Review CLI option change for caching
Closes #28750 Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
This commit is contained in:
Alexander Schwartz
Alexander Schwartz
parent
3de5357091
commit
9d0b1ecee4
10 changed files with 57 additions and 71 deletions
|
|
@ -155,8 +155,8 @@ Once any of declared CLI parameters are present, it is expected there is no conf
|
|||
|
||||
WARNING: Disabling security is not recommended in production!
|
||||
|
||||
In development or test environment, it is easier to start an unsecured Infinispan server.
|
||||
For these use case, the CLI options `cache-remote-tls-enabled` disables the encryption (SSL) between {project_name} and Infinispan.
|
||||
In a development or test environment, it is easier to start an unsecured Infinispan server.
|
||||
For these use case, the CLI options `cache-remote-tls-enabled` disables the encryption (TLS) between {project_name} and Infinispan.
|
||||
{project_name} will fail to start if the Infinispan server is configured to accept only encrypted connections.
|
||||
|
||||
The CLI options `cache-remote-username` and `cache-remote-password` are optional and, if not set, {project_name} will connect to the Infinispan server without presenting any credentials.
|
||||
|
|
|
|||
|
|
@ -110,16 +110,16 @@ public class CachingOptions {
|
|||
.category(OptionCategory.CACHE)
|
||||
.description(String.format("The username for the authentication to the remote server for the remote store. "
|
||||
+ "It replaces the 'username' attribute of 'digest' tag of the configuration specified via XML file (see '%s' option.). "
|
||||
+ "If the option is specified, '%s' and '%s' are required as well and the related configuration in XML file should not be present.",
|
||||
CACHE_CONFIG_FILE_PROPERTY, CACHE_REMOTE_HOST_PROPERTY, CACHE_REMOTE_PASSWORD_PROPERTY))
|
||||
+ "If the option is specified, '%s' is required as well and the related configuration in XML file should not be present.",
|
||||
CACHE_CONFIG_FILE_PROPERTY, CACHE_REMOTE_PASSWORD_PROPERTY))
|
||||
.build();
|
||||
|
||||
public static final Option<String> CACHE_REMOTE_PASSWORD = new OptionBuilder<>(CACHE_REMOTE_PASSWORD_PROPERTY, String.class)
|
||||
.category(OptionCategory.CACHE)
|
||||
.description(String.format("The password for the authentication to the remote server for the remote store. "
|
||||
+ "It replaces the 'password' attribute of 'digest' tag of the configuration specified via XML file (see '%s' option.). "
|
||||
+ "If the option is specified, '%s' and '%s' are required as well and the related configuration in XML file should not be present.",
|
||||
CACHE_CONFIG_FILE_PROPERTY, CACHE_REMOTE_HOST_PROPERTY, CACHE_REMOTE_USERNAME_PROPERTY))
|
||||
+ "If the option is specified, '%s' is required as well and the related configuration in XML file should not be present.",
|
||||
CACHE_CONFIG_FILE_PROPERTY, CACHE_REMOTE_USERNAME_PROPERTY))
|
||||
.build();
|
||||
|
||||
public static final Option<Boolean> CACHE_METRICS_HISTOGRAMS_ENABLED = new OptionBuilder<>(CACHE_METRICS_HISTOGRAMS_ENABLED_PROPERTY, Boolean.class)
|
||||
|
|
@ -129,7 +129,7 @@ public class CachingOptions {
|
|||
|
||||
public static final Option<Boolean> CACHE_REMOTE_TLS_ENABLED = new OptionBuilder<>(CACHE_REMOTE_TLS_ENABLED_PROPERTY, Boolean.class)
|
||||
.category(OptionCategory.CACHE)
|
||||
.description("Enable SSL support to communication with a secure remote Infinispan server. It is not recommended to disable in production!")
|
||||
.description("Enable TLS support to communicate with a secured remote Infinispan server. Recommended to be enabled in production.")
|
||||
.defaultValue(Boolean.TRUE)
|
||||
.build();
|
||||
}
|
||||
|
|
|
|||
|
|
@ -6,6 +6,7 @@ import org.keycloak.quarkus.runtime.Environment;
|
|||
import io.smallrye.config.ConfigSourceInterceptorContext;
|
||||
|
||||
import static java.util.Optional.of;
|
||||
import static org.keycloak.quarkus.runtime.configuration.Configuration.getOptionalValue;
|
||||
import static org.keycloak.quarkus.runtime.configuration.mappers.PropertyMapper.fromOption;
|
||||
|
||||
import java.io.File;
|
||||
|
|
@ -14,6 +15,8 @@ import java.util.Optional;
|
|||
|
||||
final class CachingPropertyMappers {
|
||||
|
||||
private static final String REMOTE_HOST_SET = "remote host is set";
|
||||
|
||||
private CachingPropertyMappers() {
|
||||
}
|
||||
|
||||
|
|
@ -52,12 +55,18 @@ final class CachingPropertyMappers {
|
|||
.paramLabel("hostname")
|
||||
.build(),
|
||||
fromOption(CachingOptions.CACHE_REMOTE_PORT)
|
||||
.isEnabled(CachingPropertyMappers::remoteHostSet, CachingPropertyMappers.REMOTE_HOST_SET)
|
||||
.paramLabel("port")
|
||||
.build(),
|
||||
fromOption(CachingOptions.CACHE_REMOTE_TLS_ENABLED)
|
||||
.isEnabled(CachingPropertyMappers::remoteHostSet, CachingPropertyMappers.REMOTE_HOST_SET)
|
||||
.build(),
|
||||
fromOption(CachingOptions.CACHE_REMOTE_USERNAME)
|
||||
.isEnabled(CachingPropertyMappers::remoteHostSet, CachingPropertyMappers.REMOTE_HOST_SET)
|
||||
.paramLabel("username")
|
||||
.build(),
|
||||
fromOption(CachingOptions.CACHE_REMOTE_PASSWORD)
|
||||
.isEnabled(CachingPropertyMappers::remoteHostSet, CachingPropertyMappers.REMOTE_HOST_SET)
|
||||
.paramLabel("password")
|
||||
.isMasked(true)
|
||||
.build(),
|
||||
|
|
@ -69,6 +78,10 @@ final class CachingPropertyMappers {
|
|||
};
|
||||
}
|
||||
|
||||
private static boolean remoteHostSet() {
|
||||
return getOptionalValue(CachingOptions.CACHE_REMOTE_HOST_PROPERTY).isPresent();
|
||||
}
|
||||
|
||||
private static Optional<String> resolveConfigFile(Optional<String> value, ConfigSourceInterceptorContext context) {
|
||||
if ("local".equals(value.get())) {
|
||||
return of("cache-local.xml");
|
||||
|
|
|
|||
|
|
@ -148,7 +148,7 @@ public class CacheManagerFactory {
|
|||
|
||||
private static boolean isRemoteAuthenticationEnabled() {
|
||||
return Configuration.getOptionalValue(CACHE_REMOTE_USERNAME_PROPERTY).isPresent() ||
|
||||
Configuration.getOptionalValue(CACHE_REMOTE_PASSWORD_PROPERTY).isEmpty();
|
||||
Configuration.getOptionalValue(CACHE_REMOTE_PASSWORD_PROPERTY).isPresent();
|
||||
}
|
||||
|
||||
private static SSLContext createSSLContext() {
|
||||
|
|
|
|||
|
|
@ -45,22 +45,6 @@ Cache:
|
|||
specified via XML file (see 'cache-config-file' option.). If the option is
|
||||
specified, 'cache-remote-username' and 'cache-remote-password' are required
|
||||
as well and the related configuration in XML file should not be present.
|
||||
--cache-remote-password <password>
|
||||
The password for the authentication to the remote server for the remote store.
|
||||
It replaces the 'password' attribute of 'digest' tag of the configuration
|
||||
specified via XML file (see 'cache-config-file' option.). If the option is
|
||||
specified, 'cache-remote-host' and 'cache-remote-username' are required as
|
||||
well and the related configuration in XML file should not be present.
|
||||
--cache-remote-port <port>
|
||||
The port of the remote server for the remote store configuration. It replaces
|
||||
the 'port' attribute of 'remote-server' tag of the configuration specified
|
||||
via XML file (see 'cache-config-file' option.). Default: 11222.
|
||||
--cache-remote-username <username>
|
||||
The username for the authentication to the remote server for the remote store.
|
||||
It replaces the 'username' attribute of 'digest' tag of the configuration
|
||||
specified via XML file (see 'cache-config-file' option.). If the option is
|
||||
specified, 'cache-remote-host' and 'cache-remote-password' are required as
|
||||
well and the related configuration in XML file should not be present.
|
||||
--cache-stack <stack>
|
||||
Define the default stack to use for cluster communication and node discovery.
|
||||
This option only takes effect if 'cache' is set to 'ispn'. Default: udp.
|
||||
|
|
|
|||
|
|
@ -52,18 +52,25 @@ Cache:
|
|||
The password for the authentication to the remote server for the remote store.
|
||||
It replaces the 'password' attribute of 'digest' tag of the configuration
|
||||
specified via XML file (see 'cache-config-file' option.). If the option is
|
||||
specified, 'cache-remote-host' and 'cache-remote-username' are required as
|
||||
well and the related configuration in XML file should not be present.
|
||||
specified, 'cache-remote-username' is required as well and the related
|
||||
configuration in XML file should not be present. Available only when remote
|
||||
host is set.
|
||||
--cache-remote-port <port>
|
||||
The port of the remote server for the remote store configuration. It replaces
|
||||
the 'port' attribute of 'remote-server' tag of the configuration specified
|
||||
via XML file (see 'cache-config-file' option.). Default: 11222.
|
||||
via XML file (see 'cache-config-file' option.). Default: 11222. Available
|
||||
only when remote host is set.
|
||||
--cache-remote-tls-enabled <true|false>
|
||||
Enable TLS support to communicate with a secured remote Infinispan server.
|
||||
Recommended to be enabled in production. Default: true. Available only when
|
||||
remote host is set.
|
||||
--cache-remote-username <username>
|
||||
The username for the authentication to the remote server for the remote store.
|
||||
It replaces the 'username' attribute of 'digest' tag of the configuration
|
||||
specified via XML file (see 'cache-config-file' option.). If the option is
|
||||
specified, 'cache-remote-host' and 'cache-remote-password' are required as
|
||||
well and the related configuration in XML file should not be present.
|
||||
specified, 'cache-remote-password' is required as well and the related
|
||||
configuration in XML file should not be present. Available only when remote
|
||||
host is set.
|
||||
--cache-stack <stack>
|
||||
Define the default stack to use for cluster communication and node discovery.
|
||||
This option only takes effect if 'cache' is set to 'ispn'. Default: udp.
|
||||
|
|
|
|||
|
|
@ -46,22 +46,6 @@ Cache:
|
|||
specified via XML file (see 'cache-config-file' option.). If the option is
|
||||
specified, 'cache-remote-username' and 'cache-remote-password' are required
|
||||
as well and the related configuration in XML file should not be present.
|
||||
--cache-remote-password <password>
|
||||
The password for the authentication to the remote server for the remote store.
|
||||
It replaces the 'password' attribute of 'digest' tag of the configuration
|
||||
specified via XML file (see 'cache-config-file' option.). If the option is
|
||||
specified, 'cache-remote-host' and 'cache-remote-username' are required as
|
||||
well and the related configuration in XML file should not be present.
|
||||
--cache-remote-port <port>
|
||||
The port of the remote server for the remote store configuration. It replaces
|
||||
the 'port' attribute of 'remote-server' tag of the configuration specified
|
||||
via XML file (see 'cache-config-file' option.). Default: 11222.
|
||||
--cache-remote-username <username>
|
||||
The username for the authentication to the remote server for the remote store.
|
||||
It replaces the 'username' attribute of 'digest' tag of the configuration
|
||||
specified via XML file (see 'cache-config-file' option.). If the option is
|
||||
specified, 'cache-remote-host' and 'cache-remote-password' are required as
|
||||
well and the related configuration in XML file should not be present.
|
||||
--cache-stack <stack>
|
||||
Define the default stack to use for cluster communication and node discovery.
|
||||
This option only takes effect if 'cache' is set to 'ispn'. Default: udp.
|
||||
|
|
|
|||
|
|
@ -53,18 +53,25 @@ Cache:
|
|||
The password for the authentication to the remote server for the remote store.
|
||||
It replaces the 'password' attribute of 'digest' tag of the configuration
|
||||
specified via XML file (see 'cache-config-file' option.). If the option is
|
||||
specified, 'cache-remote-host' and 'cache-remote-username' are required as
|
||||
well and the related configuration in XML file should not be present.
|
||||
specified, 'cache-remote-username' is required as well and the related
|
||||
configuration in XML file should not be present. Available only when remote
|
||||
host is set.
|
||||
--cache-remote-port <port>
|
||||
The port of the remote server for the remote store configuration. It replaces
|
||||
the 'port' attribute of 'remote-server' tag of the configuration specified
|
||||
via XML file (see 'cache-config-file' option.). Default: 11222.
|
||||
via XML file (see 'cache-config-file' option.). Default: 11222. Available
|
||||
only when remote host is set.
|
||||
--cache-remote-tls-enabled <true|false>
|
||||
Enable TLS support to communicate with a secured remote Infinispan server.
|
||||
Recommended to be enabled in production. Default: true. Available only when
|
||||
remote host is set.
|
||||
--cache-remote-username <username>
|
||||
The username for the authentication to the remote server for the remote store.
|
||||
It replaces the 'username' attribute of 'digest' tag of the configuration
|
||||
specified via XML file (see 'cache-config-file' option.). If the option is
|
||||
specified, 'cache-remote-host' and 'cache-remote-password' are required as
|
||||
well and the related configuration in XML file should not be present.
|
||||
specified, 'cache-remote-password' is required as well and the related
|
||||
configuration in XML file should not be present. Available only when remote
|
||||
host is set.
|
||||
--cache-stack <stack>
|
||||
Define the default stack to use for cluster communication and node discovery.
|
||||
This option only takes effect if 'cache' is set to 'ispn'. Default: udp.
|
||||
|
|
|
|||
|
|
@ -46,22 +46,6 @@ Cache:
|
|||
specified via XML file (see 'cache-config-file' option.). If the option is
|
||||
specified, 'cache-remote-username' and 'cache-remote-password' are required
|
||||
as well and the related configuration in XML file should not be present.
|
||||
--cache-remote-password <password>
|
||||
The password for the authentication to the remote server for the remote store.
|
||||
It replaces the 'password' attribute of 'digest' tag of the configuration
|
||||
specified via XML file (see 'cache-config-file' option.). If the option is
|
||||
specified, 'cache-remote-host' and 'cache-remote-username' are required as
|
||||
well and the related configuration in XML file should not be present.
|
||||
--cache-remote-port <port>
|
||||
The port of the remote server for the remote store configuration. It replaces
|
||||
the 'port' attribute of 'remote-server' tag of the configuration specified
|
||||
via XML file (see 'cache-config-file' option.). Default: 11222.
|
||||
--cache-remote-username <username>
|
||||
The username for the authentication to the remote server for the remote store.
|
||||
It replaces the 'username' attribute of 'digest' tag of the configuration
|
||||
specified via XML file (see 'cache-config-file' option.). If the option is
|
||||
specified, 'cache-remote-host' and 'cache-remote-password' are required as
|
||||
well and the related configuration in XML file should not be present.
|
||||
--cache-stack <stack>
|
||||
Define the default stack to use for cluster communication and node discovery.
|
||||
This option only takes effect if 'cache' is set to 'ispn'. Default: udp.
|
||||
|
|
|
|||
|
|
@ -53,18 +53,25 @@ Cache:
|
|||
The password for the authentication to the remote server for the remote store.
|
||||
It replaces the 'password' attribute of 'digest' tag of the configuration
|
||||
specified via XML file (see 'cache-config-file' option.). If the option is
|
||||
specified, 'cache-remote-host' and 'cache-remote-username' are required as
|
||||
well and the related configuration in XML file should not be present.
|
||||
specified, 'cache-remote-username' is required as well and the related
|
||||
configuration in XML file should not be present. Available only when remote
|
||||
host is set.
|
||||
--cache-remote-port <port>
|
||||
The port of the remote server for the remote store configuration. It replaces
|
||||
the 'port' attribute of 'remote-server' tag of the configuration specified
|
||||
via XML file (see 'cache-config-file' option.). Default: 11222.
|
||||
via XML file (see 'cache-config-file' option.). Default: 11222. Available
|
||||
only when remote host is set.
|
||||
--cache-remote-tls-enabled <true|false>
|
||||
Enable TLS support to communicate with a secured remote Infinispan server.
|
||||
Recommended to be enabled in production. Default: true. Available only when
|
||||
remote host is set.
|
||||
--cache-remote-username <username>
|
||||
The username for the authentication to the remote server for the remote store.
|
||||
It replaces the 'username' attribute of 'digest' tag of the configuration
|
||||
specified via XML file (see 'cache-config-file' option.). If the option is
|
||||
specified, 'cache-remote-host' and 'cache-remote-password' are required as
|
||||
well and the related configuration in XML file should not be present.
|
||||
specified, 'cache-remote-password' is required as well and the related
|
||||
configuration in XML file should not be present. Available only when remote
|
||||
host is set.
|
||||
--cache-stack <stack>
|
||||
Define the default stack to use for cluster communication and node discovery.
|
||||
This option only takes effect if 'cache' is set to 'ispn'. Default: udp.
|
||||
|
|
|
|||
Loading…
Reference in a new issue