diff --git a/docs/documentation/release_notes/topics/22_0_0.adoc b/docs/documentation/release_notes/topics/22_0_0.adoc index eddf3c2696..8523883742 100644 --- a/docs/documentation/release_notes/topics/22_0_0.adoc +++ b/docs/documentation/release_notes/topics/22_0_0.adoc @@ -1,3 +1,10 @@ = Legacy Promise API removed from Keycloak JS adapter With this release, we have removed the legacy Promise API methods from the Keycloak JS adapter. This means that calling `.success()` and `.error()` on promises returned from the adapter is no longer possible. + += Export and Import perform an automatic build + +In previous releases, the `export` and `import` commands required a `build` command to be run first. +Starting with this release, the `export` and `import` commands perform an automatic rebuild of Keycloak if a build time configuration has changed. + +See the migration guide for details. \ No newline at end of file diff --git a/docs/documentation/upgrading/topics/keycloak/changes-22_0_0.adoc b/docs/documentation/upgrading/topics/keycloak/changes-22_0_0.adoc index b0d1dfb9a0..3e2131a077 100644 --- a/docs/documentation/upgrading/topics/keycloak/changes-22_0_0.adoc +++ b/docs/documentation/upgrading/topics/keycloak/changes-22_0_0.adoc @@ -38,3 +38,39 @@ try { alert('failed to initialize'); } ``` + += Export and Import perform an automatic build + +In previous releases, the `export` and `import` commands required a `build` command to be run first. +Starting with this release, the `export` and `import` commands perform an automatic rebuild of Keycloak if a build time configuration has changed. + +When migrating existing scripts that run a `build` command first, migrate by adding the `--optimized` command line option to the `export` and `import` command to avoid Keycloak automatically re-building the image. +Not adding the `--optimized` option in this might make Keycloak trigger a rebuild and revert to the default values, and then connecting to the database for export and import will not work. + +The following examples assume that runtime parameters like a database password are provided via a configuration file or an environment variable. + +.Before migration: Running the build command before running the export command +[source,bash] +---- +bin/kc.[sh|bat] build --db=postgres ... +bin/kc.[sh|bat] export --dir +---- + +.After migration: Adding `--optimized` to the export command +[source,bash,subs="+quotes"] +---- +bin/kc.[sh|bat] build --db=postgres ... +bin/kc.[sh|bat] export ##--optimized## --dir +---- + +.After migration: Leveraging the auto-build functionality +[source,bash] +---- +bin/kc.[sh|bat] export --dir --db=postgres ... +---- + +NOTE:: When the auto-build runs, the build time options will be in effect for all subsequent commands that are started with the `--optimized` flag, including the `start` command. + +In previous releases the `export` and `import` commands allowed runtime parameters like, for example, a database URL only in configuration files or environment variables. +Starting with this release, those runtime parameters are now available on the command line as well. +Use the `--help` option to find out about the supported parameters. diff --git a/docs/guides/server/importExport.adoc b/docs/guides/server/importExport.adoc index d106725fd0..24b203bca6 100644 --- a/docs/guides/server/importExport.adoc +++ b/docs/guides/server/importExport.adoc @@ -1,5 +1,6 @@ <#import "/templates/guide.adoc" as tmpl> <#import "/templates/kc.adoc" as kc> +<#import "/templates/links.adoc" as links> <@tmpl.guide title="Importing and Exporting Realms" @@ -7,6 +8,18 @@ In this guide, you are going to understand the different approaches for importing and exporting realms using JSON files. +== Providing options for database connection parameters + +When using the `export` and the `import` commands below, Keycloak needs to know how to connect to the database where the information about realms, clients, users and other entities is stored. +As described in <@links.server id="configuration"/> that information can be provided as command line parameters, environment variables or a configuration file. +Use the `--help` command line option for each command to see the available options. + +Some of the configuration options are build time configuration options. +As default, Keycloak will re-build automatically for the `export` and `import` commands if it detects a change of a build time parameter. + +If you have built an optimized version of Keycloak with the `build` command as outlined in <@links.server id="configuration"/>, use the command line option `--optimized` to have Keycloak skip the build check for a faster startup time. +When doing this, remove the build time options from the command line and keep only the runtime options. + == Exporting a Realm to a Directory To export a realm, you can use the `export` command. Your Keycloak server instance must not be started when invoking this command. diff --git a/operator/src/main/java/org/keycloak/operator/controllers/KeycloakRealmImportJob.java b/operator/src/main/java/org/keycloak/operator/controllers/KeycloakRealmImportJob.java index 776df772b0..c7361a2531 100644 --- a/operator/src/main/java/org/keycloak/operator/controllers/KeycloakRealmImportJob.java +++ b/operator/src/main/java/org/keycloak/operator/controllers/KeycloakRealmImportJob.java @@ -165,7 +165,7 @@ public class KeycloakRealmImportJob extends OperatorManagedResource { var runBuild = (keycloak.getSpec().getImage() == null) ? "/opt/keycloak/bin/kc.sh build && " : ""; var commandArgs = List.of("-c", - runBuild + "/opt/keycloak/bin/kc.sh import --file='" + importMntPath + getRealmName() + "-realm.json' " + override); + runBuild + "/opt/keycloak/bin/kc.sh import --optimized --file='" + importMntPath + getRealmName() + "-realm.json' " + override); keycloakContainer .setCommand(command); diff --git a/quarkus/runtime/src/main/java/org/keycloak/quarkus/runtime/cli/Picocli.java b/quarkus/runtime/src/main/java/org/keycloak/quarkus/runtime/cli/Picocli.java index 7a94c16ef9..b87784a1bd 100644 --- a/quarkus/runtime/src/main/java/org/keycloak/quarkus/runtime/cli/Picocli.java +++ b/quarkus/runtime/src/main/java/org/keycloak/quarkus/runtime/cli/Picocli.java @@ -21,6 +21,7 @@ import static org.keycloak.quarkus.runtime.Environment.isRebuildCheck; import static org.keycloak.quarkus.runtime.Environment.isRebuilt; import static org.keycloak.quarkus.runtime.cli.command.AbstractStartCommand.*; import static org.keycloak.quarkus.runtime.cli.command.AbstractStartCommand.AUTO_BUILD_OPTION_LONG; +import static org.keycloak.quarkus.runtime.cli.command.AbstractStartCommand.OPTIMIZED_BUILD_OPTION_LONG; import static org.keycloak.quarkus.runtime.configuration.ConfigArgsConfigSource.parseConfigArgs; import static org.keycloak.quarkus.runtime.configuration.Configuration.OPTION_PART_SEPARATOR; import static org.keycloak.quarkus.runtime.configuration.Configuration.getBuildTimeProperty; @@ -53,11 +54,9 @@ import org.keycloak.config.OptionCategory; import org.keycloak.quarkus.runtime.cli.command.AbstractCommand; import org.keycloak.quarkus.runtime.cli.command.AbstractStartCommand; import org.keycloak.quarkus.runtime.cli.command.Build; -import org.keycloak.quarkus.runtime.cli.command.Export; -import org.keycloak.quarkus.runtime.cli.command.Import; import org.keycloak.quarkus.runtime.cli.command.ImportRealmMixin; import org.keycloak.quarkus.runtime.cli.command.Main; -import org.keycloak.quarkus.runtime.cli.command.Start; +import org.keycloak.quarkus.runtime.cli.command.ShowConfig; import org.keycloak.quarkus.runtime.cli.command.StartDev; import org.keycloak.quarkus.runtime.configuration.ConfigArgsConfigSource; import org.keycloak.quarkus.runtime.configuration.PersistedConfigSource; @@ -117,7 +116,7 @@ public final class Picocli { Environment.forceDevProfile(); } } - if (requiresReAugmentation(cmd)) { + if (requiresReAugmentation(getCurrentCommandSpec(cliArgs, cmd.getCommandSpec()))) { exitCode = runReAugmentation(cliArgs, cmd); } @@ -128,12 +127,11 @@ public final class Picocli { return cliArgs.contains("--help") || cliArgs.contains("-h") || cliArgs.contains("--help-all") - || cliArgs.contains(Export.NAME) - || cliArgs.contains(Import.NAME); + || cliArgs.contains(ShowConfig.NAME); } - public static boolean requiresReAugmentation(CommandLine cmd) { - if (hasConfigChanges()) { + public static boolean requiresReAugmentation(CommandLine cmdCommand) { + if (hasConfigChanges(cmdCommand)) { if (!ConfigArgsConfigSource.getAllCliArgs().contains(StartDev.NAME) && "dev".equals(getConfig().getOptionalValue("kc.profile", String.class).orElse(null))) { return false; } @@ -174,17 +172,17 @@ public final class Picocli { cmd.getOut().println("Changes detected in configuration. Updating the server image."); } - int exitCode = 0; + int exitCode; List configArgsList = new ArrayList<>(cliArgs); - configArgsList.replaceAll(Picocli::replaceStartWithBuild); + configArgsList.replaceAll(arg -> replaceCommandWithBuild(getCurrentCommandSpec(cliArgs, cmd.getCommandSpec()).getCommandName(), arg)); configArgsList.removeIf(Picocli::isRuntimeOption); exitCode = cmd.execute(configArgsList.toArray(new String[0])); if(!isDevMode() && exitCode == cmd.getCommandSpec().exitCodeOnSuccess()) { - cmd.getOut().printf("Next time you run the server, just run:%n%n\t%s %s %s %s%n%n", Environment.getCommand(), Start.NAME, OPTIMIZED_BUILD_OPTION_LONG, String.join(" ", getSanitizedRuntimeCliOptions())); + cmd.getOut().printf("Next time you run the server, just run:%n%n\t%s %s %s %s%n%n", Environment.getCommand(), getCurrentCommandSpec(cliArgs, cmd.getCommandSpec()).getCommandName(), OPTIMIZED_BUILD_OPTION_LONG, String.join(" ", getSanitizedRuntimeCliOptions())); } return exitCode; @@ -222,7 +220,7 @@ public final class Picocli { return false; } - private static boolean hasConfigChanges() { + private static boolean hasConfigChanges(CommandLine cmdCommand) { Optional currentProfile = Optional.ofNullable(Environment.getProfile()); Optional persistedProfile = getBuildTimeProperty("kc.profile"); @@ -250,6 +248,17 @@ public final class Picocli { String persistedValue = getBuildTimeProperty(propertyName).orElse(""); String runtimeValue = getRuntimeProperty(propertyName).orElse(null); + // compare only the relevant options for this command, as not all options might be set for this command + if (cmdCommand.getCommand() instanceof AbstractCommand) { + AbstractCommand abstractCommand = cmdCommand.getCommand(); + PropertyMapper mapper = PropertyMappers.getMapper(propertyName); + if (mapper != null) { + if (!abstractCommand.getOptionCategories().contains(mapper.getCategory())) { + continue; + } + } + } + if (runtimeValue == null && isNotBlank(persistedValue)) { PropertyMapper mapper = PropertyMappers.getMapper(propertyName); @@ -375,7 +384,7 @@ public final class Picocli { if (!includeBuildTime && !includeRuntime) { return; - } else if (includeRuntime && !includeBuildTime && (Start.NAME.equals(command.getCommandName())) || StartDev.NAME.equals(command.getCommandName())) { + } else if (includeRuntime && !includeBuildTime && !ShowConfig.NAME.equals(command.getCommandName())) { includeBuildTime = isRebuilt() || !cliArgs.contains(OPTIMIZED_BUILD_OPTION_LONG); } else if (includeBuildTime && !includeRuntime) { includeRuntime = isRebuildCheck(); @@ -519,8 +528,8 @@ public final class Picocli { return args; } - private static String replaceStartWithBuild(String arg) { - if (arg.equals(Start.NAME) || arg.equals(StartDev.NAME)) { + private static String replaceCommandWithBuild(String commandName, String arg) { + if (arg.equals(commandName)) { return Build.NAME; } return arg; diff --git a/quarkus/runtime/src/main/java/org/keycloak/quarkus/runtime/cli/command/AbstractExportImportCommand.java b/quarkus/runtime/src/main/java/org/keycloak/quarkus/runtime/cli/command/AbstractExportImportCommand.java index bab17a56ef..8baebc95e7 100644 --- a/quarkus/runtime/src/main/java/org/keycloak/quarkus/runtime/cli/command/AbstractExportImportCommand.java +++ b/quarkus/runtime/src/main/java/org/keycloak/quarkus/runtime/cli/command/AbstractExportImportCommand.java @@ -28,6 +28,9 @@ public abstract class AbstractExportImportCommand extends AbstractStartCommand i private final String action; + @CommandLine.Mixin + OptimizedMixin optimizedMixin; + @CommandLine.Mixin HelpAllMixin helpAllMixin; @@ -51,6 +54,9 @@ public abstract class AbstractExportImportCommand extends AbstractStartCommand i optionCategory != OptionCategory.PROXY && optionCategory != OptionCategory.HOSTNAME && optionCategory != OptionCategory.METRICS && + optionCategory != OptionCategory.VAULT && + optionCategory != OptionCategory.SECURITY && + optionCategory != OptionCategory.CACHE && optionCategory != OptionCategory.HEALTH).collect(Collectors.toList()); } diff --git a/quarkus/runtime/src/main/java/org/keycloak/quarkus/runtime/cli/command/Build.java b/quarkus/runtime/src/main/java/org/keycloak/quarkus/runtime/cli/command/Build.java index 1dfc9998e1..4efc9c64cf 100644 --- a/quarkus/runtime/src/main/java/org/keycloak/quarkus/runtime/cli/command/Build.java +++ b/quarkus/runtime/src/main/java/org/keycloak/quarkus/runtime/cli/command/Build.java @@ -34,7 +34,6 @@ import picocli.CommandLine; import picocli.CommandLine.Command; import java.util.List; -import java.util.stream.Collectors; @Command(name = Build.NAME, header = "Creates a new and optimized server image.", @@ -91,7 +90,8 @@ public final class Build extends AbstractCommand implements Runnable { } public List getOptionCategories() { - return super.getOptionCategories().stream().filter(optionCategory -> optionCategory != OptionCategory.EXPORT && optionCategory != OptionCategory.IMPORT).collect(Collectors.toList()); + // all options should work for the build command, otherwise re-augmentation might fail due to unknown options + return super.getOptionCategories(); } private void exitWithErrorIfDevProfileIsSetAndNotStartDev() { diff --git a/quarkus/runtime/src/main/java/org/keycloak/quarkus/runtime/cli/command/OptimizedMixin.java b/quarkus/runtime/src/main/java/org/keycloak/quarkus/runtime/cli/command/OptimizedMixin.java new file mode 100644 index 0000000000..be07f15b43 --- /dev/null +++ b/quarkus/runtime/src/main/java/org/keycloak/quarkus/runtime/cli/command/OptimizedMixin.java @@ -0,0 +1,33 @@ +/* + * Copyright 2021 Red Hat, Inc. and/or its affiliates + * and other contributors as indicated by the @author tags. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.keycloak.quarkus.runtime.cli.command; + +import picocli.CommandLine; + +import static org.keycloak.quarkus.runtime.cli.Picocli.NO_PARAM_LABEL; +import static org.keycloak.quarkus.runtime.cli.command.AbstractStartCommand.OPTIMIZED_BUILD_OPTION_LONG; + +public final class OptimizedMixin { + + @CommandLine.Option(names = {OPTIMIZED_BUILD_OPTION_LONG}, + description = "Use this option to achieve an optimal startup time if you have previously built a server image using the 'build' command.", + paramLabel = NO_PARAM_LABEL, + order = 1) + Boolean optimized; + +} diff --git a/quarkus/runtime/src/main/java/org/keycloak/quarkus/runtime/cli/command/Start.java b/quarkus/runtime/src/main/java/org/keycloak/quarkus/runtime/cli/command/Start.java index adcc838511..25b706c85a 100644 --- a/quarkus/runtime/src/main/java/org/keycloak/quarkus/runtime/cli/command/Start.java +++ b/quarkus/runtime/src/main/java/org/keycloak/quarkus/runtime/cli/command/Start.java @@ -19,6 +19,7 @@ package org.keycloak.quarkus.runtime.cli.command; import static org.keycloak.quarkus.runtime.Environment.setProfile; import static org.keycloak.quarkus.runtime.cli.Picocli.NO_PARAM_LABEL; +import static org.keycloak.quarkus.runtime.cli.command.AbstractStartCommand.OPTIMIZED_BUILD_OPTION_LONG; import static org.keycloak.quarkus.runtime.configuration.Configuration.getRawPersistedProperty; import org.keycloak.config.OptionCategory; @@ -37,8 +38,8 @@ import java.util.stream.Collectors; description = { "%nUse this command to run the server in production." }, - footer = "%nBy default, this command tries to update the server configuration by running a '" + Build.NAME + "' before starting the server. You can disable this behavior by using the '" + Start.OPTIMIZED_BUILD_OPTION_LONG + "' option:%n%n" - + " $ ${PARENT-COMMAND-FULL-NAME:-$PARENTCOMMAND} ${COMMAND-NAME} '" + Start.OPTIMIZED_BUILD_OPTION_LONG + "'%n%n" + footer = "%nBy default, this command tries to update the server configuration by running a '" + Build.NAME + "' before starting the server. You can disable this behavior by using the '" + OPTIMIZED_BUILD_OPTION_LONG + "' option:%n%n" + + " $ ${PARENT-COMMAND-FULL-NAME:-$PARENTCOMMAND} ${COMMAND-NAME} '" + OPTIMIZED_BUILD_OPTION_LONG + "'%n%n" + "By doing that, the server should start faster based on any previous configuration you have set when manually running the '" + Build.NAME + "' command.") public final class Start extends AbstractStartCommand implements Runnable { @@ -52,11 +53,8 @@ public final class Start extends AbstractStartCommand implements Runnable { order = 1) Boolean autoConfig; - @CommandLine.Option(names = {OPTIMIZED_BUILD_OPTION_LONG}, - description = "Use this option to achieve an optional startup time if you have previously built a server image using the 'build' command.", - paramLabel = NO_PARAM_LABEL, - order = 1) - Boolean optimized; + @CommandLine.Mixin + OptimizedMixin optimizedMixin; @CommandLine.Mixin ImportRealmMixin importRealmMixin; diff --git a/quarkus/runtime/src/main/resources/META-INF/keycloak.conf b/quarkus/runtime/src/main/resources/META-INF/keycloak.conf index 9b32673713..34c4a379b8 100644 --- a/quarkus/runtime/src/main/resources/META-INF/keycloak.conf +++ b/quarkus/runtime/src/main/resources/META-INF/keycloak.conf @@ -22,6 +22,7 @@ metrics-enabled=false %import_export.http-server-enabled=false %import_export.hostname-strict=false %import_export.hostname-strict-https=false +%import_export.cache=local #logging defaults log-console-output=default diff --git a/quarkus/tests/integration/src/test/java/org/keycloak/it/storage/database/BasicDatabaseTest.java b/quarkus/tests/integration/src/test/java/org/keycloak/it/storage/database/BasicDatabaseTest.java index 1b44b90041..3dcf5bd9f0 100644 --- a/quarkus/tests/integration/src/test/java/org/keycloak/it/storage/database/BasicDatabaseTest.java +++ b/quarkus/tests/integration/src/test/java/org/keycloak/it/storage/database/BasicDatabaseTest.java @@ -38,7 +38,7 @@ public abstract class BasicDatabaseTest { } @Test - @Launch({ "start", AbstractStartCommand.OPTIMIZED_BUILD_OPTION_LONG,"--http-enabled=true", "--hostname-strict=false", "--db-username=wrong" }) + @Launch({ "start", AbstractStartCommand.OPTIMIZED_BUILD_OPTION_LONG, "--http-enabled=true", "--hostname-strict=false", "--db-username=wrong" }) void testWrongUsername(LaunchResult result) { CLIResult cliResult = (CLIResult) result; cliResult.assertMessage("ERROR: Failed to obtain JDBC connection"); @@ -48,7 +48,7 @@ public abstract class BasicDatabaseTest { protected abstract void assertWrongUsername(CLIResult cliResult); @Test - @Launch({ "start", AbstractStartCommand.OPTIMIZED_BUILD_OPTION_LONG,"--http-enabled=true", "--hostname-strict=false", "--db-password=wrong" }) + @Launch({ "start", AbstractStartCommand.OPTIMIZED_BUILD_OPTION_LONG, "--http-enabled=true", "--hostname-strict=false", "--db-password=wrong" }) void testWrongPassword(LaunchResult result) { CLIResult cliResult = (CLIResult) result; cliResult.assertMessage("ERROR: Failed to obtain JDBC connection"); @@ -59,7 +59,7 @@ public abstract class BasicDatabaseTest { @Order(1) @Test - @Launch({ "export", "--dir=./target/export"}) + @Launch({ "export", AbstractStartCommand.OPTIMIZED_BUILD_OPTION_LONG, "--dir=./target/export"}) public void testExportSucceeds(LaunchResult result) { CLIResult cliResult = (CLIResult) result; cliResult.assertMessage("Full model export requested"); @@ -68,7 +68,7 @@ public abstract class BasicDatabaseTest { @Order(2) @Test - @Launch({ "import", "--dir=./target/export" }) + @Launch({ "import", AbstractStartCommand.OPTIMIZED_BUILD_OPTION_LONG, "--dir=./target/export" }) void testImportSucceeds(LaunchResult result) { CLIResult cliResult = (CLIResult) result; cliResult.assertMessage("target/export"); diff --git a/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testExportHelp.unix.approved.txt b/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testExportHelp.unix.approved.txt index ad8eb390c4..0c2b1cb497 100644 --- a/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testExportHelp.unix.approved.txt +++ b/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testExportHelp.unix.approved.txt @@ -10,9 +10,13 @@ Options: -h, --help This help message. --help-all This same help message but with additional options. +--optimized Use this option to achieve an optimal startup time if you have previously + built a server image using the 'build' command. Database: +--db The database vendor. Possible values are: dev-file, dev-mem, mariadb, mssql, + mysql, oracle, postgres. Default: dev-file. --db-driver The fully qualified class name of the JDBC driver. If not set, a default driver is set accordingly to the chosen database. --db-password @@ -41,10 +45,29 @@ Database: --db-username The username of the database user. -Vault: +Transaction: ---vault-dir If set, secrets can be obtained by reading the content of files within the - given directory. +--transaction-xa-enabled + If set to false, Keycloak uses a non-XA datasource in case the database does + not support XA transactions. Default: true. + +Feature: + +--features Enables a set of one or more features. Possible values are: account-api, + account2, account3, admin-api, admin-fine-grained-authz, admin2, + authorization, ciba, client-policies, client-secret-rotation, + declarative-user-profile, docker, dynamic-scopes, fips, impersonation, + js-adapter, kerberos, map-storage, openshift-integration, par, preview, + recovery-codes, scripts, step-up-authentication, token-exchange, + update-email, web-authn. +--features-disabled + Disables a set of one or more features. Possible values are: account-api, + account2, account3, admin-api, admin-fine-grained-authz, admin2, + authorization, ciba, client-policies, client-secret-rotation, + declarative-user-profile, docker, dynamic-scopes, fips, impersonation, + js-adapter, kerberos, map-storage, openshift-integration, par, preview, + recovery-codes, scripts, step-up-authentication, token-exchange, + update-email, web-authn. Logging: diff --git a/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testExportHelpAll.unix.approved.txt b/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testExportHelpAll.unix.approved.txt index d2f01f4f1f..24a1264e39 100644 --- a/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testExportHelpAll.unix.approved.txt +++ b/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testExportHelpAll.unix.approved.txt @@ -10,9 +10,52 @@ Options: -h, --help This help message. --help-all This same help message but with additional options. +--optimized Use this option to achieve an optimal startup time if you have previously + built a server image using the 'build' command. Storage (Experimental): +--storage Experimental: Sets the default storage mechanism for all areas. Possible + values are: jpa, chm, hotrod, file. +--storage-area-auth-session + Experimental: Sets a storage mechanism for authentication sessions. Possible + values are: jpa, chm, hotrod, file. +--storage-area-authorization + Experimental: Sets a storage mechanism for authorizations. Possible values + are: jpa, chm, hotrod, file. +--storage-area-client + Experimental: Sets a storage mechanism for clients. Possible values are: jpa, + chm, hotrod, file. +--storage-area-client-scope + Experimental: Sets a storage mechanism for client scopes. Possible values are: + jpa, chm, hotrod, file. +--storage-area-event-admin + Experimental: Sets a storage mechanism for admin events. Possible values are: + jpa, chm, hotrod, file. +--storage-area-event-auth + Experimental: Sets a storage mechanism for authentication and authorization + events. Possible values are: jpa, chm, hotrod, file. +--storage-area-group + Experimental: Sets a storage mechanism for groups. Possible values are: jpa, + chm, hotrod, file. +--storage-area-login-failure + Experimental: Sets a storage mechanism for login failures. Possible values + are: jpa, chm, hotrod, file. +--storage-area-realm + Experimental: Sets a storage mechanism for realms. Possible values are: jpa, + chm, hotrod, file. +--storage-area-role + Experimental: Sets a storage mechanism for roles. Possible values are: jpa, + chm, hotrod, file. +--storage-area-single-use-object + Experimental: Sets a storage mechanism for single use objects. Possible values + are: jpa, chm, hotrod. +--storage-area-user + Experimental: Sets a storage mechanism for users. Possible values are: jpa, + chm, hotrod, file. +--storage-area-user-session + Experimental: Sets a storage mechanism for user and client sessions. Possible + values are: jpa, chm, hotrod, file. --storage-deployment-state-version-seed Experimental: Secret that serves as a seed to mask the version number of Keycloak in URLs. Need to be identical across all servers in the cluster. @@ -29,9 +72,14 @@ Storage (Experimental): Experimental: Sets the port of the Infinispan server. --storage-hotrod-username Experimental: Sets the username of the Infinispan user. +--storage-jpa-db + Experimental: The database vendor for jpa map storage. Possible values are: + postgres, cockroach. Default: postgres. Database: +--db The database vendor. Possible values are: dev-file, dev-mem, mariadb, mssql, + mysql, oracle, postgres. Default: dev-file. --db-driver The fully qualified class name of the JDBC driver. If not set, a default driver is set accordingly to the chosen database. --db-password @@ -60,10 +108,29 @@ Database: --db-username The username of the database user. -Vault: +Transaction: ---vault-dir If set, secrets can be obtained by reading the content of files within the - given directory. +--transaction-xa-enabled + If set to false, Keycloak uses a non-XA datasource in case the database does + not support XA transactions. Default: true. + +Feature: + +--features Enables a set of one or more features. Possible values are: account-api, + account2, account3, admin-api, admin-fine-grained-authz, admin2, + authorization, ciba, client-policies, client-secret-rotation, + declarative-user-profile, docker, dynamic-scopes, fips, impersonation, + js-adapter, kerberos, map-storage, openshift-integration, par, preview, + recovery-codes, scripts, step-up-authentication, token-exchange, + update-email, web-authn. +--features-disabled + Disables a set of one or more features. Possible values are: account-api, + account2, account3, admin-api, admin-fine-grained-authz, admin2, + authorization, ciba, client-policies, client-secret-rotation, + declarative-user-profile, docker, dynamic-scopes, fips, impersonation, + js-adapter, kerberos, map-storage, openshift-integration, par, preview, + recovery-codes, scripts, step-up-authentication, token-exchange, + update-email, web-authn. Logging: diff --git a/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testImportHelp.unix.approved.txt b/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testImportHelp.unix.approved.txt index acb0e00508..31a63a2a5f 100644 --- a/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testImportHelp.unix.approved.txt +++ b/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testImportHelp.unix.approved.txt @@ -10,9 +10,13 @@ Options: -h, --help This help message. --help-all This same help message but with additional options. +--optimized Use this option to achieve an optimal startup time if you have previously + built a server image using the 'build' command. Database: +--db The database vendor. Possible values are: dev-file, dev-mem, mariadb, mssql, + mysql, oracle, postgres. Default: dev-file. --db-driver The fully qualified class name of the JDBC driver. If not set, a default driver is set accordingly to the chosen database. --db-password @@ -41,10 +45,29 @@ Database: --db-username The username of the database user. -Vault: +Transaction: ---vault-dir If set, secrets can be obtained by reading the content of files within the - given directory. +--transaction-xa-enabled + If set to false, Keycloak uses a non-XA datasource in case the database does + not support XA transactions. Default: true. + +Feature: + +--features Enables a set of one or more features. Possible values are: account-api, + account2, account3, admin-api, admin-fine-grained-authz, admin2, + authorization, ciba, client-policies, client-secret-rotation, + declarative-user-profile, docker, dynamic-scopes, fips, impersonation, + js-adapter, kerberos, map-storage, openshift-integration, par, preview, + recovery-codes, scripts, step-up-authentication, token-exchange, + update-email, web-authn. +--features-disabled + Disables a set of one or more features. Possible values are: account-api, + account2, account3, admin-api, admin-fine-grained-authz, admin2, + authorization, ciba, client-policies, client-secret-rotation, + declarative-user-profile, docker, dynamic-scopes, fips, impersonation, + js-adapter, kerberos, map-storage, openshift-integration, par, preview, + recovery-codes, scripts, step-up-authentication, token-exchange, + update-email, web-authn. Logging: diff --git a/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testImportHelpAll.unix.approved.txt b/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testImportHelpAll.unix.approved.txt index f4d068dd9b..3ddc8239fa 100644 --- a/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testImportHelpAll.unix.approved.txt +++ b/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testImportHelpAll.unix.approved.txt @@ -10,9 +10,52 @@ Options: -h, --help This help message. --help-all This same help message but with additional options. +--optimized Use this option to achieve an optimal startup time if you have previously + built a server image using the 'build' command. Storage (Experimental): +--storage Experimental: Sets the default storage mechanism for all areas. Possible + values are: jpa, chm, hotrod, file. +--storage-area-auth-session + Experimental: Sets a storage mechanism for authentication sessions. Possible + values are: jpa, chm, hotrod, file. +--storage-area-authorization + Experimental: Sets a storage mechanism for authorizations. Possible values + are: jpa, chm, hotrod, file. +--storage-area-client + Experimental: Sets a storage mechanism for clients. Possible values are: jpa, + chm, hotrod, file. +--storage-area-client-scope + Experimental: Sets a storage mechanism for client scopes. Possible values are: + jpa, chm, hotrod, file. +--storage-area-event-admin + Experimental: Sets a storage mechanism for admin events. Possible values are: + jpa, chm, hotrod, file. +--storage-area-event-auth + Experimental: Sets a storage mechanism for authentication and authorization + events. Possible values are: jpa, chm, hotrod, file. +--storage-area-group + Experimental: Sets a storage mechanism for groups. Possible values are: jpa, + chm, hotrod, file. +--storage-area-login-failure + Experimental: Sets a storage mechanism for login failures. Possible values + are: jpa, chm, hotrod, file. +--storage-area-realm + Experimental: Sets a storage mechanism for realms. Possible values are: jpa, + chm, hotrod, file. +--storage-area-role + Experimental: Sets a storage mechanism for roles. Possible values are: jpa, + chm, hotrod, file. +--storage-area-single-use-object + Experimental: Sets a storage mechanism for single use objects. Possible values + are: jpa, chm, hotrod. +--storage-area-user + Experimental: Sets a storage mechanism for users. Possible values are: jpa, + chm, hotrod, file. +--storage-area-user-session + Experimental: Sets a storage mechanism for user and client sessions. Possible + values are: jpa, chm, hotrod, file. --storage-deployment-state-version-seed Experimental: Secret that serves as a seed to mask the version number of Keycloak in URLs. Need to be identical across all servers in the cluster. @@ -29,9 +72,14 @@ Storage (Experimental): Experimental: Sets the port of the Infinispan server. --storage-hotrod-username Experimental: Sets the username of the Infinispan user. +--storage-jpa-db + Experimental: The database vendor for jpa map storage. Possible values are: + postgres, cockroach. Default: postgres. Database: +--db The database vendor. Possible values are: dev-file, dev-mem, mariadb, mssql, + mysql, oracle, postgres. Default: dev-file. --db-driver The fully qualified class name of the JDBC driver. If not set, a default driver is set accordingly to the chosen database. --db-password @@ -60,10 +108,29 @@ Database: --db-username The username of the database user. -Vault: +Transaction: ---vault-dir If set, secrets can be obtained by reading the content of files within the - given directory. +--transaction-xa-enabled + If set to false, Keycloak uses a non-XA datasource in case the database does + not support XA transactions. Default: true. + +Feature: + +--features Enables a set of one or more features. Possible values are: account-api, + account2, account3, admin-api, admin-fine-grained-authz, admin2, + authorization, ciba, client-policies, client-secret-rotation, + declarative-user-profile, docker, dynamic-scopes, fips, impersonation, + js-adapter, kerberos, map-storage, openshift-integration, par, preview, + recovery-codes, scripts, step-up-authentication, token-exchange, + update-email, web-authn. +--features-disabled + Disables a set of one or more features. Possible values are: account-api, + account2, account3, admin-api, admin-fine-grained-authz, admin2, + authorization, ciba, client-policies, client-secret-rotation, + declarative-user-profile, docker, dynamic-scopes, fips, impersonation, + js-adapter, kerberos, map-storage, openshift-integration, par, preview, + recovery-codes, scripts, step-up-authentication, token-exchange, + update-email, web-authn. Logging: diff --git a/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testStartHelp.unix.approved.txt b/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testStartHelp.unix.approved.txt index 3d0f3aca5b..ebb0c4e487 100644 --- a/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testStartHelp.unix.approved.txt +++ b/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testStartHelp.unix.approved.txt @@ -17,7 +17,7 @@ Options: --help-all This same help message but with additional options. --import-realm Import realms during startup by reading any realm configuration file from the 'data/import' directory. ---optimized Use this option to achieve an optional startup time if you have previously +--optimized Use this option to achieve an optimal startup time if you have previously built a server image using the 'build' command. Cache: diff --git a/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testStartHelp.windows.approved.txt b/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testStartHelp.windows.approved.txt index 435fedb7b4..af3b794098 100644 --- a/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testStartHelp.windows.approved.txt +++ b/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testStartHelp.windows.approved.txt @@ -17,7 +17,7 @@ Options: --help-all This same help message but with additional options. --import-realm Import realms during startup by reading any realm configuration file from the 'data/import' directory. ---optimized Use this option to achieve an optional startup time if you have previously +--optimized Use this option to achieve an optimal startup time if you have previously built a server image using the 'build' command. Cache: diff --git a/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testStartHelpAll.unix.approved.txt b/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testStartHelpAll.unix.approved.txt index 60b4ad5196..8398cb47fd 100644 --- a/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testStartHelpAll.unix.approved.txt +++ b/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testStartHelpAll.unix.approved.txt @@ -17,7 +17,7 @@ Options: --help-all This same help message but with additional options. --import-realm Import realms during startup by reading any realm configuration file from the 'data/import' directory. ---optimized Use this option to achieve an optional startup time if you have previously +--optimized Use this option to achieve an optimal startup time if you have previously built a server image using the 'build' command. Cache: diff --git a/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testStartHelpAll.windows.approved.txt b/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testStartHelpAll.windows.approved.txt index 37a519e2e5..7858f51671 100644 --- a/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testStartHelpAll.windows.approved.txt +++ b/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testStartHelpAll.windows.approved.txt @@ -17,7 +17,7 @@ Options: --help-all This same help message but with additional options. --import-realm Import realms during startup by reading any realm configuration file from the 'data/import' directory. ---optimized Use this option to achieve an optional startup time if you have previously +--optimized Use this option to achieve an optimal startup time if you have previously built a server image using the 'build' command. Cache: diff --git a/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testStartOptimizedHelp.unix.approved.txt b/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testStartOptimizedHelp.unix.approved.txt index 78bf60b950..641048ec19 100644 --- a/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testStartOptimizedHelp.unix.approved.txt +++ b/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testStartOptimizedHelp.unix.approved.txt @@ -17,7 +17,7 @@ Options: --help-all This same help message but with additional options. --import-realm Import realms during startup by reading any realm configuration file from the 'data/import' directory. ---optimized Use this option to achieve an optional startup time if you have previously +--optimized Use this option to achieve an optimal startup time if you have previously built a server image using the 'build' command. Database: diff --git a/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testStartOptimizedHelp.windows.approved.txt b/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testStartOptimizedHelp.windows.approved.txt index 69debe0c58..21151a1e0c 100644 --- a/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testStartOptimizedHelp.windows.approved.txt +++ b/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testStartOptimizedHelp.windows.approved.txt @@ -17,7 +17,7 @@ Options: --help-all This same help message but with additional options. --import-realm Import realms during startup by reading any realm configuration file from the 'data/import' directory. ---optimized Use this option to achieve an optional startup time if you have previously +--optimized Use this option to achieve an optimal startup time if you have previously built a server image using the 'build' command. Database: diff --git a/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testStartOptimizedHelpAll.unix.approved.txt b/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testStartOptimizedHelpAll.unix.approved.txt index 1fedb47d0d..b270d92928 100644 --- a/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testStartOptimizedHelpAll.unix.approved.txt +++ b/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testStartOptimizedHelpAll.unix.approved.txt @@ -17,7 +17,7 @@ Options: --help-all This same help message but with additional options. --import-realm Import realms during startup by reading any realm configuration file from the 'data/import' directory. ---optimized Use this option to achieve an optional startup time if you have previously +--optimized Use this option to achieve an optimal startup time if you have previously built a server image using the 'build' command. Storage (Experimental): diff --git a/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testStartOptimizedHelpAll.windows.approved.txt b/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testStartOptimizedHelpAll.windows.approved.txt index d1c6c62145..bc8d11f0b4 100644 --- a/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testStartOptimizedHelpAll.windows.approved.txt +++ b/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testStartOptimizedHelpAll.windows.approved.txt @@ -17,7 +17,7 @@ Options: --help-all This same help message but with additional options. --import-realm Import realms during startup by reading any realm configuration file from the 'data/import' directory. ---optimized Use this option to achieve an optional startup time if you have previously +--optimized Use this option to achieve an optimal startup time if you have previously built a server image using the 'build' command. Storage (Experimental):