libre.sh/keycloak-scim
3
0
Fork 0
Code Issues 15 Pull requests Releases Packages Activity Actions

MTLS Cache options should be runtime options, not build time options

Browse source 
Closes #27701

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
This commit is contained in:
Alexander Schwartz 2024-03-08 10:15:54 +01:00 committed by Alexander Schwartz
parent a3be85b2cd
commit 505ba87d6d
4 changed files with 28 additions and 19 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
quarkus/config-api/src/main/java/org/keycloak/config/CachingOptions.java
View file

@ -60,20 +60,17 @@ public class CachingOptions {
.category(OptionCategory.CACHE) .category(OptionCategory.CACHE)
.description("Encrypts the network communication between Keycloak servers.") .description("Encrypts the network communication between Keycloak servers.")
.defaultValue(Boolean.FALSE) .defaultValue(Boolean.FALSE)
.buildTime(true)
.build(); .build();
public static final Option<String> CACHE_EMBEDDED_MTLS_KEYSTORE = new OptionBuilder<>(CACHE_EMBEDDED_MTLS_KEYSTORE_FILE_PROPERTY, String.class) public static final Option<String> CACHE_EMBEDDED_MTLS_KEYSTORE = new OptionBuilder<>(CACHE_EMBEDDED_MTLS_KEYSTORE_FILE_PROPERTY, String.class)
.category(OptionCategory.CACHE) .category(OptionCategory.CACHE)
.description("The Keystore file path. The Keystore must contain the certificate to use by the TLS protocol. " + .description("The Keystore file path. The Keystore must contain the certificate to use by the TLS protocol. " +
"By default, it lookup 'cache-mtls-keystore.p12' under conf/ directory.") "By default, it lookup 'cache-mtls-keystore.p12' under conf/ directory.")
.buildTime(true)
.build(); .build();
public static final Option<String> CACHE_EMBEDDED_MTLS_KEYSTORE_PASSWORD = new OptionBuilder<>(CACHE_EMBEDDED_MTLS_KEYSTORE_PASSWORD_PROPERTY, String.class) public static final Option<String> CACHE_EMBEDDED_MTLS_KEYSTORE_PASSWORD = new OptionBuilder<>(CACHE_EMBEDDED_MTLS_KEYSTORE_PASSWORD_PROPERTY, String.class)
.category(OptionCategory.CACHE) .category(OptionCategory.CACHE)
.description("The password to access the Keystore.") .description("The password to access the Keystore.")
.buildTime(true)
.build(); .build();
public static final Option<String> CACHE_EMBEDDED_MTLS_TRUSTSTORE = new OptionBuilder<>(CACHE_EMBEDDED_MTLS_TRUSTSTORE_FILE_PROPERTY, String.class) public static final Option<String> CACHE_EMBEDDED_MTLS_TRUSTSTORE = new OptionBuilder<>(CACHE_EMBEDDED_MTLS_TRUSTSTORE_FILE_PROPERTY, String.class)
@ -81,13 +78,11 @@ public class CachingOptions {
.description("The Truststore file path. " + .description("The Truststore file path. " +
"It should contain the trusted certificates or the Certificate Authority that signed the certificates. " + "It should contain the trusted certificates or the Certificate Authority that signed the certificates. " +
"By default, it lookup 'cache-mtls-truststore.p12' under conf/ directory.") "By default, it lookup 'cache-mtls-truststore.p12' under conf/ directory.")
.buildTime(true)
.build(); .build();
public static final Option<String> CACHE_EMBEDDED_MTLS_TRUSTSTORE_PASSWORD = new OptionBuilder<>(CACHE_EMBEDDED_MTLS_TRUSTSTORE_PASSWORD_PROPERTY, String.class) public static final Option<String> CACHE_EMBEDDED_MTLS_TRUSTSTORE_PASSWORD = new OptionBuilder<>(CACHE_EMBEDDED_MTLS_TRUSTSTORE_PASSWORD_PROPERTY, String.class)
.category(OptionCategory.CACHE) .category(OptionCategory.CACHE)
.description("The password to access the Truststore.") .description("The password to access the Truststore.")
.buildTime(true)
.build(); .build();
public static final Option<String> CACHE_REMOTE_HOST = new OptionBuilder<>(CACHE_REMOTE_HOST_PROPERTY, String.class) public static final Option<String> CACHE_REMOTE_HOST = new OptionBuilder<>(CACHE_REMOTE_HOST_PROPERTY, String.class)

14
quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testBuildHelp.unix.approved.txt vendored
View file

@ -27,20 +27,6 @@ Cache:
--cache-config-file <file> --cache-config-file <file>
Defines the file from which cache configuration should be loaded from. The Defines the file from which cache configuration should be loaded from. The
configuration file is relative to the 'conf/' directory. configuration file is relative to the 'conf/' directory.
--cache-embedded-mtls-enabled <true|false>
Encrypts the network communication between Keycloak servers. Default: false.
--cache-embedded-mtls-key-store-file <file>
The Keystore file path. The Keystore must contain the certificate to use by
the TLS protocol. By default, it lookup 'cache-mtls-keystore.p12' under
conf/ directory.
--cache-embedded-mtls-key-store-password <password>
The password to access the Keystore.
--cache-embedded-mtls-trust-store-file <file>
The Truststore file path. It should contain the trusted certificates or the
Certificate Authority that signed the certificates. By default, it lookup
'cache-mtls-truststore.p12' under conf/ directory.
--cache-embedded-mtls-trust-store-password <password>
The password to access the Truststore.
--cache-stack <stack> --cache-stack <stack>
Define the default stack to use for cluster communication and node discovery. Define the default stack to use for cluster communication and node discovery.
This option only takes effect if 'cache' is set to 'ispn'. Default: udp. This option only takes effect if 'cache' is set to 'ispn'. Default: udp.

14
quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testStartOptimizedHelp.unix.approved.txt vendored
View file

@ -18,6 +18,20 @@ Options:
Cache: Cache:
--cache-embedded-mtls-enabled <true|false>
Encrypts the network communication between Keycloak servers. Default: false.
--cache-embedded-mtls-key-store-file <file>
The Keystore file path. The Keystore must contain the certificate to use by
the TLS protocol. By default, it lookup 'cache-mtls-keystore.p12' under
conf/ directory.
--cache-embedded-mtls-key-store-password <password>
The password to access the Keystore.
--cache-embedded-mtls-trust-store-file <file>
The Truststore file path. It should contain the trusted certificates or the
Certificate Authority that signed the certificates. By default, it lookup
'cache-mtls-truststore.p12' under conf/ directory.
--cache-embedded-mtls-trust-store-password <password>
The password to access the Truststore.
--cache-remote-host <hostname> --cache-remote-host <hostname>
The hostname of the remote server for the remote store configuration. It The hostname of the remote server for the remote store configuration. It
replaces the 'host' attribute of 'remote-server' tag of the configuration replaces the 'host' attribute of 'remote-server' tag of the configuration

14
quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testStartOptimizedHelpAll.unix.approved.txt vendored
View file

@ -18,6 +18,20 @@ Options:
Cache: Cache:
--cache-embedded-mtls-enabled <true|false>
Encrypts the network communication between Keycloak servers. Default: false.
--cache-embedded-mtls-key-store-file <file>
The Keystore file path. The Keystore must contain the certificate to use by
the TLS protocol. By default, it lookup 'cache-mtls-keystore.p12' under
conf/ directory.
--cache-embedded-mtls-key-store-password <password>
The password to access the Keystore.
--cache-embedded-mtls-trust-store-file <file>
The Truststore file path. It should contain the trusted certificates or the
Certificate Authority that signed the certificates. By default, it lookup
'cache-mtls-truststore.p12' under conf/ directory.
--cache-embedded-mtls-trust-store-password <password>
The password to access the Truststore.
--cache-remote-host <hostname> --cache-remote-host <hostname>
The hostname of the remote server for the remote store configuration. It The hostname of the remote server for the remote store configuration. It
replaces the 'host' attribute of 'remote-server' tag of the configuration replaces the 'host' attribute of 'remote-server' tag of the configuration