips, impersonation, - js-adapter, kerberos, legacy-welcome, linkedin-oauth, map-storage, par, - preview, recovery-codes, scripts, step-up-authentication, token-exchange, + js-adapter, kerberos, linkedin-oauth, map-storage, par, preview, + recovery-codes, scripts, step-up-authentication, token-exchange, update-email, web-authn. Hostname: @@ -264,4 +264,4 @@ By default, this command tries to update the server configuration by running a $ kc.sh start '--optimized' By doing that, the server should start faster based on any previous -configuration you have set when manually running the 'build' command. \ No newline at end of file +configuration you have set when manually running the 'build' command. diff --git a/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testStartHelp.windows.approved.txt b/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testStartHelp.windows.approved.txt index 7d925c4e1f..0daa4f8170 100644 --- a/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testStartHelp.windows.approved.txt +++ b/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testStartHelp.windows.approved.txt @@ -1,267 +1,250 @@ -Start the server. - -Usage: - -kc.bat start [OPTIONS] - -Use this command to run the server in production. - -Options: - --b, --auto-build (Deprecated) Automatically detects whether the server configuration changed - and a new server image must be built prior to starting the server. This - option provides an alternative to manually running the 'build' prior to - starting the server. Use this configuration carefully in production as it - might impact the startup time. --h, --help This help message. ---help-all This same help message but with additional options. ---import-realm Import realms during startup by reading any realm configuration file from the - 'data/import' directory. ---optimized Use this option to achieve an optimal startup time if you have previously - built a server image using the 'build' command. - -Cache: - ---cache Defines the cache mechanism for high-availability. By default in production - mode, a 'ispn' cache is used to create a cluster between multiple server - nodes. By default in development mode, a 'local' cache disables clustering - and is intended for development and testing purposes. Possible values are: - ispn, local. Default: ispn. ---cache-config-file - Defines the file from which cache configuration should be loaded from. The - configuration file is relative to the 'conf/' directory. ---cache-stack - Define the default stack to use for cluster communication and node discovery. - This option only takes effect if 'cache' is set to 'ispn'. Default: udp. - Possible values are: tcp, udp, kubernetes, ec2, azure, google. - -Database: - ---db The database vendor. Possible values are: dev-file, dev-mem, mariadb, mssql, - mysql, oracle, postgres. Default: dev-file. ---db-driver The fully qualified class name of the JDBC driver. If not set, a default - driver is set accordingly to the chosen database. ---db-password - The password of the database user. ---db-pool-initial-size - The initial size of the connection pool. ---db-pool-max-size - The maximum size of the connection pool. Default: 100. ---db-pool-min-size - The minimal size of the connection pool. ---db-schema The database schema to be used. ---db-url The full database JDBC URL. If not provided, a default URL is set based on the - selected database vendor. For instance, if using 'postgres', the default - JDBC URL would be 'jdbc:postgresql://localhost/keycloak'. ---db-url-database - Sets the database name of the default JDBC URL of the chosen vendor. If the - `db-url` option is set, this option is ignored. ---db-url-host - Sets the hostname of the default JDBC URL of the chosen vendor. If the - `db-url` option is set, this option is ignored. ---db-url-port Sets the port of the default JDBC URL of the chosen vendor. If the `db-url` - option is set, this option is ignored. ---db-url-properties - Sets the properties of the default JDBC URL of the chosen vendor. Make sure to - set the properties accordingly to the format expected by the database - vendor, as well as appending the right character at the beginning of this - property value. If the `db-url` option is set, this option is ignored. ---db-username - The username of the database user. - -Transaction: - ---transaction-xa-enabled - If set to false, Keycloak uses a non-XA datasource in case the database does - not support XA transactions. Default: true. - -Feature: - ---features Enables a set of one or more features. Possible values are: account-api, - account2, account3, admin-api, admin-fine-grained-authz, admin2, - authorization, ciba, client-policies, client-secret-rotation, - declarative-user-profile, docker, dpop, dynamic-scopes, fips, impersonation, - js-adapter, kerberos, legacy-welcome, linkedin-oauth, map-storage, par, - preview, recovery-codes, scripts, step-up-authentication, token-exchange, - update-email, web-authn. ---features-disabled - Disables a set of one or more features. Possible values are: account-api, - account2, account3, admin-api, admin-fine-grained-authz, admin2, - authorization, ciba, client-policies, client-secret-rotation, - declarative-user-profile, docker, dpop, dynamic-scopes, fips, impersonation, - js-adapter, kerberos, legacy-welcome, linkedin-oauth, map-storage, par, - preview, recovery-codes, scripts, step-up-authentication, token-exchange, - update-email, web-authn. - -Hostname: - ---hostname - Hostname for the Keycloak server. ---hostname-admin - The hostname for accessing the administration console. Use this option if you - are exposing the administration console using a hostname other than the - value set to the 'hostname' option. ---hostname-admin-url - Set the base URL for accessing the administration console, including scheme, - host, port and path ---hostname-debug - Toggle the hostname debug page that is accessible at - /realms/master/hostname-debug Default: false. ---hostname-path - This should be set if proxy uses a different context-path for Keycloak. ---hostname-port - The port used by the proxy when exposing the hostname. Set this option if the - proxy uses a port other than the default HTTP and HTTPS ports. Default: -1. ---hostname-strict - Disables dynamically resolving the hostname from request headers. Should - always be set to true in production, unless proxy verifies the Host header. - Default: true. ---hostname-strict-backchannel - By default backchannel URLs are dynamically resolved from request headers to - allow internal and external applications. If all applications use the public - URL this option should be enabled. Default: false. ---hostname-url Set the base URL for frontend URLs, including scheme, host, port and path. - -HTTP/TLS: - ---http-enabled - Enables the HTTP listener. Default: false. ---http-host The used HTTP Host. Default: 0.0.0.0. ---http-port The used HTTP port. Default: 8080. ---http-relative-path - Set the path relative to '/' for serving resources. The path must start with a - '/'. Default: /. ---https-certificate-file - The file path to a server certificate or certificate chain in PEM format. ---https-certificate-key-file - The file path to a private key in PEM format. ---https-cipher-suites - The cipher suites to use. If none is given, a reasonable default is selected. ---https-client-auth - Configures the server to require/request client authentication. Possible - values are: none, request, required. Default: none. ---https-key-store-file - The key store which holds the certificate information instead of specifying - separate files. ---https-key-store-password - The password of the key store file. Default: password. ---https-key-store-type - The type of the key store file. If not given, the type is automatically - detected based on the file name. If 'fips-mode' is set to 'strict' and no - value is set, it defaults to 'BCFKS'. ---https-port The used HTTPS port. Default: 8443. ---https-protocols - The list of protocols to explicitly enable. Default: TLSv1.3,TLSv1.2. ---https-trust-store-file - The trust store which holds the certificate information of the certificates to - trust. ---https-trust-store-password - The password of the trust store file. ---https-trust-store-type - The type of the trust store file. If not given, the type is automatically - detected based on the file name. If 'fips-mode' is set to 'strict' and no - value is set, it defaults to 'BCFKS'. - -Health: - ---health-enabled - If the server should expose health check endpoints. If enabled, health checks - are available at the '/health', '/health/ready' and '/health/live' - endpoints. Default: false. - -Config: - ---config-keystore - Specifies a path to the KeyStore Configuration Source. ---config-keystore-password - Specifies a password to the KeyStore Configuration Source. ---config-keystore-type - Specifies a type of the KeyStore Configuration Source. Default: PKCS12. - -Metrics: - ---metrics-enabled - If the server should expose metrics. If enabled, metrics are available at the - '/metrics' endpoint. Default: false. - -Proxy: - ---proxy The proxy address forwarding mode if the server is behind a reverse proxy. - Possible values are: none, edge, reencrypt, passthrough. Default: none. - -Vault: - ---vault Enables a vault provider. Possible values are: file, keystore. ---vault-dir If set, secrets can be obtained by reading the content of files within the - given directory. ---vault-file Path to the keystore file. ---vault-pass Password for the vault keystore. ---vault-type Specifies the type of the keystore file. Default: PKCS12. - -Logging: - ---log Enable one or more log handlers in a comma-separated list. Possible values - are: console, file, gelf. Default: console. ---log-console-color - Enable or disable colors when logging to console. Default: false. ---log-console-format - The format of unstructured console log entries. If the format has spaces in - it, escape the value using "". Default: %d{yyyy-MM-dd HH:mm:ss,SSS} % - -5p [%c] (%t) %s%e%n. ---log-console-output - Set the log output to JSON or default (plain) unstructured logging. Possible - values are: default, json. Default: default. ---log-file Set the log file path and filename. Default: data\log\keycloak.log. ---log-file-format - Set a format specific to file log entries. Default: %d{yyyy-MM-dd HH:mm:ss, - SSS} %-5p [%c] (%t) %s%e%n. ---log-file-output - Set the log output to JSON or default (plain) unstructured logging. Possible - values are: default, json. Default: default. ---log-gelf-facility - The facility (name of the process) that sends the message. Default: keycloak. ---log-gelf-host - Hostname of the Logstash or Graylog Host. By default UDP is used, prefix the - host with 'tcp:' to switch to TCP. Example: 'tcp:localhost' Default: - localhost. ---log-gelf-include-location - Include source code location. Default: true. ---log-gelf-include-message-parameters - Include message parameters from the log event. Default: true. ---log-gelf-include-stack-trace - If set to true, occuring stack traces are included in the 'StackTrace' field - in the GELF output. Default: true. ---log-gelf-level - The log level specifying which message levels will be logged by the GELF - logger. Message levels lower than this value will be discarded. Default: - INFO. ---log-gelf-max-message-size - Maximum message size (in bytes). If the message size is exceeded, GELF will - submit the message in multiple chunks. Default: 8192. ---log-gelf-port - The port the Logstash or Graylog Host is called on. Default: 12201. ---log-gelf-timestamp-format - Set the format for the GELF timestamp field. Uses Java SimpleDateFormat - pattern. Default: yyyy-MM-dd HH:mm:ss,SSS. ---log-level - The log level of the root category or a comma-separated list of individual - categories and their levels. For the root category, you don't need to - specify a category. Default: info. - -Security: - ---fips-mode Sets the FIPS mode. If 'non-strict' is set, FIPS is enabled but on - non-approved mode. For full FIPS compliance, set 'strict' to run on approved - mode. This option defaults to 'disabled' when 'fips' feature is disabled, - which is by default. This option defaults to 'non-strict' when 'fips' - feature is enabled. Possible values are: non-strict, strict. Default: - disabled. - -By default, this command tries to update the server configuration by running a -'build' before starting the server. You can disable this behavior by using the -'--optimized' option: - - $ kc.bat start '--optimized' - -By doing that, the server should start faster based on any previous -configuration you have set when manually running the 'build' command. \ No newline at end of file +Start the server. + +Usage: + +kc.bat start [OPTIONS] + +Use this command to run the server in production. + +Options: + +-b, --auto-build (Deprecated) Automatically detects whether the server configuration changed + and a new server image must be built prior to starting the server. This + option provides an alternative to manually running the 'build' prior to + starting the server. Use this configuration carefully in production as it + might impact the startup time. +-h, --help This help message. +--help-all This same help message but with additional options. +--import-realm Import realms during startup by reading any realm configuration file from the + 'data/import' directory. +--optimized Use this option to achieve an optimal startup time if you have previously + built a server image using the 'build' command. + +Cache: + +--cache Defines the cache mechanism for high-availability. By default in production + mode, a 'ispn' cache is used to create a cluster between multiple server + nodes. By default in development mode, a 'local' cache disables clustering + and is intended for development and testing purposes. Possible values are: + ispn, local. Default: ispn. +--cache-config-file + Defines the file from which cache configuration should be loaded from. The + configuration file is relative to the 'conf/' directory. +--cache-stack + Define the default stack to use for cluster communication and node discovery. + This option only takes effect if 'cache' is set to 'ispn'. Default: udp. + Possible values are: tcp, udp, kubernetes, ec2, azure, google. + +Database: + +--db The database vendor. Possible values are: dev-file, dev-mem, mariadb, mssql, + mysql, oracle, postgres. Default: dev-file. +--db-driver The fully qualified class name of the JDBC driver. If not set, a default + driver is set accordingly to the chosen database. +--db-password + The password of the database user. +--db-pool-initial-size + The initial size of the connection pool. +--db-pool-max-size + The maximum size of the connection pool. Default: 100. +--db-pool-min-size + The minimal size of the connection pool. +--db-schema The database schema to be used. +--db-url The full database JDBC URL. If not provided, a default URL is set based on the + selected database vendor. For instance, if using 'postgres', the default + JDBC URL would be 'jdbc:postgresql://localhost/keycloak'. +--db-url-database + Sets the database name of the default JDBC URL of the chosen vendor. If the + `db-url` option is set, this option is ignored. +--db-url-host + Sets the hostname of the default JDBC URL of the chosen vendor. If the + `db-url` option is set, this option is ignored. +--db-url-port Sets the port of the default JDBC URL of the chosen vendor. If the `db-url` + option is set, this option is ignored. +--db-url-properties + Sets the properties of the default JDBC URL of the chosen vendor. If the + `db-url` option is set, this option is ignored. +--db-username + The username of the database user. + +Transaction: + +--transaction-xa-enabled + If set to false, Keycloak uses a non-XA datasource in case the database does + not support XA transactions. Default: true. + +Feature: + +--features Enables a set of one or more features. Possible values are: account-api, + account2, account3, admin-api, admin-fine-grained-authz, admin2, + authorization, ciba, client-policies, client-secret-rotation, + declarative-user-profile, docker, dpop, dynamic-scopes, fips, impersonation, + js-adapter, kerberos, linkedin-oauth, map-storage, par, preview, + recovery-codes, scripts, step-up-authentication, token-exchange, + update-email, web-authn. +--features-disabled + Disables a set of one or more features. Possible values are: account-api, + account2, account3, admin-api, admin-fine-grained-authz, admin2, + authorization, ciba, client-policies, client-secret-rotation, + declarative-user-profile, docker, dpop, dynamic-scopes, fips, impersonation, + js-adapter, kerberos, linkedin-oauth, map-storage, par, preview, + recovery-codes, scripts, step-up-authentication, token-exchange, + update-email, web-authn. + +Hostname: + +--hostname + Hostname for the Keycloak server. +--hostname-admin + The hostname for accessing the administration console. Use this option if you + are exposing the administration console using a hostname other than the + value set to the 'hostname' option. +--hostname-admin-url + Set the base URL for accessing the administration console, including scheme, + host, port and path +--hostname-path + This should be set if proxy uses a different context-path for Keycloak. +--hostname-port + The port used by the proxy when exposing the hostname. Set this option if the + proxy uses a port other than the default HTTP and HTTPS ports. Default: -1. +--hostname-strict + Disables dynamically resolving the hostname from request headers. Should + always be set to true in production, unless proxy verifies the Host header. + Default: true. +--hostname-strict-backchannel + By default backchannel URLs are dynamically resolved from request headers to + allow internal and external applications. If all applications use the public + URL this option should be enabled. Default: false. +--hostname-url Set the base URL for frontend URLs, including scheme, host, port and path. + +HTTP/TLS: + +--http-enabled + Enables the HTTP listener. Default: false. +--http-host The used HTTP Host. Default: 0.0.0.0. +--http-port The used HTTP port. Default: 8080. +--http-relative-path + Set the path relative to '/' for serving resources. The path must start with a + '/'. Default: /. +--https-certificate-file + The file path to a server certificate or certificate chain in PEM format. +--https-certificate-key-file + The file path to a private key in PEM format. +--https-cipher-suites + The cipher suites to use. If none is given, a reasonable default is selected. +--https-client-auth + Configures the server to require/request client authentication. Possible + values are: none, request, required. Default: none. +--https-key-store-file + The key store which holds the certificate information instead of specifying + separate files. +--https-key-store-password + The password of the key store file. Default: password. +--https-key-store-type + The type of the key store file. If not given, the type is automatically + detected based on the file name. If 'fips-mode' is set to 'strict' and no + value is set, it defaults to 'BCFKS'. +--https-port The used HTTPS port. Default: 8443. +--https-protocols + The list of protocols to explicitly enable. Default: TLSv1.3,TLSv1.2. +--https-trust-store-file + The trust store which holds the certificate information of the certificates to + trust. +--https-trust-store-password + The password of the trust store file. +--https-trust-store-type + The type of the trust store file. If not given, the type is automatically + detected based on the file name. If 'fips-mode' is set to 'strict' and no + value is set, it defaults to 'BCFKS'. + +Health: + +--health-enabled + If the server should expose health check endpoints. If enabled, health checks + are available at the '/health', '/health/ready' and '/health/live' + endpoints. Default: false. + +Metrics: + +--metrics-enabled + If the server should expose metrics. If enabled, metrics are available at the + '/metrics' endpoint. Default: false. + +Proxy: + +--proxy The proxy address forwarding mode if the server is behind a reverse proxy. + Possible values are: none, edge, reencrypt, passthrough. Default: none. + +Vault: + +--vault Enables a vault provider. Possible values are: file. +--vault-dir If set, secrets can be obtained by reading the content of files within the + given directory. + +Logging: + +--log Enable one or more log handlers in a comma-separated list. Possible values + are: console, file, gelf. Default: console. +--log-console-color + Enable or disable colors when logging to console. Default: false. +--log-console-format + The format of unstructured console log entries. If the format has spaces in + it, escape the value using "". Default: %d{yyyy-MM-dd HH:mm:ss,SSS} % + -5p [%c] (%t) %s%e%n. +--log-console-output + Set the log output to JSON or default (plain) unstructured logging. Possible + values are: default, json. Default: default. +--log-file Set the log file path and filename. Default: data/log/keycloak.log. +--log-file-format + Set a format specific to file log entries. Default: %d{yyyy-MM-dd HH:mm:ss, + SSS} %-5p [%c] (%t) %s%e%n. +--log-file-output + Set the log output to JSON or default (plain) unstructured logging. Possible + values are: default, json. Default: default. +--log-gelf-facility + The facility (name of the process) that sends the message. Default: keycloak. +--log-gelf-host + Hostname of the Logstash or Graylog Host. By default UDP is used, prefix the + host with 'tcp:' to switch to TCP. Example: 'tcp:localhost' Default: + localhost. +--log-gelf-include-location + Include source code location. Default: true. +--log-gelf-include-message-parameters + Include message parameters from the log event. Default: true. +--log-gelf-include-stack-trace + If set to true, occuring stack traces are included in the 'StackTrace' field + in the GELF output. Default: true. +--log-gelf-level + The log level specifying which message levels will be logged by the GELF + logger. Message levels lower than this value will be discarded. Default: + INFO. +--log-gelf-max-message-size + Maximum message size (in bytes). If the message size is exceeded, GELF will + submit the message in multiple chunks. Default: 8192. +--log-gelf-port + The port the Logstash or Graylog Host is called on. Default: 12201. +--log-gelf-timestamp-format + Set the format for the GELF timestamp field. Uses Java SimpleDateFormat + pattern. Default: yyyy-MM-dd HH:mm:ss,SSS. +--log-level + The log level of the root category or a comma-separated list of individual + categories and their levels. For the root category, you don't need to + specify a category. Default: info. + +Security: + +--fips-mode Sets the FIPS mode. If 'non-strict' is set, FIPS is enabled but on + non-approved mode. For full FIPS compliance, set 'strict' to run on approved + mode. This option defaults to 'disabled' when 'fips' feature is disabled, + which is by default. This option defaults to 'non-strict' when 'fips' + feature is enabled. Possible values are: non-strict, strict. Default: + disabled. + +By default, this command tries to update the server configuration by running a +'build' before starting the server. You can disable this behavior by using the +'--optimized' option: + + $ kc.bat start '--optimized' + +By doing that, the server should start faster based on any previous +configuration you have set when manually running the 'build' command. diff --git a/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testStartHelpAll.unix.approved.txt b/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testStartHelpAll.unix.approved.txt index f2e6f48e1b..0a3db0e6e6 100644 --- a/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testStartHelpAll.unix.approved.txt +++ b/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testStartHelpAll.unix.approved.txt @@ -144,16 +144,16 @@ Feature: account2, account3, admin-api, admin-fine-grained-authz, admin2, authorization, ciba, client-policies, client-secret-rotation, declarative-user-profile, docker, dpop, dynamic-scopes, fips, impersonation, - js-adapter, kerberos, legacy-welcome, linkedin-oauth, map-storage, par, - preview, recovery-codes, scripts, step-up-authentication, token-exchange, + js-adapter, kerberos, linkedin-oauth, map-storage, par, preview, + recovery-codes, scripts, step-up-authentication, token-exchange, update-email, web-authn. --features-disabled Disables a set of one or more features. Possible values are: account-api, account2, account3, admin-api, admin-fine-grained-authz, admin2, authorization, ciba, client-policies, client-secret-rotation, declarative-user-profile, docker, dpop, dynamic-scopes, fips, impersonation, - js-adapter, kerberos, legacy-welcome, linkedin-oauth, map-storage, par, - preview, recovery-codes, scripts, step-up-authentication, token-exchange, + js-adapter, kerberos, linkedin-oauth, map-storage, par, preview, + recovery-codes, scripts, step-up-authentication, token-exchange, update-email, web-authn. Hostname: @@ -327,4 +327,4 @@ By default, this command tries to update the server configuration by running a $ kc.sh start '--optimized' By doing that, the server should start faster based on any previous -configuration you have set when manually running the 'build' command. \ No newline at end of file +configuration you have set when manually running the 'build' command. diff --git a/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testStartHelpAll.windows.approved.txt b/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testStartHelpAll.windows.approved.txt index a4e1774856..f31daa4fb7 100644 --- a/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testStartHelpAll.windows.approved.txt +++ b/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testStartHelpAll.windows.approved.txt @@ -1,330 +1,313 @@ -Start the server. - -Usage: - -kc.bat start [OPTIONS] - -Use this command to run the server in production. - -Options: - --b, --auto-build (Deprecated) Automatically detects whether the server configuration changed - and a new server image must be built prior to starting the server. This - option provides an alternative to manually running the 'build' prior to - starting the server. Use this configuration carefully in production as it - might impact the startup time. --h, --help This help message. ---help-all This same help message but with additional options. ---import-realm Import realms during startup by reading any realm configuration file from the - 'data/import' directory. ---optimized Use this option to achieve an optimal startup time if you have previously - built a server image using the 'build' command. - -Cache: - ---cache Defines the cache mechanism for high-availability. By default in production - mode, a 'ispn' cache is used to create a cluster between multiple server - nodes. By default in development mode, a 'local' cache disables clustering - and is intended for development and testing purposes. Possible values are: - ispn, local. Default: ispn. ---cache-config-file - Defines the file from which cache configuration should be loaded from. The - configuration file is relative to the 'conf/' directory. ---cache-stack - Define the default stack to use for cluster communication and node discovery. - This option only takes effect if 'cache' is set to 'ispn'. Default: udp. - Possible values are: tcp, udp, kubernetes, ec2, azure, google. - -Storage (Experimental): - ---storage Experimental: Sets the default storage mechanism for all areas. Possible - values are: jpa, chm, hotrod, file. ---storage-area-auth-session - Experimental: Sets a storage mechanism for authentication sessions. Possible - values are: jpa, chm, hotrod, file. ---storage-area-authorization - Experimental: Sets a storage mechanism for authorizations. Possible values - are: jpa, chm, hotrod, file. ---storage-area-client - Experimental: Sets a storage mechanism for clients. Possible values are: jpa, - chm, hotrod, file. ---storage-area-client-scope - Experimental: Sets a storage mechanism for client scopes. Possible values are: - jpa, chm, hotrod, file. ---storage-area-event-admin - Experimental: Sets a storage mechanism for admin events. Possible values are: - jpa, chm, hotrod, file. ---storage-area-event-auth - Experimental: Sets a storage mechanism for authentication and authorization - events. Possible values are: jpa, chm, hotrod, file. ---storage-area-group - Experimental: Sets a storage mechanism for groups. Possible values are: jpa, - chm, hotrod, file. ---storage-area-login-failure - Experimental: Sets a storage mechanism for login failures. Possible values - are: jpa, chm, hotrod, file. ---storage-area-realm - Experimental: Sets a storage mechanism for realms. Possible values are: jpa, - chm, hotrod, file. ---storage-area-role - Experimental: Sets a storage mechanism for roles. Possible values are: jpa, - chm, hotrod, file. ---storage-area-single-use-object - Experimental: Sets a storage mechanism for single use objects. Possible values - are: jpa, chm, hotrod. ---storage-area-user - Experimental: Sets a storage mechanism for users. Possible values are: jpa, - chm, hotrod, file. ---storage-area-user-session - Experimental: Sets a storage mechanism for user and client sessions. Possible - values are: jpa, chm, hotrod, file. ---storage-deployment-state-version-seed - Experimental: Secret that serves as a seed to mask the version number of - Keycloak in URLs. Need to be identical across all servers in the cluster. - Will default to a random number generated when starting the server which is - secure but will lead to problems when a loadbalancer without sticky sessions - is used or nodes are restarted. ---storage-file-dir - Experimental: Root directory for file map store. ---storage-hotrod-host - Experimental: Sets the host of the Infinispan server. ---storage-hotrod-password - Experimental: Sets the password of the Infinispan user. ---storage-hotrod-port - Experimental: Sets the port of the Infinispan server. ---storage-hotrod-username - Experimental: Sets the username of the Infinispan user. ---storage-jpa-db - Experimental: The database vendor for jpa map storage. Possible values are: - postgres, cockroach. Default: postgres. - -Database: - ---db The database vendor. Possible values are: dev-file, dev-mem, mariadb, mssql, - mysql, oracle, postgres. Default: dev-file. ---db-driver The fully qualified class name of the JDBC driver. If not set, a default - driver is set accordingly to the chosen database. ---db-password - The password of the database user. ---db-pool-initial-size - The initial size of the connection pool. ---db-pool-max-size - The maximum size of the connection pool. Default: 100. ---db-pool-min-size - The minimal size of the connection pool. ---db-schema The database schema to be used. ---db-url The full database JDBC URL. If not provided, a default URL is set based on the - selected database vendor. For instance, if using 'postgres', the default - JDBC URL would be 'jdbc:postgresql://localhost/keycloak'. ---db-url-database - Sets the database name of the default JDBC URL of the chosen vendor. If the - `db-url` option is set, this option is ignored. ---db-url-host - Sets the hostname of the default JDBC URL of the chosen vendor. If the - `db-url` option is set, this option is ignored. ---db-url-port Sets the port of the default JDBC URL of the chosen vendor. If the `db-url` - option is set, this option is ignored. ---db-url-properties - Sets the properties of the default JDBC URL of the chosen vendor. Make sure to - set the properties accordingly to the format expected by the database - vendor, as well as appending the right character at the beginning of this - property value. If the `db-url` option is set, this option is ignored. ---db-username - The username of the database user. - -Transaction: - ---transaction-xa-enabled - If set to false, Keycloak uses a non-XA datasource in case the database does - not support XA transactions. Default: true. - -Feature: - ---features Enables a set of one or more features. Possible values are: account-api, - account2, account3, admin-api, admin-fine-grained-authz, admin2, - authorization, ciba, client-policies, client-secret-rotation, - declarative-user-profile, docker, dpop, dynamic-scopes, fips, impersonation, - js-adapter, kerberos, legacy-welcome, linkedin-oauth, map-storage, par, - preview, recovery-codes, scripts, step-up-authentication, token-exchange, - update-email, web-authn. ---features-disabled - Disables a set of one or more features. Possible values are: account-api, - account2, account3, admin-api, admin-fine-grained-authz, admin2, - authorization, ciba, client-policies, client-secret-rotation, - declarative-user-profile, docker, dpop, dynamic-scopes, fips, impersonation, - js-adapter, kerberos, legacy-welcome, linkedin-oauth, map-storage, par, - preview, recovery-codes, scripts, step-up-authentication, token-exchange, - update-email, web-authn. - -Hostname: - ---hostname - Hostname for the Keycloak server. ---hostname-admin - The hostname for accessing the administration console. Use this option if you - are exposing the administration console using a hostname other than the - value set to the 'hostname' option. ---hostname-admin-url - Set the base URL for accessing the administration console, including scheme, - host, port and path ---hostname-debug - Toggle the hostname debug page that is accessible at - /realms/master/hostname-debug Default: false. ---hostname-path - This should be set if proxy uses a different context-path for Keycloak. ---hostname-port - The port used by the proxy when exposing the hostname. Set this option if the - proxy uses a port other than the default HTTP and HTTPS ports. Default: -1. ---hostname-strict - Disables dynamically resolving the hostname from request headers. Should - always be set to true in production, unless proxy verifies the Host header. - Default: true. ---hostname-strict-backchannel - By default backchannel URLs are dynamically resolved from request headers to - allow internal and external applications. If all applications use the public - URL this option should be enabled. Default: false. ---hostname-url Set the base URL for frontend URLs, including scheme, host, port and path. - -HTTP/TLS: - ---http-enabled - Enables the HTTP listener. Default: false. ---http-host The used HTTP Host. Default: 0.0.0.0. ---http-port The used HTTP port. Default: 8080. ---http-relative-path - Set the path relative to '/' for serving resources. The path must start with a - '/'. Default: /. ---https-certificate-file - The file path to a server certificate or certificate chain in PEM format. ---https-certificate-key-file - The file path to a private key in PEM format. ---https-cipher-suites - The cipher suites to use. If none is given, a reasonable default is selected. ---https-client-auth - Configures the server to require/request client authentication. Possible - values are: none, request, required. Default: none. ---https-key-store-file - The key store which holds the certificate information instead of specifying - separate files. ---https-key-store-password - The password of the key store file. Default: password. ---https-key-store-type - The type of the key store file. If not given, the type is automatically - detected based on the file name. If 'fips-mode' is set to 'strict' and no - value is set, it defaults to 'BCFKS'. ---https-port The used HTTPS port. Default: 8443. ---https-protocols - The list of protocols to explicitly enable. Default: TLSv1.3,TLSv1.2. ---https-trust-store-file - The trust store which holds the certificate information of the certificates to - trust. ---https-trust-store-password - The password of the trust store file. ---https-trust-store-type - The type of the trust store file. If not given, the type is automatically - detected based on the file name. If 'fips-mode' is set to 'strict' and no - value is set, it defaults to 'BCFKS'. - -Health: - ---health-enabled - If the server should expose health check endpoints. If enabled, health checks - are available at the '/health', '/health/ready' and '/health/live' - endpoints. Default: false. - -Config: - ---config-keystore - Specifies a path to the KeyStore Configuration Source. ---config-keystore-password - Specifies a password to the KeyStore Configuration Source. ---config-keystore-type - Specifies a type of the KeyStore Configuration Source. Default: PKCS12. - -Metrics: - ---metrics-enabled - If the server should expose metrics. If enabled, metrics are available at the - '/metrics' endpoint. Default: false. - -Proxy: - ---proxy The proxy address forwarding mode if the server is behind a reverse proxy. - Possible values are: none, edge, reencrypt, passthrough. Default: none. - -Vault: - ---vault Enables a vault provider. Possible values are: file, keystore. ---vault-dir If set, secrets can be obtained by reading the content of files within the - given directory. ---vault-file Path to the keystore file. ---vault-pass Password for the vault keystore. ---vault-type Specifies the type of the keystore file. Default: PKCS12. - -Logging: - ---log Enable one or more log handlers in a comma-separated list. Possible values - are: console, file, gelf. Default: console. ---log-console-color - Enable or disable colors when logging to console. Default: false. ---log-console-format - The format of unstructured console log entries. If the format has spaces in - it, escape the value using "". Default: %d{yyyy-MM-dd HH:mm:ss,SSS} % - -5p [%c] (%t) %s%e%n. ---log-console-output - Set the log output to JSON or default (plain) unstructured logging. Possible - values are: default, json. Default: default. ---log-file Set the log file path and filename. Default: data\log\keycloak.log. ---log-file-format - Set a format specific to file log entries. Default: %d{yyyy-MM-dd HH:mm:ss, - SSS} %-5p [%c] (%t) %s%e%n. ---log-file-output - Set the log output to JSON or default (plain) unstructured logging. Possible - values are: default, json. Default: default. ---log-gelf-facility - The facility (name of the process) that sends the message. Default: keycloak. ---log-gelf-host - Hostname of the Logstash or Graylog Host. By default UDP is used, prefix the - host with 'tcp:' to switch to TCP. Example: 'tcp:localhost' Default: - localhost. ---log-gelf-include-location - Include source code location. Default: true. ---log-gelf-include-message-parameters - Include message parameters from the log event. Default: true. ---log-gelf-include-stack-trace - If set to true, occuring stack traces are included in the 'StackTrace' field - in the GELF output. Default: true. ---log-gelf-level - The log level specifying which message levels will be logged by the GELF - logger. Message levels lower than this value will be discarded. Default: - INFO. ---log-gelf-max-message-size - Maximum message size (in bytes). If the message size is exceeded, GELF will - submit the message in multiple chunks. Default: 8192. ---log-gelf-port - The port the Logstash or Graylog Host is called on. Default: 12201. ---log-gelf-timestamp-format - Set the format for the GELF timestamp field. Uses Java SimpleDateFormat - pattern. Default: yyyy-MM-dd HH:mm:ss,SSS. ---log-level - The log level of the root category or a comma-separated list of individual - categories and their levels. For the root category, you don't need to - specify a category. Default: info. - -Security: - ---fips-mode Sets the FIPS mode. If 'non-strict' is set, FIPS is enabled but on - non-approved mode. For full FIPS compliance, set 'strict' to run on approved - mode. This option defaults to 'disabled' when 'fips' feature is disabled, - which is by default. This option defaults to 'non-strict' when 'fips' - feature is enabled. Possible values are: non-strict, strict. Default: - disabled. - -By default, this command tries to update the server configuration by running a -'build' before starting the server. You can disable this behavior by using the -'--optimized' option: - - $ kc.bat start '--optimized' - -By doing that, the server should start faster based on any previous -configuration you have set when manually running the 'build' command. \ No newline at end of file +Start the server. + +Usage: + +kc.bat start [OPTIONS] + +Use this command to run the server in production. + +Options: + +-b, --auto-build (Deprecated) Automatically detects whether the server configuration changed + and a new server image must be built prior to starting the server. This + option provides an alternative to manually running the 'build' prior to + starting the server. Use this configuration carefully in production as it + might impact the startup time. +-h, --help This help message. +--help-all This same help message but with additional options. +--import-realm Import realms during startup by reading any realm configuration file from the + 'data/import' directory. +--optimized Use this option to achieve an optimal startup time if you have previously + built a server image using the 'build' command. + +Cache: + +--cache Defines the cache mechanism for high-availability. By default in production + mode, a 'ispn' cache is used to create a cluster between multiple server + nodes. By default in development mode, a 'local' cache disables clustering + and is intended for development and testing purposes. Possible values are: + ispn, local. Default: ispn. +--cache-config-file + Defines the file from which cache configuration should be loaded from. The + configuration file is relative to the 'conf/' directory. +--cache-stack + Define the default stack to use for cluster communication and node discovery. + This option only takes effect if 'cache' is set to 'ispn'. Default: udp. + Possible values are: tcp, udp, kubernetes, ec2, azure, google. + +Storage (Experimental): + +--storage Experimental: Sets the default storage mechanism for all areas. Possible + values are: jpa, chm, hotrod, file. +--storage-area-auth-session + Experimental: Sets a storage mechanism for authentication sessions. Possible + values are: jpa, chm, hotrod, file. +--storage-area-authorization + Experimental: Sets a storage mechanism for authorizations. Possible values + are: jpa, chm, hotrod, file. +--storage-area-client + Experimental: Sets a storage mechanism for clients. Possible values are: jpa, + chm, hotrod, file. +--storage-area-client-scope + Experimental: Sets a storage mechanism for client scopes. Possible values are: + jpa, chm, hotrod, file. +--storage-area-event-admin + Experimental: Sets a storage mechanism for admin events. Possible values are: + jpa, chm, hotrod, file. +--storage-area-event-auth + Experimental: Sets a storage mechanism for authentication and authorization + events. Possible values are: jpa, chm, hotrod, file. +--storage-area-group + Experimental: Sets a storage mechanism for groups. Possible values are: jpa, + chm, hotrod, file. +--storage-area-login-failure + Experimental: Sets a storage mechanism for login failures. Possible values + are: jpa, chm, hotrod, file. +--storage-area-realm + Experimental: Sets a storage mechanism for realms. Possible values are: jpa, + chm, hotrod, file. +--storage-area-role + Experimental: Sets a storage mechanism for roles. Possible values are: jpa, + chm, hotrod, file. +--storage-area-single-use-object + Experimental: Sets a storage mechanism for single use objects. Possible values + are: jpa, chm, hotrod. +--storage-area-user + Experimental: Sets a storage mechanism for users. Possible values are: jpa, + chm, hotrod, file. +--storage-area-user-session + Experimental: Sets a storage mechanism for user and client sessions. Possible + values are: jpa, chm, hotrod, file. +--storage-deployment-state-version-seed + Experimental: Secret that serves as a seed to mask the version number of + Keycloak in URLs. Need to be identical across all servers in the cluster. + Will default to a random number generated when starting the server which is + secure but will lead to problems when a loadbalancer without sticky sessions + is used or nodes are restarted. +--storage-file-dir + Experimental: Root directory for file map store. +--storage-hotrod-host + Experimental: Sets the host of the Infinispan server. +--storage-hotrod-password + Experimental: Sets the password of the Infinispan user. +--storage-hotrod-port + Experimental: Sets the port of the Infinispan server. +--storage-hotrod-username + Experimental: Sets the username of the Infinispan user. +--storage-jpa-db + Experimental: The database vendor for jpa map storage. Possible values are: + postgres, cockroach. Default: postgres. + +Database: + +--db The database vendor. Possible values are: dev-file, dev-mem, mariadb, mssql, + mysql, oracle, postgres. Default: dev-file. +--db-driver The fully qualified class name of the JDBC driver. If not set, a default + driver is set accordingly to the chosen database. +--db-password + The password of the database user. +--db-pool-initial-size + The initial size of the connection pool. +--db-pool-max-size + The maximum size of the connection pool. Default: 100. +--db-pool-min-size + The minimal size of the connection pool. +--db-schema The database schema to be used. +--db-url The full database JDBC URL. If not provided, a default URL is set based on the + selected database vendor. For instance, if using 'postgres', the default + JDBC URL would be 'jdbc:postgresql://localhost/keycloak'. +--db-url-database + Sets the database name of the default JDBC URL of the chosen vendor. If the + `db-url` option is set, this option is ignored. +--db-url-host + Sets the hostname of the default JDBC URL of the chosen vendor. If the + `db-url` option is set, this option is ignored. +--db-url-port Sets the port of the default JDBC URL of the chosen vendor. If the `db-url` + option is set, this option is ignored. +--db-url-properties + Sets the properties of the default JDBC URL of the chosen vendor. If the + `db-url` option is set, this option is ignored. +--db-username + The username of the database user. + +Transaction: + +--transaction-xa-enabled + If set to false, Keycloak uses a non-XA datasource in case the database does + not support XA transactions. Default: true. + +Feature: + +--features Enables a set of one or more features. Possible values are: account-api, + account2, account3, admin-api, admin-fine-grained-authz, admin2, + authorization, ciba, client-policies, client-secret-rotation, + declarative-user-profile, docker, dpop, dynamic-scopes, fips, impersonation, + js-adapter, kerberos, linkedin-oauth, map-storage, par, preview, + recovery-codes, scripts, step-up-authentication, token-exchange, + update-email, web-authn. +--features-disabled + Disables a set of one or more features. Possible values are: account-api, + account2, account3, admin-api, admin-fine-grained-authz, admin2, + authorization, ciba, client-policies, client-secret-rotation, + declarative-user-profile, docker, dpop, dynamic-scopes, fips, impersonation, + js-adapter, kerberos, linkedin-oauth, map-storage, par, preview, + recovery-codes, scripts, step-up-authentication, token-exchange, + update-email, web-authn. + +Hostname: + +--hostname + Hostname for the Keycloak server. +--hostname-admin + The hostname for accessing the administration console. Use this option if you + are exposing the administration console using a hostname other than the + value set to the 'hostname' option. +--hostname-admin-url + Set the base URL for accessing the administration console, including scheme, + host, port and path +--hostname-path + This should be set if proxy uses a different context-path for Keycloak. +--hostname-port + The port used by the proxy when exposing the hostname. Set this option if the + proxy uses a port other than the default HTTP and HTTPS ports. Default: -1. +--hostname-strict + Disables dynamically resolving the hostname from request headers. Should + always be set to true in production, unless proxy verifies the Host header. + Default: true. +--hostname-strict-backchannel + By default backchannel URLs are dynamically resolved from request headers to + allow internal and external applications. If all applications use the public + URL this option should be enabled. Default: false. +--hostname-url Set the base URL for frontend URLs, including scheme, host, port and path. + +HTTP/TLS: + +--http-enabled + Enables the HTTP listener. Default: false. +--http-host The used HTTP Host. Default: 0.0.0.0. +--http-port The used HTTP port. Default: 8080. +--http-relative-path + Set the path relative to '/' for serving resources. The path must start with a + '/'. Default: /. +--https-certificate-file + The file path to a server certificate or certificate chain in PEM format. +--https-certificate-key-file + The file path to a private key in PEM format. +--https-cipher-suites + The cipher suites to use. If none is given, a reasonable default is selected. +--https-client-auth + Configures the server to require/request client authentication. Possible + values are: none, request, required. Default: none. +--https-key-store-file + The key store which holds the certificate information instead of specifying + separate files. +--https-key-store-password + The password of the key store file. Default: password. +--https-key-store-type + The type of the key store file. If not given, the type is automatically + detected based on the file name. If 'fips-mode' is set to 'strict' and no + value is set, it defaults to 'BCFKS'. +--https-port The used HTTPS port. Default: 8443. +--https-protocols + The list of protocols to explicitly enable. Default: TLSv1.3,TLSv1.2. +--https-trust-store-file + The trust store which holds the certificate information of the certificates to + trust. +--https-trust-store-password + The password of the trust store file. +--https-trust-store-type + The type of the trust store file. If not given, the type is automatically + detected based on the file name. If 'fips-mode' is set to 'strict' and no + value is set, it defaults to 'BCFKS'. + +Health: + +--health-enabled + If the server should expose health check endpoints. If enabled, health checks + are available at the '/health', '/health/ready' and '/health/live' + endpoints. Default: false. + +Metrics: + +--metrics-enabled + If the server should expose metrics. If enabled, metrics are available at the + '/metrics' endpoint. Default: false. + +Proxy: + +--proxy The proxy address forwarding mode if the server is behind a reverse proxy. + Possible values are: none, edge, reencrypt, passthrough. Default: none. + +Vault: + +--vault Enables a vault provider. Possible values are: file. +--vault-dir If set, secrets can be obtained by reading the content of files within the + given directory. + +Logging: + +--log Enable one or more log handlers in a comma-separated list. Possible values + are: console, file, gelf. Default: console. +--log-console-color + Enable or disable colors when logging to console. Default: false. +--log-console-format + The format of unstructured console log entries. If the format has spaces in + it, escape the value using "". Default: %d{yyyy-MM-dd HH:mm:ss,SSS} % + -5p [%c] (%t) %s%e%n. +--log-console-output + Set the log output to JSON or default (plain) unstructured logging. Possible + values are: default, json. Default: default. +--log-file Set the log file path and filename. Default: data/log/keycloak.log. +--log-file-format + Set a format specific to file log entries. Default: %d{yyyy-MM-dd HH:mm:ss, + SSS} %-5p [%c] (%t) %s%e%n. +--log-file-output + Set the log output to JSON or default (plain) unstructured logging. Possible + values are: default, json. Default: default. +--log-gelf-facility + The facility (name of the process) that sends the message. Default: keycloak. +--log-gelf-host + Hostname of the Logstash or Graylog Host. By default UDP is used, prefix the + host with 'tcp:' to switch to TCP. Example: 'tcp:localhost' Default: + localhost. +--log-gelf-include-location + Include source code location. Default: true. +--log-gelf-include-message-parameters + Include message parameters from the log event. Default: true. +--log-gelf-include-stack-trace + If set to true, occuring stack traces are included in the 'StackTrace' field + in the GELF output. Default: true. +--log-gelf-level + The log level specifying which message levels will be logged by the GELF + logger. Message levels lower than this value will be discarded. Default: + INFO. +--log-gelf-max-message-size + Maximum message size (in bytes). If the message size is exceeded, GELF will + submit the message in multiple chunks. Default: 8192. +--log-gelf-port + The port the Logstash or Graylog Host is called on. Default: 12201. +--log-gelf-timestamp-format + Set the format for the GELF timestamp field. Uses Java SimpleDateFormat + pattern. Default: yyyy-MM-dd HH:mm:ss,SSS. +--log-level + The log level of the root category or a comma-separated list of individual + categories and their levels. For the root category, you don't need to + specify a category. Default: info. + +Security: + +--fips-mode Sets the FIPS mode. If 'non-strict' is set, FIPS is enabled but on + non-approved mode. For full FIPS compliance, set 'strict' to run on approved + mode. This option defaults to 'disabled' when 'fips' feature is disabled, + which is by default. This option defaults to 'non-strict' when 'fips' + feature is enabled. Possible values are: non-strict, strict. Default: + disabled. + +By default, this command tries to update the server configuration by running a +'build' before starting the server. You can disable this behavior by using the +'--optimized' option: + + $ kc.bat start '--optimized' + +By doing that, the server should start faster based on any previous +configuration you have set when manually running the 'build' command. diff --git a/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testStartOptimizedHelp.windows.approved.txt b/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testStartOptimizedHelp.windows.approved.txt index a213f85eae..5a35664fb3 100644 --- a/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testStartOptimizedHelp.windows.approved.txt +++ b/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testStartOptimizedHelp.windows.approved.txt @@ -1,200 +1,181 @@ -Start the server. - -Usage: - -kc.bat start [OPTIONS] - -Use this command to run the server in production. - -Options: - --b, --auto-build (Deprecated) Automatically detects whether the server configuration changed - and a new server image must be built prior to starting the server. This - option provides an alternative to manually running the 'build' prior to - starting the server. Use this configuration carefully in production as it - might impact the startup time. --h, --help This help message. ---help-all This same help message but with additional options. ---import-realm Import realms during startup by reading any realm configuration file from the - 'data/import' directory. ---optimized Use this option to achieve an optimal startup time if you have previously - built a server image using the 'build' command. - -Database: - ---db-driver The fully qualified class name of the JDBC driver. If not set, a default - driver is set accordingly to the chosen database. ---db-password - The password of the database user. ---db-pool-initial-size - The initial size of the connection pool. ---db-pool-max-size - The maximum size of the connection pool. Default: 100. ---db-pool-min-size - The minimal size of the connection pool. ---db-schema The database schema to be used. ---db-url The full database JDBC URL. If not provided, a default URL is set based on the - selected database vendor. For instance, if using 'postgres', the default - JDBC URL would be 'jdbc:postgresql://localhost/keycloak'. ---db-url-database - Sets the database name of the default JDBC URL of the chosen vendor. If the - `db-url` option is set, this option is ignored. ---db-url-host - Sets the hostname of the default JDBC URL of the chosen vendor. If the - `db-url` option is set, this option is ignored. ---db-url-port Sets the port of the default JDBC URL of the chosen vendor. If the `db-url` - option is set, this option is ignored. ---db-url-properties - Sets the properties of the default JDBC URL of the chosen vendor. Make sure to - set the properties accordingly to the format expected by the database - vendor, as well as appending the right character at the beginning of this - property value. If the `db-url` option is set, this option is ignored. ---db-username - The username of the database user. - -Hostname: - ---hostname - Hostname for the Keycloak server. ---hostname-admin - The hostname for accessing the administration console. Use this option if you - are exposing the administration console using a hostname other than the - value set to the 'hostname' option. ---hostname-admin-url - Set the base URL for accessing the administration console, including scheme, - host, port and path ---hostname-debug - Toggle the hostname debug page that is accessible at - /realms/master/hostname-debug Default: false. ---hostname-path - This should be set if proxy uses a different context-path for Keycloak. ---hostname-port - The port used by the proxy when exposing the hostname. Set this option if the - proxy uses a port other than the default HTTP and HTTPS ports. Default: -1. ---hostname-strict - Disables dynamically resolving the hostname from request headers. Should - always be set to true in production, unless proxy verifies the Host header. - Default: true. ---hostname-strict-backchannel - By default backchannel URLs are dynamically resolved from request headers to - allow internal and external applications. If all applications use the public - URL this option should be enabled. Default: false. ---hostname-url Set the base URL for frontend URLs, including scheme, host, port and path. - -HTTP/TLS: - ---http-enabled - Enables the HTTP listener. Default: false. ---http-host The used HTTP Host. Default: 0.0.0.0. ---http-port The used HTTP port. Default: 8080. ---https-certificate-file - The file path to a server certificate or certificate chain in PEM format. ---https-certificate-key-file - The file path to a private key in PEM format. ---https-cipher-suites - The cipher suites to use. If none is given, a reasonable default is selected. ---https-client-auth - Configures the server to require/request client authentication. Possible - values are: none, request, required. Default: none. ---https-key-store-file - The key store which holds the certificate information instead of specifying - separate files. ---https-key-store-password - The password of the key store file. Default: password. ---https-key-store-type - The type of the key store file. If not given, the type is automatically - detected based on the file name. If 'fips-mode' is set to 'strict' and no - value is set, it defaults to 'BCFKS'. ---https-port The used HTTPS port. Default: 8443. ---https-protocols - The list of protocols to explicitly enable. Default: TLSv1.3,TLSv1.2. ---https-trust-store-file - The trust store which holds the certificate information of the certificates to - trust. ---https-trust-store-password - The password of the trust store file. ---https-trust-store-type - The type of the trust store file. If not given, the type is automatically - detected based on the file name. If 'fips-mode' is set to 'strict' and no - value is set, it defaults to 'BCFKS'. - -Config: - ---config-keystore - Specifies a path to the KeyStore Configuration Source. ---config-keystore-password - Specifies a password to the KeyStore Configuration Source. ---config-keystore-type - Specifies a type of the KeyStore Configuration Source. Default: PKCS12. - -Proxy: - ---proxy The proxy address forwarding mode if the server is behind a reverse proxy. - Possible values are: none, edge, reencrypt, passthrough. Default: none. - -Vault: - ---vault-dir If set, secrets can be obtained by reading the content of files within the - given directory. ---vault-file Path to the keystore file. ---vault-pass Password for the vault keystore. ---vault-type Specifies the type of the keystore file. Default: PKCS12. - -Logging: - ---log Enable one or more log handlers in a comma-separated list. Possible values - are: console, file, gelf. Default: console. ---log-console-color - Enable or disable colors when logging to console. Default: false. ---log-console-format - The format of unstructured console log entries. If the format has spaces in - it, escape the value using "". Default: %d{yyyy-MM-dd HH:mm:ss,SSS} % - -5p [%c] (%t) %s%e%n. ---log-console-output - Set the log output to JSON or default (plain) unstructured logging. Possible - values are: default, json. Default: default. ---log-file Set the log file path and filename. Default: data\log\keycloak.log. ---log-file-format - Set a format specific to file log entries. Default: %d{yyyy-MM-dd HH:mm:ss, - SSS} %-5p [%c] (%t) %s%e%n. ---log-file-output - Set the log output to JSON or default (plain) unstructured logging. Possible - values are: default, json. Default: default. ---log-gelf-facility - The facility (name of the process) that sends the message. Default: keycloak. ---log-gelf-host - Hostname of the Logstash or Graylog Host. By default UDP is used, prefix the - host with 'tcp:' to switch to TCP. Example: 'tcp:localhost' Default: - localhost. ---log-gelf-include-location - Include source code location. Default: true. ---log-gelf-include-message-parameters - Include message parameters from the log event. Default: true. ---log-gelf-include-stack-trace - If set to true, occuring stack traces are included in the 'StackTrace' field - in the GELF output. Default: true. ---log-gelf-level - The log level specifying which message levels will be logged by the GELF - logger. Message levels lower than this value will be discarded. Default: - INFO. ---log-gelf-max-message-size - Maximum message size (in bytes). If the message size is exceeded, GELF will - submit the message in multiple chunks. Default: 8192. ---log-gelf-port - The port the Logstash or Graylog Host is called on. Default: 12201. ---log-gelf-timestamp-format - Set the format for the GELF timestamp field. Uses Java SimpleDateFormat - pattern. Default: yyyy-MM-dd HH:mm:ss,SSS. ---log-level - The log level of the root category or a comma-separated list of individual - categories and their levels. For the root category, you don't need to - specify a category. Default: info. - -By default, this command tries to update the server configuration by running a -'build' before starting the server. You can disable this behavior by using the -'--optimized' option: - - $ kc.bat start '--optimized' - -By doing that, the server should start faster based on any previous -configuration you have set when manually running the 'build' command. \ No newline at end of file +Start the server. + +Usage: + +kc.bat start [OPTIONS] + +Use this command to run the server in production. + +Options: + +-b, --auto-build (Deprecated) Automatically detects whether the server configuration changed + and a new server image must be built prior to starting the server. This + option provides an alternative to manually running the 'build' prior to + starting the server. Use this configuration carefully in production as it + might impact the startup time. +-h, --help This help message. +--help-all This same help message but with additional options. +--import-realm Import realms during startup by reading any realm configuration file from the + 'data/import' directory. +--optimized Use this option to achieve an optimal startup time if you have previously + built a server image using the 'build' command. + +Database: + +--db-password + The password of the database user. +--db-pool-initial-size + The initial size of the connection pool. +--db-pool-max-size + The maximum size of the connection pool. Default: 100. +--db-pool-min-size + The minimal size of the connection pool. +--db-schema The database schema to be used. +--db-url The full database JDBC URL. If not provided, a default URL is set based on the + selected database vendor. For instance, if using 'postgres', the default + JDBC URL would be 'jdbc:postgresql://localhost/keycloak'. +--db-url-database + Sets the database name of the default JDBC URL of the chosen vendor. If the + `db-url` option is set, this option is ignored. +--db-url-host + Sets the hostname of the default JDBC URL of the chosen vendor. If the + `db-url` option is set, this option is ignored. +--db-url-port Sets the port of the default JDBC URL of the chosen vendor. If the `db-url` + option is set, this option is ignored. +--db-url-properties + Sets the properties of the default JDBC URL of the chosen vendor. If the + `db-url` option is set, this option is ignored. +--db-username + The username of the database user. + +Hostname: + +--hostname + Hostname for the Keycloak server. +--hostname-admin + The hostname for accessing the administration console. Use this option if you + are exposing the administration console using a hostname other than the + value set to the 'hostname' option. +--hostname-admin-url + Set the base URL for accessing the administration console, including scheme, + host, port and path +--hostname-path + This should be set if proxy uses a different context-path for Keycloak. +--hostname-port + The port used by the proxy when exposing the hostname. Set this option if the + proxy uses a port other than the default HTTP and HTTPS ports. Default: -1. +--hostname-strict + Disables dynamically resolving the hostname from request headers. Should + always be set to true in production, unless proxy verifies the Host header. + Default: true. +--hostname-strict-backchannel + By default backchannel URLs are dynamically resolved from request headers to + allow internal and external applications. If all applications use the public + URL this option should be enabled. Default: false. +--hostname-url Set the base URL for frontend URLs, including scheme, host, port and path. + +HTTP/TLS: + +--http-enabled + Enables the HTTP listener. Default: false. +--http-host The used HTTP Host. Default: 0.0.0.0. +--http-port The used HTTP port. Default: 8080. +--https-certificate-file + The file path to a server certificate or certificate chain in PEM format. +--https-certificate-key-file + The file path to a private key in PEM format. +--https-cipher-suites + The cipher suites to use. If none is given, a reasonable default is selected. +--https-client-auth + Configures the server to require/request client authentication. Possible + values are: none, request, required. Default: none. +--https-key-store-file + The key store which holds the certificate information instead of specifying + separate files. +--https-key-store-password + The password of the key store file. Default: password. +--https-key-store-type + The type of the key store file. If not given, the type is automatically + detected based on the file name. If 'fips-mode' is set to 'strict' and no + value is set, it defaults to 'BCFKS'. +--https-port The used HTTPS port. Default: 8443. +--https-protocols + The list of protocols to explicitly enable. Default: TLSv1.3,TLSv1.2. +--https-trust-store-file + The trust store which holds the certificate information of the certificates to + trust. +--https-trust-store-password + The password of the trust store file. +--https-trust-store-type + The type of the trust store file. If not given, the type is automatically + detected based on the file name. If 'fips-mode' is set to 'strict' and no + value is set, it defaults to 'BCFKS'. + +Proxy: + +--proxy The proxy address forwarding mode if the server is behind a reverse proxy. + Possible values are: none, edge, reencrypt, passthrough. Default: none. + +Vault: + +--vault-dir If set, secrets can be obtained by reading the content of files within the + given directory. + +Logging: + +--log Enable one or more log handlers in a comma-separated list. Possible values + are: console, file, gelf. Default: console. +--log-console-color + Enable or disable colors when logging to console. Default: false. +--log-console-format + The format of unstructured console log entries. If the format has spaces in + it, escape the value using "". Default: %d{yyyy-MM-dd HH:mm:ss,SSS} % + -5p [%c] (%t) %s%e%n. +--log-console-output + Set the log output to JSON or default (plain) unstructured logging. Possible + values are: default, json. Default: default. +--log-file Set the log file path and filename. Default: data/log/keycloak.log. +--log-file-format + Set a format specific to file log entries. Default: %d{yyyy-MM-dd HH:mm:ss, + SSS} %-5p [%c] (%t) %s%e%n. +--log-file-output + Set the log output to JSON or default (plain) unstructured logging. Possible + values are: default, json. Default: default. +--log-gelf-facility + The facility (name of the process) that sends the message. Default: keycloak. +--log-gelf-host + Hostname of the Logstash or Graylog Host. By default UDP is used, prefix the + host with 'tcp:' to switch to TCP. Example: 'tcp:localhost' Default: + localhost. +--log-gelf-include-location + Include source code location. Default: true. +--log-gelf-include-message-parameters + Include message parameters from the log event. Default: true. +--log-gelf-include-stack-trace + If set to true, occuring stack traces are included in the 'StackTrace' field + in the GELF output. Default: true. +--log-gelf-level + The log level specifying which message levels will be logged by the GELF + logger. Message levels lower than this value will be discarded. Default: + INFO. +--log-gelf-max-message-size + Maximum message size (in bytes). If the message size is exceeded, GELF will + submit the message in multiple chunks. Default: 8192. +--log-gelf-port + The port the Logstash or Graylog Host is called on. Default: 12201. +--log-gelf-timestamp-format + Set the format for the GELF timestamp field. Uses Java SimpleDateFormat + pattern. Default: yyyy-MM-dd HH:mm:ss,SSS. +--log-level + The log level of the root category or a comma-separated list of individual + categories and their levels. For the root category, you don't need to + specify a category. Default: info. + +By default, this command tries to update the server configuration by running a +'build' before starting the server. You can disable this behavior by using the +'--optimized' option: + + $ kc.bat start '--optimized' + +By doing that, the server should start faster based on any previous +configuration you have set when manually running the 'build' command. diff --git a/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testStartOptimizedHelpAll.windows.approved.txt b/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testStartOptimizedHelpAll.windows.approved.txt index a2868213f3..b5d806461f 100644 --- a/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testStartOptimizedHelpAll.windows.approved.txt +++ b/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testStartOptimizedHelpAll.windows.approved.txt @@ -1,219 +1,200 @@ -Start the server. - -Usage: - -kc.bat start [OPTIONS] - -Use this command to run the server in production. - -Options: - --b, --auto-build (Deprecated) Automatically detects whether the server configuration changed - and a new server image must be built prior to starting the server. This - option provides an alternative to manually running the 'build' prior to - starting the server. Use this configuration carefully in production as it - might impact the startup time. --h, --help This help message. ---help-all This same help message but with additional options. ---import-realm Import realms during startup by reading any realm configuration file from the - 'data/import' directory. ---optimized Use this option to achieve an optimal startup time if you have previously - built a server image using the 'build' command. - -Storage (Experimental): - ---storage-deployment-state-version-seed - Experimental: Secret that serves as a seed to mask the version number of - Keycloak in URLs. Need to be identical across all servers in the cluster. - Will default to a random number generated when starting the server which is - secure but will lead to problems when a loadbalancer without sticky sessions - is used or nodes are restarted. ---storage-file-dir - Experimental: Root directory for file map store. ---storage-hotrod-host - Experimental: Sets the host of the Infinispan server. ---storage-hotrod-password - Experimental: Sets the password of the Infinispan user. ---storage-hotrod-port - Experimental: Sets the port of the Infinispan server. ---storage-hotrod-username - Experimental: Sets the username of the Infinispan user. - -Database: - ---db-driver The fully qualified class name of the JDBC driver. If not set, a default - driver is set accordingly to the chosen database. ---db-password - The password of the database user. ---db-pool-initial-size - The initial size of the connection pool. ---db-pool-max-size - The maximum size of the connection pool. Default: 100. ---db-pool-min-size - The minimal size of the connection pool. ---db-schema The database schema to be used. ---db-url The full database JDBC URL. If not provided, a default URL is set based on the - selected database vendor. For instance, if using 'postgres', the default - JDBC URL would be 'jdbc:postgresql://localhost/keycloak'. ---db-url-database - Sets the database name of the default JDBC URL of the chosen vendor. If the - `db-url` option is set, this option is ignored. ---db-url-host - Sets the hostname of the default JDBC URL of the chosen vendor. If the - `db-url` option is set, this option is ignored. ---db-url-port Sets the port of the default JDBC URL of the chosen vendor. If the `db-url` - option is set, this option is ignored. ---db-url-properties - Sets the properties of the default JDBC URL of the chosen vendor. Make sure to - set the properties accordingly to the format expected by the database - vendor, as well as appending the right character at the beginning of this - property value. If the `db-url` option is set, this option is ignored. ---db-username - The username of the database user. - -Hostname: - ---hostname - Hostname for the Keycloak server. ---hostname-admin - The hostname for accessing the administration console. Use this option if you - are exposing the administration console using a hostname other than the - value set to the 'hostname' option. ---hostname-admin-url - Set the base URL for accessing the administration console, including scheme, - host, port and path ---hostname-debug - Toggle the hostname debug page that is accessible at - /realms/master/hostname-debug Default: false. ---hostname-path - This should be set if proxy uses a different context-path for Keycloak. ---hostname-port - The port used by the proxy when exposing the hostname. Set this option if the - proxy uses a port other than the default HTTP and HTTPS ports. Default: -1. ---hostname-strict - Disables dynamically resolving the hostname from request headers. Should - always be set to true in production, unless proxy verifies the Host header. - Default: true. ---hostname-strict-backchannel - By default backchannel URLs are dynamically resolved from request headers to - allow internal and external applications. If all applications use the public - URL this option should be enabled. Default: false. ---hostname-url Set the base URL for frontend URLs, including scheme, host, port and path. - -HTTP/TLS: - ---http-enabled - Enables the HTTP listener. Default: false. ---http-host The used HTTP Host. Default: 0.0.0.0. ---http-port The used HTTP port. Default: 8080. ---https-certificate-file - The file path to a server certificate or certificate chain in PEM format. ---https-certificate-key-file - The file path to a private key in PEM format. ---https-cipher-suites - The cipher suites to use. If none is given, a reasonable default is selected. ---https-client-auth - Configures the server to require/request client authentication. Possible - values are: none, request, required. Default: none. ---https-key-store-file - The key store which holds the certificate information instead of specifying - separate files. ---https-key-store-password - The password of the key store file. Default: password. ---https-key-store-type - The type of the key store file. If not given, the type is automatically - detected based on the file name. If 'fips-mode' is set to 'strict' and no - value is set, it defaults to 'BCFKS'. ---https-port The used HTTPS port. Default: 8443. ---https-protocols - The list of protocols to explicitly enable. Default: TLSv1.3,TLSv1.2. ---https-trust-store-file - The trust store which holds the certificate information of the certificates to - trust. ---https-trust-store-password - The password of the trust store file. ---https-trust-store-type - The type of the trust store file. If not given, the type is automatically - detected based on the file name. If 'fips-mode' is set to 'strict' and no - value is set, it defaults to 'BCFKS'. - -Config: - ---config-keystore - Specifies a path to the KeyStore Configuration Source. ---config-keystore-password - Specifies a password to the KeyStore Configuration Source. ---config-keystore-type - Specifies a type of the KeyStore Configuration Source. Default: PKCS12. - -Proxy: - ---proxy The proxy address forwarding mode if the server is behind a reverse proxy. - Possible values are: none, edge, reencrypt, passthrough. Default: none. - -Vault: - ---vault-dir If set, secrets can be obtained by reading the content of files within the - given directory. ---vault-file Path to the keystore file. ---vault-pass Password for the vault keystore. ---vault-type Specifies the type of the keystore file. Default: PKCS12. - -Logging: - ---log Enable one or more log handlers in a comma-separated list. Possible values - are: console, file, gelf. Default: console. ---log-console-color - Enable or disable colors when logging to console. Default: false. ---log-console-format - The format of unstructured console log entries. If the format has spaces in - it, escape the value using "". Default: %d{yyyy-MM-dd HH:mm:ss,SSS} % - -5p [%c] (%t) %s%e%n. ---log-console-output - Set the log output to JSON or default (plain) unstructured logging. Possible - values are: default, json. Default: default. ---log-file Set the log file path and filename. Default: data\log\keycloak.log. ---log-file-format - Set a format specific to file log entries. Default: %d{yyyy-MM-dd HH:mm:ss, - SSS} %-5p [%c] (%t) %s%e%n. ---log-file-output - Set the log output to JSON or default (plain) unstructured logging. Possible - values are: default, json. Default: default. ---log-gelf-facility - The facility (name of the process) that sends the message. Default: keycloak. ---log-gelf-host - Hostname of the Logstash or Graylog Host. By default UDP is used, prefix the - host with 'tcp:' to switch to TCP. Example: 'tcp:localhost' Default: - localhost. ---log-gelf-include-location - Include source code location. Default: true. ---log-gelf-include-message-parameters - Include message parameters from the log event. Default: true. ---log-gelf-include-stack-trace - If set to true, occuring stack traces are included in the 'StackTrace' field - in the GELF output. Default: true. ---log-gelf-level - The log level specifying which message levels will be logged by the GELF - logger. Message levels lower than this value will be discarded. Default: - INFO. ---log-gelf-max-message-size - Maximum message size (in bytes). If the message size is exceeded, GELF will - submit the message in multiple chunks. Default: 8192. ---log-gelf-port - The port the Logstash or Graylog Host is called on. Default: 12201. ---log-gelf-timestamp-format - Set the format for the GELF timestamp field. Uses Java SimpleDateFormat - pattern. Default: yyyy-MM-dd HH:mm:ss,SSS. ---log-level - The log level of the root category or a comma-separated list of individual - categories and their levels. For the root category, you don't need to - specify a category. Default: info. - -By default, this command tries to update the server configuration by running a -'build' before starting the server. You can disable this behavior by using the -'--optimized' option: - - $ kc.bat start '--optimized' - -By doing that, the server should start faster based on any previous +Start the server. + +Usage: + +kc.bat start [OPTIONS] + +Use this command to run the server in production. + +Options: + +-b, --auto-build (Deprecated) Automatically detects whether the server configuration changed + and a new server image must be built prior to starting the server. This + option provides an alternative to manually running the 'build' prior to + starting the server. Use this configuration carefully in production as it + might impact the startup time. +-h, --help This help message. +--help-all This same help message but with additional options. +--import-realm Import realms during startup by reading any realm configuration file from the + 'data/import' directory. +--optimized Use this option to achieve an optimal startup time if you have previously + built a server image using the 'build' command. + +Storage (Experimental): + +--storage-deployment-state-version-seed + Experimental: Secret that serves as a seed to mask the version number of + Keycloak in URLs. Need to be identical across all servers in the cluster. + Will default to a random number generated when starting the server which is + secure but will lead to problems when a loadbalancer without sticky sessions + is used or nodes are restarted. +--storage-file-dir + Experimental: Root directory for file map store. +--storage-hotrod-host + Experimental: Sets the host of the Infinispan server. +--storage-hotrod-password + Experimental: Sets the password of the Infinispan user. +--storage-hotrod-port + Experimental: Sets the port of the Infinispan server. +--storage-hotrod-username + Experimental: Sets the username of the Infinispan user. + +Database: + +--db-password + The password of the database user. +--db-pool-initial-size + The initial size of the connection pool. +--db-pool-max-size + The maximum size of the connection pool. Default: 100. +--db-pool-min-size + The minimal size of the connection pool. +--db-schema The database schema to be used. +--db-url The full database JDBC URL. If not provided, a default URL is set based on the + selected database vendor. For instance, if using 'postgres', the default + JDBC URL would be 'jdbc:postgresql://localhost/keycloak'. +--db-url-database + Sets the database name of the default JDBC URL of the chosen vendor. If the + `db-url` option is set, this option is ignored. +--db-url-host + Sets the hostname of the default JDBC URL of the chosen vendor. If the + `db-url` option is set, this option is ignored. +--db-url-port Sets the port of the default JDBC URL of the chosen vendor. If the `db-url` + option is set, this option is ignored. +--db-url-properties + Sets the properties of the default JDBC URL of the chosen vendor. If the + `db-url` option is set, this option is ignored. +--db-username + The username of the database user. + +Hostname: + +--hostname + Hostname for the Keycloak server. +--hostname-admin + The hostname for accessing the administration console. Use this option if you + are exposing the administration console using a hostname other than the + value set to the 'hostname' option. +--hostname-admin-url + Set the base URL for accessing the administration console, including scheme, + host, port and path +--hostname-path + This should be set if proxy uses a different context-path for Keycloak. +--hostname-port + The port used by the proxy when exposing the hostname. Set this option if the + proxy uses a port other than the default HTTP and HTTPS ports. Default: -1. +--hostname-strict + Disables dynamically resolving the hostname from request headers. Should + always be set to true in production, unless proxy verifies the Host header. + Default: true. +--hostname-strict-backchannel + By default backchannel URLs are dynamically resolved from request headers to + allow internal and external applications. If all applications use the public + URL this option should be enabled. Default: false. +--hostname-url Set the base URL for frontend URLs, including scheme, host, port and path. + +HTTP/TLS: + +--http-enabled + Enables the HTTP listener. Default: false. +--http-host The used HTTP Host. Default: 0.0.0.0. +--http-port The used HTTP port. Default: 8080. +--https-certificate-file + The file path to a server certificate or certificate chain in PEM format. +--https-certificate-key-file + The file path to a private key in PEM format. +--https-cipher-suites + The cipher suites to use. If none is given, a reasonable default is selected. +--https-client-auth + Configures the server to require/request client authentication. Possible + values are: none, request, required. Default: none. +--https-key-store-file + The key store which holds the certificate information instead of specifying + separate files. +--https-key-store-password + The password of the key store file. Default: password. +--https-key-store-type + The type of the key store file. If not given, the type is automatically + detected based on the file name. If 'fips-mode' is set to 'strict' and no + value is set, it defaults to 'BCFKS'. +--https-port The used HTTPS port. Default: 8443. +--https-protocols + The list of protocols to explicitly enable. Default: TLSv1.3,TLSv1.2. +--https-trust-store-file + The trust store which holds the certificate information of the certificates to + trust. +--https-trust-store-password + The password of the trust store file. +--https-trust-store-type + The type of the trust store file. If not given, the type is automatically + detected based on the file name. If 'fips-mode' is set to 'strict' and no + value is set, it defaults to 'BCFKS'. + +Proxy: + +--proxy The proxy address forwarding mode if the server is behind a reverse proxy. + Possible values are: none, edge, reencrypt, passthrough. Default: none. + +Vault: + +--vault-dir If set, secrets can be obtained by reading the content of files within the + given directory. + +Logging: + +--log Enable one or more log handlers in a comma-separated list. Possible values + are: console, file, gelf. Default: console. +--log-console-color + Enable or disable colors when logging to console. Default: false. +--log-console-format + The format of unstructured console log entries. If the format has spaces in + it, escape the value using "". Default: %d{yyyy-MM-dd HH:mm:ss,SSS} % + -5p [%c] (%t) %s%e%n. +--log-console-output + Set the log output to JSON or default (plain) unstructured logging. Possible + values are: default, json. Default: default. +--log-file Set the log file path and filename. Default: data/log/keycloak.log. +--log-file-format + Set a format specific to file log entries. Default: %d{yyyy-MM-dd HH:mm:ss, + SSS} %-5p [%c] (%t) %s%e%n. +--log-file-output + Set the log output to JSON or default (plain) unstructured logging. Possible + values are: default, json. Default: default. +--log-gelf-facility + The facility (name of the process) that sends the message. Default: keycloak. +--log-gelf-host + Hostname of the Logstash or Graylog Host. By default UDP is used, prefix the + host with 'tcp:' to switch to TCP. Example: 'tcp:localhost' Default: + localhost. +--log-gelf-include-location + Include source code location. Default: true. +--log-gelf-include-message-parameters + Include message parameters from the log event. Default: true. +--log-gelf-include-stack-trace + If set to true, occuring stack traces are included in the 'StackTrace' field + in the GELF output. Default: true. +--log-gelf-level + The log level specifying which message levels will be logged by the GELF + logger. Message levels lower than this value will be discarded. Default: + INFO. +--log-gelf-max-message-size + Maximum message size (in bytes). If the message size is exceeded, GELF will + submit the message in multiple chunks. Default: 8192. +--log-gelf-port + The port the Logstash or Graylog Host is called on. Default: 12201. +--log-gelf-timestamp-format + Set the format for the GELF timestamp field. Uses Java SimpleDateFormat + pattern. Default: yyyy-MM-dd HH:mm:ss,SSS. +--log-level + The log level of the root category or a comma-separated list of individual + categories and their levels. For the root category, you don't need to + specify a category. Default: info. + +By default, this command tries to update the server configuration by running a +'build' before starting the server. You can disable this behavior by using the +'--optimized' option: + + $ kc.bat start '--optimized' + +By doing that, the server should start faster based on any previous configuration you have set when manually running the 'build' command. \ No newline at end of file diff --git a/server-spi/src/main/java/org/keycloak/theme/ThemeSelectorProvider.java b/server-spi/src/main/java/org/keycloak/theme/ThemeSelectorProvider.java index 14b99c8220..a4d28c70fb 100755 --- a/server-spi/src/main/java/org/keycloak/theme/ThemeSelectorProvider.java +++ b/server-spi/src/main/java/org/keycloak/theme/ThemeSelectorProvider.java @@ -56,10 +56,6 @@ public interface ThemeSelectorProvider extends Provider { return DEFAULT_V2; } - if ((type == Theme.Type.WELCOME) && !Profile.isFeatureEnabled(Profile.Feature.LEGACY_WELCOME)) { - return DEFAULT_V2; - } - return DEFAULT; } diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/ServerInfoTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/ServerInfoTest.java index 890d220b8e..1b70feb34a 100644 --- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/ServerInfoTest.java +++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/ServerInfoTest.java @@ -61,7 +61,7 @@ public class ServerInfoTest extends AbstractKeycloakTest { Assert.assertNames(info.getThemes().get("admin"), "base", "keycloak.v2"); Assert.assertNames(info.getThemes().get("email"), "base", "keycloak"); Assert.assertNames(info.getThemes().get("login"), "address", "base", "environment-agnostic", "keycloak"); - Assert.assertNames(info.getThemes().get("welcome"), "keycloak", "keycloak.v2"); + Assert.assertNames(info.getThemes().get("welcome"), "keycloak"); assertNotNull(info.getEnums()); diff --git a/themes/pom.xml b/themes/pom.xml index fcd9c3786a..d446073fff 100755 --- a/themes/pom.xml +++ b/themes/pom.xml @@ -15,14 +15,12 @@ src/main/resources/theme/keycloak/common/resources src/main/resources/theme/keycloak.v2/account/src - src/main/resources/theme/keycloak.v2/welcome ci --no-optional --ignore-scripts ${project.basedir}/src/main/resources/theme/keycloak/common/resources/node_modules ${project.basedir}/src/main/resources/theme/keycloak/common/resources/web_modules ${project.basedir}/src/main/resources/theme/keycloak.v2/account/src/node_modules ${project.basedir}/src/main/resources/theme/keycloak.v2/account/src/web_modules - ${project.basedir}/src/main/resources/theme/keycloak.v2/welcome/node_modules @@ -168,83 +166,6 @@ - - welcome2 - - - !skipWelcome2 - - - - - - maven-clean-plugin - - - - ${dir.welcome2}/node_modules - ${dir.welcome2}/resources/vendor - - - - - - com.github.eirslett - frontend-maven-plugin - - - setup-node - - install-node-and-npm - - initialize - - - npm-install-welcome2 - initialize - - npm - - - ${dir.welcome2} - ${args.npm.install} - - - - - ${node.version} - ../ - - - - maven-resources-plugin - - - copy-patternfly - generate-resources - - copy-resources - - - ${dir.welcome2}/resources/vendor/patternfly - - - ${dir.welcome2}/node_modules/@patternfly/patternfly - - patternfly.css - patternfly-addons.css - assets/fonts/**/* - - - - - - - - - - - common diff --git a/themes/src/main/resources/META-INF/keycloak-themes.json b/themes/src/main/resources/META-INF/keycloak-themes.json index fdaa53bba8..dc2201c6af 100755 --- a/themes/src/main/resources/META-INF/keycloak-themes.json +++ b/themes/src/main/resources/META-INF/keycloak-themes.json @@ -7,6 +7,6 @@ "types": [ "login", "common", "email", "welcome" ] }, { "name" : "keycloak.v2", - "types": [ "account", "admin", "welcome" ] + "types": [ "account", "admin" ] }] } diff --git a/themes/src/main/resources/theme/keycloak.v2/welcome/.gitignore b/themes/src/main/resources/theme/keycloak.v2/welcome/.gitignore deleted file mode 100644 index dde710a213..0000000000 --- a/themes/src/main/resources/theme/keycloak.v2/welcome/.gitignore +++ /dev/null @@ -1 +0,0 @@ -resources/vendor \ No newline at end of file diff --git a/themes/src/main/resources/theme/keycloak.v2/welcome/index.ftl b/themes/src/main/resources/theme/keycloak.v2/welcome/index.ftl deleted file mode 100755 index ac13e71096..0000000000 --- a/themes/src/main/resources/theme/keycloak.v2/welcome/index.ftl +++ /dev/null @@ -1,205 +0,0 @@ - - - - - Welcome to ${productName} - - - <#if properties.stylesCommon?has_content> - <#list properties.stylesCommon?split(' ') as style> - - - - <#if properties.styles?has_content> - <#list properties.styles?split(' ') as style> - - - - - -
-
-
-
-
-

Welcome to ${productName}

-
-
- <#if adminConsoleEnabled> -
-
-
-

Administration Console

-
-
- <#if bootstrap> - <#if localUser> -
-

Please create an initial admin user to get started.

-
-
-
-
- -
-
- - - -
-
-
-
- -
-
- - - -
-
-
-
- -
-
- - - -
-
- - <#if errorMessage?has_content> -
-
- -
-

- ${errorMessage} -

-
- -
-
- -
-
-
- <#else> -
-

- You will need local access to create the initial admin user.

- To create one open ${localAdminUrl}, or set the environment variables KEYCLOAK_ADMIN and KEYCLOAK_ADMIN_PASSWORD when starting the server. -

-
- - <#else> -
-

Centrally manage all aspects of the ${productName} server.

-
- <#if successMessage?has_content> -
-
- -
-

- ${successMessage} -

-
- -
- - Visit the administration console - - - - -
- -
-
-
- -
-
-
-

Documentation

-
-
User Guide, Admin REST API and Javadocs.
-
- - Read the documentation - - - - -
-
-
- <#if properties.displayCommunityLinks = "true"> -
-
-
-
-
-

${productName} Project

-
-
The home page of the ${productName} project.
-
- - Visit the ${productName} project - - - - -
-
-
-
-
-
-

Mailing List

-
-
Discussions about ${productName}.
-
- - Start a discussion - - - - -
-
-
-
-
-
-

Issue Tracker

-
-
Report issues with ${productName}.
-
- - Report an issue - - - - -
-
-
-
-
- -
-
-
-
-
- - diff --git a/themes/src/main/resources/theme/keycloak.v2/welcome/package-lock.json b/themes/src/main/resources/theme/keycloak.v2/welcome/package-lock.json deleted file mode 100644 index c46015af7e..0000000000 --- a/themes/src/main/resources/theme/keycloak.v2/welcome/package-lock.json +++ /dev/null @@ -1,18 +0,0 @@ -{ - "name": "welcome-v2", - "lockfileVersion": 3, - "requires": true, - "packages": { - "": { - "name": "welcome-v2", - "dependencies": { - "@patternfly/patternfly": "^5.0.2" - } - }, - "node_modules/@patternfly/patternfly": { - "version": "5.0.2", - "resolved": "https://registry.npmjs.org/@patternfly/patternfly/-/patternfly-5.0.2.tgz", - "integrity": "sha512-PB8+MLdYVgF1hIOxGmnVsZG+YHUX3RePe5W1oMS4gS00EmSgw1cobr1Qbpy/BqqS8/R9DRN4hZ2FKDT0d5tkFQ==" - } - } -} diff --git a/themes/src/main/resources/theme/keycloak.v2/welcome/package.json b/themes/src/main/resources/theme/keycloak.v2/welcome/package.json deleted file mode 100644 index 553db63ac4..0000000000 --- a/themes/src/main/resources/theme/keycloak.v2/welcome/package.json +++ /dev/null @@ -1,6 +0,0 @@ -{ - "name": "welcome-v2", - "dependencies": { - "@patternfly/patternfly": "^5.0.2" - } -} diff --git a/themes/src/main/resources/theme/keycloak.v2/welcome/theme.properties b/themes/src/main/resources/theme/keycloak.v2/welcome/theme.properties deleted file mode 100644 index 4ad3377188..0000000000 --- a/themes/src/main/resources/theme/keycloak.v2/welcome/theme.properties +++ /dev/null @@ -1,6 +0,0 @@ -import=common/keycloak - -styles=vendor/patternfly/patternfly.css vendor/patternfly/patternfly-addons.css - -documentationUrl=https://www.keycloak.org/documentation.html -displayCommunityLinks=true