libre.sh/keycloak-scim
3
0
Fork 0
Code Issues 15 Pull requests Releases Packages Activity Actions

All commands now auto-reaugment except show-config

Browse source 
Closes #15782
Closes #15898
Closes #17498
This commit is contained in:
Alexander Schwartz 2023-04-11 15:47:30 +02:00 committed by Václav Muzikář
parent 84a7b57059
commit 4f8d67c9fc
23 changed files with 332 additions and 49 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

7
docs/documentation/release_notes/topics/22_0_0.adoc
View file

@ -1,3 +1,10 @@
= Legacy Promise API removed from Keycloak JS adapter
With this release, we have removed the legacy Promise API methods from the Keycloak JS adapter. This means that calling `.success()` and `.error()` on promises returned from the adapter is no longer possible.
= Export and Import perform an automatic build
In previous releases, the `export` and `import` commands required a `build` command to be run first.
Starting with this release, the `export` and `import` commands perform an automatic rebuild of Keycloak if a build time configuration has changed.
See the migration guide for details.

36
docs/documentation/upgrading/topics/keycloak/changes-22_0_0.adoc
View file

@ -38,3 +38,39 @@ try {
alert('failed to initialize');
}
```
= Export and Import perform an automatic build
In previous releases, the `export` and `import` commands required a `build` command to be run first.
Starting with this release, the `export` and `import` commands perform an automatic rebuild of Keycloak if a build time configuration has changed.
When migrating existing scripts that run a `build` command first, migrate by adding the `--optimized` command line option to the `export` and `import` command to avoid Keycloak automatically re-building the image.
Not adding the `--optimized` option in this might make Keycloak trigger a rebuild and revert to the default values, and then connecting to the database for export and import will not work.
The following examples assume that runtime parameters like a database password are provided via a configuration file or an environment variable.
.Before migration: Running the build command before running the export command
[source,bash]
----
bin/kc.[sh|bat] build --db=postgres ...
bin/kc.[sh|bat] export --dir <dir>
----
.After migration: Adding `--optimized` to the export command
[source,bash,subs="+quotes"]
----
bin/kc.[sh|bat] build --db=postgres ...
bin/kc.[sh|bat] export ##--optimized## --dir <dir>
----
.After migration: Leveraging the auto-build functionality
[source,bash]
----
bin/kc.[sh|bat] export --dir <dir> --db=postgres ...
----
NOTE:: When the auto-build runs, the build time options will be in effect for all subsequent commands that are started with the `--optimized` flag, including the `start` command.
In previous releases the `export` and `import` commands allowed runtime parameters like, for example, a database URL only in configuration files or environment variables.
Starting with this release, those runtime parameters are now available on the command line as well.
Use the `--help` option to find out about the supported parameters.

13
docs/guides/server/importExport.adoc
View file

@ -1,5 +1,6 @@
<#import "/templates/guide.adoc" as tmpl>
<#import "/templates/kc.adoc" as kc>
<#import "/templates/links.adoc" as links>
<@tmpl.guide
title="Importing and Exporting Realms"
@ -7,6 +8,18 @@
In this guide, you are going to understand the different approaches for importing and exporting realms using JSON files.
== Providing options for database connection parameters
When using the `export` and the `import` commands below, Keycloak needs to know how to connect to the database where the information about realms, clients, users and other entities is stored.
As described in <@links.server id="configuration"/> that information can be provided as command line parameters, environment variables or a configuration file.
Use the `--help` command line option for each command to see the available options.
Some of the configuration options are build time configuration options.
As default, Keycloak will re-build automatically for the `export` and `import` commands if it detects a change of a build time parameter.
If you have built an optimized version of Keycloak with the `build` command as outlined in <@links.server id="configuration"/>, use the command line option `--optimized` to have Keycloak skip the build check for a faster startup time.
When doing this, remove the build time options from the command line and keep only the runtime options.
== Exporting a Realm to a Directory
To export a realm, you can use the `export` command. Your Keycloak server instance must not be started when invoking this command.

2
operator/src/main/java/org/keycloak/operator/controllers/KeycloakRealmImportJob.java
View file

@ -165,7 +165,7 @@ public class KeycloakRealmImportJob extends OperatorManagedResource {
var runBuild = (keycloak.getSpec().getImage() == null) ? "/opt/keycloak/bin/kc.sh build && " : "";
var commandArgs = List.of("-c",
runBuild + "/opt/keycloak/bin/kc.sh import --file='" + importMntPath + getRealmName() + "-realm.json' " + override);
runBuild + "/opt/keycloak/bin/kc.sh import --optimized --file='" + importMntPath + getRealmName() + "-realm.json' " + override);
keycloakContainer
.setCommand(command);

39
quarkus/runtime/src/main/java/org/keycloak/quarkus/runtime/cli/Picocli.java
View file

@ -21,6 +21,7 @@ import static org.keycloak.quarkus.runtime.Environment.isRebuildCheck;
import static org.keycloak.quarkus.runtime.Environment.isRebuilt;
import static org.keycloak.quarkus.runtime.cli.command.AbstractStartCommand.*;
import static org.keycloak.quarkus.runtime.cli.command.AbstractStartCommand.AUTO_BUILD_OPTION_LONG;
import static org.keycloak.quarkus.runtime.cli.command.AbstractStartCommand.OPTIMIZED_BUILD_OPTION_LONG;
import static org.keycloak.quarkus.runtime.configuration.ConfigArgsConfigSource.parseConfigArgs;
import static org.keycloak.quarkus.runtime.configuration.Configuration.OPTION_PART_SEPARATOR;
import static org.keycloak.quarkus.runtime.configuration.Configuration.getBuildTimeProperty;
@ -53,11 +54,9 @@ import org.keycloak.config.OptionCategory;
import org.keycloak.quarkus.runtime.cli.command.AbstractCommand;
import org.keycloak.quarkus.runtime.cli.command.AbstractStartCommand;
import org.keycloak.quarkus.runtime.cli.command.Build;
import org.keycloak.quarkus.runtime.cli.command.Export;
import org.keycloak.quarkus.runtime.cli.command.Import;
import org.keycloak.quarkus.runtime.cli.command.ImportRealmMixin;
import org.keycloak.quarkus.runtime.cli.command.Main;
import org.keycloak.quarkus.runtime.cli.command.Start;
import org.keycloak.quarkus.runtime.cli.command.ShowConfig;
import org.keycloak.quarkus.runtime.cli.command.StartDev;
import org.keycloak.quarkus.runtime.configuration.ConfigArgsConfigSource;
import org.keycloak.quarkus.runtime.configuration.PersistedConfigSource;
@ -117,7 +116,7 @@ public final class Picocli {
Environment.forceDevProfile();
}
}
if (requiresReAugmentation(cmd)) {
if (requiresReAugmentation(getCurrentCommandSpec(cliArgs, cmd.getCommandSpec()))) {
exitCode = runReAugmentation(cliArgs, cmd);
}
@ -128,12 +127,11 @@ public final class Picocli {
return cliArgs.contains("--help")
|| cliArgs.contains("-h")
|| cliArgs.contains("--help-all")
|| cliArgs.contains(Export.NAME)
|| cliArgs.contains(Import.NAME);
|| cliArgs.contains(ShowConfig.NAME);
}
public static boolean requiresReAugmentation(CommandLine cmd) {
if (hasConfigChanges()) {
public static boolean requiresReAugmentation(CommandLine cmdCommand) {
if (hasConfigChanges(cmdCommand)) {
if (!ConfigArgsConfigSource.getAllCliArgs().contains(StartDev.NAME) && "dev".equals(getConfig().getOptionalValue("kc.profile", String.class).orElse(null))) {
return false;
}
@ -174,17 +172,17 @@ public final class Picocli {
cmd.getOut().println("Changes detected in configuration. Updating the server image.");
}
int exitCode = 0;
int exitCode;
List<String> configArgsList = new ArrayList<>(cliArgs);
configArgsList.replaceAll(Picocli::replaceStartWithBuild);
configArgsList.replaceAll(arg -> replaceCommandWithBuild(getCurrentCommandSpec(cliArgs, cmd.getCommandSpec()).getCommandName(), arg));
configArgsList.removeIf(Picocli::isRuntimeOption);
exitCode = cmd.execute(configArgsList.toArray(new String[0]));
if(!isDevMode() && exitCode == cmd.getCommandSpec().exitCodeOnSuccess()) {
cmd.getOut().printf("Next time you run the server, just run:%n%n\t%s %s %s %s%n%n", Environment.getCommand(), Start.NAME, OPTIMIZED_BUILD_OPTION_LONG, String.join(" ", getSanitizedRuntimeCliOptions()));
cmd.getOut().printf("Next time you run the server, just run:%n%n\t%s %s %s %s%n%n", Environment.getCommand(), getCurrentCommandSpec(cliArgs, cmd.getCommandSpec()).getCommandName(), OPTIMIZED_BUILD_OPTION_LONG, String.join(" ", getSanitizedRuntimeCliOptions()));
}
return exitCode;
@ -222,7 +220,7 @@ public final class Picocli {
return false;
}
private static boolean hasConfigChanges() {
private static boolean hasConfigChanges(CommandLine cmdCommand) {
Optional<String> currentProfile = Optional.ofNullable(Environment.getProfile());
Optional<String> persistedProfile = getBuildTimeProperty("kc.profile");
@ -250,6 +248,17 @@ public final class Picocli {
String persistedValue = getBuildTimeProperty(propertyName).orElse("");
String runtimeValue = getRuntimeProperty(propertyName).orElse(null);
// compare only the relevant options for this command, as not all options might be set for this command
if (cmdCommand.getCommand() instanceof AbstractCommand) {
AbstractCommand abstractCommand = cmdCommand.getCommand();
PropertyMapper mapper = PropertyMappers.getMapper(propertyName);
if (mapper != null) {
if (!abstractCommand.getOptionCategories().contains(mapper.getCategory())) {
continue;
}
}
}
if (runtimeValue == null && isNotBlank(persistedValue)) {
PropertyMapper mapper = PropertyMappers.getMapper(propertyName);
@ -375,7 +384,7 @@ public final class Picocli {
if (!includeBuildTime && !includeRuntime) {
return;
} else if (includeRuntime && !includeBuildTime && (Start.NAME.equals(command.getCommandName())) || StartDev.NAME.equals(command.getCommandName())) {
} else if (includeRuntime && !includeBuildTime && !ShowConfig.NAME.equals(command.getCommandName())) {
includeBuildTime = isRebuilt() || !cliArgs.contains(OPTIMIZED_BUILD_OPTION_LONG);
} else if (includeBuildTime && !includeRuntime) {
includeRuntime = isRebuildCheck();
@ -519,8 +528,8 @@ public final class Picocli {
return args;
}
private static String replaceStartWithBuild(String arg) {
if (arg.equals(Start.NAME) || arg.equals(StartDev.NAME)) {
private static String replaceCommandWithBuild(String commandName, String arg) {
if (arg.equals(commandName)) {
return Build.NAME;
}
return arg;

6
quarkus/runtime/src/main/java/org/keycloak/quarkus/runtime/cli/command/AbstractExportImportCommand.java
View file

@ -28,6 +28,9 @@ public abstract class AbstractExportImportCommand extends AbstractStartCommand i
private final String action;
@CommandLine.Mixin
OptimizedMixin optimizedMixin;
@CommandLine.Mixin
HelpAllMixin helpAllMixin;
@ -51,6 +54,9 @@ public abstract class AbstractExportImportCommand extends AbstractStartCommand i
optionCategory != OptionCategory.PROXY &&
optionCategory != OptionCategory.HOSTNAME &&
optionCategory != OptionCategory.METRICS &&
optionCategory != OptionCategory.VAULT &&
optionCategory != OptionCategory.SECURITY &&
optionCategory != OptionCategory.CACHE &&
optionCategory != OptionCategory.HEALTH).collect(Collectors.toList());
}

4
quarkus/runtime/src/main/java/org/keycloak/quarkus/runtime/cli/command/Build.java
View file

@ -34,7 +34,6 @@ import picocli.CommandLine;
import picocli.CommandLine.Command;
import java.util.List;
import java.util.stream.Collectors;
@Command(name = Build.NAME,
header = "Creates a new and optimized server image.",
@ -91,7 +90,8 @@ public final class Build extends AbstractCommand implements Runnable {
}
public List<OptionCategory> getOptionCategories() {
return super.getOptionCategories().stream().filter(optionCategory -> optionCategory != OptionCategory.EXPORT && optionCategory != OptionCategory.IMPORT).collect(Collectors.toList());
// all options should work for the build command, otherwise re-augmentation might fail due to unknown options
return super.getOptionCategories();
}
private void exitWithErrorIfDevProfileIsSetAndNotStartDev() {

33
quarkus/runtime/src/main/java/org/keycloak/quarkus/runtime/cli/command/OptimizedMixin.java Normal file
View file

@ -0,0 +1,33 @@
/*
* Copyright 2021 Red Hat, Inc. and/or its affiliates
* and other contributors as indicated by the @author tags.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.keycloak.quarkus.runtime.cli.command;
import picocli.CommandLine;
import static org.keycloak.quarkus.runtime.cli.Picocli.NO_PARAM_LABEL;
import static org.keycloak.quarkus.runtime.cli.command.AbstractStartCommand.OPTIMIZED_BUILD_OPTION_LONG;
public final class OptimizedMixin {
@CommandLine.Option(names = {OPTIMIZED_BUILD_OPTION_LONG},
description = "Use this option to achieve an optimal startup time if you have previously built a server image using the 'build' command.",
paramLabel = NO_PARAM_LABEL,
order = 1)
Boolean optimized;
}

12
quarkus/runtime/src/main/java/org/keycloak/quarkus/runtime/cli/command/Start.java
View file

@ -19,6 +19,7 @@ package org.keycloak.quarkus.runtime.cli.command;
import static org.keycloak.quarkus.runtime.Environment.setProfile;
import static org.keycloak.quarkus.runtime.cli.Picocli.NO_PARAM_LABEL;
import static org.keycloak.quarkus.runtime.cli.command.AbstractStartCommand.OPTIMIZED_BUILD_OPTION_LONG;
import static org.keycloak.quarkus.runtime.configuration.Configuration.getRawPersistedProperty;
import org.keycloak.config.OptionCategory;
@ -37,8 +38,8 @@ import java.util.stream.Collectors;
description = {
"%nUse this command to run the server in production."
},
footer = "%nBy default, this command tries to update the server configuration by running a '" + Build.NAME + "' before starting the server. You can disable this behavior by using the '" + Start.OPTIMIZED_BUILD_OPTION_LONG + "' option:%n%n"
+ " $ ${PARENT-COMMAND-FULL-NAME:-$PARENTCOMMAND} ${COMMAND-NAME} '" + Start.OPTIMIZED_BUILD_OPTION_LONG + "'%n%n"
footer = "%nBy default, this command tries to update the server configuration by running a '" + Build.NAME + "' before starting the server. You can disable this behavior by using the '" + OPTIMIZED_BUILD_OPTION_LONG + "' option:%n%n"
+ " $ ${PARENT-COMMAND-FULL-NAME:-$PARENTCOMMAND} ${COMMAND-NAME} '" + OPTIMIZED_BUILD_OPTION_LONG + "'%n%n"
+ "By doing that, the server should start faster based on any previous configuration you have set when manually running the '" + Build.NAME + "' command.")
public final class Start extends AbstractStartCommand implements Runnable {
@ -52,11 +53,8 @@ public final class Start extends AbstractStartCommand implements Runnable {
order = 1)
Boolean autoConfig;
@CommandLine.Option(names = {OPTIMIZED_BUILD_OPTION_LONG},
description = "Use this option to achieve an optional startup time if you have previously built a server image using the 'build' command.",
paramLabel = NO_PARAM_LABEL,
order = 1)
Boolean optimized;
@CommandLine.Mixin
OptimizedMixin optimizedMixin;
@CommandLine.Mixin
ImportRealmMixin importRealmMixin;

1
quarkus/runtime/src/main/resources/META-INF/keycloak.conf
View file

@ -22,6 +22,7 @@ metrics-enabled=false
%import_export.http-server-enabled=false
%import_export.hostname-strict=false
%import_export.hostname-strict-https=false
%import_export.cache=local
#logging defaults
log-console-output=default

8
quarkus/tests/integration/src/test/java/org/keycloak/it/storage/database/BasicDatabaseTest.java
View file

@ -38,7 +38,7 @@ public abstract class BasicDatabaseTest {
}
@Test
@Launch({ "start", AbstractStartCommand.OPTIMIZED_BUILD_OPTION_LONG,"--http-enabled=true", "--hostname-strict=false", "--db-username=wrong" })
@Launch({ "start", AbstractStartCommand.OPTIMIZED_BUILD_OPTION_LONG, "--http-enabled=true", "--hostname-strict=false", "--db-username=wrong" })
void testWrongUsername(LaunchResult result) {
CLIResult cliResult = (CLIResult) result;
cliResult.assertMessage("ERROR: Failed to obtain JDBC connection");
@ -48,7 +48,7 @@ public abstract class BasicDatabaseTest {
protected abstract void assertWrongUsername(CLIResult cliResult);
@Test
@Launch({ "start", AbstractStartCommand.OPTIMIZED_BUILD_OPTION_LONG,"--http-enabled=true", "--hostname-strict=false", "--db-password=wrong" })
@Launch({ "start", AbstractStartCommand.OPTIMIZED_BUILD_OPTION_LONG, "--http-enabled=true", "--hostname-strict=false", "--db-password=wrong" })
void testWrongPassword(LaunchResult result) {
CLIResult cliResult = (CLIResult) result;
cliResult.assertMessage("ERROR: Failed to obtain JDBC connection");
@ -59,7 +59,7 @@ public abstract class BasicDatabaseTest {
@Order(1)
@Test
@Launch({ "export", "--dir=./target/export"})
@Launch({ "export", AbstractStartCommand.OPTIMIZED_BUILD_OPTION_LONG, "--dir=./target/export"})
public void testExportSucceeds(LaunchResult result) {
CLIResult cliResult = (CLIResult) result;
cliResult.assertMessage("Full model export requested");
@ -68,7 +68,7 @@ public abstract class BasicDatabaseTest {
@Order(2)
@Test
@Launch({ "import", "--dir=./target/export" })
@Launch({ "import", AbstractStartCommand.OPTIMIZED_BUILD_OPTION_LONG, "--dir=./target/export" })
void testImportSucceeds(LaunchResult result) {
CLIResult cliResult = (CLIResult) result;
cliResult.assertMessage("target/export");

29
quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testExportHelp.unix.approved.txt vendored
View file

@ -10,9 +10,13 @@ Options:
-h, --help This help message.
--help-all This same help message but with additional options.
--optimized Use this option to achieve an optimal startup time if you have previously
built a server image using the 'build' command.
Database:
--db <vendor> The database vendor. Possible values are: dev-file, dev-mem, mariadb, mssql,
mysql, oracle, postgres. Default: dev-file.
--db-driver <driver> The fully qualified class name of the JDBC driver. If not set, a default
driver is set accordingly to the chosen database.
--db-password <password>
@ -41,10 +45,29 @@ Database:
--db-username <username>
The username of the database user.
Vault:
Transaction:
--vault-dir <dir> If set, secrets can be obtained by reading the content of files within the
given directory.
--transaction-xa-enabled <true|false>
If set to false, Keycloak uses a non-XA datasource in case the database does
not support XA transactions. Default: true.
Feature:
--features <feature> Enables a set of one or more features. Possible values are: account-api,
account2, account3, admin-api, admin-fine-grained-authz, admin2,
authorization, ciba, client-policies, client-secret-rotation,
declarative-user-profile, docker, dynamic-scopes, fips, impersonation,
js-adapter, kerberos, map-storage, openshift-integration, par, preview,
recovery-codes, scripts, step-up-authentication, token-exchange,
update-email, web-authn.
--features-disabled <feature>
Disables a set of one or more features. Possible values are: account-api,
account2, account3, admin-api, admin-fine-grained-authz, admin2,
authorization, ciba, client-policies, client-secret-rotation,
declarative-user-profile, docker, dynamic-scopes, fips, impersonation,
js-adapter, kerberos, map-storage, openshift-integration, par, preview,
recovery-codes, scripts, step-up-authentication, token-exchange,
update-email, web-authn.
Logging:

73
quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testExportHelpAll.unix.approved.txt vendored
View file

@ -10,9 +10,52 @@ Options:
-h, --help This help message.
--help-all This same help message but with additional options.
--optimized Use this option to achieve an optimal startup time if you have previously
built a server image using the 'build' command.
Storage (Experimental):
--storage <type> Experimental: Sets the default storage mechanism for all areas. Possible
values are: jpa, chm, hotrod, file.
--storage-area-auth-session <type>
Experimental: Sets a storage mechanism for authentication sessions. Possible
values are: jpa, chm, hotrod, file.
--storage-area-authorization <type>
Experimental: Sets a storage mechanism for authorizations. Possible values
are: jpa, chm, hotrod, file.
--storage-area-client <type>
Experimental: Sets a storage mechanism for clients. Possible values are: jpa,
chm, hotrod, file.
--storage-area-client-scope <type>
Experimental: Sets a storage mechanism for client scopes. Possible values are:
jpa, chm, hotrod, file.
--storage-area-event-admin <type>
Experimental: Sets a storage mechanism for admin events. Possible values are:
jpa, chm, hotrod, file.
--storage-area-event-auth <type>
Experimental: Sets a storage mechanism for authentication and authorization
events. Possible values are: jpa, chm, hotrod, file.
--storage-area-group <type>
Experimental: Sets a storage mechanism for groups. Possible values are: jpa,
chm, hotrod, file.
--storage-area-login-failure <type>
Experimental: Sets a storage mechanism for login failures. Possible values
are: jpa, chm, hotrod, file.
--storage-area-realm <type>
Experimental: Sets a storage mechanism for realms. Possible values are: jpa,
chm, hotrod, file.
--storage-area-role <type>
Experimental: Sets a storage mechanism for roles. Possible values are: jpa,
chm, hotrod, file.
--storage-area-single-use-object <type>
Experimental: Sets a storage mechanism for single use objects. Possible values
are: jpa, chm, hotrod.
--storage-area-user <type>
Experimental: Sets a storage mechanism for users. Possible values are: jpa,
chm, hotrod, file.
--storage-area-user-session <type>
Experimental: Sets a storage mechanism for user and client sessions. Possible
values are: jpa, chm, hotrod, file.
--storage-deployment-state-version-seed <type>
Experimental: Secret that serves as a seed to mask the version number of
Keycloak in URLs. Need to be identical across all servers in the cluster.
@ -29,9 +72,14 @@ Storage (Experimental):
Experimental: Sets the port of the Infinispan server.
--storage-hotrod-username <username>
Experimental: Sets the username of the Infinispan user.
--storage-jpa-db <type>
Experimental: The database vendor for jpa map storage. Possible values are:
postgres, cockroach. Default: postgres.
Database:
--db <vendor> The database vendor. Possible values are: dev-file, dev-mem, mariadb, mssql,
mysql, oracle, postgres. Default: dev-file.
--db-driver <driver> The fully qualified class name of the JDBC driver. If not set, a default
driver is set accordingly to the chosen database.
--db-password <password>
@ -60,10 +108,29 @@ Database:
--db-username <username>
The username of the database user.
Vault:
Transaction:
--vault-dir <dir> If set, secrets can be obtained by reading the content of files within the
given directory.
--transaction-xa-enabled <true|false>
If set to false, Keycloak uses a non-XA datasource in case the database does
not support XA transactions. Default: true.
Feature:
--features <feature> Enables a set of one or more features. Possible values are: account-api,
account2, account3, admin-api, admin-fine-grained-authz, admin2,
authorization, ciba, client-policies, client-secret-rotation,
declarative-user-profile, docker, dynamic-scopes, fips, impersonation,
js-adapter, kerberos, map-storage, openshift-integration, par, preview,
recovery-codes, scripts, step-up-authentication, token-exchange,
update-email, web-authn.
--features-disabled <feature>
Disables a set of one or more features. Possible values are: account-api,
account2, account3, admin-api, admin-fine-grained-authz, admin2,
authorization, ciba, client-policies, client-secret-rotation,
declarative-user-profile, docker, dynamic-scopes, fips, impersonation,
js-adapter, kerberos, map-storage, openshift-integration, par, preview,
recovery-codes, scripts, step-up-authentication, token-exchange,
update-email, web-authn.
Logging:

29
quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testImportHelp.unix.approved.txt vendored
View file

@ -10,9 +10,13 @@ Options:
-h, --help This help message.
--help-all This same help message but with additional options.
--optimized Use this option to achieve an optimal startup time if you have previously
built a server image using the 'build' command.
Database:
--db <vendor> The database vendor. Possible values are: dev-file, dev-mem, mariadb, mssql,
mysql, oracle, postgres. Default: dev-file.
--db-driver <driver> The fully qualified class name of the JDBC driver. If not set, a default
driver is set accordingly to the chosen database.
--db-password <password>
@ -41,10 +45,29 @@ Database:
--db-username <username>
The username of the database user.
Vault:
Transaction:
--vault-dir <dir> If set, secrets can be obtained by reading the content of files within the
given directory.
--transaction-xa-enabled <true|false>
If set to false, Keycloak uses a non-XA datasource in case the database does
not support XA transactions. Default: true.
Feature:
--features <feature> Enables a set of one or more features. Possible values are: account-api,
account2, account3, admin-api, admin-fine-grained-authz, admin2,
authorization, ciba, client-policies, client-secret-rotation,
declarative-user-profile, docker, dynamic-scopes, fips, impersonation,
js-adapter, kerberos, map-storage, openshift-integration, par, preview,
recovery-codes, scripts, step-up-authentication, token-exchange,
update-email, web-authn.
--features-disabled <feature>
Disables a set of one or more features. Possible values are: account-api,
account2, account3, admin-api, admin-fine-grained-authz, admin2,
authorization, ciba, client-policies, client-secret-rotation,
declarative-user-profile, docker, dynamic-scopes, fips, impersonation,
js-adapter, kerberos, map-storage, openshift-integration, par, preview,
recovery-codes, scripts, step-up-authentication, token-exchange,
update-email, web-authn.
Logging:

73
quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testImportHelpAll.unix.approved.txt vendored
View file

@ -10,9 +10,52 @@ Options:
-h, --help This help message.
--help-all This same help message but with additional options.
--optimized Use this option to achieve an optimal startup time if you have previously
built a server image using the 'build' command.
Storage (Experimental):
--storage <type> Experimental: Sets the default storage mechanism for all areas. Possible
values are: jpa, chm, hotrod, file.
--storage-area-auth-session <type>
Experimental: Sets a storage mechanism for authentication sessions. Possible
values are: jpa, chm, hotrod, file.
--storage-area-authorization <type>
Experimental: Sets a storage mechanism for authorizations. Possible values
are: jpa, chm, hotrod, file.
--storage-area-client <type>
Experimental: Sets a storage mechanism for clients. Possible values are: jpa,
chm, hotrod, file.
--storage-area-client-scope <type>
Experimental: Sets a storage mechanism for client scopes. Possible values are:
jpa, chm, hotrod, file.
--storage-area-event-admin <type>
Experimental: Sets a storage mechanism for admin events. Possible values are:
jpa, chm, hotrod, file.
--storage-area-event-auth <type>
Experimental: Sets a storage mechanism for authentication and authorization
events. Possible values are: jpa, chm, hotrod, file.
--storage-area-group <type>
Experimental: Sets a storage mechanism for groups. Possible values are: jpa,
chm, hotrod, file.
--storage-area-login-failure <type>
Experimental: Sets a storage mechanism for login failures. Possible values
are: jpa, chm, hotrod, file.
--storage-area-realm <type>
Experimental: Sets a storage mechanism for realms. Possible values are: jpa,
chm, hotrod, file.
--storage-area-role <type>
Experimental: Sets a storage mechanism for roles. Possible values are: jpa,
chm, hotrod, file.
--storage-area-single-use-object <type>
Experimental: Sets a storage mechanism for single use objects. Possible values
are: jpa, chm, hotrod.
--storage-area-user <type>
Experimental: Sets a storage mechanism for users. Possible values are: jpa,
chm, hotrod, file.
--storage-area-user-session <type>
Experimental: Sets a storage mechanism for user and client sessions. Possible
values are: jpa, chm, hotrod, file.
--storage-deployment-state-version-seed <type>
Experimental: Secret that serves as a seed to mask the version number of
Keycloak in URLs. Need to be identical across all servers in the cluster.
@ -29,9 +72,14 @@ Storage (Experimental):
Experimental: Sets the port of the Infinispan server.
--storage-hotrod-username <username>
Experimental: Sets the username of the Infinispan user.
--storage-jpa-db <type>
Experimental: The database vendor for jpa map storage. Possible values are:
postgres, cockroach. Default: postgres.
Database:
--db <vendor> The database vendor. Possible values are: dev-file, dev-mem, mariadb, mssql,
mysql, oracle, postgres. Default: dev-file.
--db-driver <driver> The fully qualified class name of the JDBC driver. If not set, a default
driver is set accordingly to the chosen database.
--db-password <password>
@ -60,10 +108,29 @@ Database:
--db-username <username>
The username of the database user.
Vault:
Transaction:
--vault-dir <dir> If set, secrets can be obtained by reading the content of files within the
given directory.
--transaction-xa-enabled <true|false>
If set to false, Keycloak uses a non-XA datasource in case the database does
not support XA transactions. Default: true.
Feature:
--features <feature> Enables a set of one or more features. Possible values are: account-api,
account2, account3, admin-api, admin-fine-grained-authz, admin2,
authorization, ciba, client-policies, client-secret-rotation,
declarative-user-profile, docker, dynamic-scopes, fips, impersonation,
js-adapter, kerberos, map-storage, openshift-integration, par, preview,
recovery-codes, scripts, step-up-authentication, token-exchange,
update-email, web-authn.
--features-disabled <feature>
Disables a set of one or more features. Possible values are: account-api,
account2, account3, admin-api, admin-fine-grained-authz, admin2,
authorization, ciba, client-policies, client-secret-rotation,
declarative-user-profile, docker, dynamic-scopes, fips, impersonation,
js-adapter, kerberos, map-storage, openshift-integration, par, preview,
recovery-codes, scripts, step-up-authentication, token-exchange,
update-email, web-authn.
Logging:

2
quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testStartHelp.unix.approved.txt vendored
View file

@ -17,7 +17,7 @@ Options:
--help-all This same help message but with additional options.
--import-realm Import realms during startup by reading any realm configuration file from the
'data/import' directory.
--optimized Use this option to achieve an optional startup time if you have previously
--optimized Use this option to achieve an optimal startup time if you have previously
built a server image using the 'build' command.
Cache:

2
quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testStartHelp.windows.approved.txt vendored
View file

@ -17,7 +17,7 @@ Options:
--help-all This same help message but with additional options.
--import-realm Import realms during startup by reading any realm configuration file from the
'data/import' directory.
--optimized Use this option to achieve an optional startup time if you have previously
--optimized Use this option to achieve an optimal startup time if you have previously
built a server image using the 'build' command.
Cache:

2
quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testStartHelpAll.unix.approved.txt vendored
View file

@ -17,7 +17,7 @@ Options:
--help-all This same help message but with additional options.
--import-realm Import realms during startup by reading any realm configuration file from the
'data/import' directory.
--optimized Use this option to achieve an optional startup time if you have previously
--optimized Use this option to achieve an optimal startup time if you have previously
built a server image using the 'build' command.
Cache:

2
quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testStartHelpAll.windows.approved.txt vendored
View file

@ -17,7 +17,7 @@ Options:
--help-all This same help message but with additional options.
--import-realm Import realms during startup by reading any realm configuration file from the
'data/import' directory.
--optimized Use this option to achieve an optional startup time if you have previously
--optimized Use this option to achieve an optimal startup time if you have previously
built a server image using the 'build' command.
Cache:

2
quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testStartOptimizedHelp.unix.approved.txt vendored
View file

@ -17,7 +17,7 @@ Options:
--help-all This same help message but with additional options.
--import-realm Import realms during startup by reading any realm configuration file from the
'data/import' directory.
--optimized Use this option to achieve an optional startup time if you have previously
--optimized Use this option to achieve an optimal startup time if you have previously
built a server image using the 'build' command.
Database:

2
quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testStartOptimizedHelp.windows.approved.txt vendored
View file

@ -17,7 +17,7 @@ Options:
--help-all This same help message but with additional options.
--import-realm Import realms during startup by reading any realm configuration file from the
'data/import' directory.
--optimized Use this option to achieve an optional startup time if you have previously
--optimized Use this option to achieve an optimal startup time if you have previously
built a server image using the 'build' command.
Database:

2
quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testStartOptimizedHelpAll.unix.approved.txt vendored
View file

@ -17,7 +17,7 @@ Options:
--help-all This same help message but with additional options.
--import-realm Import realms during startup by reading any realm configuration file from the
'data/import' directory.
--optimized Use this option to achieve an optional startup time if you have previously
--optimized Use this option to achieve an optimal startup time if you have previously
built a server image using the 'build' command.
Storage (Experimental):

2
quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testStartOptimizedHelpAll.windows.approved.txt vendored
View file

@ -17,7 +17,7 @@ Options:
--help-all This same help message but with additional options.
--import-realm Import realms during startup by reading any realm configuration file from the
'data/import' directory.
--optimized Use this option to achieve an optional startup time if you have previously
--optimized Use this option to achieve an optimal startup time if you have previously
built a server image using the 'build' command.
Storage (Experimental):