From ade3b31a91dbc7a0215563507e049c35d2ed5c72 Mon Sep 17 00:00:00 2001 From: Vlasta Ramik Date: Wed, 28 Feb 2024 16:49:19 +0100 Subject: [PATCH] Introduce new CLI config options for Infinispan remote store Closes #25676 Signed-off-by: vramik Signed-off-by: Pedro Ruivo Signed-off-by: Alexander Schwartz Co-authored-by: Pedro Ruivo Co-authored-by: Alexander Schwartz --- docs/guides/server/caching.adoc | 6 ++ .../InfinispanConnectionProvider.java | 12 +++ .../org/keycloak/config/CachingOptions.java | 42 ++++++++++- .../mappers/CachingPropertyMappers.java | 13 ++++ .../infinispan/CacheManagerFactory.java | 74 ++++++++++++++++++- ...istTest.testStartDevHelp.unix.approved.txt | 24 +++++- ...Test.testStartDevHelp.windows.approved.txt | 22 ++++++ ...Test.testStartDevHelpAll.unix.approved.txt | 24 +++++- ...t.testStartDevHelpAll.windows.approved.txt | 22 ++++++ ...ndDistTest.testStartHelp.unix.approved.txt | 24 +++++- ...istTest.testStartHelp.windows.approved.txt | 22 ++++++ ...istTest.testStartHelpAll.unix.approved.txt | 24 +++++- ...Test.testStartHelpAll.windows.approved.txt | 22 ++++++ ...t.testStartOptimizedHelp.unix.approved.txt | 27 ++++++- ...estStartOptimizedHelp.windows.approved.txt | 25 +++++++ ...estStartOptimizedHelpAll.unix.approved.txt | 27 ++++++- ...StartOptimizedHelpAll.windows.approved.txt | 25 +++++++ .../AbstractQuarkusDeployableContainer.java | 2 + 18 files changed, 429 insertions(+), 8 deletions(-) diff --git a/docs/guides/server/caching.adoc b/docs/guides/server/caching.adoc index b887bd382b..a2e4bc4082 100644 --- a/docs/guides/server/caching.adoc +++ b/docs/guides/server/caching.adoc @@ -146,6 +146,12 @@ To specify your own cache configuration file, enter this command: The configuration file is relative to the `conf/` directory. +=== CLI options for remote server + +For configuration of {project_name} server for high availability and multi-node clustered setup there was introduced following CLI options `cache-remote-host`, `cache-remote-port`, `cache-remote-username` and `cache-remote-password` simplifying configuration within the XML file. +Once any of declared CLI parameters are present, it is expected there is no configuration related to remote store present in the XML file. + + == Transport stacks Transport stacks ensure that distributed cache nodes in a cluster communicate in a reliable fashion. {project_name} supports a wide range of transport stacks: diff --git a/model/infinispan/src/main/java/org/keycloak/connections/infinispan/InfinispanConnectionProvider.java b/model/infinispan/src/main/java/org/keycloak/connections/infinispan/InfinispanConnectionProvider.java index d8713da786..1f0747efc0 100755 --- a/model/infinispan/src/main/java/org/keycloak/connections/infinispan/InfinispanConnectionProvider.java +++ b/model/infinispan/src/main/java/org/keycloak/connections/infinispan/InfinispanConnectionProvider.java @@ -17,6 +17,7 @@ package org.keycloak.connections.infinispan; +import java.util.List; import org.infinispan.Cache; import org.infinispan.client.hotrod.RemoteCache; import org.keycloak.provider.Provider; @@ -84,6 +85,17 @@ public interface InfinispanConnectionProvider extends Provider { KEYS_CACHE_NAME }; + // list of cache name which could be defined as distributed or replicated + public static List DISTRIBUTED_REPLICATED_CACHE_NAMES = List.of( + USER_SESSION_CACHE_NAME, + CLIENT_SESSION_CACHE_NAME, + OFFLINE_USER_SESSION_CACHE_NAME, + OFFLINE_CLIENT_SESSION_CACHE_NAME, + LOGIN_FAILURE_CACHE_NAME, + AUTHENTICATION_SESSIONS_CACHE_NAME, + ACTION_TOKEN_CACHE, + WORK_CACHE_NAME); + /** * * Effectively the same as {@link InfinispanConnectionProvider#getCache(String, boolean)} with createIfAbsent set to {@code true} diff --git a/quarkus/config-api/src/main/java/org/keycloak/config/CachingOptions.java b/quarkus/config-api/src/main/java/org/keycloak/config/CachingOptions.java index 72c31fe90c..745ea50a6a 100644 --- a/quarkus/config-api/src/main/java/org/keycloak/config/CachingOptions.java +++ b/quarkus/config-api/src/main/java/org/keycloak/config/CachingOptions.java @@ -4,6 +4,8 @@ import java.io.File; public class CachingOptions { + public static final String CACHE_CONFIG_FILE_PROPERTY = "cache-config-file"; + private static final String CACHE_EMBEDDED_MTLS_PREFIX = "cache-embedded-mtls"; public static final String CACHE_EMBEDDED_MTLS_ENABLED_PROPERTY = CACHE_EMBEDDED_MTLS_PREFIX + "-enabled"; public static final String CACHE_EMBEDDED_MTLS_KEYSTORE_FILE_PROPERTY = CACHE_EMBEDDED_MTLS_PREFIX + "-key-store-file"; @@ -11,6 +13,12 @@ public class CachingOptions { public static final String CACHE_EMBEDDED_MTLS_TRUSTSTORE_FILE_PROPERTY = CACHE_EMBEDDED_MTLS_PREFIX + "-trust-store-file"; public static final String CACHE_EMBEDDED_MTLS_TRUSTSTORE_PASSWORD_PROPERTY = CACHE_EMBEDDED_MTLS_PREFIX + "-trust-store-password"; + private static final String CACHE_REMOTE_PREFIX = "cache-remote"; + public static final String CACHE_REMOTE_HOST_PROPERTY = CACHE_REMOTE_PREFIX + "-host"; + public static final String CACHE_REMOTE_PORT_PROPERTY = CACHE_REMOTE_PREFIX + "-port"; + public static final String CACHE_REMOTE_USERNAME_PROPERTY = CACHE_REMOTE_PREFIX + "-username"; + public static final String CACHE_REMOTE_PASSWORD_PROPERTY = CACHE_REMOTE_PREFIX + "-password"; + public enum Mechanism { ispn, local @@ -41,7 +49,7 @@ public class CachingOptions { .buildTime(true) .build(); - public static final Option CACHE_CONFIG_FILE = new OptionBuilder<>("cache-config-file", File.class) + public static final Option CACHE_CONFIG_FILE = new OptionBuilder<>(CACHE_CONFIG_FILE_PROPERTY, File.class) .category(OptionCategory.CACHE) .description("Defines the file from which cache configuration should be loaded from. " + "The configuration file is relative to the 'conf/' directory.") @@ -82,4 +90,36 @@ public class CachingOptions { .buildTime(true) .build(); + public static final Option CACHE_REMOTE_HOST = new OptionBuilder<>(CACHE_REMOTE_HOST_PROPERTY, String.class) + .category(OptionCategory.CACHE) + .description(String.format("The hostname of the remote server for the remote store configuration. " + + "It replaces the 'host' attribute of 'remote-server' tag of the configuration specified via XML file (see '%s' option.). " + + "If the option is specified, '%s' and '%s' are required as well and the related configuration in XML file should not be present.", + CACHE_CONFIG_FILE_PROPERTY, CACHE_REMOTE_USERNAME_PROPERTY, CACHE_REMOTE_PASSWORD_PROPERTY)) + .build(); + + public static final Option CACHE_REMOTE_PORT = new OptionBuilder<>(CACHE_REMOTE_PORT_PROPERTY, Integer.class) + .category(OptionCategory.CACHE) + .description(String.format("The port of the remote server for the remote store configuration. " + + "It replaces the 'port' attribute of 'remote-server' tag of the configuration specified via XML file (see '%s' option.).", + CACHE_CONFIG_FILE_PROPERTY)) + .defaultValue(11222) + .build(); + + public static final Option CACHE_REMOTE_USERNAME = new OptionBuilder<>(CACHE_REMOTE_USERNAME_PROPERTY, String.class) + .category(OptionCategory.CACHE) + .description(String.format("The username for the authentication to the remote server for the remote store. " + + "It replaces the 'username' attribute of 'digest' tag of the configuration specified via XML file (see '%s' option.). " + + "If the option is specified, '%s' and '%s' are required as well and the related configuration in XML file should not be present.", + CACHE_CONFIG_FILE_PROPERTY, CACHE_REMOTE_HOST_PROPERTY, CACHE_REMOTE_PASSWORD_PROPERTY)) + .build(); + + public static final Option CACHE_REMOTE_PASSWORD = new OptionBuilder<>(CACHE_REMOTE_PASSWORD_PROPERTY, String.class) + .category(OptionCategory.CACHE) + .description(String.format("The password for the authentication to the remote server for the remote store. " + + "It replaces the 'password' attribute of 'digest' tag of the configuration specified via XML file (see '%s' option.). " + + "If the option is specified, '%s' and '%s' are required as well and the related configuration in XML file should not be present.", + CACHE_CONFIG_FILE_PROPERTY, CACHE_REMOTE_HOST_PROPERTY, CACHE_REMOTE_USERNAME_PROPERTY)) + .build(); + } diff --git a/quarkus/runtime/src/main/java/org/keycloak/quarkus/runtime/configuration/mappers/CachingPropertyMappers.java b/quarkus/runtime/src/main/java/org/keycloak/quarkus/runtime/configuration/mappers/CachingPropertyMappers.java index 489aa194b5..29b34d66cd 100644 --- a/quarkus/runtime/src/main/java/org/keycloak/quarkus/runtime/configuration/mappers/CachingPropertyMappers.java +++ b/quarkus/runtime/src/main/java/org/keycloak/quarkus/runtime/configuration/mappers/CachingPropertyMappers.java @@ -48,6 +48,19 @@ final class CachingPropertyMappers { .paramLabel("password") .isMasked(true) .build(), + fromOption(CachingOptions.CACHE_REMOTE_HOST) + .paramLabel("hostname") + .build(), + fromOption(CachingOptions.CACHE_REMOTE_PORT) + .paramLabel("port") + .build(), + fromOption(CachingOptions.CACHE_REMOTE_USERNAME) + .paramLabel("username") + .build(), + fromOption(CachingOptions.CACHE_REMOTE_PASSWORD) + .paramLabel("password") + .isMasked(true) + .build(), }; } diff --git a/quarkus/runtime/src/main/java/org/keycloak/quarkus/runtime/storage/legacy/infinispan/CacheManagerFactory.java b/quarkus/runtime/src/main/java/org/keycloak/quarkus/runtime/storage/legacy/infinispan/CacheManagerFactory.java index 62edd3c947..025e2ef846 100644 --- a/quarkus/runtime/src/main/java/org/keycloak/quarkus/runtime/storage/legacy/infinispan/CacheManagerFactory.java +++ b/quarkus/runtime/src/main/java/org/keycloak/quarkus/runtime/storage/legacy/infinispan/CacheManagerFactory.java @@ -17,18 +17,24 @@ package org.keycloak.quarkus.runtime.storage.legacy.infinispan; +import java.security.KeyManagementException; +import java.security.NoSuchAlgorithmException; import java.util.concurrent.ExecutorService; import java.util.concurrent.Executors; import java.util.concurrent.Future; import java.util.concurrent.TimeUnit; import io.micrometer.core.instrument.Metrics; +import org.infinispan.client.hotrod.impl.ConfigurationProperties; +import org.infinispan.configuration.cache.PersistenceConfigurationBuilder; import org.infinispan.configuration.global.GlobalConfiguration; import org.infinispan.configuration.parsing.ConfigurationBuilderHolder; import org.infinispan.configuration.parsing.ParserRegistry; import org.infinispan.jboss.marshalling.core.JBossUserMarshaller; import org.infinispan.manager.DefaultCacheManager; import org.infinispan.metrics.config.MicrometerMeterRegisterConfigurationBuilder; +import org.infinispan.persistence.remote.configuration.ExhaustedAction; +import org.infinispan.persistence.remote.configuration.RemoteStoreConfigurationBuilder; import org.infinispan.remoting.transport.jgroups.JGroupsTransport; import org.jboss.logging.Logger; import org.jgroups.protocols.TCP_NIO2; @@ -37,11 +43,20 @@ import org.jgroups.util.TLS; import org.jgroups.util.TLSClientAuth; import org.keycloak.quarkus.runtime.configuration.Configuration; +import javax.net.ssl.SSLContext; + import static org.keycloak.config.CachingOptions.CACHE_EMBEDDED_MTLS_ENABLED_PROPERTY; import static org.keycloak.config.CachingOptions.CACHE_EMBEDDED_MTLS_KEYSTORE_FILE_PROPERTY; import static org.keycloak.config.CachingOptions.CACHE_EMBEDDED_MTLS_KEYSTORE_PASSWORD_PROPERTY; import static org.keycloak.config.CachingOptions.CACHE_EMBEDDED_MTLS_TRUSTSTORE_FILE_PROPERTY; import static org.keycloak.config.CachingOptions.CACHE_EMBEDDED_MTLS_TRUSTSTORE_PASSWORD_PROPERTY; +import static org.keycloak.config.CachingOptions.CACHE_REMOTE_HOST_PROPERTY; +import static org.keycloak.config.CachingOptions.CACHE_REMOTE_PASSWORD_PROPERTY; +import static org.keycloak.config.CachingOptions.CACHE_REMOTE_PORT_PROPERTY; +import static org.keycloak.config.CachingOptions.CACHE_REMOTE_USERNAME_PROPERTY; +import static org.keycloak.connections.infinispan.InfinispanConnectionProvider.DISTRIBUTED_REPLICATED_CACHE_NAMES; +import static org.keycloak.connections.infinispan.InfinispanConnectionProvider.USER_SESSION_CACHE_NAME; +import static org.wildfly.security.sasl.util.SaslMechanismInformation.Names.SCRAM_SHA_512; public class CacheManagerFactory { @@ -87,8 +102,9 @@ public class CacheManagerFactory { private DefaultCacheManager startCacheManager() { ConfigurationBuilderHolder builder = new ParserRegistry().parse(config); - if (builder.getNamedConfigurationBuilders().get("sessions").clustering().cacheMode().isClustered()) { + if (builder.getNamedConfigurationBuilders().get(USER_SESSION_CACHE_NAME).clustering().cacheMode().isClustered()) { configureTransportStack(builder); + configureRemoteStores(builder); } if (metricsEnabled) { @@ -177,6 +193,62 @@ public class CacheManagerFactory { } + private void configureRemoteStores(ConfigurationBuilderHolder builder) { + //if one of remote store command line parameters is defined, some other are required, otherwise assume it'd configured via xml only + if (Configuration.getOptionalKcValue(CACHE_REMOTE_HOST_PROPERTY).isPresent() || + Configuration.getOptionalKcValue(CACHE_REMOTE_USERNAME_PROPERTY).isPresent() || + Configuration.getOptionalKcValue(CACHE_REMOTE_PASSWORD_PROPERTY).isPresent()) { + + String cacheRemoteHost = requiredStringProperty(CACHE_REMOTE_HOST_PROPERTY); + Integer cacheRemotePort = Configuration.getOptionalKcValue(CACHE_REMOTE_PORT_PROPERTY) + .map(Integer::parseInt) + .orElse(ConfigurationProperties.DEFAULT_HOTROD_PORT); + String cacheRemoteUsername = requiredStringProperty(CACHE_REMOTE_USERNAME_PROPERTY); + String cacheRemotePassword = requiredStringProperty(CACHE_REMOTE_PASSWORD_PROPERTY); + + SSLContext sslContext; + try { + // uses the default Java Runtime TrustStore, or the one generated by Keycloak (see org.keycloak.truststore.TruststoreBuilder) + sslContext = SSLContext.getInstance("TLS"); + sslContext.init(null, null, null); + } catch (NoSuchAlgorithmException | KeyManagementException e) { + throw new RuntimeException(e); + } + + DISTRIBUTED_REPLICATED_CACHE_NAMES.forEach(cacheName -> { + PersistenceConfigurationBuilder persistenceCB = builder.getNamedConfigurationBuilders().get(cacheName).persistence(); + + //if specified via command line -> cannot be defined in the xml file + if (!persistenceCB.stores().isEmpty()) { + throw new RuntimeException(String.format("Remote store for cache '%s' is already configured via CLI parameters. It should not be present in the XML file.", cacheName)); + } + + persistenceCB.addStore(RemoteStoreConfigurationBuilder.class) + .rawValues(true) + .shared(true) + .segmented(false) + .remoteCacheName(cacheName) + .connectionPool() + .maxActive(16) + .exhaustedAction(ExhaustedAction.CREATE_NEW) + .remoteSecurity() + .ssl() + .enable() + .sslContext(sslContext) + .sniHostName(cacheRemoteHost) + .authentication() + .enable() + .username(cacheRemoteUsername) + .password(cacheRemotePassword) + .realm("default") + .saslMechanism(SCRAM_SHA_512) + .addServer() + .host(cacheRemoteHost) + .port(cacheRemotePort); + }); + } + } + private static boolean booleanProperty(String propertyName) { return Configuration.getOptionalKcValue(propertyName).map(Boolean::parseBoolean).orElse(Boolean.FALSE); } diff --git a/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testStartDevHelp.unix.approved.txt b/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testStartDevHelp.unix.approved.txt index e16b7903a1..9991109d86 100644 --- a/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testStartDevHelp.unix.approved.txt +++ b/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testStartDevHelp.unix.approved.txt @@ -39,6 +39,28 @@ Cache: 'cache-mtls-truststore.p12' under conf/ directory. --cache-embedded-mtls-trust-store-password The password to access the Truststore. +--cache-remote-host + The hostname of the remote server for the remote store configuration. It + replaces the 'host' attribute of 'remote-server' tag of the configuration + specified via XML file (see 'cache-config-file' option.). If the option is + specified, 'cache-remote-username' and 'cache-remote-password' are required + as well and the related configuration in XML file should not be present. +--cache-remote-password + The password for the authentication to the remote server for the remote store. + It replaces the 'password' attribute of 'digest' tag of the configuration + specified via XML file (see 'cache-config-file' option.). If the option is + specified, 'cache-remote-host' and 'cache-remote-username' are required as + well and the related configuration in XML file should not be present. +--cache-remote-port + The port of the remote server for the remote store configuration. It replaces + the 'port' attribute of 'remote-server' tag of the configuration specified + via XML file (see 'cache-config-file' option.). Default: 11222. +--cache-remote-username + The username for the authentication to the remote server for the remote store. + It replaces the 'username' attribute of 'digest' tag of the configuration + specified via XML file (see 'cache-config-file' option.). If the option is + specified, 'cache-remote-host' and 'cache-remote-password' are required as + well and the related configuration in XML file should not be present. --cache-stack Define the default stack to use for cluster communication and node discovery. This option only takes effect if 'cache' is set to 'ispn'. Default: udp. @@ -298,4 +320,4 @@ Security: Do NOT start the server using this command when deploying to production. Use 'kc.sh start-dev --help-all' to list all available options, including build -options. \ No newline at end of file +options. diff --git a/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testStartDevHelp.windows.approved.txt b/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testStartDevHelp.windows.approved.txt index 0ee58ed72a..ca091e4ee7 100644 --- a/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testStartDevHelp.windows.approved.txt +++ b/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testStartDevHelp.windows.approved.txt @@ -39,6 +39,28 @@ Cache: 'cache-mtls-truststore.p12' under conf/ directory. --cache-embedded-mtls-trust-store-password The password to access the Truststore. +--cache-remote-host + The hostname of the remote server for the remote store configuration. It + replaces the 'host' attribute of 'remote-server' tag of the configuration + specified via XML file (see 'cache-config-file' option.). If the option is + specified, 'cache-remote-username' and 'cache-remote-password' are required + as well and the related configuration in XML file should not be present. +--cache-remote-password + The password for the authentication to the remote server for the remote store. + It replaces the 'password' attribute of 'digest' tag of the configuration + specified via XML file (see 'cache-config-file' option.). If the option is + specified, 'cache-remote-host' and 'cache-remote-username' are required as + well and the related configuration in XML file should not be present. +--cache-remote-port + The port of the remote server for the remote store configuration. It replaces + the 'port' attribute of 'remote-server' tag of the configuration specified + via XML file (see 'cache-config-file' option.). Default: 11222. +--cache-remote-username + The username for the authentication to the remote server for the remote store. + It replaces the 'username' attribute of 'digest' tag of the configuration + specified via XML file (see 'cache-config-file' option.). If the option is + specified, 'cache-remote-host' and 'cache-remote-password' are required as + well and the related configuration in XML file should not be present. --cache-stack Define the default stack to use for cluster communication and node discovery. This option only takes effect if 'cache' is set to 'ispn'. Default: udp. diff --git a/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testStartDevHelpAll.unix.approved.txt b/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testStartDevHelpAll.unix.approved.txt index e16b7903a1..9991109d86 100644 --- a/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testStartDevHelpAll.unix.approved.txt +++ b/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testStartDevHelpAll.unix.approved.txt @@ -39,6 +39,28 @@ Cache: 'cache-mtls-truststore.p12' under conf/ directory. --cache-embedded-mtls-trust-store-password The password to access the Truststore. +--cache-remote-host + The hostname of the remote server for the remote store configuration. It + replaces the 'host' attribute of 'remote-server' tag of the configuration + specified via XML file (see 'cache-config-file' option.). If the option is + specified, 'cache-remote-username' and 'cache-remote-password' are required + as well and the related configuration in XML file should not be present. +--cache-remote-password + The password for the authentication to the remote server for the remote store. + It replaces the 'password' attribute of 'digest' tag of the configuration + specified via XML file (see 'cache-config-file' option.). If the option is + specified, 'cache-remote-host' and 'cache-remote-username' are required as + well and the related configuration in XML file should not be present. +--cache-remote-port + The port of the remote server for the remote store configuration. It replaces + the 'port' attribute of 'remote-server' tag of the configuration specified + via XML file (see 'cache-config-file' option.). Default: 11222. +--cache-remote-username + The username for the authentication to the remote server for the remote store. + It replaces the 'username' attribute of 'digest' tag of the configuration + specified via XML file (see 'cache-config-file' option.). If the option is + specified, 'cache-remote-host' and 'cache-remote-password' are required as + well and the related configuration in XML file should not be present. --cache-stack Define the default stack to use for cluster communication and node discovery. This option only takes effect if 'cache' is set to 'ispn'. Default: udp. @@ -298,4 +320,4 @@ Security: Do NOT start the server using this command when deploying to production. Use 'kc.sh start-dev --help-all' to list all available options, including build -options. \ No newline at end of file +options. diff --git a/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testStartDevHelpAll.windows.approved.txt b/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testStartDevHelpAll.windows.approved.txt index 0ee58ed72a..ca091e4ee7 100644 --- a/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testStartDevHelpAll.windows.approved.txt +++ b/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testStartDevHelpAll.windows.approved.txt @@ -39,6 +39,28 @@ Cache: 'cache-mtls-truststore.p12' under conf/ directory. --cache-embedded-mtls-trust-store-password The password to access the Truststore. +--cache-remote-host + The hostname of the remote server for the remote store configuration. It + replaces the 'host' attribute of 'remote-server' tag of the configuration + specified via XML file (see 'cache-config-file' option.). If the option is + specified, 'cache-remote-username' and 'cache-remote-password' are required + as well and the related configuration in XML file should not be present. +--cache-remote-password + The password for the authentication to the remote server for the remote store. + It replaces the 'password' attribute of 'digest' tag of the configuration + specified via XML file (see 'cache-config-file' option.). If the option is + specified, 'cache-remote-host' and 'cache-remote-username' are required as + well and the related configuration in XML file should not be present. +--cache-remote-port + The port of the remote server for the remote store configuration. It replaces + the 'port' attribute of 'remote-server' tag of the configuration specified + via XML file (see 'cache-config-file' option.). Default: 11222. +--cache-remote-username + The username for the authentication to the remote server for the remote store. + It replaces the 'username' attribute of 'digest' tag of the configuration + specified via XML file (see 'cache-config-file' option.). If the option is + specified, 'cache-remote-host' and 'cache-remote-password' are required as + well and the related configuration in XML file should not be present. --cache-stack Define the default stack to use for cluster communication and node discovery. This option only takes effect if 'cache' is set to 'ispn'. Default: udp. diff --git a/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testStartHelp.unix.approved.txt b/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testStartHelp.unix.approved.txt index bd9e2c9c5e..057c65b80e 100644 --- a/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testStartHelp.unix.approved.txt +++ b/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testStartHelp.unix.approved.txt @@ -40,6 +40,28 @@ Cache: 'cache-mtls-truststore.p12' under conf/ directory. --cache-embedded-mtls-trust-store-password The password to access the Truststore. +--cache-remote-host + The hostname of the remote server for the remote store configuration. It + replaces the 'host' attribute of 'remote-server' tag of the configuration + specified via XML file (see 'cache-config-file' option.). If the option is + specified, 'cache-remote-username' and 'cache-remote-password' are required + as well and the related configuration in XML file should not be present. +--cache-remote-password + The password for the authentication to the remote server for the remote store. + It replaces the 'password' attribute of 'digest' tag of the configuration + specified via XML file (see 'cache-config-file' option.). If the option is + specified, 'cache-remote-host' and 'cache-remote-username' are required as + well and the related configuration in XML file should not be present. +--cache-remote-port + The port of the remote server for the remote store configuration. It replaces + the 'port' attribute of 'remote-server' tag of the configuration specified + via XML file (see 'cache-config-file' option.). Default: 11222. +--cache-remote-username + The username for the authentication to the remote server for the remote store. + It replaces the 'username' attribute of 'digest' tag of the configuration + specified via XML file (see 'cache-config-file' option.). If the option is + specified, 'cache-remote-host' and 'cache-remote-password' are required as + well and the related configuration in XML file should not be present. --cache-stack Define the default stack to use for cluster communication and node discovery. This option only takes effect if 'cache' is set to 'ispn'. Default: udp. @@ -303,4 +325,4 @@ By default, this command tries to update the server configuration by running a $ kc.sh start '--optimized' By doing that, the server should start faster based on any previous -configuration you have set when manually running the 'build' command. \ No newline at end of file +configuration you have set when manually running the 'build' command. diff --git a/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testStartHelp.windows.approved.txt b/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testStartHelp.windows.approved.txt index b059118fdb..ea524475ca 100644 --- a/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testStartHelp.windows.approved.txt +++ b/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testStartHelp.windows.approved.txt @@ -40,6 +40,28 @@ Cache: 'cache-mtls-truststore.p12' under conf/ directory. --cache-embedded-mtls-trust-store-password The password to access the Truststore. +--cache-remote-host + The hostname of the remote server for the remote store configuration. It + replaces the 'host' attribute of 'remote-server' tag of the configuration + specified via XML file (see 'cache-config-file' option.). If the option is + specified, 'cache-remote-username' and 'cache-remote-password' are required + as well and the related configuration in XML file should not be present. +--cache-remote-password + The password for the authentication to the remote server for the remote store. + It replaces the 'password' attribute of 'digest' tag of the configuration + specified via XML file (see 'cache-config-file' option.). If the option is + specified, 'cache-remote-host' and 'cache-remote-username' are required as + well and the related configuration in XML file should not be present. +--cache-remote-port + The port of the remote server for the remote store configuration. It replaces + the 'port' attribute of 'remote-server' tag of the configuration specified + via XML file (see 'cache-config-file' option.). Default: 11222. +--cache-remote-username + The username for the authentication to the remote server for the remote store. + It replaces the 'username' attribute of 'digest' tag of the configuration + specified via XML file (see 'cache-config-file' option.). If the option is + specified, 'cache-remote-host' and 'cache-remote-password' are required as + well and the related configuration in XML file should not be present. --cache-stack Define the default stack to use for cluster communication and node discovery. This option only takes effect if 'cache' is set to 'ispn'. Default: udp. diff --git a/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testStartHelpAll.unix.approved.txt b/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testStartHelpAll.unix.approved.txt index bd9e2c9c5e..057c65b80e 100644 --- a/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testStartHelpAll.unix.approved.txt +++ b/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testStartHelpAll.unix.approved.txt @@ -40,6 +40,28 @@ Cache: 'cache-mtls-truststore.p12' under conf/ directory. --cache-embedded-mtls-trust-store-password The password to access the Truststore. +--cache-remote-host + The hostname of the remote server for the remote store configuration. It + replaces the 'host' attribute of 'remote-server' tag of the configuration + specified via XML file (see 'cache-config-file' option.). If the option is + specified, 'cache-remote-username' and 'cache-remote-password' are required + as well and the related configuration in XML file should not be present. +--cache-remote-password + The password for the authentication to the remote server for the remote store. + It replaces the 'password' attribute of 'digest' tag of the configuration + specified via XML file (see 'cache-config-file' option.). If the option is + specified, 'cache-remote-host' and 'cache-remote-username' are required as + well and the related configuration in XML file should not be present. +--cache-remote-port + The port of the remote server for the remote store configuration. It replaces + the 'port' attribute of 'remote-server' tag of the configuration specified + via XML file (see 'cache-config-file' option.). Default: 11222. +--cache-remote-username + The username for the authentication to the remote server for the remote store. + It replaces the 'username' attribute of 'digest' tag of the configuration + specified via XML file (see 'cache-config-file' option.). If the option is + specified, 'cache-remote-host' and 'cache-remote-password' are required as + well and the related configuration in XML file should not be present. --cache-stack Define the default stack to use for cluster communication and node discovery. This option only takes effect if 'cache' is set to 'ispn'. Default: udp. @@ -303,4 +325,4 @@ By default, this command tries to update the server configuration by running a $ kc.sh start '--optimized' By doing that, the server should start faster based on any previous -configuration you have set when manually running the 'build' command. \ No newline at end of file +configuration you have set when manually running the 'build' command. diff --git a/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testStartHelpAll.windows.approved.txt b/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testStartHelpAll.windows.approved.txt index 8e7462028a..825b1565a8 100644 --- a/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testStartHelpAll.windows.approved.txt +++ b/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testStartHelpAll.windows.approved.txt @@ -40,6 +40,28 @@ Cache: 'cache-mtls-truststore.p12' under conf/ directory. --cache-embedded-mtls-trust-store-password The password to access the Truststore. +--cache-remote-host + The hostname of the remote server for the remote store configuration. It + replaces the 'host' attribute of 'remote-server' tag of the configuration + specified via XML file (see 'cache-config-file' option.). If the option is + specified, 'cache-remote-username' and 'cache-remote-password' are required + as well and the related configuration in XML file should not be present. +--cache-remote-password + The password for the authentication to the remote server for the remote store. + It replaces the 'password' attribute of 'digest' tag of the configuration + specified via XML file (see 'cache-config-file' option.). If the option is + specified, 'cache-remote-host' and 'cache-remote-username' are required as + well and the related configuration in XML file should not be present. +--cache-remote-port + The port of the remote server for the remote store configuration. It replaces + the 'port' attribute of 'remote-server' tag of the configuration specified + via XML file (see 'cache-config-file' option.). Default: 11222. +--cache-remote-username + The username for the authentication to the remote server for the remote store. + It replaces the 'username' attribute of 'digest' tag of the configuration + specified via XML file (see 'cache-config-file' option.). If the option is + specified, 'cache-remote-host' and 'cache-remote-password' are required as + well and the related configuration in XML file should not be present. --cache-stack Define the default stack to use for cluster communication and node discovery. This option only takes effect if 'cache' is set to 'ispn'. Default: udp. diff --git a/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testStartOptimizedHelp.unix.approved.txt b/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testStartOptimizedHelp.unix.approved.txt index 5a68221e0c..1a04e11b74 100644 --- a/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testStartOptimizedHelp.unix.approved.txt +++ b/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testStartOptimizedHelp.unix.approved.txt @@ -16,6 +16,31 @@ Options: built a server image using the 'build' command. -v, --verbose Print out error details when running this command. +Cache: + +--cache-remote-host + The hostname of the remote server for the remote store configuration. It + replaces the 'host' attribute of 'remote-server' tag of the configuration + specified via XML file (see 'cache-config-file' option.). If the option is + specified, 'cache-remote-username' and 'cache-remote-password' are required + as well and the related configuration in XML file should not be present. +--cache-remote-password + The password for the authentication to the remote server for the remote store. + It replaces the 'password' attribute of 'digest' tag of the configuration + specified via XML file (see 'cache-config-file' option.). If the option is + specified, 'cache-remote-host' and 'cache-remote-username' are required as + well and the related configuration in XML file should not be present. +--cache-remote-port + The port of the remote server for the remote store configuration. It replaces + the 'port' attribute of 'remote-server' tag of the configuration specified + via XML file (see 'cache-config-file' option.). Default: 11222. +--cache-remote-username + The username for the authentication to the remote server for the remote store. + It replaces the 'username' attribute of 'digest' tag of the configuration + specified via XML file (see 'cache-config-file' option.). If the option is + specified, 'cache-remote-host' and 'cache-remote-password' are required as + well and the related configuration in XML file should not be present. + Database: --db-password @@ -213,4 +238,4 @@ By default, this command tries to update the server configuration by running a $ kc.sh start '--optimized' By doing that, the server should start faster based on any previous -configuration you have set when manually running the 'build' command. \ No newline at end of file +configuration you have set when manually running the 'build' command. diff --git a/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testStartOptimizedHelp.windows.approved.txt b/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testStartOptimizedHelp.windows.approved.txt index 8e8ab6cff7..9847e05460 100644 --- a/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testStartOptimizedHelp.windows.approved.txt +++ b/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testStartOptimizedHelp.windows.approved.txt @@ -16,6 +16,31 @@ Options: built a server image using the 'build' command. -v, --verbose Print out error details when running this command. +Cache: + +--cache-remote-host + The hostname of the remote server for the remote store configuration. It + replaces the 'host' attribute of 'remote-server' tag of the configuration + specified via XML file (see 'cache-config-file' option.). If the option is + specified, 'cache-remote-username' and 'cache-remote-password' are required + as well and the related configuration in XML file should not be present. +--cache-remote-password + The password for the authentication to the remote server for the remote store. + It replaces the 'password' attribute of 'digest' tag of the configuration + specified via XML file (see 'cache-config-file' option.). If the option is + specified, 'cache-remote-host' and 'cache-remote-username' are required as + well and the related configuration in XML file should not be present. +--cache-remote-port + The port of the remote server for the remote store configuration. It replaces + the 'port' attribute of 'remote-server' tag of the configuration specified + via XML file (see 'cache-config-file' option.). Default: 11222. +--cache-remote-username + The username for the authentication to the remote server for the remote store. + It replaces the 'username' attribute of 'digest' tag of the configuration + specified via XML file (see 'cache-config-file' option.). If the option is + specified, 'cache-remote-host' and 'cache-remote-password' are required as + well and the related configuration in XML file should not be present. + Database: --db-password diff --git a/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testStartOptimizedHelpAll.unix.approved.txt b/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testStartOptimizedHelpAll.unix.approved.txt index 5a68221e0c..1a04e11b74 100644 --- a/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testStartOptimizedHelpAll.unix.approved.txt +++ b/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testStartOptimizedHelpAll.unix.approved.txt @@ -16,6 +16,31 @@ Options: built a server image using the 'build' command. -v, --verbose Print out error details when running this command. +Cache: + +--cache-remote-host + The hostname of the remote server for the remote store configuration. It + replaces the 'host' attribute of 'remote-server' tag of the configuration + specified via XML file (see 'cache-config-file' option.). If the option is + specified, 'cache-remote-username' and 'cache-remote-password' are required + as well and the related configuration in XML file should not be present. +--cache-remote-password + The password for the authentication to the remote server for the remote store. + It replaces the 'password' attribute of 'digest' tag of the configuration + specified via XML file (see 'cache-config-file' option.). If the option is + specified, 'cache-remote-host' and 'cache-remote-username' are required as + well and the related configuration in XML file should not be present. +--cache-remote-port + The port of the remote server for the remote store configuration. It replaces + the 'port' attribute of 'remote-server' tag of the configuration specified + via XML file (see 'cache-config-file' option.). Default: 11222. +--cache-remote-username + The username for the authentication to the remote server for the remote store. + It replaces the 'username' attribute of 'digest' tag of the configuration + specified via XML file (see 'cache-config-file' option.). If the option is + specified, 'cache-remote-host' and 'cache-remote-password' are required as + well and the related configuration in XML file should not be present. + Database: --db-password @@ -213,4 +238,4 @@ By default, this command tries to update the server configuration by running a $ kc.sh start '--optimized' By doing that, the server should start faster based on any previous -configuration you have set when manually running the 'build' command. \ No newline at end of file +configuration you have set when manually running the 'build' command. diff --git a/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testStartOptimizedHelpAll.windows.approved.txt b/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testStartOptimizedHelpAll.windows.approved.txt index 8e8ab6cff7..9847e05460 100644 --- a/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testStartOptimizedHelpAll.windows.approved.txt +++ b/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testStartOptimizedHelpAll.windows.approved.txt @@ -16,6 +16,31 @@ Options: built a server image using the 'build' command. -v, --verbose Print out error details when running this command. +Cache: + +--cache-remote-host + The hostname of the remote server for the remote store configuration. It + replaces the 'host' attribute of 'remote-server' tag of the configuration + specified via XML file (see 'cache-config-file' option.). If the option is + specified, 'cache-remote-username' and 'cache-remote-password' are required + as well and the related configuration in XML file should not be present. +--cache-remote-password + The password for the authentication to the remote server for the remote store. + It replaces the 'password' attribute of 'digest' tag of the configuration + specified via XML file (see 'cache-config-file' option.). If the option is + specified, 'cache-remote-host' and 'cache-remote-username' are required as + well and the related configuration in XML file should not be present. +--cache-remote-port + The port of the remote server for the remote store configuration. It replaces + the 'port' attribute of 'remote-server' tag of the configuration specified + via XML file (see 'cache-config-file' option.). Default: 11222. +--cache-remote-username + The username for the authentication to the remote server for the remote store. + It replaces the 'username' attribute of 'digest' tag of the configuration + specified via XML file (see 'cache-config-file' option.). If the option is + specified, 'cache-remote-host' and 'cache-remote-password' are required as + well and the related configuration in XML file should not be present. + Database: --db-password diff --git a/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/arquillian/containers/AbstractQuarkusDeployableContainer.java b/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/arquillian/containers/AbstractQuarkusDeployableContainer.java index 6e44dc7a32..67ef4456e3 100644 --- a/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/arquillian/containers/AbstractQuarkusDeployableContainer.java +++ b/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/arquillian/containers/AbstractQuarkusDeployableContainer.java @@ -185,6 +185,8 @@ public abstract class AbstractQuarkusDeployableContainer implements DeployableCo if ("local".equals(cacheMode)) { // Save ~2s for each Quarkus startup, when we know ISPN cluster is empty. See https://github.com/keycloak/keycloak/issues/21033 commands.add("-Djgroups.join_timeout=10"); + } else { + commands.add("--cache=ispn"); } log.debugf("FIPS Mode: %s", configuration.getFipsMode());