diff --git a/.github/dependabot.yml b/.github/dependabot.yml index a8597c199e..9cb1a31fe7 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -22,6 +22,17 @@ updates: labels: - area/dependencies - team/ui + - package-ecosystem: npm + directory: /themes/src/main/resources/theme/keycloak.v2/welcome + schedule: + interval: daily + time: "00:00" + timezone: Etc/GMT + open-pull-requests-limit: 999 + rebase-strategy: disabled + labels: + - area/dependencies + - team/ui - package-ecosystem: npm directory: js open-pull-requests-limit: 999 diff --git a/.github/workflows/js-ci.yml b/.github/workflows/js-ci.yml index 2f0cd8c82f..4ed4d83d29 100644 --- a/.github/workflows/js-ci.yml +++ b/.github/workflows/js-ci.yml @@ -49,7 +49,7 @@ jobs: - name: Build Keycloak run: | - ./mvnw clean install --batch-mode --errors -DskipTests -DskipTestsuite -DskipExamples -DskipAccount2 -DskipCommon -Pdistribution + ./mvnw clean install --batch-mode --errors -DskipTests -DskipTestsuite -DskipExamples -DskipAccount2 -DskipWelcome2 -DskipCommon -Pdistribution mv ./quarkus/dist/target/keycloak-999.0.0-SNAPSHOT.tar.gz ./keycloak-999.0.0-SNAPSHOT.tar.gz - name: Upload Keycloak dist diff --git a/common/src/main/java/org/keycloak/common/Profile.java b/common/src/main/java/org/keycloak/common/Profile.java index 417ae6302d..f430b45de0 100755 --- a/common/src/main/java/org/keycloak/common/Profile.java +++ b/common/src/main/java/org/keycloak/common/Profile.java @@ -63,6 +63,8 @@ public class Profile { WEB_AUTHN("W3C Web Authentication (WebAuthn)", Type.DEFAULT), + LEGACY_WELCOME("Disables the new 'welcome' theme, and restores the legacy version.", Type.DEPRECATED), + CLIENT_POLICIES("Client configuration policies", Type.DEFAULT), CIBA("OpenID Connect Client Initiated Backchannel Authentication (CIBA)", Type.DEFAULT), diff --git a/common/src/test/java/org/keycloak/common/ProfileTest.java b/common/src/test/java/org/keycloak/common/ProfileTest.java index cbf9c80fdb..0852e317f0 100644 --- a/common/src/test/java/org/keycloak/common/ProfileTest.java +++ b/common/src/test/java/org/keycloak/common/ProfileTest.java @@ -80,6 +80,7 @@ public class ProfileTest { Profile.Feature.RECOVERY_CODES, Profile.Feature.SCRIPTS, Profile.Feature.TOKEN_EXCHANGE, + Profile.Feature.LEGACY_WELCOME, Profile.Feature.MAP_STORAGE, Profile.Feature.DECLARATIVE_USER_PROFILE, Profile.Feature.CLIENT_SECRET_ROTATION, diff --git a/quarkus/tests/integration/src/test/java/org/keycloak/it/cli/dist/HostnameDistTest.java b/quarkus/tests/integration/src/test/java/org/keycloak/it/cli/dist/HostnameDistTest.java index 20deb1bea5..edf2a916cd 100644 --- a/quarkus/tests/integration/src/test/java/org/keycloak/it/cli/dist/HostnameDistTest.java +++ b/quarkus/tests/integration/src/test/java/org/keycloak/it/cli/dist/HostnameDistTest.java @@ -24,6 +24,7 @@ import org.junit.jupiter.api.BeforeAll; import org.junit.jupiter.api.Test; import org.keycloak.it.junit5.extension.DistributionTest; import org.keycloak.it.junit5.extension.RawDistOnly; +import org.keycloak.it.junit5.extension.WithEnvVars; import org.keycloak.protocol.oidc.representations.OIDCConfigurationRepresentation; import org.keycloak.quarkus.runtime.services.resources.DebugHostnameSettingsResource; @@ -107,6 +108,7 @@ public class HostnameDistTest { } @Test + @WithEnvVars({ "KEYCLOAK_ADMIN", "admin", "KEYCLOAK_ADMIN_PASSWORD", "admin" }) @Launch({ "start", "--hostname=mykeycloak.org", "--hostname-port=8543" }) public void testWelcomePageAdminUrl() { Assert.assertTrue(when().get("http://mykeycloak.org:8080").asString().contains("http://mykeycloak.org:8080/admin/")); @@ -172,6 +174,7 @@ public class HostnameDistTest { } @Test + @WithEnvVars({ "KEYCLOAK_ADMIN", "admin", "KEYCLOAK_ADMIN_PASSWORD", "admin" }) @Launch({ "start", "--proxy=edge", "--hostname=mykeycloak.org", "--hostname-admin-url=http://mykeycloakadmin.org:1234" }) public void testAdminUrl() { Assert.assertTrue(when().get("https://mykeycloak.org:8443").asString().contains("http://mykeycloakadmin.org:1234/admin/")); diff --git a/quarkus/tests/integration/src/test/java/org/keycloak/it/cli/dist/ProxyDistTest.java b/quarkus/tests/integration/src/test/java/org/keycloak/it/cli/dist/ProxyDistTest.java index 93a761357a..e3d587d7a9 100644 --- a/quarkus/tests/integration/src/test/java/org/keycloak/it/cli/dist/ProxyDistTest.java +++ b/quarkus/tests/integration/src/test/java/org/keycloak/it/cli/dist/ProxyDistTest.java @@ -26,6 +26,7 @@ import org.junit.jupiter.api.BeforeAll; import org.junit.jupiter.api.Test; import org.keycloak.it.junit5.extension.DistributionTest; import org.keycloak.it.junit5.extension.RawDistOnly; +import org.keycloak.it.junit5.extension.WithEnvVars; import org.keycloak.protocol.oidc.representations.OIDCConfigurationRepresentation; import io.quarkus.test.junit.main.Launch; @@ -56,6 +57,7 @@ public class ProxyDistTest { } @Test + @WithEnvVars({ "KEYCLOAK_ADMIN", "admin", "KEYCLOAK_ADMIN_PASSWORD", "admin" }) @Launch({ "start-dev", "--hostname=mykeycloak.org", "--proxy=edge" }) public void testForwardedHeadersWithEdge() { given().header("Forwarded", "for=12.34.56.78;host=test:1234;proto=https, for=23.45.67.89").when().get("http://mykeycloak.org:8080").then().body(containsString("https://test:1234/admin")); diff --git a/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testBuildHelp.unix.approved.txt b/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testBuildHelp.unix.approved.txt index b5af1a0423..d3ca291539 100644 --- a/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testBuildHelp.unix.approved.txt +++ b/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testBuildHelp.unix.approved.txt @@ -48,16 +48,16 @@ Feature: account2, account3, admin-api, admin-fine-grained-authz, admin2, authorization, ciba, client-policies, client-secret-rotation, declarative-user-profile, docker, dpop, dynamic-scopes, fips, impersonation, - js-adapter, kerberos, linkedin-oauth, map-storage, par, preview, - recovery-codes, scripts, step-up-authentication, token-exchange, + js-adapter, kerberos, legacy-welcome, linkedin-oauth, map-storage, par, + preview, recovery-codes, scripts, step-up-authentication, token-exchange, update-email, web-authn. --features-disabled Disables a set of one or more features. Possible values are: account-api, account2, account3, admin-api, admin-fine-grained-authz, admin2, authorization, ciba, client-policies, client-secret-rotation, declarative-user-profile, docker, dpop, dynamic-scopes, fips, impersonation, - js-adapter, kerberos, linkedin-oauth, map-storage, par, preview, - recovery-codes, scripts, step-up-authentication, token-exchange, + js-adapter, kerberos, legacy-welcome, linkedin-oauth, map-storage, par, + preview, recovery-codes, scripts, step-up-authentication, token-exchange, update-email, web-authn. HTTP/TLS: diff --git a/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testBuildHelp.windows.approved.txt b/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testBuildHelp.windows.approved.txt index 4e37256ddf..d44cec56e5 100644 --- a/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testBuildHelp.windows.approved.txt +++ b/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testBuildHelp.windows.approved.txt @@ -1,119 +1,119 @@ -Creates a new and optimized server image. - -Usage: - -kc.bat build [OPTIONS] - -Creates a new and optimized server image based on the configuration options -passed to this command. Once created, the configuration will be persisted and -read during startup without having to pass them over again. - -Consider running this command before running the server in production for an -optimal runtime. - -Options: - --h, --help This help message. ---help-all This same help message but with additional options. - -Cache: - ---cache Defines the cache mechanism for high-availability. By default in production - mode, a 'ispn' cache is used to create a cluster between multiple server - nodes. By default in development mode, a 'local' cache disables clustering - and is intended for development and testing purposes. Possible values are: - ispn, local. Default: ispn. ---cache-config-file - Defines the file from which cache configuration should be loaded from. The - configuration file is relative to the 'conf/' directory. ---cache-stack - Define the default stack to use for cluster communication and node discovery. - This option only takes effect if 'cache' is set to 'ispn'. Default: udp. - Possible values are: tcp, udp, kubernetes, ec2, azure, google. - -Database: - ---db The database vendor. Possible values are: dev-file, dev-mem, mariadb, mssql, - mysql, oracle, postgres. Default: dev-file. - -Transaction: - ---transaction-xa-enabled - If set to false, Keycloak uses a non-XA datasource in case the database does - not support XA transactions. Default: true. - -Feature: - ---features Enables a set of one or more features. Possible values are: account-api, - account2, account3, admin-api, admin-fine-grained-authz, admin2, - authorization, ciba, client-policies, client-secret-rotation, - declarative-user-profile, docker, dpop, dynamic-scopes, fips, impersonation, - js-adapter, kerberos, linkedin-oauth, map-storage, par, preview, - recovery-codes, scripts, step-up-authentication, token-exchange, - update-email, web-authn. ---features-disabled - Disables a set of one or more features. Possible values are: account-api, - account2, account3, admin-api, admin-fine-grained-authz, admin2, - authorization, ciba, client-policies, client-secret-rotation, - declarative-user-profile, docker, dpop, dynamic-scopes, fips, impersonation, - js-adapter, kerberos, linkedin-oauth, map-storage, par, preview, - recovery-codes, scripts, step-up-authentication, token-exchange, - update-email, web-authn. - -HTTP/TLS: - ---http-relative-path - Set the path relative to '/' for serving resources. The path must start with a - '/'. Default: /. - -Health: - ---health-enabled - If the server should expose health check endpoints. If enabled, health checks - are available at the '/health', '/health/ready' and '/health/live' - endpoints. Default: false. - -Metrics: - ---metrics-enabled - If the server should expose metrics. If enabled, metrics are available at the - '/metrics' endpoint. Default: false. - -Vault: - ---vault Enables a vault provider. Possible values are: file. - -Security: - ---fips-mode Sets the FIPS mode. If 'non-strict' is set, FIPS is enabled but on - non-approved mode. For full FIPS compliance, set 'strict' to run on approved - mode. This option defaults to 'disabled' when 'fips' feature is disabled, - which is by default. This option defaults to 'non-strict' when 'fips' - feature is enabled. Possible values are: non-strict, strict. Default: - disabled. - -Examples: - - Change the database vendor: - - $ kc.bat build --db=postgres - - Enable a feature: - - $ kc.bat build --features= - - Or alternatively, enable all tech preview features: - - $ kc.bat build --features=preview - - Enable health endpoints: - - $ kc.bat build --health-enabled=true - - Enable metrics endpoints: - - $ kc.bat build --metrics-enabled=true - - Change the relative path: - - $ kc.bat build --http-relative-path=/auth +Creates a new and optimized server image. + +Usage: + +kc.bat build [OPTIONS] + +Creates a new and optimized server image based on the configuration options +passed to this command. Once created, the configuration will be persisted and +read during startup without having to pass them over again. + +Consider running this command before running the server in production for an +optimal runtime. + +Options: + +-h, --help This help message. +--help-all This same help message but with additional options. + +Cache: + +--cache Defines the cache mechanism for high-availability. By default in production + mode, a 'ispn' cache is used to create a cluster between multiple server + nodes. By default in development mode, a 'local' cache disables clustering + and is intended for development and testing purposes. Possible values are: + ispn, local. Default: ispn. +--cache-config-file + Defines the file from which cache configuration should be loaded from. The + configuration file is relative to the 'conf/' directory. +--cache-stack + Define the default stack to use for cluster communication and node discovery. + This option only takes effect if 'cache' is set to 'ispn'. Default: udp. + Possible values are: tcp, udp, kubernetes, ec2, azure, google. + +Database: + +--db The database vendor. Possible values are: dev-file, dev-mem, mariadb, mssql, + mysql, oracle, postgres. Default: dev-file. + +Transaction: + +--transaction-xa-enabled + If set to false, Keycloak uses a non-XA datasource in case the database does + not support XA transactions. Default: true. + +Feature: + +--features Enables a set of one or more features. Possible values are: account-api, + account2, account3, admin-api, admin-fine-grained-authz, admin2, + authorization, ciba, client-policies, client-secret-rotation, + declarative-user-profile, docker, dpop, dynamic-scopes, fips, impersonation, + js-adapter, kerberos, legacy-welcome, linkedin-oauth, map-storage, par, + preview, recovery-codes, scripts, step-up-authentication, token-exchange, + update-email, web-authn. +--features-disabled + Disables a set of one or more features. Possible values are: account-api, + account2, account3, admin-api, admin-fine-grained-authz, admin2, + authorization, ciba, client-policies, client-secret-rotation, + declarative-user-profile, docker, dpop, dynamic-scopes, fips, impersonation, + js-adapter, kerberos, legacy-welcome, linkedin-oauth, map-storage, par, + preview, recovery-codes, scripts, step-up-authentication, token-exchange, + update-email, web-authn. + +HTTP/TLS: + +--http-relative-path + Set the path relative to '/' for serving resources. The path must start with a + '/'. Default: /. + +Health: + +--health-enabled + If the server should expose health check endpoints. If enabled, health checks + are available at the '/health', '/health/ready' and '/health/live' + endpoints. Default: false. + +Metrics: + +--metrics-enabled + If the server should expose metrics. If enabled, metrics are available at the + '/metrics' endpoint. Default: false. + +Vault: + +--vault Enables a vault provider. Possible values are: file, keystore. + +Security: + +--fips-mode Sets the FIPS mode. If 'non-strict' is set, FIPS is enabled but on + non-approved mode. For full FIPS compliance, set 'strict' to run on approved + mode. This option defaults to 'disabled' when 'fips' feature is disabled, + which is by default. This option defaults to 'non-strict' when 'fips' + feature is enabled. Possible values are: non-strict, strict. Default: + disabled. + +Examples: + + Change the database vendor: + + $ kc.bat build --db=postgres + + Enable a feature: + + $ kc.bat build --features= + + Or alternatively, enable all tech preview features: + + $ kc.bat build --features=preview + + Enable health endpoints: + + $ kc.bat build --health-enabled=true + + Enable metrics endpoints: + + $ kc.bat build --metrics-enabled=true + + Change the relative path: + + $ kc.bat build --http-relative-path=/auth diff --git a/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testDefaultToHelp.windows.approved.txt b/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testDefaultToHelp.windows.approved.txt index 7705feb2aa..b330d8cdcb 100644 --- a/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testDefaultToHelp.windows.approved.txt +++ b/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testDefaultToHelp.windows.approved.txt @@ -1,55 +1,53 @@ -Keycloak - Open Source Identity and Access Management - -Find more information at: https://www.keycloak.org/docs/latest - -Usage: - -kc.bat [OPTIONS] [COMMAND] - -Use this command-line tool to manage your Keycloak cluster. -Make sure the command is available on your "PATH" or prefix it with "./" (e.g.: -"./kc.bat") to execute from the current folder. - -Options: - --cf, --config-file - Set the path to a configuration file. By default, configuration properties are - read from the "keycloak.conf" file in the "conf" directory. --h, --help This help message. --v, --verbose Print out error details when running this command. --V, --version Show version information - -Commands: - - build Creates a new and optimized server image. - start Start the server. - start-dev Start the server in development mode. - export Export data from realms to a file or directory. - import Import data from a directory or a file. - show-config Print out the current configuration. - tools Utilities for use and interaction with the server. - completion Generate bash/zsh completion script for kc.bat. - -Examples: - - Start the server in development mode for local development or testing: - - $ kc.bat start-dev - - Building an optimized server runtime: - - $ kc.bat build - - Start the server in production mode: - - $ kc.bat start - - Enable auto-completion to bash/zsh: - - $ source <(kc.bat tools completion) - - Please, take a look at the documentation for more details before deploying in -production. - -Use "kc.bat start --help" for the available options when starting the server. -Use "kc.bat --help" for more information about other commands. \ No newline at end of file +Keycloak - Open Source Identity and Access Management + +Find more information at: https://www.keycloak.org/docs/latest + +Usage: + +kc.bat [OPTIONS] [COMMAND] + +Use this command-line tool to manage your Keycloak cluster. + +Options: + +-cf, --config-file + Set the path to a configuration file. By default, configuration properties are + read from the "keycloak.conf" file in the "conf" directory. +-h, --help This help message. +-v, --verbose Print out error details when running this command. +-V, --version Show version information + +Commands: + + build Creates a new and optimized server image. + start Start the server. + start-dev Start the server in development mode. + export Export data from realms to a file or directory. + import Import data from a directory or a file. + show-config Print out the current configuration. + tools Utilities for use and interaction with the server. + completion Generate bash/zsh completion script for kc.bat. + +Examples: + + Start the server in development mode for local development or testing: + + $ kc.bat start-dev + + Building an optimized server runtime: + + $ kc.bat build + + Start the server in production mode: + + $ kc.bat start + + Enable auto-completion to bash/zsh: + + $ source <(kc.bat tools completion) + + Please, take a look at the documentation for more details before deploying in +production. + +Use "kc.bat start --help" for the available options when starting the server. +Use "kc.bat --help" for more information about other commands. \ No newline at end of file diff --git a/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testExportHelp.unix.approved.txt b/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testExportHelp.unix.approved.txt index 92813778bb..afc9b30201 100644 --- a/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testExportHelp.unix.approved.txt +++ b/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testExportHelp.unix.approved.txt @@ -59,16 +59,16 @@ Feature: account2, account3, admin-api, admin-fine-grained-authz, admin2, authorization, ciba, client-policies, client-secret-rotation, declarative-user-profile, docker, dpop, dynamic-scopes, fips, impersonation, - js-adapter, kerberos, linkedin-oauth, map-storage, par, preview, - recovery-codes, scripts, step-up-authentication, token-exchange, + js-adapter, kerberos, legacy-welcome, linkedin-oauth, map-storage, par, + preview, recovery-codes, scripts, step-up-authentication, token-exchange, update-email, web-authn. --features-disabled Disables a set of one or more features. Possible values are: account-api, account2, account3, admin-api, admin-fine-grained-authz, admin2, authorization, ciba, client-policies, client-secret-rotation, declarative-user-profile, docker, dpop, dynamic-scopes, fips, impersonation, - js-adapter, kerberos, linkedin-oauth, map-storage, par, preview, - recovery-codes, scripts, step-up-authentication, token-exchange, + js-adapter, kerberos, legacy-welcome, linkedin-oauth, map-storage, par, + preview, recovery-codes, scripts, step-up-authentication, token-exchange, update-email, web-authn. Config: @@ -142,4 +142,4 @@ Export: --users-per-file Set the number of users per file. It is used only if 'users' is set to 'different_files'. Increasing this number leads to exponentially increasing - export times. Default: 50. + export times. Default: 50. \ No newline at end of file diff --git a/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testExportHelp.windows.approved.txt b/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testExportHelp.windows.approved.txt new file mode 100644 index 0000000000..d5adfa7108 --- /dev/null +++ b/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testExportHelp.windows.approved.txt @@ -0,0 +1,145 @@ +Export data from realms to a file or directory. + +Usage: + +kc.bat export [OPTIONS] + +Export data from realms to a file or directory. + +Options: + +-h, --help This help message. +--help-all This same help message but with additional options. +--optimized Use this option to achieve an optimal startup time if you have previously + built a server image using the 'build' command. + +Database: + +--db The database vendor. Possible values are: dev-file, dev-mem, mariadb, mssql, + mysql, oracle, postgres. Default: dev-file. +--db-driver The fully qualified class name of the JDBC driver. If not set, a default + driver is set accordingly to the chosen database. +--db-password + The password of the database user. +--db-pool-initial-size + The initial size of the connection pool. +--db-pool-max-size + The maximum size of the connection pool. Default: 100. +--db-pool-min-size + The minimal size of the connection pool. +--db-schema The database schema to be used. +--db-url The full database JDBC URL. If not provided, a default URL is set based on the + selected database vendor. For instance, if using 'postgres', the default + JDBC URL would be 'jdbc:postgresql://localhost/keycloak'. +--db-url-database + Sets the database name of the default JDBC URL of the chosen vendor. If the + `db-url` option is set, this option is ignored. +--db-url-host + Sets the hostname of the default JDBC URL of the chosen vendor. If the + `db-url` option is set, this option is ignored. +--db-url-port Sets the port of the default JDBC URL of the chosen vendor. If the `db-url` + option is set, this option is ignored. +--db-url-properties + Sets the properties of the default JDBC URL of the chosen vendor. Make sure to + set the properties accordingly to the format expected by the database + vendor, as well as appending the right character at the beginning of this + property value. If the `db-url` option is set, this option is ignored. +--db-username + The username of the database user. + +Transaction: + +--transaction-xa-enabled + If set to false, Keycloak uses a non-XA datasource in case the database does + not support XA transactions. Default: true. + +Feature: + +--features Enables a set of one or more features. Possible values are: account-api, + account2, account3, admin-api, admin-fine-grained-authz, admin2, + authorization, ciba, client-policies, client-secret-rotation, + declarative-user-profile, docker, dpop, dynamic-scopes, fips, impersonation, + js-adapter, kerberos, legacy-welcome, linkedin-oauth, map-storage, par, + preview, recovery-codes, scripts, step-up-authentication, token-exchange, + update-email, web-authn. +--features-disabled + Disables a set of one or more features. Possible values are: account-api, + account2, account3, admin-api, admin-fine-grained-authz, admin2, + authorization, ciba, client-policies, client-secret-rotation, + declarative-user-profile, docker, dpop, dynamic-scopes, fips, impersonation, + js-adapter, kerberos, legacy-welcome, linkedin-oauth, map-storage, par, + preview, recovery-codes, scripts, step-up-authentication, token-exchange, + update-email, web-authn. + +Config: + +--config-keystore + Specifies a path to the KeyStore Configuration Source. +--config-keystore-password + Specifies a password to the KeyStore Configuration Source. +--config-keystore-type + Specifies a type of the KeyStore Configuration Source. Default: PKCS12. + +Logging: + +--log Enable one or more log handlers in a comma-separated list. Possible values + are: console, file, gelf. Default: console. +--log-console-color + Enable or disable colors when logging to console. Default: false. +--log-console-format + The format of unstructured console log entries. If the format has spaces in + it, escape the value using "". Default: %d{yyyy-MM-dd HH:mm:ss,SSS} % + -5p [%c] (%t) %s%e%n. +--log-console-output + Set the log output to JSON or default (plain) unstructured logging. Possible + values are: default, json. Default: default. +--log-file Set the log file path and filename. Default: data\log\keycloak.log. +--log-file-format + Set a format specific to file log entries. Default: %d{yyyy-MM-dd HH:mm:ss, + SSS} %-5p [%c] (%t) %s%e%n. +--log-file-output + Set the log output to JSON or default (plain) unstructured logging. Possible + values are: default, json. Default: default. +--log-gelf-facility + The facility (name of the process) that sends the message. Default: keycloak. +--log-gelf-host + Hostname of the Logstash or Graylog Host. By default UDP is used, prefix the + host with 'tcp:' to switch to TCP. Example: 'tcp:localhost' Default: + localhost. +--log-gelf-include-location + Include source code location. Default: true. +--log-gelf-include-message-parameters + Include message parameters from the log event. Default: true. +--log-gelf-include-stack-trace + If set to true, occuring stack traces are included in the 'StackTrace' field + in the GELF output. Default: true. +--log-gelf-level + The log level specifying which message levels will be logged by the GELF + logger. Message levels lower than this value will be discarded. Default: + INFO. +--log-gelf-max-message-size + Maximum message size (in bytes). If the message size is exceeded, GELF will + submit the message in multiple chunks. Default: 8192. +--log-gelf-port + The port the Logstash or Graylog Host is called on. Default: 12201. +--log-gelf-timestamp-format + Set the format for the GELF timestamp field. Uses Java SimpleDateFormat + pattern. Default: yyyy-MM-dd HH:mm:ss,SSS. +--log-level + The log level of the root category or a comma-separated list of individual + categories and their levels. For the root category, you don't need to + specify a category. Default: info. + +Export: + +--dir Set the path to a directory where files will be created with the exported data. +--file Set the path to a file that will be created with the exported data. To export + more than 500 users, export to a directory with different files instead. +--realm Set the name of the realm to export. If not set, all realms are going to be + exported. +--users Set how users should be exported. Possible values are: skip, realm_file, + same_file, different_files. Default: different_files. +--users-per-file + Set the number of users per file. It is used only if 'users' is set to + 'different_files'. Increasing this number leads to exponentially increasing + export times. Default: 50. \ No newline at end of file diff --git a/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testExportHelpAll.unix.approved.txt b/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testExportHelpAll.unix.approved.txt index 3cee62a54d..6e97324915 100644 --- a/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testExportHelpAll.unix.approved.txt +++ b/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testExportHelpAll.unix.approved.txt @@ -122,16 +122,16 @@ Feature: account2, account3, admin-api, admin-fine-grained-authz, admin2, authorization, ciba, client-policies, client-secret-rotation, declarative-user-profile, docker, dpop, dynamic-scopes, fips, impersonation, - js-adapter, kerberos, linkedin-oauth, map-storage, par, preview, - recovery-codes, scripts, step-up-authentication, token-exchange, + js-adapter, kerberos, legacy-welcome, linkedin-oauth, map-storage, par, + preview, recovery-codes, scripts, step-up-authentication, token-exchange, update-email, web-authn. --features-disabled Disables a set of one or more features. Possible values are: account-api, account2, account3, admin-api, admin-fine-grained-authz, admin2, authorization, ciba, client-policies, client-secret-rotation, declarative-user-profile, docker, dpop, dynamic-scopes, fips, impersonation, - js-adapter, kerberos, linkedin-oauth, map-storage, par, preview, - recovery-codes, scripts, step-up-authentication, token-exchange, + js-adapter, kerberos, legacy-welcome, linkedin-oauth, map-storage, par, + preview, recovery-codes, scripts, step-up-authentication, token-exchange, update-email, web-authn. Config: @@ -205,4 +205,4 @@ Export: --users-per-file Set the number of users per file. It is used only if 'users' is set to 'different_files'. Increasing this number leads to exponentially increasing - export times. Default: 50. + export times. Default: 50. \ No newline at end of file diff --git a/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testExportHelpAll.windows.approved.txt b/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testExportHelpAll.windows.approved.txt new file mode 100644 index 0000000000..ed9043477d --- /dev/null +++ b/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testExportHelpAll.windows.approved.txt @@ -0,0 +1,208 @@ +Export data from realms to a file or directory. + +Usage: + +kc.bat export [OPTIONS] + +Export data from realms to a file or directory. + +Options: + +-h, --help This help message. +--help-all This same help message but with additional options. +--optimized Use this option to achieve an optimal startup time if you have previously + built a server image using the 'build' command. + +Storage (Experimental): + +--storage Experimental: Sets the default storage mechanism for all areas. Possible + values are: jpa, chm, hotrod, file. +--storage-area-auth-session + Experimental: Sets a storage mechanism for authentication sessions. Possible + values are: jpa, chm, hotrod, file. +--storage-area-authorization + Experimental: Sets a storage mechanism for authorizations. Possible values + are: jpa, chm, hotrod, file. +--storage-area-client + Experimental: Sets a storage mechanism for clients. Possible values are: jpa, + chm, hotrod, file. +--storage-area-client-scope + Experimental: Sets a storage mechanism for client scopes. Possible values are: + jpa, chm, hotrod, file. +--storage-area-event-admin + Experimental: Sets a storage mechanism for admin events. Possible values are: + jpa, chm, hotrod, file. +--storage-area-event-auth + Experimental: Sets a storage mechanism for authentication and authorization + events. Possible values are: jpa, chm, hotrod, file. +--storage-area-group + Experimental: Sets a storage mechanism for groups. Possible values are: jpa, + chm, hotrod, file. +--storage-area-login-failure + Experimental: Sets a storage mechanism for login failures. Possible values + are: jpa, chm, hotrod, file. +--storage-area-realm + Experimental: Sets a storage mechanism for realms. Possible values are: jpa, + chm, hotrod, file. +--storage-area-role + Experimental: Sets a storage mechanism for roles. Possible values are: jpa, + chm, hotrod, file. +--storage-area-single-use-object + Experimental: Sets a storage mechanism for single use objects. Possible values + are: jpa, chm, hotrod. +--storage-area-user + Experimental: Sets a storage mechanism for users. Possible values are: jpa, + chm, hotrod, file. +--storage-area-user-session + Experimental: Sets a storage mechanism for user and client sessions. Possible + values are: jpa, chm, hotrod, file. +--storage-deployment-state-version-seed + Experimental: Secret that serves as a seed to mask the version number of + Keycloak in URLs. Need to be identical across all servers in the cluster. + Will default to a random number generated when starting the server which is + secure but will lead to problems when a loadbalancer without sticky sessions + is used or nodes are restarted. +--storage-file-dir + Experimental: Root directory for file map store. +--storage-hotrod-host + Experimental: Sets the host of the Infinispan server. +--storage-hotrod-password + Experimental: Sets the password of the Infinispan user. +--storage-hotrod-port + Experimental: Sets the port of the Infinispan server. +--storage-hotrod-username + Experimental: Sets the username of the Infinispan user. +--storage-jpa-db + Experimental: The database vendor for jpa map storage. Possible values are: + postgres, cockroach. Default: postgres. + +Database: + +--db The database vendor. Possible values are: dev-file, dev-mem, mariadb, mssql, + mysql, oracle, postgres. Default: dev-file. +--db-driver The fully qualified class name of the JDBC driver. If not set, a default + driver is set accordingly to the chosen database. +--db-password + The password of the database user. +--db-pool-initial-size + The initial size of the connection pool. +--db-pool-max-size + The maximum size of the connection pool. Default: 100. +--db-pool-min-size + The minimal size of the connection pool. +--db-schema The database schema to be used. +--db-url The full database JDBC URL. If not provided, a default URL is set based on the + selected database vendor. For instance, if using 'postgres', the default + JDBC URL would be 'jdbc:postgresql://localhost/keycloak'. +--db-url-database + Sets the database name of the default JDBC URL of the chosen vendor. If the + `db-url` option is set, this option is ignored. +--db-url-host + Sets the hostname of the default JDBC URL of the chosen vendor. If the + `db-url` option is set, this option is ignored. +--db-url-port Sets the port of the default JDBC URL of the chosen vendor. If the `db-url` + option is set, this option is ignored. +--db-url-properties + Sets the properties of the default JDBC URL of the chosen vendor. Make sure to + set the properties accordingly to the format expected by the database + vendor, as well as appending the right character at the beginning of this + property value. If the `db-url` option is set, this option is ignored. +--db-username + The username of the database user. + +Transaction: + +--transaction-xa-enabled + If set to false, Keycloak uses a non-XA datasource in case the database does + not support XA transactions. Default: true. + +Feature: + +--features Enables a set of one or more features. Possible values are: account-api, + account2, account3, admin-api, admin-fine-grained-authz, admin2, + authorization, ciba, client-policies, client-secret-rotation, + declarative-user-profile, docker, dpop, dynamic-scopes, fips, impersonation, + js-adapter, kerberos, legacy-welcome, linkedin-oauth, map-storage, par, + preview, recovery-codes, scripts, step-up-authentication, token-exchange, + update-email, web-authn. +--features-disabled + Disables a set of one or more features. Possible values are: account-api, + account2, account3, admin-api, admin-fine-grained-authz, admin2, + authorization, ciba, client-policies, client-secret-rotation, + declarative-user-profile, docker, dpop, dynamic-scopes, fips, impersonation, + js-adapter, kerberos, legacy-welcome, linkedin-oauth, map-storage, par, + preview, recovery-codes, scripts, step-up-authentication, token-exchange, + update-email, web-authn. + +Config: + +--config-keystore + Specifies a path to the KeyStore Configuration Source. +--config-keystore-password + Specifies a password to the KeyStore Configuration Source. +--config-keystore-type + Specifies a type of the KeyStore Configuration Source. Default: PKCS12. + +Logging: + +--log Enable one or more log handlers in a comma-separated list. Possible values + are: console, file, gelf. Default: console. +--log-console-color + Enable or disable colors when logging to console. Default: false. +--log-console-format + The format of unstructured console log entries. If the format has spaces in + it, escape the value using "". Default: %d{yyyy-MM-dd HH:mm:ss,SSS} % + -5p [%c] (%t) %s%e%n. +--log-console-output + Set the log output to JSON or default (plain) unstructured logging. Possible + values are: default, json. Default: default. +--log-file Set the log file path and filename. Default: data\log\keycloak.log. +--log-file-format + Set a format specific to file log entries. Default: %d{yyyy-MM-dd HH:mm:ss, + SSS} %-5p [%c] (%t) %s%e%n. +--log-file-output + Set the log output to JSON or default (plain) unstructured logging. Possible + values are: default, json. Default: default. +--log-gelf-facility + The facility (name of the process) that sends the message. Default: keycloak. +--log-gelf-host + Hostname of the Logstash or Graylog Host. By default UDP is used, prefix the + host with 'tcp:' to switch to TCP. Example: 'tcp:localhost' Default: + localhost. +--log-gelf-include-location + Include source code location. Default: true. +--log-gelf-include-message-parameters + Include message parameters from the log event. Default: true. +--log-gelf-include-stack-trace + If set to true, occuring stack traces are included in the 'StackTrace' field + in the GELF output. Default: true. +--log-gelf-level + The log level specifying which message levels will be logged by the GELF + logger. Message levels lower than this value will be discarded. Default: + INFO. +--log-gelf-max-message-size + Maximum message size (in bytes). If the message size is exceeded, GELF will + submit the message in multiple chunks. Default: 8192. +--log-gelf-port + The port the Logstash or Graylog Host is called on. Default: 12201. +--log-gelf-timestamp-format + Set the format for the GELF timestamp field. Uses Java SimpleDateFormat + pattern. Default: yyyy-MM-dd HH:mm:ss,SSS. +--log-level + The log level of the root category or a comma-separated list of individual + categories and their levels. For the root category, you don't need to + specify a category. Default: info. + +Export: + +--dir Set the path to a directory where files will be created with the exported data. +--file Set the path to a file that will be created with the exported data. To export + more than 500 users, export to a directory with different files instead. +--realm Set the name of the realm to export. If not set, all realms are going to be + exported. +--users Set how users should be exported. Possible values are: skip, realm_file, + same_file, different_files. Default: different_files. +--users-per-file + Set the number of users per file. It is used only if 'users' is set to + 'different_files'. Increasing this number leads to exponentially increasing + export times. Default: 50. \ No newline at end of file diff --git a/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testHelp.windows.approved.txt b/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testHelp.windows.approved.txt index 7705feb2aa..b330d8cdcb 100644 --- a/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testHelp.windows.approved.txt +++ b/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testHelp.windows.approved.txt @@ -1,55 +1,53 @@ -Keycloak - Open Source Identity and Access Management - -Find more information at: https://www.keycloak.org/docs/latest - -Usage: - -kc.bat [OPTIONS] [COMMAND] - -Use this command-line tool to manage your Keycloak cluster. -Make sure the command is available on your "PATH" or prefix it with "./" (e.g.: -"./kc.bat") to execute from the current folder. - -Options: - --cf, --config-file - Set the path to a configuration file. By default, configuration properties are - read from the "keycloak.conf" file in the "conf" directory. --h, --help This help message. --v, --verbose Print out error details when running this command. --V, --version Show version information - -Commands: - - build Creates a new and optimized server image. - start Start the server. - start-dev Start the server in development mode. - export Export data from realms to a file or directory. - import Import data from a directory or a file. - show-config Print out the current configuration. - tools Utilities for use and interaction with the server. - completion Generate bash/zsh completion script for kc.bat. - -Examples: - - Start the server in development mode for local development or testing: - - $ kc.bat start-dev - - Building an optimized server runtime: - - $ kc.bat build - - Start the server in production mode: - - $ kc.bat start - - Enable auto-completion to bash/zsh: - - $ source <(kc.bat tools completion) - - Please, take a look at the documentation for more details before deploying in -production. - -Use "kc.bat start --help" for the available options when starting the server. -Use "kc.bat --help" for more information about other commands. \ No newline at end of file +Keycloak - Open Source Identity and Access Management + +Find more information at: https://www.keycloak.org/docs/latest + +Usage: + +kc.bat [OPTIONS] [COMMAND] + +Use this command-line tool to manage your Keycloak cluster. + +Options: + +-cf, --config-file + Set the path to a configuration file. By default, configuration properties are + read from the "keycloak.conf" file in the "conf" directory. +-h, --help This help message. +-v, --verbose Print out error details when running this command. +-V, --version Show version information + +Commands: + + build Creates a new and optimized server image. + start Start the server. + start-dev Start the server in development mode. + export Export data from realms to a file or directory. + import Import data from a directory or a file. + show-config Print out the current configuration. + tools Utilities for use and interaction with the server. + completion Generate bash/zsh completion script for kc.bat. + +Examples: + + Start the server in development mode for local development or testing: + + $ kc.bat start-dev + + Building an optimized server runtime: + + $ kc.bat build + + Start the server in production mode: + + $ kc.bat start + + Enable auto-completion to bash/zsh: + + $ source <(kc.bat tools completion) + + Please, take a look at the documentation for more details before deploying in +production. + +Use "kc.bat start --help" for the available options when starting the server. +Use "kc.bat --help" for more information about other commands. \ No newline at end of file diff --git a/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testHelpShort.windows.approved.txt b/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testHelpShort.windows.approved.txt index 7705feb2aa..b330d8cdcb 100644 --- a/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testHelpShort.windows.approved.txt +++ b/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testHelpShort.windows.approved.txt @@ -1,55 +1,53 @@ -Keycloak - Open Source Identity and Access Management - -Find more information at: https://www.keycloak.org/docs/latest - -Usage: - -kc.bat [OPTIONS] [COMMAND] - -Use this command-line tool to manage your Keycloak cluster. -Make sure the command is available on your "PATH" or prefix it with "./" (e.g.: -"./kc.bat") to execute from the current folder. - -Options: - --cf, --config-file - Set the path to a configuration file. By default, configuration properties are - read from the "keycloak.conf" file in the "conf" directory. --h, --help This help message. --v, --verbose Print out error details when running this command. --V, --version Show version information - -Commands: - - build Creates a new and optimized server image. - start Start the server. - start-dev Start the server in development mode. - export Export data from realms to a file or directory. - import Import data from a directory or a file. - show-config Print out the current configuration. - tools Utilities for use and interaction with the server. - completion Generate bash/zsh completion script for kc.bat. - -Examples: - - Start the server in development mode for local development or testing: - - $ kc.bat start-dev - - Building an optimized server runtime: - - $ kc.bat build - - Start the server in production mode: - - $ kc.bat start - - Enable auto-completion to bash/zsh: - - $ source <(kc.bat tools completion) - - Please, take a look at the documentation for more details before deploying in -production. - -Use "kc.bat start --help" for the available options when starting the server. -Use "kc.bat --help" for more information about other commands. \ No newline at end of file +Keycloak - Open Source Identity and Access Management + +Find more information at: https://www.keycloak.org/docs/latest + +Usage: + +kc.bat [OPTIONS] [COMMAND] + +Use this command-line tool to manage your Keycloak cluster. + +Options: + +-cf, --config-file + Set the path to a configuration file. By default, configuration properties are + read from the "keycloak.conf" file in the "conf" directory. +-h, --help This help message. +-v, --verbose Print out error details when running this command. +-V, --version Show version information + +Commands: + + build Creates a new and optimized server image. + start Start the server. + start-dev Start the server in development mode. + export Export data from realms to a file or directory. + import Import data from a directory or a file. + show-config Print out the current configuration. + tools Utilities for use and interaction with the server. + completion Generate bash/zsh completion script for kc.bat. + +Examples: + + Start the server in development mode for local development or testing: + + $ kc.bat start-dev + + Building an optimized server runtime: + + $ kc.bat build + + Start the server in production mode: + + $ kc.bat start + + Enable auto-completion to bash/zsh: + + $ source <(kc.bat tools completion) + + Please, take a look at the documentation for more details before deploying in +production. + +Use "kc.bat start --help" for the available options when starting the server. +Use "kc.bat --help" for more information about other commands. \ No newline at end of file diff --git a/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testImportHelp.unix.approved.txt b/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testImportHelp.unix.approved.txt index eb7672e078..c54a84da3d 100644 --- a/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testImportHelp.unix.approved.txt +++ b/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testImportHelp.unix.approved.txt @@ -59,16 +59,16 @@ Feature: account2, account3, admin-api, admin-fine-grained-authz, admin2, authorization, ciba, client-policies, client-secret-rotation, declarative-user-profile, docker, dpop, dynamic-scopes, fips, impersonation, - js-adapter, kerberos, linkedin-oauth, map-storage, par, preview, - recovery-codes, scripts, step-up-authentication, token-exchange, + js-adapter, kerberos, legacy-welcome, linkedin-oauth, map-storage, par, + preview, recovery-codes, scripts, step-up-authentication, token-exchange, update-email, web-authn. --features-disabled Disables a set of one or more features. Possible values are: account-api, account2, account3, admin-api, admin-fine-grained-authz, admin2, authorization, ciba, client-policies, client-secret-rotation, declarative-user-profile, docker, dpop, dynamic-scopes, fips, impersonation, - js-adapter, kerberos, linkedin-oauth, map-storage, par, preview, - recovery-codes, scripts, step-up-authentication, token-exchange, + js-adapter, kerberos, legacy-welcome, linkedin-oauth, map-storage, par, + preview, recovery-codes, scripts, step-up-authentication, token-exchange, update-email, web-authn. Config: @@ -136,4 +136,4 @@ Import: --file Set the path to a file that will be read. --override Set if existing data should be overwritten. If set to false, data will be - ignored. Default: true. + ignored. Default: true. \ No newline at end of file diff --git a/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testImportHelp.windows.approved.txt b/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testImportHelp.windows.approved.txt new file mode 100644 index 0000000000..1b64590589 --- /dev/null +++ b/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testImportHelp.windows.approved.txt @@ -0,0 +1,139 @@ +Import data from a directory or a file. + +Usage: + +kc.bat import [OPTIONS] + +Import data from a directory or a file. + +Options: + +-h, --help This help message. +--help-all This same help message but with additional options. +--optimized Use this option to achieve an optimal startup time if you have previously + built a server image using the 'build' command. + +Database: + +--db The database vendor. Possible values are: dev-file, dev-mem, mariadb, mssql, + mysql, oracle, postgres. Default: dev-file. +--db-driver The fully qualified class name of the JDBC driver. If not set, a default + driver is set accordingly to the chosen database. +--db-password + The password of the database user. +--db-pool-initial-size + The initial size of the connection pool. +--db-pool-max-size + The maximum size of the connection pool. Default: 100. +--db-pool-min-size + The minimal size of the connection pool. +--db-schema The database schema to be used. +--db-url The full database JDBC URL. If not provided, a default URL is set based on the + selected database vendor. For instance, if using 'postgres', the default + JDBC URL would be 'jdbc:postgresql://localhost/keycloak'. +--db-url-database + Sets the database name of the default JDBC URL of the chosen vendor. If the + `db-url` option is set, this option is ignored. +--db-url-host + Sets the hostname of the default JDBC URL of the chosen vendor. If the + `db-url` option is set, this option is ignored. +--db-url-port Sets the port of the default JDBC URL of the chosen vendor. If the `db-url` + option is set, this option is ignored. +--db-url-properties + Sets the properties of the default JDBC URL of the chosen vendor. Make sure to + set the properties accordingly to the format expected by the database + vendor, as well as appending the right character at the beginning of this + property value. If the `db-url` option is set, this option is ignored. +--db-username + The username of the database user. + +Transaction: + +--transaction-xa-enabled + If set to false, Keycloak uses a non-XA datasource in case the database does + not support XA transactions. Default: true. + +Feature: + +--features Enables a set of one or more features. Possible values are: account-api, + account2, account3, admin-api, admin-fine-grained-authz, admin2, + authorization, ciba, client-policies, client-secret-rotation, + declarative-user-profile, docker, dpop, dynamic-scopes, fips, impersonation, + js-adapter, kerberos, legacy-welcome, linkedin-oauth, map-storage, par, + preview, recovery-codes, scripts, step-up-authentication, token-exchange, + update-email, web-authn. +--features-disabled + Disables a set of one or more features. Possible values are: account-api, + account2, account3, admin-api, admin-fine-grained-authz, admin2, + authorization, ciba, client-policies, client-secret-rotation, + declarative-user-profile, docker, dpop, dynamic-scopes, fips, impersonation, + js-adapter, kerberos, legacy-welcome, linkedin-oauth, map-storage, par, + preview, recovery-codes, scripts, step-up-authentication, token-exchange, + update-email, web-authn. + +Config: + +--config-keystore + Specifies a path to the KeyStore Configuration Source. +--config-keystore-password + Specifies a password to the KeyStore Configuration Source. +--config-keystore-type + Specifies a type of the KeyStore Configuration Source. Default: PKCS12. + +Logging: + +--log Enable one or more log handlers in a comma-separated list. Possible values + are: console, file, gelf. Default: console. +--log-console-color + Enable or disable colors when logging to console. Default: false. +--log-console-format + The format of unstructured console log entries. If the format has spaces in + it, escape the value using "". Default: %d{yyyy-MM-dd HH:mm:ss,SSS} % + -5p [%c] (%t) %s%e%n. +--log-console-output + Set the log output to JSON or default (plain) unstructured logging. Possible + values are: default, json. Default: default. +--log-file Set the log file path and filename. Default: data\log\keycloak.log. +--log-file-format + Set a format specific to file log entries. Default: %d{yyyy-MM-dd HH:mm:ss, + SSS} %-5p [%c] (%t) %s%e%n. +--log-file-output + Set the log output to JSON or default (plain) unstructured logging. Possible + values are: default, json. Default: default. +--log-gelf-facility + The facility (name of the process) that sends the message. Default: keycloak. +--log-gelf-host + Hostname of the Logstash or Graylog Host. By default UDP is used, prefix the + host with 'tcp:' to switch to TCP. Example: 'tcp:localhost' Default: + localhost. +--log-gelf-include-location + Include source code location. Default: true. +--log-gelf-include-message-parameters + Include message parameters from the log event. Default: true. +--log-gelf-include-stack-trace + If set to true, occuring stack traces are included in the 'StackTrace' field + in the GELF output. Default: true. +--log-gelf-level + The log level specifying which message levels will be logged by the GELF + logger. Message levels lower than this value will be discarded. Default: + INFO. +--log-gelf-max-message-size + Maximum message size (in bytes). If the message size is exceeded, GELF will + submit the message in multiple chunks. Default: 8192. +--log-gelf-port + The port the Logstash or Graylog Host is called on. Default: 12201. +--log-gelf-timestamp-format + Set the format for the GELF timestamp field. Uses Java SimpleDateFormat + pattern. Default: yyyy-MM-dd HH:mm:ss,SSS. +--log-level + The log level of the root category or a comma-separated list of individual + categories and their levels. For the root category, you don't need to + specify a category. Default: info. + +Import: + +--dir Set the path to a directory where files will be read from. +--file Set the path to a file that will be read. +--override + Set if existing data should be overwritten. If set to false, data will be + ignored. Default: true. \ No newline at end of file diff --git a/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testImportHelpAll.unix.approved.txt b/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testImportHelpAll.unix.approved.txt index 8916753a65..75d93c3320 100644 --- a/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testImportHelpAll.unix.approved.txt +++ b/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testImportHelpAll.unix.approved.txt @@ -122,16 +122,16 @@ Feature: account2, account3, admin-api, admin-fine-grained-authz, admin2, authorization, ciba, client-policies, client-secret-rotation, declarative-user-profile, docker, dpop, dynamic-scopes, fips, impersonation, - js-adapter, kerberos, linkedin-oauth, map-storage, par, preview, - recovery-codes, scripts, step-up-authentication, token-exchange, + js-adapter, kerberos, legacy-welcome, linkedin-oauth, map-storage, par, + preview, recovery-codes, scripts, step-up-authentication, token-exchange, update-email, web-authn. --features-disabled Disables a set of one or more features. Possible values are: account-api, account2, account3, admin-api, admin-fine-grained-authz, admin2, authorization, ciba, client-policies, client-secret-rotation, declarative-user-profile, docker, dpop, dynamic-scopes, fips, impersonation, - js-adapter, kerberos, linkedin-oauth, map-storage, par, preview, - recovery-codes, scripts, step-up-authentication, token-exchange, + js-adapter, kerberos, legacy-welcome, linkedin-oauth, map-storage, par, + preview, recovery-codes, scripts, step-up-authentication, token-exchange, update-email, web-authn. Config: @@ -199,4 +199,4 @@ Import: --file Set the path to a file that will be read. --override Set if existing data should be overwritten. If set to false, data will be - ignored. Default: true. + ignored. Default: true. \ No newline at end of file diff --git a/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testImportHelpAll.windows.approved.txt b/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testImportHelpAll.windows.approved.txt new file mode 100644 index 0000000000..ddff31bbba --- /dev/null +++ b/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testImportHelpAll.windows.approved.txt @@ -0,0 +1,202 @@ +Import data from a directory or a file. + +Usage: + +kc.bat import [OPTIONS] + +Import data from a directory or a file. + +Options: + +-h, --help This help message. +--help-all This same help message but with additional options. +--optimized Use this option to achieve an optimal startup time if you have previously + built a server image using the 'build' command. + +Storage (Experimental): + +--storage Experimental: Sets the default storage mechanism for all areas. Possible + values are: jpa, chm, hotrod, file. +--storage-area-auth-session + Experimental: Sets a storage mechanism for authentication sessions. Possible + values are: jpa, chm, hotrod, file. +--storage-area-authorization + Experimental: Sets a storage mechanism for authorizations. Possible values + are: jpa, chm, hotrod, file. +--storage-area-client + Experimental: Sets a storage mechanism for clients. Possible values are: jpa, + chm, hotrod, file. +--storage-area-client-scope + Experimental: Sets a storage mechanism for client scopes. Possible values are: + jpa, chm, hotrod, file. +--storage-area-event-admin + Experimental: Sets a storage mechanism for admin events. Possible values are: + jpa, chm, hotrod, file. +--storage-area-event-auth + Experimental: Sets a storage mechanism for authentication and authorization + events. Possible values are: jpa, chm, hotrod, file. +--storage-area-group + Experimental: Sets a storage mechanism for groups. Possible values are: jpa, + chm, hotrod, file. +--storage-area-login-failure + Experimental: Sets a storage mechanism for login failures. Possible values + are: jpa, chm, hotrod, file. +--storage-area-realm + Experimental: Sets a storage mechanism for realms. Possible values are: jpa, + chm, hotrod, file. +--storage-area-role + Experimental: Sets a storage mechanism for roles. Possible values are: jpa, + chm, hotrod, file. +--storage-area-single-use-object + Experimental: Sets a storage mechanism for single use objects. Possible values + are: jpa, chm, hotrod. +--storage-area-user + Experimental: Sets a storage mechanism for users. Possible values are: jpa, + chm, hotrod, file. +--storage-area-user-session + Experimental: Sets a storage mechanism for user and client sessions. Possible + values are: jpa, chm, hotrod, file. +--storage-deployment-state-version-seed + Experimental: Secret that serves as a seed to mask the version number of + Keycloak in URLs. Need to be identical across all servers in the cluster. + Will default to a random number generated when starting the server which is + secure but will lead to problems when a loadbalancer without sticky sessions + is used or nodes are restarted. +--storage-file-dir + Experimental: Root directory for file map store. +--storage-hotrod-host + Experimental: Sets the host of the Infinispan server. +--storage-hotrod-password + Experimental: Sets the password of the Infinispan user. +--storage-hotrod-port + Experimental: Sets the port of the Infinispan server. +--storage-hotrod-username + Experimental: Sets the username of the Infinispan user. +--storage-jpa-db + Experimental: The database vendor for jpa map storage. Possible values are: + postgres, cockroach. Default: postgres. + +Database: + +--db The database vendor. Possible values are: dev-file, dev-mem, mariadb, mssql, + mysql, oracle, postgres. Default: dev-file. +--db-driver The fully qualified class name of the JDBC driver. If not set, a default + driver is set accordingly to the chosen database. +--db-password + The password of the database user. +--db-pool-initial-size + The initial size of the connection pool. +--db-pool-max-size + The maximum size of the connection pool. Default: 100. +--db-pool-min-size + The minimal size of the connection pool. +--db-schema The database schema to be used. +--db-url The full database JDBC URL. If not provided, a default URL is set based on the + selected database vendor. For instance, if using 'postgres', the default + JDBC URL would be 'jdbc:postgresql://localhost/keycloak'. +--db-url-database + Sets the database name of the default JDBC URL of the chosen vendor. If the + `db-url` option is set, this option is ignored. +--db-url-host + Sets the hostname of the default JDBC URL of the chosen vendor. If the + `db-url` option is set, this option is ignored. +--db-url-port Sets the port of the default JDBC URL of the chosen vendor. If the `db-url` + option is set, this option is ignored. +--db-url-properties + Sets the properties of the default JDBC URL of the chosen vendor. Make sure to + set the properties accordingly to the format expected by the database + vendor, as well as appending the right character at the beginning of this + property value. If the `db-url` option is set, this option is ignored. +--db-username + The username of the database user. + +Transaction: + +--transaction-xa-enabled + If set to false, Keycloak uses a non-XA datasource in case the database does + not support XA transactions. Default: true. + +Feature: + +--features Enables a set of one or more features. Possible values are: account-api, + account2, account3, admin-api, admin-fine-grained-authz, admin2, + authorization, ciba, client-policies, client-secret-rotation, + declarative-user-profile, docker, dpop, dynamic-scopes, fips, impersonation, + js-adapter, kerberos, legacy-welcome, linkedin-oauth, map-storage, par, + preview, recovery-codes, scripts, step-up-authentication, token-exchange, + update-email, web-authn. +--features-disabled + Disables a set of one or more features. Possible values are: account-api, + account2, account3, admin-api, admin-fine-grained-authz, admin2, + authorization, ciba, client-policies, client-secret-rotation, + declarative-user-profile, docker, dpop, dynamic-scopes, fips, impersonation, + js-adapter, kerberos, legacy-welcome, linkedin-oauth, map-storage, par, + preview, recovery-codes, scripts, step-up-authentication, token-exchange, + update-email, web-authn. + +Config: + +--config-keystore + Specifies a path to the KeyStore Configuration Source. +--config-keystore-password + Specifies a password to the KeyStore Configuration Source. +--config-keystore-type + Specifies a type of the KeyStore Configuration Source. Default: PKCS12. + +Logging: + +--log Enable one or more log handlers in a comma-separated list. Possible values + are: console, file, gelf. Default: console. +--log-console-color + Enable or disable colors when logging to console. Default: false. +--log-console-format + The format of unstructured console log entries. If the format has spaces in + it, escape the value using "". Default: %d{yyyy-MM-dd HH:mm:ss,SSS} % + -5p [%c] (%t) %s%e%n. +--log-console-output + Set the log output to JSON or default (plain) unstructured logging. Possible + values are: default, json. Default: default. +--log-file Set the log file path and filename. Default: data\log\keycloak.log. +--log-file-format + Set a format specific to file log entries. Default: %d{yyyy-MM-dd HH:mm:ss, + SSS} %-5p [%c] (%t) %s%e%n. +--log-file-output + Set the log output to JSON or default (plain) unstructured logging. Possible + values are: default, json. Default: default. +--log-gelf-facility + The facility (name of the process) that sends the message. Default: keycloak. +--log-gelf-host + Hostname of the Logstash or Graylog Host. By default UDP is used, prefix the + host with 'tcp:' to switch to TCP. Example: 'tcp:localhost' Default: + localhost. +--log-gelf-include-location + Include source code location. Default: true. +--log-gelf-include-message-parameters + Include message parameters from the log event. Default: true. +--log-gelf-include-stack-trace + If set to true, occuring stack traces are included in the 'StackTrace' field + in the GELF output. Default: true. +--log-gelf-level + The log level specifying which message levels will be logged by the GELF + logger. Message levels lower than this value will be discarded. Default: + INFO. +--log-gelf-max-message-size + Maximum message size (in bytes). If the message size is exceeded, GELF will + submit the message in multiple chunks. Default: 8192. +--log-gelf-port + The port the Logstash or Graylog Host is called on. Default: 12201. +--log-gelf-timestamp-format + Set the format for the GELF timestamp field. Uses Java SimpleDateFormat + pattern. Default: yyyy-MM-dd HH:mm:ss,SSS. +--log-level + The log level of the root category or a comma-separated list of individual + categories and their levels. For the root category, you don't need to + specify a category. Default: info. + +Import: + +--dir Set the path to a directory where files will be read from. +--file Set the path to a file that will be read. +--override + Set if existing data should be overwritten. If set to false, data will be + ignored. Default: true. \ No newline at end of file diff --git a/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testStartDevHelp.unix.approved.txt b/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testStartDevHelp.unix.approved.txt index b8460e04b3..909c0b0a71 100644 --- a/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testStartDevHelp.unix.approved.txt +++ b/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testStartDevHelp.unix.approved.txt @@ -75,16 +75,16 @@ Feature: account2, account3, admin-api, admin-fine-grained-authz, admin2, authorization, ciba, client-policies, client-secret-rotation, declarative-user-profile, docker, dpop, dynamic-scopes, fips, impersonation, - js-adapter, kerberos, linkedin-oauth, map-storage, par, preview, - recovery-codes, scripts, step-up-authentication, token-exchange, + js-adapter, kerberos, legacy-welcome, linkedin-oauth, map-storage, par, + preview, recovery-codes, scripts, step-up-authentication, token-exchange, update-email, web-authn. --features-disabled Disables a set of one or more features. Possible values are: account-api, account2, account3, admin-api, admin-fine-grained-authz, admin2, authorization, ciba, client-policies, client-secret-rotation, declarative-user-profile, docker, dpop, dynamic-scopes, fips, impersonation, - js-adapter, kerberos, linkedin-oauth, map-storage, par, preview, - recovery-codes, scripts, step-up-authentication, token-exchange, + js-adapter, kerberos, legacy-welcome, linkedin-oauth, map-storage, par, + preview, recovery-codes, scripts, step-up-authentication, token-exchange, update-email, web-authn. Hostname: @@ -254,4 +254,4 @@ Security: Do NOT start the server using this command when deploying to production. Use 'kc.sh start-dev --help-all' to list all available options, including build -options. +options. \ No newline at end of file diff --git a/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testStartDevHelp.windows.approved.txt b/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testStartDevHelp.windows.approved.txt index fa2ed54f60..cefb913807 100644 --- a/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testStartDevHelp.windows.approved.txt +++ b/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testStartDevHelp.windows.approved.txt @@ -1,240 +1,257 @@ -Start the server in development mode. - -Usage: - -kc.bat start-dev [OPTIONS] - -Use this command if you want to run the server locally for development or -testing purposes. - -Options: - --h, --help This help message. ---help-all This same help message but with additional options. ---import-realm Import realms during startup by reading any realm configuration file from the - 'data/import' directory. - -Cache: - ---cache Defines the cache mechanism for high-availability. By default in production - mode, a 'ispn' cache is used to create a cluster between multiple server - nodes. By default in development mode, a 'local' cache disables clustering - and is intended for development and testing purposes. Possible values are: - ispn, local. Default: ispn. ---cache-config-file - Defines the file from which cache configuration should be loaded from. The - configuration file is relative to the 'conf/' directory. ---cache-stack - Define the default stack to use for cluster communication and node discovery. - This option only takes effect if 'cache' is set to 'ispn'. Default: udp. - Possible values are: tcp, udp, kubernetes, ec2, azure, google. - -Database: - ---db The database vendor. Possible values are: dev-file, dev-mem, mariadb, mssql, - mysql, oracle, postgres. Default: dev-file. ---db-driver The fully qualified class name of the JDBC driver. If not set, a default - driver is set accordingly to the chosen database. ---db-password - The password of the database user. ---db-pool-initial-size - The initial size of the connection pool. ---db-pool-max-size - The maximum size of the connection pool. Default: 100. ---db-pool-min-size - The minimal size of the connection pool. ---db-schema The database schema to be used. ---db-url The full database JDBC URL. If not provided, a default URL is set based on the - selected database vendor. For instance, if using 'postgres', the default - JDBC URL would be 'jdbc:postgresql://localhost/keycloak'. ---db-url-database - Sets the database name of the default JDBC URL of the chosen vendor. If the - `db-url` option is set, this option is ignored. ---db-url-host - Sets the hostname of the default JDBC URL of the chosen vendor. If the - `db-url` option is set, this option is ignored. ---db-url-port Sets the port of the default JDBC URL of the chosen vendor. If the `db-url` - option is set, this option is ignored. ---db-url-properties - Sets the properties of the default JDBC URL of the chosen vendor. If the - `db-url` option is set, this option is ignored. ---db-username - The username of the database user. - -Transaction: - ---transaction-xa-enabled - If set to false, Keycloak uses a non-XA datasource in case the database does - not support XA transactions. Default: true. - -Feature: - ---features Enables a set of one or more features. Possible values are: account-api, - account2, account3, admin-api, admin-fine-grained-authz, admin2, - authorization, ciba, client-policies, client-secret-rotation, - declarative-user-profile, docker, dpop, dynamic-scopes, fips, impersonation, - js-adapter, kerberos, linkedin-oauth, map-storage, par, preview, - recovery-codes, scripts, step-up-authentication, token-exchange, - update-email, web-authn. ---features-disabled - Disables a set of one or more features. Possible values are: account-api, - account2, account3, admin-api, admin-fine-grained-authz, admin2, - authorization, ciba, client-policies, client-secret-rotation, - declarative-user-profile, docker, dpop, dynamic-scopes, fips, impersonation, - js-adapter, kerberos, linkedin-oauth, map-storage, par, preview, - recovery-codes, scripts, step-up-authentication, token-exchange, - update-email, web-authn. - -Hostname: - ---hostname - Hostname for the Keycloak server. ---hostname-admin - The hostname for accessing the administration console. Use this option if you - are exposing the administration console using a hostname other than the - value set to the 'hostname' option. ---hostname-admin-url - Set the base URL for accessing the administration console, including scheme, - host, port and path ---hostname-path - This should be set if proxy uses a different context-path for Keycloak. ---hostname-port - The port used by the proxy when exposing the hostname. Set this option if the - proxy uses a port other than the default HTTP and HTTPS ports. Default: -1. ---hostname-strict - Disables dynamically resolving the hostname from request headers. Should - always be set to true in production, unless proxy verifies the Host header. - Default: true. ---hostname-strict-backchannel - By default backchannel URLs are dynamically resolved from request headers to - allow internal and external applications. If all applications use the public - URL this option should be enabled. Default: false. ---hostname-url Set the base URL for frontend URLs, including scheme, host, port and path. - -HTTP/TLS: - ---http-enabled - Enables the HTTP listener. Default: false. ---http-host The used HTTP Host. Default: 0.0.0.0. ---http-port The used HTTP port. Default: 8080. ---http-relative-path - Set the path relative to '/' for serving resources. The path must start with a - '/'. Default: /. ---https-certificate-file - The file path to a server certificate or certificate chain in PEM format. ---https-certificate-key-file - The file path to a private key in PEM format. ---https-cipher-suites - The cipher suites to use. If none is given, a reasonable default is selected. ---https-client-auth - Configures the server to require/request client authentication. Possible - values are: none, request, required. Default: none. ---https-key-store-file - The key store which holds the certificate information instead of specifying - separate files. ---https-key-store-password - The password of the key store file. Default: password. ---https-key-store-type - The type of the key store file. If not given, the type is automatically - detected based on the file name. If 'fips-mode' is set to 'strict' and no - value is set, it defaults to 'BCFKS'. ---https-port The used HTTPS port. Default: 8443. ---https-protocols - The list of protocols to explicitly enable. Default: TLSv1.3,TLSv1.2. ---https-trust-store-file - The trust store which holds the certificate information of the certificates to - trust. ---https-trust-store-password - The password of the trust store file. ---https-trust-store-type - The type of the trust store file. If not given, the type is automatically - detected based on the file name. If 'fips-mode' is set to 'strict' and no - value is set, it defaults to 'BCFKS'. - -Health: - ---health-enabled - If the server should expose health check endpoints. If enabled, health checks - are available at the '/health', '/health/ready' and '/health/live' - endpoints. Default: false. - -Metrics: - ---metrics-enabled - If the server should expose metrics. If enabled, metrics are available at the - '/metrics' endpoint. Default: false. - -Proxy: - ---proxy The proxy address forwarding mode if the server is behind a reverse proxy. - Possible values are: none, edge, reencrypt, passthrough. Default: none. - -Vault: - ---vault Enables a vault provider. Possible values are: file. ---vault-dir If set, secrets can be obtained by reading the content of files within the - given directory. - -Logging: - ---log Enable one or more log handlers in a comma-separated list. Possible values - are: console, file, gelf. Default: console. ---log-console-color - Enable or disable colors when logging to console. Default: false. ---log-console-format - The format of unstructured console log entries. If the format has spaces in - it, escape the value using "". Default: %d{yyyy-MM-dd HH:mm:ss,SSS} % - -5p [%c] (%t) %s%e%n. ---log-console-output - Set the log output to JSON or default (plain) unstructured logging. Possible - values are: default, json. Default: default. ---log-file Set the log file path and filename. Default: data/log/keycloak.log. ---log-file-format - Set a format specific to file log entries. Default: %d{yyyy-MM-dd HH:mm:ss, - SSS} %-5p [%c] (%t) %s%e%n. ---log-file-output - Set the log output to JSON or default (plain) unstructured logging. Possible - values are: default, json. Default: default. ---log-gelf-facility - The facility (name of the process) that sends the message. Default: keycloak. ---log-gelf-host - Hostname of the Logstash or Graylog Host. By default UDP is used, prefix the - host with 'tcp:' to switch to TCP. Example: 'tcp:localhost' Default: - localhost. ---log-gelf-include-location - Include source code location. Default: true. ---log-gelf-include-message-parameters - Include message parameters from the log event. Default: true. ---log-gelf-include-stack-trace - If set to true, occuring stack traces are included in the 'StackTrace' field - in the GELF output. Default: true. ---log-gelf-level - The log level specifying which message levels will be logged by the GELF - logger. Message levels lower than this value will be discarded. Default: - INFO. ---log-gelf-max-message-size - Maximum message size (in bytes). If the message size is exceeded, GELF will - submit the message in multiple chunks. Default: 8192. ---log-gelf-port - The port the Logstash or Graylog Host is called on. Default: 12201. ---log-gelf-timestamp-format - Set the format for the GELF timestamp field. Uses Java SimpleDateFormat - pattern. Default: yyyy-MM-dd HH:mm:ss,SSS. ---log-level - The log level of the root category or a comma-separated list of individual - categories and their levels. For the root category, you don't need to - specify a category. Default: info. - -Security: - ---fips-mode Sets the FIPS mode. If 'non-strict' is set, FIPS is enabled but on - non-approved mode. For full FIPS compliance, set 'strict' to run on approved - mode. This option defaults to 'disabled' when 'fips' feature is disabled, - which is by default. This option defaults to 'non-strict' when 'fips' - feature is enabled. Possible values are: non-strict, strict. Default: - disabled. - -Do NOT start the server using this command when deploying to production. - -Use 'kc.bat start-dev --help-all' to list all available options, including -build options. +Start the server in development mode. + +Usage: + +kc.bat start-dev [OPTIONS] + +Use this command if you want to run the server locally for development or +testing purposes. + +Options: + +-h, --help This help message. +--help-all This same help message but with additional options. +--import-realm Import realms during startup by reading any realm configuration file from the + 'data/import' directory. + +Cache: + +--cache Defines the cache mechanism for high-availability. By default in production + mode, a 'ispn' cache is used to create a cluster between multiple server + nodes. By default in development mode, a 'local' cache disables clustering + and is intended for development and testing purposes. Possible values are: + ispn, local. Default: ispn. +--cache-config-file + Defines the file from which cache configuration should be loaded from. The + configuration file is relative to the 'conf/' directory. +--cache-stack + Define the default stack to use for cluster communication and node discovery. + This option only takes effect if 'cache' is set to 'ispn'. Default: udp. + Possible values are: tcp, udp, kubernetes, ec2, azure, google. + +Database: + +--db The database vendor. Possible values are: dev-file, dev-mem, mariadb, mssql, + mysql, oracle, postgres. Default: dev-file. +--db-driver The fully qualified class name of the JDBC driver. If not set, a default + driver is set accordingly to the chosen database. +--db-password + The password of the database user. +--db-pool-initial-size + The initial size of the connection pool. +--db-pool-max-size + The maximum size of the connection pool. Default: 100. +--db-pool-min-size + The minimal size of the connection pool. +--db-schema The database schema to be used. +--db-url The full database JDBC URL. If not provided, a default URL is set based on the + selected database vendor. For instance, if using 'postgres', the default + JDBC URL would be 'jdbc:postgresql://localhost/keycloak'. +--db-url-database + Sets the database name of the default JDBC URL of the chosen vendor. If the + `db-url` option is set, this option is ignored. +--db-url-host + Sets the hostname of the default JDBC URL of the chosen vendor. If the + `db-url` option is set, this option is ignored. +--db-url-port Sets the port of the default JDBC URL of the chosen vendor. If the `db-url` + option is set, this option is ignored. +--db-url-properties + Sets the properties of the default JDBC URL of the chosen vendor. Make sure to + set the properties accordingly to the format expected by the database + vendor, as well as appending the right character at the beginning of this + property value. If the `db-url` option is set, this option is ignored. +--db-username + The username of the database user. + +Transaction: + +--transaction-xa-enabled + If set to false, Keycloak uses a non-XA datasource in case the database does + not support XA transactions. Default: true. + +Feature: + +--features Enables a set of one or more features. Possible values are: account-api, + account2, account3, admin-api, admin-fine-grained-authz, admin2, + authorization, ciba, client-policies, client-secret-rotation, + declarative-user-profile, docker, dpop, dynamic-scopes, fips, impersonation, + js-adapter, kerberos, legacy-welcome, linkedin-oauth, map-storage, par, + preview, recovery-codes, scripts, step-up-authentication, token-exchange, + update-email, web-authn. +--features-disabled + Disables a set of one or more features. Possible values are: account-api, + account2, account3, admin-api, admin-fine-grained-authz, admin2, + authorization, ciba, client-policies, client-secret-rotation, + declarative-user-profile, docker, dpop, dynamic-scopes, fips, impersonation, + js-adapter, kerberos, legacy-welcome, linkedin-oauth, map-storage, par, + preview, recovery-codes, scripts, step-up-authentication, token-exchange, + update-email, web-authn. + +Hostname: + +--hostname + Hostname for the Keycloak server. +--hostname-admin + The hostname for accessing the administration console. Use this option if you + are exposing the administration console using a hostname other than the + value set to the 'hostname' option. +--hostname-admin-url + Set the base URL for accessing the administration console, including scheme, + host, port and path +--hostname-debug + Toggle the hostname debug page that is accessible at + /realms/master/hostname-debug Default: false. +--hostname-path + This should be set if proxy uses a different context-path for Keycloak. +--hostname-port + The port used by the proxy when exposing the hostname. Set this option if the + proxy uses a port other than the default HTTP and HTTPS ports. Default: -1. +--hostname-strict + Disables dynamically resolving the hostname from request headers. Should + always be set to true in production, unless proxy verifies the Host header. + Default: true. +--hostname-strict-backchannel + By default backchannel URLs are dynamically resolved from request headers to + allow internal and external applications. If all applications use the public + URL this option should be enabled. Default: false. +--hostname-url Set the base URL for frontend URLs, including scheme, host, port and path. + +HTTP/TLS: + +--http-enabled + Enables the HTTP listener. Default: false. +--http-host The used HTTP Host. Default: 0.0.0.0. +--http-port The used HTTP port. Default: 8080. +--http-relative-path + Set the path relative to '/' for serving resources. The path must start with a + '/'. Default: /. +--https-certificate-file + The file path to a server certificate or certificate chain in PEM format. +--https-certificate-key-file + The file path to a private key in PEM format. +--https-cipher-suites + The cipher suites to use. If none is given, a reasonable default is selected. +--https-client-auth + Configures the server to require/request client authentication. Possible + values are: none, request, required. Default: none. +--https-key-store-file + The key store which holds the certificate information instead of specifying + separate files. +--https-key-store-password + The password of the key store file. Default: password. +--https-key-store-type + The type of the key store file. If not given, the type is automatically + detected based on the file name. If 'fips-mode' is set to 'strict' and no + value is set, it defaults to 'BCFKS'. +--https-port The used HTTPS port. Default: 8443. +--https-protocols + The list of protocols to explicitly enable. Default: TLSv1.3,TLSv1.2. +--https-trust-store-file + The trust store which holds the certificate information of the certificates to + trust. +--https-trust-store-password + The password of the trust store file. +--https-trust-store-type + The type of the trust store file. If not given, the type is automatically + detected based on the file name. If 'fips-mode' is set to 'strict' and no + value is set, it defaults to 'BCFKS'. + +Health: + +--health-enabled + If the server should expose health check endpoints. If enabled, health checks + are available at the '/health', '/health/ready' and '/health/live' + endpoints. Default: false. + +Config: + +--config-keystore + Specifies a path to the KeyStore Configuration Source. +--config-keystore-password + Specifies a password to the KeyStore Configuration Source. +--config-keystore-type + Specifies a type of the KeyStore Configuration Source. Default: PKCS12. + +Metrics: + +--metrics-enabled + If the server should expose metrics. If enabled, metrics are available at the + '/metrics' endpoint. Default: false. + +Proxy: + +--proxy The proxy address forwarding mode if the server is behind a reverse proxy. + Possible values are: none, edge, reencrypt, passthrough. Default: none. + +Vault: + +--vault Enables a vault provider. Possible values are: file, keystore. +--vault-dir If set, secrets can be obtained by reading the content of files within the + given directory. +--vault-file Path to the keystore file. +--vault-pass Password for the vault keystore. +--vault-type Specifies the type of the keystore file. Default: PKCS12. + +Logging: + +--log Enable one or more log handlers in a comma-separated list. Possible values + are: console, file, gelf. Default: console. +--log-console-color + Enable or disable colors when logging to console. Default: false. +--log-console-format + The format of unstructured console log entries. If the format has spaces in + it, escape the value using "". Default: %d{yyyy-MM-dd HH:mm:ss,SSS} % + -5p [%c] (%t) %s%e%n. +--log-console-output + Set the log output to JSON or default (plain) unstructured logging. Possible + values are: default, json. Default: default. +--log-file Set the log file path and filename. Default: data\log\keycloak.log. +--log-file-format + Set a format specific to file log entries. Default: %d{yyyy-MM-dd HH:mm:ss, + SSS} %-5p [%c] (%t) %s%e%n. +--log-file-output + Set the log output to JSON or default (plain) unstructured logging. Possible + values are: default, json. Default: default. +--log-gelf-facility + The facility (name of the process) that sends the message. Default: keycloak. +--log-gelf-host + Hostname of the Logstash or Graylog Host. By default UDP is used, prefix the + host with 'tcp:' to switch to TCP. Example: 'tcp:localhost' Default: + localhost. +--log-gelf-include-location + Include source code location. Default: true. +--log-gelf-include-message-parameters + Include message parameters from the log event. Default: true. +--log-gelf-include-stack-trace + If set to true, occuring stack traces are included in the 'StackTrace' field + in the GELF output. Default: true. +--log-gelf-level + The log level specifying which message levels will be logged by the GELF + logger. Message levels lower than this value will be discarded. Default: + INFO. +--log-gelf-max-message-size + Maximum message size (in bytes). If the message size is exceeded, GELF will + submit the message in multiple chunks. Default: 8192. +--log-gelf-port + The port the Logstash or Graylog Host is called on. Default: 12201. +--log-gelf-timestamp-format + Set the format for the GELF timestamp field. Uses Java SimpleDateFormat + pattern. Default: yyyy-MM-dd HH:mm:ss,SSS. +--log-level + The log level of the root category or a comma-separated list of individual + categories and their levels. For the root category, you don't need to + specify a category. Default: info. + +Security: + +--fips-mode Sets the FIPS mode. If 'non-strict' is set, FIPS is enabled but on + non-approved mode. For full FIPS compliance, set 'strict' to run on approved + mode. This option defaults to 'disabled' when 'fips' feature is disabled, + which is by default. This option defaults to 'non-strict' when 'fips' + feature is enabled. Possible values are: non-strict, strict. Default: + disabled. + +Do NOT start the server using this command when deploying to production. + +Use 'kc.bat start-dev --help-all' to list all available options, including +build options. \ No newline at end of file diff --git a/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testStartDevHelpAll.unix.approved.txt b/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testStartDevHelpAll.unix.approved.txt index cf00c3b44d..1af936a52e 100644 --- a/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testStartDevHelpAll.unix.approved.txt +++ b/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testStartDevHelpAll.unix.approved.txt @@ -138,16 +138,16 @@ Feature: account2, account3, admin-api, admin-fine-grained-authz, admin2, authorization, ciba, client-policies, client-secret-rotation, declarative-user-profile, docker, dpop, dynamic-scopes, fips, impersonation, - js-adapter, kerberos, linkedin-oauth, map-storage, par, preview, - recovery-codes, scripts, step-up-authentication, token-exchange, + js-adapter, kerberos, legacy-welcome, linkedin-oauth, map-storage, par, + preview, recovery-codes, scripts, step-up-authentication, token-exchange, update-email, web-authn. --features-disabled Disables a set of one or more features. Possible values are: account-api, account2, account3, admin-api, admin-fine-grained-authz, admin2, authorization, ciba, client-policies, client-secret-rotation, declarative-user-profile, docker, dpop, dynamic-scopes, fips, impersonation, - js-adapter, kerberos, linkedin-oauth, map-storage, par, preview, - recovery-codes, scripts, step-up-authentication, token-exchange, + js-adapter, kerberos, legacy-welcome, linkedin-oauth, map-storage, par, + preview, recovery-codes, scripts, step-up-authentication, token-exchange, update-email, web-authn. Hostname: @@ -317,4 +317,4 @@ Security: Do NOT start the server using this command when deploying to production. Use 'kc.sh start-dev --help-all' to list all available options, including build -options. +options. \ No newline at end of file diff --git a/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testStartDevHelpAll.windows.approved.txt b/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testStartDevHelpAll.windows.approved.txt index 6683b55441..a984ec9133 100644 --- a/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testStartDevHelpAll.windows.approved.txt +++ b/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testStartDevHelpAll.windows.approved.txt @@ -1,303 +1,320 @@ -Start the server in development mode. - -Usage: - -kc.bat start-dev [OPTIONS] - -Use this command if you want to run the server locally for development or -testing purposes. - -Options: - --h, --help This help message. ---help-all This same help message but with additional options. ---import-realm Import realms during startup by reading any realm configuration file from the - 'data/import' directory. - -Cache: - ---cache Defines the cache mechanism for high-availability. By default in production - mode, a 'ispn' cache is used to create a cluster between multiple server - nodes. By default in development mode, a 'local' cache disables clustering - and is intended for development and testing purposes. Possible values are: - ispn, local. Default: ispn. ---cache-config-file - Defines the file from which cache configuration should be loaded from. The - configuration file is relative to the 'conf/' directory. ---cache-stack - Define the default stack to use for cluster communication and node discovery. - This option only takes effect if 'cache' is set to 'ispn'. Default: udp. - Possible values are: tcp, udp, kubernetes, ec2, azure, google. - -Storage (Experimental): - ---storage Experimental: Sets the default storage mechanism for all areas. Possible - values are: jpa, chm, hotrod, file. ---storage-area-auth-session - Experimental: Sets a storage mechanism for authentication sessions. Possible - values are: jpa, chm, hotrod, file. ---storage-area-authorization - Experimental: Sets a storage mechanism for authorizations. Possible values - are: jpa, chm, hotrod, file. ---storage-area-client - Experimental: Sets a storage mechanism for clients. Possible values are: jpa, - chm, hotrod, file. ---storage-area-client-scope - Experimental: Sets a storage mechanism for client scopes. Possible values are: - jpa, chm, hotrod, file. ---storage-area-event-admin - Experimental: Sets a storage mechanism for admin events. Possible values are: - jpa, chm, hotrod, file. ---storage-area-event-auth - Experimental: Sets a storage mechanism for authentication and authorization - events. Possible values are: jpa, chm, hotrod, file. ---storage-area-group - Experimental: Sets a storage mechanism for groups. Possible values are: jpa, - chm, hotrod, file. ---storage-area-login-failure - Experimental: Sets a storage mechanism for login failures. Possible values - are: jpa, chm, hotrod, file. ---storage-area-realm - Experimental: Sets a storage mechanism for realms. Possible values are: jpa, - chm, hotrod, file. ---storage-area-role - Experimental: Sets a storage mechanism for roles. Possible values are: jpa, - chm, hotrod, file. ---storage-area-single-use-object - Experimental: Sets a storage mechanism for single use objects. Possible values - are: jpa, chm, hotrod. ---storage-area-user - Experimental: Sets a storage mechanism for users. Possible values are: jpa, - chm, hotrod, file. ---storage-area-user-session - Experimental: Sets a storage mechanism for user and client sessions. Possible - values are: jpa, chm, hotrod, file. ---storage-deployment-state-version-seed - Experimental: Secret that serves as a seed to mask the version number of - Keycloak in URLs. Need to be identical across all servers in the cluster. - Will default to a random number generated when starting the server which is - secure but will lead to problems when a loadbalancer without sticky sessions - is used or nodes are restarted. ---storage-file-dir - Experimental: Root directory for file map store. ---storage-hotrod-host - Experimental: Sets the host of the Infinispan server. ---storage-hotrod-password - Experimental: Sets the password of the Infinispan user. ---storage-hotrod-port - Experimental: Sets the port of the Infinispan server. ---storage-hotrod-username - Experimental: Sets the username of the Infinispan user. ---storage-jpa-db - Experimental: The database vendor for jpa map storage. Possible values are: - postgres, cockroach. Default: postgres. - -Database: - ---db The database vendor. Possible values are: dev-file, dev-mem, mariadb, mssql, - mysql, oracle, postgres. Default: dev-file. ---db-driver The fully qualified class name of the JDBC driver. If not set, a default - driver is set accordingly to the chosen database. ---db-password - The password of the database user. ---db-pool-initial-size - The initial size of the connection pool. ---db-pool-max-size - The maximum size of the connection pool. Default: 100. ---db-pool-min-size - The minimal size of the connection pool. ---db-schema The database schema to be used. ---db-url The full database JDBC URL. If not provided, a default URL is set based on the - selected database vendor. For instance, if using 'postgres', the default - JDBC URL would be 'jdbc:postgresql://localhost/keycloak'. ---db-url-database - Sets the database name of the default JDBC URL of the chosen vendor. If the - `db-url` option is set, this option is ignored. ---db-url-host - Sets the hostname of the default JDBC URL of the chosen vendor. If the - `db-url` option is set, this option is ignored. ---db-url-port Sets the port of the default JDBC URL of the chosen vendor. If the `db-url` - option is set, this option is ignored. ---db-url-properties - Sets the properties of the default JDBC URL of the chosen vendor. If the - `db-url` option is set, this option is ignored. ---db-username - The username of the database user. - -Transaction: - ---transaction-xa-enabled - If set to false, Keycloak uses a non-XA datasource in case the database does - not support XA transactions. Default: true. - -Feature: - ---features Enables a set of one or more features. Possible values are: account-api, - account2, account3, admin-api, admin-fine-grained-authz, admin2, - authorization, ciba, client-policies, client-secret-rotation, - declarative-user-profile, docker, dpop, dynamic-scopes, fips, impersonation, - js-adapter, kerberos, linkedin-oauth, map-storage, par, preview, - recovery-codes, scripts, step-up-authentication, token-exchange, - update-email, web-authn. ---features-disabled - Disables a set of one or more features. Possible values are: account-api, - account2, account3, admin-api, admin-fine-grained-authz, admin2, - authorization, ciba, client-policies, client-secret-rotation, - declarative-user-profile, docker, dpop, dynamic-scopes, fips, impersonation, - js-adapter, kerberos, linkedin-oauth, map-storage, par, preview, - recovery-codes, scripts, step-up-authentication, token-exchange, - update-email, web-authn. - -Hostname: - ---hostname - Hostname for the Keycloak server. ---hostname-admin - The hostname for accessing the administration console. Use this option if you - are exposing the administration console using a hostname other than the - value set to the 'hostname' option. ---hostname-admin-url - Set the base URL for accessing the administration console, including scheme, - host, port and path ---hostname-path - This should be set if proxy uses a different context-path for Keycloak. ---hostname-port - The port used by the proxy when exposing the hostname. Set this option if the - proxy uses a port other than the default HTTP and HTTPS ports. Default: -1. ---hostname-strict - Disables dynamically resolving the hostname from request headers. Should - always be set to true in production, unless proxy verifies the Host header. - Default: true. ---hostname-strict-backchannel - By default backchannel URLs are dynamically resolved from request headers to - allow internal and external applications. If all applications use the public - URL this option should be enabled. Default: false. ---hostname-url Set the base URL for frontend URLs, including scheme, host, port and path. - -HTTP/TLS: - ---http-enabled - Enables the HTTP listener. Default: false. ---http-host The used HTTP Host. Default: 0.0.0.0. ---http-port The used HTTP port. Default: 8080. ---http-relative-path - Set the path relative to '/' for serving resources. The path must start with a - '/'. Default: /. ---https-certificate-file - The file path to a server certificate or certificate chain in PEM format. ---https-certificate-key-file - The file path to a private key in PEM format. ---https-cipher-suites - The cipher suites to use. If none is given, a reasonable default is selected. ---https-client-auth - Configures the server to require/request client authentication. Possible - values are: none, request, required. Default: none. ---https-key-store-file - The key store which holds the certificate information instead of specifying - separate files. ---https-key-store-password - The password of the key store file. Default: password. ---https-key-store-type - The type of the key store file. If not given, the type is automatically - detected based on the file name. If 'fips-mode' is set to 'strict' and no - value is set, it defaults to 'BCFKS'. ---https-port The used HTTPS port. Default: 8443. ---https-protocols - The list of protocols to explicitly enable. Default: TLSv1.3,TLSv1.2. ---https-trust-store-file - The trust store which holds the certificate information of the certificates to - trust. ---https-trust-store-password - The password of the trust store file. ---https-trust-store-type - The type of the trust store file. If not given, the type is automatically - detected based on the file name. If 'fips-mode' is set to 'strict' and no - value is set, it defaults to 'BCFKS'. - -Health: - ---health-enabled - If the server should expose health check endpoints. If enabled, health checks - are available at the '/health', '/health/ready' and '/health/live' - endpoints. Default: false. - -Metrics: - ---metrics-enabled - If the server should expose metrics. If enabled, metrics are available at the - '/metrics' endpoint. Default: false. - -Proxy: - ---proxy The proxy address forwarding mode if the server is behind a reverse proxy. - Possible values are: none, edge, reencrypt, passthrough. Default: none. - -Vault: - ---vault Enables a vault provider. Possible values are: file. ---vault-dir If set, secrets can be obtained by reading the content of files within the - given directory. - -Logging: - ---log Enable one or more log handlers in a comma-separated list. Possible values - are: console, file, gelf. Default: console. ---log-console-color - Enable or disable colors when logging to console. Default: false. ---log-console-format - The format of unstructured console log entries. If the format has spaces in - it, escape the value using "". Default: %d{yyyy-MM-dd HH:mm:ss,SSS} % - -5p [%c] (%t) %s%e%n. ---log-console-output - Set the log output to JSON or default (plain) unstructured logging. Possible - values are: default, json. Default: default. ---log-file Set the log file path and filename. Default: data/log/keycloak.log. ---log-file-format - Set a format specific to file log entries. Default: %d{yyyy-MM-dd HH:mm:ss, - SSS} %-5p [%c] (%t) %s%e%n. ---log-file-output - Set the log output to JSON or default (plain) unstructured logging. Possible - values are: default, json. Default: default. ---log-gelf-facility - The facility (name of the process) that sends the message. Default: keycloak. ---log-gelf-host - Hostname of the Logstash or Graylog Host. By default UDP is used, prefix the - host with 'tcp:' to switch to TCP. Example: 'tcp:localhost' Default: - localhost. ---log-gelf-include-location - Include source code location. Default: true. ---log-gelf-include-message-parameters - Include message parameters from the log event. Default: true. ---log-gelf-include-stack-trace - If set to true, occuring stack traces are included in the 'StackTrace' field - in the GELF output. Default: true. ---log-gelf-level - The log level specifying which message levels will be logged by the GELF - logger. Message levels lower than this value will be discarded. Default: - INFO. ---log-gelf-max-message-size - Maximum message size (in bytes). If the message size is exceeded, GELF will - submit the message in multiple chunks. Default: 8192. ---log-gelf-port - The port the Logstash or Graylog Host is called on. Default: 12201. ---log-gelf-timestamp-format - Set the format for the GELF timestamp field. Uses Java SimpleDateFormat - pattern. Default: yyyy-MM-dd HH:mm:ss,SSS. ---log-level - The log level of the root category or a comma-separated list of individual - categories and their levels. For the root category, you don't need to - specify a category. Default: info. - -Security: - ---fips-mode Sets the FIPS mode. If 'non-strict' is set, FIPS is enabled but on - non-approved mode. For full FIPS compliance, set 'strict' to run on approved - mode. This option defaults to 'disabled' when 'fips' feature is disabled, - which is by default. This option defaults to 'non-strict' when 'fips' - feature is enabled. Possible values are: non-strict, strict. Default: - disabled. - -Do NOT start the server using this command when deploying to production. - -Use 'kc.bat start-dev --help-all' to list all available options, including -build options. +Start the server in development mode. + +Usage: + +kc.bat start-dev [OPTIONS] + +Use this command if you want to run the server locally for development or +testing purposes. + +Options: + +-h, --help This help message. +--help-all This same help message but with additional options. +--import-realm Import realms during startup by reading any realm configuration file from the + 'data/import' directory. + +Cache: + +--cache Defines the cache mechanism for high-availability. By default in production + mode, a 'ispn' cache is used to create a cluster between multiple server + nodes. By default in development mode, a 'local' cache disables clustering + and is intended for development and testing purposes. Possible values are: + ispn, local. Default: ispn. +--cache-config-file + Defines the file from which cache configuration should be loaded from. The + configuration file is relative to the 'conf/' directory. +--cache-stack + Define the default stack to use for cluster communication and node discovery. + This option only takes effect if 'cache' is set to 'ispn'. Default: udp. + Possible values are: tcp, udp, kubernetes, ec2, azure, google. + +Storage (Experimental): + +--storage Experimental: Sets the default storage mechanism for all areas. Possible + values are: jpa, chm, hotrod, file. +--storage-area-auth-session + Experimental: Sets a storage mechanism for authentication sessions. Possible + values are: jpa, chm, hotrod, file. +--storage-area-authorization + Experimental: Sets a storage mechanism for authorizations. Possible values + are: jpa, chm, hotrod, file. +--storage-area-client + Experimental: Sets a storage mechanism for clients. Possible values are: jpa, + chm, hotrod, file. +--storage-area-client-scope + Experimental: Sets a storage mechanism for client scopes. Possible values are: + jpa, chm, hotrod, file. +--storage-area-event-admin + Experimental: Sets a storage mechanism for admin events. Possible values are: + jpa, chm, hotrod, file. +--storage-area-event-auth + Experimental: Sets a storage mechanism for authentication and authorization + events. Possible values are: jpa, chm, hotrod, file. +--storage-area-group + Experimental: Sets a storage mechanism for groups. Possible values are: jpa, + chm, hotrod, file. +--storage-area-login-failure + Experimental: Sets a storage mechanism for login failures. Possible values + are: jpa, chm, hotrod, file. +--storage-area-realm + Experimental: Sets a storage mechanism for realms. Possible values are: jpa, + chm, hotrod, file. +--storage-area-role + Experimental: Sets a storage mechanism for roles. Possible values are: jpa, + chm, hotrod, file. +--storage-area-single-use-object + Experimental: Sets a storage mechanism for single use objects. Possible values + are: jpa, chm, hotrod. +--storage-area-user + Experimental: Sets a storage mechanism for users. Possible values are: jpa, + chm, hotrod, file. +--storage-area-user-session + Experimental: Sets a storage mechanism for user and client sessions. Possible + values are: jpa, chm, hotrod, file. +--storage-deployment-state-version-seed + Experimental: Secret that serves as a seed to mask the version number of + Keycloak in URLs. Need to be identical across all servers in the cluster. + Will default to a random number generated when starting the server which is + secure but will lead to problems when a loadbalancer without sticky sessions + is used or nodes are restarted. +--storage-file-dir + Experimental: Root directory for file map store. +--storage-hotrod-host + Experimental: Sets the host of the Infinispan server. +--storage-hotrod-password + Experimental: Sets the password of the Infinispan user. +--storage-hotrod-port + Experimental: Sets the port of the Infinispan server. +--storage-hotrod-username + Experimental: Sets the username of the Infinispan user. +--storage-jpa-db + Experimental: The database vendor for jpa map storage. Possible values are: + postgres, cockroach. Default: postgres. + +Database: + +--db The database vendor. Possible values are: dev-file, dev-mem, mariadb, mssql, + mysql, oracle, postgres. Default: dev-file. +--db-driver The fully qualified class name of the JDBC driver. If not set, a default + driver is set accordingly to the chosen database. +--db-password + The password of the database user. +--db-pool-initial-size + The initial size of the connection pool. +--db-pool-max-size + The maximum size of the connection pool. Default: 100. +--db-pool-min-size + The minimal size of the connection pool. +--db-schema The database schema to be used. +--db-url The full database JDBC URL. If not provided, a default URL is set based on the + selected database vendor. For instance, if using 'postgres', the default + JDBC URL would be 'jdbc:postgresql://localhost/keycloak'. +--db-url-database + Sets the database name of the default JDBC URL of the chosen vendor. If the + `db-url` option is set, this option is ignored. +--db-url-host + Sets the hostname of the default JDBC URL of the chosen vendor. If the + `db-url` option is set, this option is ignored. +--db-url-port Sets the port of the default JDBC URL of the chosen vendor. If the `db-url` + option is set, this option is ignored. +--db-url-properties + Sets the properties of the default JDBC URL of the chosen vendor. Make sure to + set the properties accordingly to the format expected by the database + vendor, as well as appending the right character at the beginning of this + property value. If the `db-url` option is set, this option is ignored. +--db-username + The username of the database user. + +Transaction: + +--transaction-xa-enabled + If set to false, Keycloak uses a non-XA datasource in case the database does + not support XA transactions. Default: true. + +Feature: + +--features Enables a set of one or more features. Possible values are: account-api, + account2, account3, admin-api, admin-fine-grained-authz, admin2, + authorization, ciba, client-policies, client-secret-rotation, + declarative-user-profile, docker, dpop, dynamic-scopes, fips, impersonation, + js-adapter, kerberos, legacy-welcome, linkedin-oauth, map-storage, par, + preview, recovery-codes, scripts, step-up-authentication, token-exchange, + update-email, web-authn. +--features-disabled + Disables a set of one or more features. Possible values are: account-api, + account2, account3, admin-api, admin-fine-grained-authz, admin2, + authorization, ciba, client-policies, client-secret-rotation, + declarative-user-profile, docker, dpop, dynamic-scopes, fips, impersonation, + js-adapter, kerberos, legacy-welcome, linkedin-oauth, map-storage, par, + preview, recovery-codes, scripts, step-up-authentication, token-exchange, + update-email, web-authn. + +Hostname: + +--hostname + Hostname for the Keycloak server. +--hostname-admin + The hostname for accessing the administration console. Use this option if you + are exposing the administration console using a hostname other than the + value set to the 'hostname' option. +--hostname-admin-url + Set the base URL for accessing the administration console, including scheme, + host, port and path +--hostname-debug + Toggle the hostname debug page that is accessible at + /realms/master/hostname-debug Default: false. +--hostname-path + This should be set if proxy uses a different context-path for Keycloak. +--hostname-port + The port used by the proxy when exposing the hostname. Set this option if the + proxy uses a port other than the default HTTP and HTTPS ports. Default: -1. +--hostname-strict + Disables dynamically resolving the hostname from request headers. Should + always be set to true in production, unless proxy verifies the Host header. + Default: true. +--hostname-strict-backchannel + By default backchannel URLs are dynamically resolved from request headers to + allow internal and external applications. If all applications use the public + URL this option should be enabled. Default: false. +--hostname-url Set the base URL for frontend URLs, including scheme, host, port and path. + +HTTP/TLS: + +--http-enabled + Enables the HTTP listener. Default: false. +--http-host The used HTTP Host. Default: 0.0.0.0. +--http-port The used HTTP port. Default: 8080. +--http-relative-path + Set the path relative to '/' for serving resources. The path must start with a + '/'. Default: /. +--https-certificate-file + The file path to a server certificate or certificate chain in PEM format. +--https-certificate-key-file + The file path to a private key in PEM format. +--https-cipher-suites + The cipher suites to use. If none is given, a reasonable default is selected. +--https-client-auth + Configures the server to require/request client authentication. Possible + values are: none, request, required. Default: none. +--https-key-store-file + The key store which holds the certificate information instead of specifying + separate files. +--https-key-store-password + The password of the key store file. Default: password. +--https-key-store-type + The type of the key store file. If not given, the type is automatically + detected based on the file name. If 'fips-mode' is set to 'strict' and no + value is set, it defaults to 'BCFKS'. +--https-port The used HTTPS port. Default: 8443. +--https-protocols + The list of protocols to explicitly enable. Default: TLSv1.3,TLSv1.2. +--https-trust-store-file + The trust store which holds the certificate information of the certificates to + trust. +--https-trust-store-password + The password of the trust store file. +--https-trust-store-type + The type of the trust store file. If not given, the type is automatically + detected based on the file name. If 'fips-mode' is set to 'strict' and no + value is set, it defaults to 'BCFKS'. + +Health: + +--health-enabled + If the server should expose health check endpoints. If enabled, health checks + are available at the '/health', '/health/ready' and '/health/live' + endpoints. Default: false. + +Config: + +--config-keystore + Specifies a path to the KeyStore Configuration Source. +--config-keystore-password + Specifies a password to the KeyStore Configuration Source. +--config-keystore-type + Specifies a type of the KeyStore Configuration Source. Default: PKCS12. + +Metrics: + +--metrics-enabled + If the server should expose metrics. If enabled, metrics are available at the + '/metrics' endpoint. Default: false. + +Proxy: + +--proxy The proxy address forwarding mode if the server is behind a reverse proxy. + Possible values are: none, edge, reencrypt, passthrough. Default: none. + +Vault: + +--vault Enables a vault provider. Possible values are: file, keystore. +--vault-dir If set, secrets can be obtained by reading the content of files within the + given directory. +--vault-file Path to the keystore file. +--vault-pass Password for the vault keystore. +--vault-type Specifies the type of the keystore file. Default: PKCS12. + +Logging: + +--log Enable one or more log handlers in a comma-separated list. Possible values + are: console, file, gelf. Default: console. +--log-console-color + Enable or disable colors when logging to console. Default: false. +--log-console-format + The format of unstructured console log entries. If the format has spaces in + it, escape the value using "". Default: %d{yyyy-MM-dd HH:mm:ss,SSS} % + -5p [%c] (%t) %s%e%n. +--log-console-output + Set the log output to JSON or default (plain) unstructured logging. Possible + values are: default, json. Default: default. +--log-file Set the log file path and filename. Default: data\log\keycloak.log. +--log-file-format + Set a format specific to file log entries. Default: %d{yyyy-MM-dd HH:mm:ss, + SSS} %-5p [%c] (%t) %s%e%n. +--log-file-output + Set the log output to JSON or default (plain) unstructured logging. Possible + values are: default, json. Default: default. +--log-gelf-facility + The facility (name of the process) that sends the message. Default: keycloak. +--log-gelf-host + Hostname of the Logstash or Graylog Host. By default UDP is used, prefix the + host with 'tcp:' to switch to TCP. Example: 'tcp:localhost' Default: + localhost. +--log-gelf-include-location + Include source code location. Default: true. +--log-gelf-include-message-parameters + Include message parameters from the log event. Default: true. +--log-gelf-include-stack-trace + If set to true, occuring stack traces are included in the 'StackTrace' field + in the GELF output. Default: true. +--log-gelf-level + The log level specifying which message levels will be logged by the GELF + logger. Message levels lower than this value will be discarded. Default: + INFO. +--log-gelf-max-message-size + Maximum message size (in bytes). If the message size is exceeded, GELF will + submit the message in multiple chunks. Default: 8192. +--log-gelf-port + The port the Logstash or Graylog Host is called on. Default: 12201. +--log-gelf-timestamp-format + Set the format for the GELF timestamp field. Uses Java SimpleDateFormat + pattern. Default: yyyy-MM-dd HH:mm:ss,SSS. +--log-level + The log level of the root category or a comma-separated list of individual + categories and their levels. For the root category, you don't need to + specify a category. Default: info. + +Security: + +--fips-mode Sets the FIPS mode. If 'non-strict' is set, FIPS is enabled but on + non-approved mode. For full FIPS compliance, set 'strict' to run on approved + mode. This option defaults to 'disabled' when 'fips' feature is disabled, + which is by default. This option defaults to 'non-strict' when 'fips' + feature is enabled. Possible values are: non-strict, strict. Default: + disabled. + +Do NOT start the server using this command when deploying to production. + +Use 'kc.bat start-dev --help-all' to list all available options, including +build options. \ No newline at end of file diff --git a/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testStartHelp.unix.approved.txt b/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testStartHelp.unix.approved.txt index 84f2a21deb..5f76ef51ec 100644 --- a/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testStartHelp.unix.approved.txt +++ b/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testStartHelp.unix.approved.txt @@ -81,16 +81,16 @@ Feature: account2, account3, admin-api, admin-fine-grained-authz, admin2, authorization, ciba, client-policies, client-secret-rotation, declarative-user-profile, docker, dpop, dynamic-scopes, fips, impersonation, - js-adapter, kerberos, linkedin-oauth, map-storage, par, preview, - recovery-codes, scripts, step-up-authentication, token-exchange, + js-adapter, kerberos, legacy-welcome, linkedin-oauth, map-storage, par, + preview, recovery-codes, scripts, step-up-authentication, token-exchange, update-email, web-authn. --features-disabled Disables a set of one or more features. Possible values are: account-api, account2, account3, admin-api, admin-fine-grained-authz, admin2, authorization, ciba, client-policies, client-secret-rotation, declarative-user-profile, docker, dpop, dynamic-scopes, fips, impersonation, - js-adapter, kerberos, linkedin-oauth, map-storage, par, preview, - recovery-codes, scripts, step-up-authentication, token-exchange, + js-adapter, kerberos, legacy-welcome, linkedin-oauth, map-storage, par, + preview, recovery-codes, scripts, step-up-authentication, token-exchange, update-email, web-authn. Hostname: @@ -264,4 +264,4 @@ By default, this command tries to update the server configuration by running a $ kc.sh start '--optimized' By doing that, the server should start faster based on any previous -configuration you have set when manually running the 'build' command. +configuration you have set when manually running the 'build' command. \ No newline at end of file diff --git a/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testStartHelp.windows.approved.txt b/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testStartHelp.windows.approved.txt index 0daa4f8170..7d925c4e1f 100644 --- a/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testStartHelp.windows.approved.txt +++ b/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testStartHelp.windows.approved.txt @@ -1,250 +1,267 @@ -Start the server. - -Usage: - -kc.bat start [OPTIONS] - -Use this command to run the server in production. - -Options: - --b, --auto-build (Deprecated) Automatically detects whether the server configuration changed - and a new server image must be built prior to starting the server. This - option provides an alternative to manually running the 'build' prior to - starting the server. Use this configuration carefully in production as it - might impact the startup time. --h, --help This help message. ---help-all This same help message but with additional options. ---import-realm Import realms during startup by reading any realm configuration file from the - 'data/import' directory. ---optimized Use this option to achieve an optimal startup time if you have previously - built a server image using the 'build' command. - -Cache: - ---cache Defines the cache mechanism for high-availability. By default in production - mode, a 'ispn' cache is used to create a cluster between multiple server - nodes. By default in development mode, a 'local' cache disables clustering - and is intended for development and testing purposes. Possible values are: - ispn, local. Default: ispn. ---cache-config-file - Defines the file from which cache configuration should be loaded from. The - configuration file is relative to the 'conf/' directory. ---cache-stack - Define the default stack to use for cluster communication and node discovery. - This option only takes effect if 'cache' is set to 'ispn'. Default: udp. - Possible values are: tcp, udp, kubernetes, ec2, azure, google. - -Database: - ---db The database vendor. Possible values are: dev-file, dev-mem, mariadb, mssql, - mysql, oracle, postgres. Default: dev-file. ---db-driver The fully qualified class name of the JDBC driver. If not set, a default - driver is set accordingly to the chosen database. ---db-password - The password of the database user. ---db-pool-initial-size - The initial size of the connection pool. ---db-pool-max-size - The maximum size of the connection pool. Default: 100. ---db-pool-min-size - The minimal size of the connection pool. ---db-schema The database schema to be used. ---db-url The full database JDBC URL. If not provided, a default URL is set based on the - selected database vendor. For instance, if using 'postgres', the default - JDBC URL would be 'jdbc:postgresql://localhost/keycloak'. ---db-url-database - Sets the database name of the default JDBC URL of the chosen vendor. If the - `db-url` option is set, this option is ignored. ---db-url-host - Sets the hostname of the default JDBC URL of the chosen vendor. If the - `db-url` option is set, this option is ignored. ---db-url-port Sets the port of the default JDBC URL of the chosen vendor. If the `db-url` - option is set, this option is ignored. ---db-url-properties - Sets the properties of the default JDBC URL of the chosen vendor. If the - `db-url` option is set, this option is ignored. ---db-username - The username of the database user. - -Transaction: - ---transaction-xa-enabled - If set to false, Keycloak uses a non-XA datasource in case the database does - not support XA transactions. Default: true. - -Feature: - ---features Enables a set of one or more features. Possible values are: account-api, - account2, account3, admin-api, admin-fine-grained-authz, admin2, - authorization, ciba, client-policies, client-secret-rotation, - declarative-user-profile, docker, dpop, dynamic-scopes, fips, impersonation, - js-adapter, kerberos, linkedin-oauth, map-storage, par, preview, - recovery-codes, scripts, step-up-authentication, token-exchange, - update-email, web-authn. ---features-disabled - Disables a set of one or more features. Possible values are: account-api, - account2, account3, admin-api, admin-fine-grained-authz, admin2, - authorization, ciba, client-policies, client-secret-rotation, - declarative-user-profile, docker, dpop, dynamic-scopes, fips, impersonation, - js-adapter, kerberos, linkedin-oauth, map-storage, par, preview, - recovery-codes, scripts, step-up-authentication, token-exchange, - update-email, web-authn. - -Hostname: - ---hostname - Hostname for the Keycloak server. ---hostname-admin - The hostname for accessing the administration console. Use this option if you - are exposing the administration console using a hostname other than the - value set to the 'hostname' option. ---hostname-admin-url - Set the base URL for accessing the administration console, including scheme, - host, port and path ---hostname-path - This should be set if proxy uses a different context-path for Keycloak. ---hostname-port - The port used by the proxy when exposing the hostname. Set this option if the - proxy uses a port other than the default HTTP and HTTPS ports. Default: -1. ---hostname-strict - Disables dynamically resolving the hostname from request headers. Should - always be set to true in production, unless proxy verifies the Host header. - Default: true. ---hostname-strict-backchannel - By default backchannel URLs are dynamically resolved from request headers to - allow internal and external applications. If all applications use the public - URL this option should be enabled. Default: false. ---hostname-url Set the base URL for frontend URLs, including scheme, host, port and path. - -HTTP/TLS: - ---http-enabled - Enables the HTTP listener. Default: false. ---http-host The used HTTP Host. Default: 0.0.0.0. ---http-port The used HTTP port. Default: 8080. ---http-relative-path - Set the path relative to '/' for serving resources. The path must start with a - '/'. Default: /. ---https-certificate-file - The file path to a server certificate or certificate chain in PEM format. ---https-certificate-key-file - The file path to a private key in PEM format. ---https-cipher-suites - The cipher suites to use. If none is given, a reasonable default is selected. ---https-client-auth - Configures the server to require/request client authentication. Possible - values are: none, request, required. Default: none. ---https-key-store-file - The key store which holds the certificate information instead of specifying - separate files. ---https-key-store-password - The password of the key store file. Default: password. ---https-key-store-type - The type of the key store file. If not given, the type is automatically - detected based on the file name. If 'fips-mode' is set to 'strict' and no - value is set, it defaults to 'BCFKS'. ---https-port The used HTTPS port. Default: 8443. ---https-protocols - The list of protocols to explicitly enable. Default: TLSv1.3,TLSv1.2. ---https-trust-store-file - The trust store which holds the certificate information of the certificates to - trust. ---https-trust-store-password - The password of the trust store file. ---https-trust-store-type - The type of the trust store file. If not given, the type is automatically - detected based on the file name. If 'fips-mode' is set to 'strict' and no - value is set, it defaults to 'BCFKS'. - -Health: - ---health-enabled - If the server should expose health check endpoints. If enabled, health checks - are available at the '/health', '/health/ready' and '/health/live' - endpoints. Default: false. - -Metrics: - ---metrics-enabled - If the server should expose metrics. If enabled, metrics are available at the - '/metrics' endpoint. Default: false. - -Proxy: - ---proxy The proxy address forwarding mode if the server is behind a reverse proxy. - Possible values are: none, edge, reencrypt, passthrough. Default: none. - -Vault: - ---vault Enables a vault provider. Possible values are: file. ---vault-dir If set, secrets can be obtained by reading the content of files within the - given directory. - -Logging: - ---log Enable one or more log handlers in a comma-separated list. Possible values - are: console, file, gelf. Default: console. ---log-console-color - Enable or disable colors when logging to console. Default: false. ---log-console-format - The format of unstructured console log entries. If the format has spaces in - it, escape the value using "". Default: %d{yyyy-MM-dd HH:mm:ss,SSS} % - -5p [%c] (%t) %s%e%n. ---log-console-output - Set the log output to JSON or default (plain) unstructured logging. Possible - values are: default, json. Default: default. ---log-file Set the log file path and filename. Default: data/log/keycloak.log. ---log-file-format - Set a format specific to file log entries. Default: %d{yyyy-MM-dd HH:mm:ss, - SSS} %-5p [%c] (%t) %s%e%n. ---log-file-output - Set the log output to JSON or default (plain) unstructured logging. Possible - values are: default, json. Default: default. ---log-gelf-facility - The facility (name of the process) that sends the message. Default: keycloak. ---log-gelf-host - Hostname of the Logstash or Graylog Host. By default UDP is used, prefix the - host with 'tcp:' to switch to TCP. Example: 'tcp:localhost' Default: - localhost. ---log-gelf-include-location - Include source code location. Default: true. ---log-gelf-include-message-parameters - Include message parameters from the log event. Default: true. ---log-gelf-include-stack-trace - If set to true, occuring stack traces are included in the 'StackTrace' field - in the GELF output. Default: true. ---log-gelf-level - The log level specifying which message levels will be logged by the GELF - logger. Message levels lower than this value will be discarded. Default: - INFO. ---log-gelf-max-message-size - Maximum message size (in bytes). If the message size is exceeded, GELF will - submit the message in multiple chunks. Default: 8192. ---log-gelf-port - The port the Logstash or Graylog Host is called on. Default: 12201. ---log-gelf-timestamp-format - Set the format for the GELF timestamp field. Uses Java SimpleDateFormat - pattern. Default: yyyy-MM-dd HH:mm:ss,SSS. ---log-level - The log level of the root category or a comma-separated list of individual - categories and their levels. For the root category, you don't need to - specify a category. Default: info. - -Security: - ---fips-mode Sets the FIPS mode. If 'non-strict' is set, FIPS is enabled but on - non-approved mode. For full FIPS compliance, set 'strict' to run on approved - mode. This option defaults to 'disabled' when 'fips' feature is disabled, - which is by default. This option defaults to 'non-strict' when 'fips' - feature is enabled. Possible values are: non-strict, strict. Default: - disabled. - -By default, this command tries to update the server configuration by running a -'build' before starting the server. You can disable this behavior by using the -'--optimized' option: - - $ kc.bat start '--optimized' - -By doing that, the server should start faster based on any previous -configuration you have set when manually running the 'build' command. +Start the server. + +Usage: + +kc.bat start [OPTIONS] + +Use this command to run the server in production. + +Options: + +-b, --auto-build (Deprecated) Automatically detects whether the server configuration changed + and a new server image must be built prior to starting the server. This + option provides an alternative to manually running the 'build' prior to + starting the server. Use this configuration carefully in production as it + might impact the startup time. +-h, --help This help message. +--help-all This same help message but with additional options. +--import-realm Import realms during startup by reading any realm configuration file from the + 'data/import' directory. +--optimized Use this option to achieve an optimal startup time if you have previously + built a server image using the 'build' command. + +Cache: + +--cache Defines the cache mechanism for high-availability. By default in production + mode, a 'ispn' cache is used to create a cluster between multiple server + nodes. By default in development mode, a 'local' cache disables clustering + and is intended for development and testing purposes. Possible values are: + ispn, local. Default: ispn. +--cache-config-file + Defines the file from which cache configuration should be loaded from. The + configuration file is relative to the 'conf/' directory. +--cache-stack + Define the default stack to use for cluster communication and node discovery. + This option only takes effect if 'cache' is set to 'ispn'. Default: udp. + Possible values are: tcp, udp, kubernetes, ec2, azure, google. + +Database: + +--db The database vendor. Possible values are: dev-file, dev-mem, mariadb, mssql, + mysql, oracle, postgres. Default: dev-file. +--db-driver The fully qualified class name of the JDBC driver. If not set, a default + driver is set accordingly to the chosen database. +--db-password + The password of the database user. +--db-pool-initial-size + The initial size of the connection pool. +--db-pool-max-size + The maximum size of the connection pool. Default: 100. +--db-pool-min-size + The minimal size of the connection pool. +--db-schema The database schema to be used. +--db-url The full database JDBC URL. If not provided, a default URL is set based on the + selected database vendor. For instance, if using 'postgres', the default + JDBC URL would be 'jdbc:postgresql://localhost/keycloak'. +--db-url-database + Sets the database name of the default JDBC URL of the chosen vendor. If the + `db-url` option is set, this option is ignored. +--db-url-host + Sets the hostname of the default JDBC URL of the chosen vendor. If the + `db-url` option is set, this option is ignored. +--db-url-port Sets the port of the default JDBC URL of the chosen vendor. If the `db-url` + option is set, this option is ignored. +--db-url-properties + Sets the properties of the default JDBC URL of the chosen vendor. Make sure to + set the properties accordingly to the format expected by the database + vendor, as well as appending the right character at the beginning of this + property value. If the `db-url` option is set, this option is ignored. +--db-username + The username of the database user. + +Transaction: + +--transaction-xa-enabled + If set to false, Keycloak uses a non-XA datasource in case the database does + not support XA transactions. Default: true. + +Feature: + +--features Enables a set of one or more features. Possible values are: account-api, + account2, account3, admin-api, admin-fine-grained-authz, admin2, + authorization, ciba, client-policies, client-secret-rotation, + declarative-user-profile, docker, dpop, dynamic-scopes, fips, impersonation, + js-adapter, kerberos, legacy-welcome, linkedin-oauth, map-storage, par, + preview, recovery-codes, scripts, step-up-authentication, token-exchange, + update-email, web-authn. +--features-disabled + Disables a set of one or more features. Possible values are: account-api, + account2, account3, admin-api, admin-fine-grained-authz, admin2, + authorization, ciba, client-policies, client-secret-rotation, + declarative-user-profile, docker, dpop, dynamic-scopes, fips, impersonation, + js-adapter, kerberos, legacy-welcome, linkedin-oauth, map-storage, par, + preview, recovery-codes, scripts, step-up-authentication, token-exchange, + update-email, web-authn. + +Hostname: + +--hostname + Hostname for the Keycloak server. +--hostname-admin + The hostname for accessing the administration console. Use this option if you + are exposing the administration console using a hostname other than the + value set to the 'hostname' option. +--hostname-admin-url + Set the base URL for accessing the administration console, including scheme, + host, port and path +--hostname-debug + Toggle the hostname debug page that is accessible at + /realms/master/hostname-debug Default: false. +--hostname-path + This should be set if proxy uses a different context-path for Keycloak. +--hostname-port + The port used by the proxy when exposing the hostname. Set this option if the + proxy uses a port other than the default HTTP and HTTPS ports. Default: -1. +--hostname-strict + Disables dynamically resolving the hostname from request headers. Should + always be set to true in production, unless proxy verifies the Host header. + Default: true. +--hostname-strict-backchannel + By default backchannel URLs are dynamically resolved from request headers to + allow internal and external applications. If all applications use the public + URL this option should be enabled. Default: false. +--hostname-url Set the base URL for frontend URLs, including scheme, host, port and path. + +HTTP/TLS: + +--http-enabled + Enables the HTTP listener. Default: false. +--http-host The used HTTP Host. Default: 0.0.0.0. +--http-port The used HTTP port. Default: 8080. +--http-relative-path + Set the path relative to '/' for serving resources. The path must start with a + '/'. Default: /. +--https-certificate-file + The file path to a server certificate or certificate chain in PEM format. +--https-certificate-key-file + The file path to a private key in PEM format. +--https-cipher-suites + The cipher suites to use. If none is given, a reasonable default is selected. +--https-client-auth + Configures the server to require/request client authentication. Possible + values are: none, request, required. Default: none. +--https-key-store-file + The key store which holds the certificate information instead of specifying + separate files. +--https-key-store-password + The password of the key store file. Default: password. +--https-key-store-type + The type of the key store file. If not given, the type is automatically + detected based on the file name. If 'fips-mode' is set to 'strict' and no + value is set, it defaults to 'BCFKS'. +--https-port The used HTTPS port. Default: 8443. +--https-protocols + The list of protocols to explicitly enable. Default: TLSv1.3,TLSv1.2. +--https-trust-store-file + The trust store which holds the certificate information of the certificates to + trust. +--https-trust-store-password + The password of the trust store file. +--https-trust-store-type + The type of the trust store file. If not given, the type is automatically + detected based on the file name. If 'fips-mode' is set to 'strict' and no + value is set, it defaults to 'BCFKS'. + +Health: + +--health-enabled + If the server should expose health check endpoints. If enabled, health checks + are available at the '/health', '/health/ready' and '/health/live' + endpoints. Default: false. + +Config: + +--config-keystore + Specifies a path to the KeyStore Configuration Source. +--config-keystore-password + Specifies a password to the KeyStore Configuration Source. +--config-keystore-type + Specifies a type of the KeyStore Configuration Source. Default: PKCS12. + +Metrics: + +--metrics-enabled + If the server should expose metrics. If enabled, metrics are available at the + '/metrics' endpoint. Default: false. + +Proxy: + +--proxy The proxy address forwarding mode if the server is behind a reverse proxy. + Possible values are: none, edge, reencrypt, passthrough. Default: none. + +Vault: + +--vault Enables a vault provider. Possible values are: file, keystore. +--vault-dir If set, secrets can be obtained by reading the content of files within the + given directory. +--vault-file Path to the keystore file. +--vault-pass Password for the vault keystore. +--vault-type Specifies the type of the keystore file. Default: PKCS12. + +Logging: + +--log Enable one or more log handlers in a comma-separated list. Possible values + are: console, file, gelf. Default: console. +--log-console-color + Enable or disable colors when logging to console. Default: false. +--log-console-format + The format of unstructured console log entries. If the format has spaces in + it, escape the value using "". Default: %d{yyyy-MM-dd HH:mm:ss,SSS} % + -5p [%c] (%t) %s%e%n. +--log-console-output + Set the log output to JSON or default (plain) unstructured logging. Possible + values are: default, json. Default: default. +--log-file Set the log file path and filename. Default: data\log\keycloak.log. +--log-file-format + Set a format specific to file log entries. Default: %d{yyyy-MM-dd HH:mm:ss, + SSS} %-5p [%c] (%t) %s%e%n. +--log-file-output + Set the log output to JSON or default (plain) unstructured logging. Possible + values are: default, json. Default: default. +--log-gelf-facility + The facility (name of the process) that sends the message. Default: keycloak. +--log-gelf-host + Hostname of the Logstash or Graylog Host. By default UDP is used, prefix the + host with 'tcp:' to switch to TCP. Example: 'tcp:localhost' Default: + localhost. +--log-gelf-include-location + Include source code location. Default: true. +--log-gelf-include-message-parameters + Include message parameters from the log event. Default: true. +--log-gelf-include-stack-trace + If set to true, occuring stack traces are included in the 'StackTrace' field + in the GELF output. Default: true. +--log-gelf-level + The log level specifying which message levels will be logged by the GELF + logger. Message levels lower than this value will be discarded. Default: + INFO. +--log-gelf-max-message-size + Maximum message size (in bytes). If the message size is exceeded, GELF will + submit the message in multiple chunks. Default: 8192. +--log-gelf-port + The port the Logstash or Graylog Host is called on. Default: 12201. +--log-gelf-timestamp-format + Set the format for the GELF timestamp field. Uses Java SimpleDateFormat + pattern. Default: yyyy-MM-dd HH:mm:ss,SSS. +--log-level + The log level of the root category or a comma-separated list of individual + categories and their levels. For the root category, you don't need to + specify a category. Default: info. + +Security: + +--fips-mode Sets the FIPS mode. If 'non-strict' is set, FIPS is enabled but on + non-approved mode. For full FIPS compliance, set 'strict' to run on approved + mode. This option defaults to 'disabled' when 'fips' feature is disabled, + which is by default. This option defaults to 'non-strict' when 'fips' + feature is enabled. Possible values are: non-strict, strict. Default: + disabled. + +By default, this command tries to update the server configuration by running a +'build' before starting the server. You can disable this behavior by using the +'--optimized' option: + + $ kc.bat start '--optimized' + +By doing that, the server should start faster based on any previous +configuration you have set when manually running the 'build' command. \ No newline at end of file diff --git a/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testStartHelpAll.unix.approved.txt b/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testStartHelpAll.unix.approved.txt index 0a3db0e6e6..f2e6f48e1b 100644 --- a/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testStartHelpAll.unix.approved.txt +++ b/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testStartHelpAll.unix.approved.txt @@ -144,16 +144,16 @@ Feature: account2, account3, admin-api, admin-fine-grained-authz, admin2, authorization, ciba, client-policies, client-secret-rotation, declarative-user-profile, docker, dpop, dynamic-scopes, fips, impersonation, - js-adapter, kerberos, linkedin-oauth, map-storage, par, preview, - recovery-codes, scripts, step-up-authentication, token-exchange, + js-adapter, kerberos, legacy-welcome, linkedin-oauth, map-storage, par, + preview, recovery-codes, scripts, step-up-authentication, token-exchange, update-email, web-authn. --features-disabled Disables a set of one or more features. Possible values are: account-api, account2, account3, admin-api, admin-fine-grained-authz, admin2, authorization, ciba, client-policies, client-secret-rotation, declarative-user-profile, docker, dpop, dynamic-scopes, fips, impersonation, - js-adapter, kerberos, linkedin-oauth, map-storage, par, preview, - recovery-codes, scripts, step-up-authentication, token-exchange, + js-adapter, kerberos, legacy-welcome, linkedin-oauth, map-storage, par, + preview, recovery-codes, scripts, step-up-authentication, token-exchange, update-email, web-authn. Hostname: @@ -327,4 +327,4 @@ By default, this command tries to update the server configuration by running a $ kc.sh start '--optimized' By doing that, the server should start faster based on any previous -configuration you have set when manually running the 'build' command. +configuration you have set when manually running the 'build' command. \ No newline at end of file diff --git a/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testStartHelpAll.windows.approved.txt b/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testStartHelpAll.windows.approved.txt index f31daa4fb7..a4e1774856 100644 --- a/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testStartHelpAll.windows.approved.txt +++ b/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testStartHelpAll.windows.approved.txt @@ -1,313 +1,330 @@ -Start the server. - -Usage: - -kc.bat start [OPTIONS] - -Use this command to run the server in production. - -Options: - --b, --auto-build (Deprecated) Automatically detects whether the server configuration changed - and a new server image must be built prior to starting the server. This - option provides an alternative to manually running the 'build' prior to - starting the server. Use this configuration carefully in production as it - might impact the startup time. --h, --help This help message. ---help-all This same help message but with additional options. ---import-realm Import realms during startup by reading any realm configuration file from the - 'data/import' directory. ---optimized Use this option to achieve an optimal startup time if you have previously - built a server image using the 'build' command. - -Cache: - ---cache Defines the cache mechanism for high-availability. By default in production - mode, a 'ispn' cache is used to create a cluster between multiple server - nodes. By default in development mode, a 'local' cache disables clustering - and is intended for development and testing purposes. Possible values are: - ispn, local. Default: ispn. ---cache-config-file - Defines the file from which cache configuration should be loaded from. The - configuration file is relative to the 'conf/' directory. ---cache-stack - Define the default stack to use for cluster communication and node discovery. - This option only takes effect if 'cache' is set to 'ispn'. Default: udp. - Possible values are: tcp, udp, kubernetes, ec2, azure, google. - -Storage (Experimental): - ---storage Experimental: Sets the default storage mechanism for all areas. Possible - values are: jpa, chm, hotrod, file. ---storage-area-auth-session - Experimental: Sets a storage mechanism for authentication sessions. Possible - values are: jpa, chm, hotrod, file. ---storage-area-authorization - Experimental: Sets a storage mechanism for authorizations. Possible values - are: jpa, chm, hotrod, file. ---storage-area-client - Experimental: Sets a storage mechanism for clients. Possible values are: jpa, - chm, hotrod, file. ---storage-area-client-scope - Experimental: Sets a storage mechanism for client scopes. Possible values are: - jpa, chm, hotrod, file. ---storage-area-event-admin - Experimental: Sets a storage mechanism for admin events. Possible values are: - jpa, chm, hotrod, file. ---storage-area-event-auth - Experimental: Sets a storage mechanism for authentication and authorization - events. Possible values are: jpa, chm, hotrod, file. ---storage-area-group - Experimental: Sets a storage mechanism for groups. Possible values are: jpa, - chm, hotrod, file. ---storage-area-login-failure - Experimental: Sets a storage mechanism for login failures. Possible values - are: jpa, chm, hotrod, file. ---storage-area-realm - Experimental: Sets a storage mechanism for realms. Possible values are: jpa, - chm, hotrod, file. ---storage-area-role - Experimental: Sets a storage mechanism for roles. Possible values are: jpa, - chm, hotrod, file. ---storage-area-single-use-object - Experimental: Sets a storage mechanism for single use objects. Possible values - are: jpa, chm, hotrod. ---storage-area-user - Experimental: Sets a storage mechanism for users. Possible values are: jpa, - chm, hotrod, file. ---storage-area-user-session - Experimental: Sets a storage mechanism for user and client sessions. Possible - values are: jpa, chm, hotrod, file. ---storage-deployment-state-version-seed - Experimental: Secret that serves as a seed to mask the version number of - Keycloak in URLs. Need to be identical across all servers in the cluster. - Will default to a random number generated when starting the server which is - secure but will lead to problems when a loadbalancer without sticky sessions - is used or nodes are restarted. ---storage-file-dir - Experimental: Root directory for file map store. ---storage-hotrod-host - Experimental: Sets the host of the Infinispan server. ---storage-hotrod-password - Experimental: Sets the password of the Infinispan user. ---storage-hotrod-port - Experimental: Sets the port of the Infinispan server. ---storage-hotrod-username - Experimental: Sets the username of the Infinispan user. ---storage-jpa-db - Experimental: The database vendor for jpa map storage. Possible values are: - postgres, cockroach. Default: postgres. - -Database: - ---db The database vendor. Possible values are: dev-file, dev-mem, mariadb, mssql, - mysql, oracle, postgres. Default: dev-file. ---db-driver The fully qualified class name of the JDBC driver. If not set, a default - driver is set accordingly to the chosen database. ---db-password - The password of the database user. ---db-pool-initial-size - The initial size of the connection pool. ---db-pool-max-size - The maximum size of the connection pool. Default: 100. ---db-pool-min-size - The minimal size of the connection pool. ---db-schema The database schema to be used. ---db-url The full database JDBC URL. If not provided, a default URL is set based on the - selected database vendor. For instance, if using 'postgres', the default - JDBC URL would be 'jdbc:postgresql://localhost/keycloak'. ---db-url-database - Sets the database name of the default JDBC URL of the chosen vendor. If the - `db-url` option is set, this option is ignored. ---db-url-host - Sets the hostname of the default JDBC URL of the chosen vendor. If the - `db-url` option is set, this option is ignored. ---db-url-port Sets the port of the default JDBC URL of the chosen vendor. If the `db-url` - option is set, this option is ignored. ---db-url-properties - Sets the properties of the default JDBC URL of the chosen vendor. If the - `db-url` option is set, this option is ignored. ---db-username - The username of the database user. - -Transaction: - ---transaction-xa-enabled - If set to false, Keycloak uses a non-XA datasource in case the database does - not support XA transactions. Default: true. - -Feature: - ---features Enables a set of one or more features. Possible values are: account-api, - account2, account3, admin-api, admin-fine-grained-authz, admin2, - authorization, ciba, client-policies, client-secret-rotation, - declarative-user-profile, docker, dpop, dynamic-scopes, fips, impersonation, - js-adapter, kerberos, linkedin-oauth, map-storage, par, preview, - recovery-codes, scripts, step-up-authentication, token-exchange, - update-email, web-authn. ---features-disabled - Disables a set of one or more features. Possible values are: account-api, - account2, account3, admin-api, admin-fine-grained-authz, admin2, - authorization, ciba, client-policies, client-secret-rotation, - declarative-user-profile, docker, dpop, dynamic-scopes, fips, impersonation, - js-adapter, kerberos, linkedin-oauth, map-storage, par, preview, - recovery-codes, scripts, step-up-authentication, token-exchange, - update-email, web-authn. - -Hostname: - ---hostname - Hostname for the Keycloak server. ---hostname-admin - The hostname for accessing the administration console. Use this option if you - are exposing the administration console using a hostname other than the - value set to the 'hostname' option. ---hostname-admin-url - Set the base URL for accessing the administration console, including scheme, - host, port and path ---hostname-path - This should be set if proxy uses a different context-path for Keycloak. ---hostname-port - The port used by the proxy when exposing the hostname. Set this option if the - proxy uses a port other than the default HTTP and HTTPS ports. Default: -1. ---hostname-strict - Disables dynamically resolving the hostname from request headers. Should - always be set to true in production, unless proxy verifies the Host header. - Default: true. ---hostname-strict-backchannel - By default backchannel URLs are dynamically resolved from request headers to - allow internal and external applications. If all applications use the public - URL this option should be enabled. Default: false. ---hostname-url Set the base URL for frontend URLs, including scheme, host, port and path. - -HTTP/TLS: - ---http-enabled - Enables the HTTP listener. Default: false. ---http-host The used HTTP Host. Default: 0.0.0.0. ---http-port The used HTTP port. Default: 8080. ---http-relative-path - Set the path relative to '/' for serving resources. The path must start with a - '/'. Default: /. ---https-certificate-file - The file path to a server certificate or certificate chain in PEM format. ---https-certificate-key-file - The file path to a private key in PEM format. ---https-cipher-suites - The cipher suites to use. If none is given, a reasonable default is selected. ---https-client-auth - Configures the server to require/request client authentication. Possible - values are: none, request, required. Default: none. ---https-key-store-file - The key store which holds the certificate information instead of specifying - separate files. ---https-key-store-password - The password of the key store file. Default: password. ---https-key-store-type - The type of the key store file. If not given, the type is automatically - detected based on the file name. If 'fips-mode' is set to 'strict' and no - value is set, it defaults to 'BCFKS'. ---https-port The used HTTPS port. Default: 8443. ---https-protocols - The list of protocols to explicitly enable. Default: TLSv1.3,TLSv1.2. ---https-trust-store-file - The trust store which holds the certificate information of the certificates to - trust. ---https-trust-store-password - The password of the trust store file. ---https-trust-store-type - The type of the trust store file. If not given, the type is automatically - detected based on the file name. If 'fips-mode' is set to 'strict' and no - value is set, it defaults to 'BCFKS'. - -Health: - ---health-enabled - If the server should expose health check endpoints. If enabled, health checks - are available at the '/health', '/health/ready' and '/health/live' - endpoints. Default: false. - -Metrics: - ---metrics-enabled - If the server should expose metrics. If enabled, metrics are available at the - '/metrics' endpoint. Default: false. - -Proxy: - ---proxy The proxy address forwarding mode if the server is behind a reverse proxy. - Possible values are: none, edge, reencrypt, passthrough. Default: none. - -Vault: - ---vault Enables a vault provider. Possible values are: file. ---vault-dir If set, secrets can be obtained by reading the content of files within the - given directory. - -Logging: - ---log Enable one or more log handlers in a comma-separated list. Possible values - are: console, file, gelf. Default: console. ---log-console-color - Enable or disable colors when logging to console. Default: false. ---log-console-format - The format of unstructured console log entries. If the format has spaces in - it, escape the value using "". Default: %d{yyyy-MM-dd HH:mm:ss,SSS} % - -5p [%c] (%t) %s%e%n. ---log-console-output - Set the log output to JSON or default (plain) unstructured logging. Possible - values are: default, json. Default: default. ---log-file Set the log file path and filename. Default: data/log/keycloak.log. ---log-file-format - Set a format specific to file log entries. Default: %d{yyyy-MM-dd HH:mm:ss, - SSS} %-5p [%c] (%t) %s%e%n. ---log-file-output - Set the log output to JSON or default (plain) unstructured logging. Possible - values are: default, json. Default: default. ---log-gelf-facility - The facility (name of the process) that sends the message. Default: keycloak. ---log-gelf-host - Hostname of the Logstash or Graylog Host. By default UDP is used, prefix the - host with 'tcp:' to switch to TCP. Example: 'tcp:localhost' Default: - localhost. ---log-gelf-include-location - Include source code location. Default: true. ---log-gelf-include-message-parameters - Include message parameters from the log event. Default: true. ---log-gelf-include-stack-trace - If set to true, occuring stack traces are included in the 'StackTrace' field - in the GELF output. Default: true. ---log-gelf-level - The log level specifying which message levels will be logged by the GELF - logger. Message levels lower than this value will be discarded. Default: - INFO. ---log-gelf-max-message-size - Maximum message size (in bytes). If the message size is exceeded, GELF will - submit the message in multiple chunks. Default: 8192. ---log-gelf-port - The port the Logstash or Graylog Host is called on. Default: 12201. ---log-gelf-timestamp-format - Set the format for the GELF timestamp field. Uses Java SimpleDateFormat - pattern. Default: yyyy-MM-dd HH:mm:ss,SSS. ---log-level - The log level of the root category or a comma-separated list of individual - categories and their levels. For the root category, you don't need to - specify a category. Default: info. - -Security: - ---fips-mode Sets the FIPS mode. If 'non-strict' is set, FIPS is enabled but on - non-approved mode. For full FIPS compliance, set 'strict' to run on approved - mode. This option defaults to 'disabled' when 'fips' feature is disabled, - which is by default. This option defaults to 'non-strict' when 'fips' - feature is enabled. Possible values are: non-strict, strict. Default: - disabled. - -By default, this command tries to update the server configuration by running a -'build' before starting the server. You can disable this behavior by using the -'--optimized' option: - - $ kc.bat start '--optimized' - -By doing that, the server should start faster based on any previous -configuration you have set when manually running the 'build' command. +Start the server. + +Usage: + +kc.bat start [OPTIONS] + +Use this command to run the server in production. + +Options: + +-b, --auto-build (Deprecated) Automatically detects whether the server configuration changed + and a new server image must be built prior to starting the server. This + option provides an alternative to manually running the 'build' prior to + starting the server. Use this configuration carefully in production as it + might impact the startup time. +-h, --help This help message. +--help-all This same help message but with additional options. +--import-realm Import realms during startup by reading any realm configuration file from the + 'data/import' directory. +--optimized Use this option to achieve an optimal startup time if you have previously + built a server image using the 'build' command. + +Cache: + +--cache Defines the cache mechanism for high-availability. By default in production + mode, a 'ispn' cache is used to create a cluster between multiple server + nodes. By default in development mode, a 'local' cache disables clustering + and is intended for development and testing purposes. Possible values are: + ispn, local. Default: ispn. +--cache-config-file + Defines the file from which cache configuration should be loaded from. The + configuration file is relative to the 'conf/' directory. +--cache-stack + Define the default stack to use for cluster communication and node discovery. + This option only takes effect if 'cache' is set to 'ispn'. Default: udp. + Possible values are: tcp, udp, kubernetes, ec2, azure, google. + +Storage (Experimental): + +--storage Experimental: Sets the default storage mechanism for all areas. Possible + values are: jpa, chm, hotrod, file. +--storage-area-auth-session + Experimental: Sets a storage mechanism for authentication sessions. Possible + values are: jpa, chm, hotrod, file. +--storage-area-authorization + Experimental: Sets a storage mechanism for authorizations. Possible values + are: jpa, chm, hotrod, file. +--storage-area-client + Experimental: Sets a storage mechanism for clients. Possible values are: jpa, + chm, hotrod, file. +--storage-area-client-scope + Experimental: Sets a storage mechanism for client scopes. Possible values are: + jpa, chm, hotrod, file. +--storage-area-event-admin + Experimental: Sets a storage mechanism for admin events. Possible values are: + jpa, chm, hotrod, file. +--storage-area-event-auth + Experimental: Sets a storage mechanism for authentication and authorization + events. Possible values are: jpa, chm, hotrod, file. +--storage-area-group + Experimental: Sets a storage mechanism for groups. Possible values are: jpa, + chm, hotrod, file. +--storage-area-login-failure + Experimental: Sets a storage mechanism for login failures. Possible values + are: jpa, chm, hotrod, file. +--storage-area-realm + Experimental: Sets a storage mechanism for realms. Possible values are: jpa, + chm, hotrod, file. +--storage-area-role + Experimental: Sets a storage mechanism for roles. Possible values are: jpa, + chm, hotrod, file. +--storage-area-single-use-object + Experimental: Sets a storage mechanism for single use objects. Possible values + are: jpa, chm, hotrod. +--storage-area-user + Experimental: Sets a storage mechanism for users. Possible values are: jpa, + chm, hotrod, file. +--storage-area-user-session + Experimental: Sets a storage mechanism for user and client sessions. Possible + values are: jpa, chm, hotrod, file. +--storage-deployment-state-version-seed + Experimental: Secret that serves as a seed to mask the version number of + Keycloak in URLs. Need to be identical across all servers in the cluster. + Will default to a random number generated when starting the server which is + secure but will lead to problems when a loadbalancer without sticky sessions + is used or nodes are restarted. +--storage-file-dir + Experimental: Root directory for file map store. +--storage-hotrod-host + Experimental: Sets the host of the Infinispan server. +--storage-hotrod-password + Experimental: Sets the password of the Infinispan user. +--storage-hotrod-port + Experimental: Sets the port of the Infinispan server. +--storage-hotrod-username + Experimental: Sets the username of the Infinispan user. +--storage-jpa-db + Experimental: The database vendor for jpa map storage. Possible values are: + postgres, cockroach. Default: postgres. + +Database: + +--db The database vendor. Possible values are: dev-file, dev-mem, mariadb, mssql, + mysql, oracle, postgres. Default: dev-file. +--db-driver The fully qualified class name of the JDBC driver. If not set, a default + driver is set accordingly to the chosen database. +--db-password + The password of the database user. +--db-pool-initial-size + The initial size of the connection pool. +--db-pool-max-size + The maximum size of the connection pool. Default: 100. +--db-pool-min-size + The minimal size of the connection pool. +--db-schema The database schema to be used. +--db-url The full database JDBC URL. If not provided, a default URL is set based on the + selected database vendor. For instance, if using 'postgres', the default + JDBC URL would be 'jdbc:postgresql://localhost/keycloak'. +--db-url-database + Sets the database name of the default JDBC URL of the chosen vendor. If the + `db-url` option is set, this option is ignored. +--db-url-host + Sets the hostname of the default JDBC URL of the chosen vendor. If the + `db-url` option is set, this option is ignored. +--db-url-port Sets the port of the default JDBC URL of the chosen vendor. If the `db-url` + option is set, this option is ignored. +--db-url-properties + Sets the properties of the default JDBC URL of the chosen vendor. Make sure to + set the properties accordingly to the format expected by the database + vendor, as well as appending the right character at the beginning of this + property value. If the `db-url` option is set, this option is ignored. +--db-username + The username of the database user. + +Transaction: + +--transaction-xa-enabled + If set to false, Keycloak uses a non-XA datasource in case the database does + not support XA transactions. Default: true. + +Feature: + +--features Enables a set of one or more features. Possible values are: account-api, + account2, account3, admin-api, admin-fine-grained-authz, admin2, + authorization, ciba, client-policies, client-secret-rotation, + declarative-user-profile, docker, dpop, dynamic-scopes, fips, impersonation, + js-adapter, kerberos, legacy-welcome, linkedin-oauth, map-storage, par, + preview, recovery-codes, scripts, step-up-authentication, token-exchange, + update-email, web-authn. +--features-disabled + Disables a set of one or more features. Possible values are: account-api, + account2, account3, admin-api, admin-fine-grained-authz, admin2, + authorization, ciba, client-policies, client-secret-rotation, + declarative-user-profile, docker, dpop, dynamic-scopes, fips, impersonation, + js-adapter, kerberos, legacy-welcome, linkedin-oauth, map-storage, par, + preview, recovery-codes, scripts, step-up-authentication, token-exchange, + update-email, web-authn. + +Hostname: + +--hostname + Hostname for the Keycloak server. +--hostname-admin + The hostname for accessing the administration console. Use this option if you + are exposing the administration console using a hostname other than the + value set to the 'hostname' option. +--hostname-admin-url + Set the base URL for accessing the administration console, including scheme, + host, port and path +--hostname-debug + Toggle the hostname debug page that is accessible at + /realms/master/hostname-debug Default: false. +--hostname-path + This should be set if proxy uses a different context-path for Keycloak. +--hostname-port + The port used by the proxy when exposing the hostname. Set this option if the + proxy uses a port other than the default HTTP and HTTPS ports. Default: -1. +--hostname-strict + Disables dynamically resolving the hostname from request headers. Should + always be set to true in production, unless proxy verifies the Host header. + Default: true. +--hostname-strict-backchannel + By default backchannel URLs are dynamically resolved from request headers to + allow internal and external applications. If all applications use the public + URL this option should be enabled. Default: false. +--hostname-url Set the base URL for frontend URLs, including scheme, host, port and path. + +HTTP/TLS: + +--http-enabled + Enables the HTTP listener. Default: false. +--http-host The used HTTP Host. Default: 0.0.0.0. +--http-port The used HTTP port. Default: 8080. +--http-relative-path + Set the path relative to '/' for serving resources. The path must start with a + '/'. Default: /. +--https-certificate-file + The file path to a server certificate or certificate chain in PEM format. +--https-certificate-key-file + The file path to a private key in PEM format. +--https-cipher-suites + The cipher suites to use. If none is given, a reasonable default is selected. +--https-client-auth + Configures the server to require/request client authentication. Possible + values are: none, request, required. Default: none. +--https-key-store-file + The key store which holds the certificate information instead of specifying + separate files. +--https-key-store-password + The password of the key store file. Default: password. +--https-key-store-type + The type of the key store file. If not given, the type is automatically + detected based on the file name. If 'fips-mode' is set to 'strict' and no + value is set, it defaults to 'BCFKS'. +--https-port The used HTTPS port. Default: 8443. +--https-protocols + The list of protocols to explicitly enable. Default: TLSv1.3,TLSv1.2. +--https-trust-store-file + The trust store which holds the certificate information of the certificates to + trust. +--https-trust-store-password + The password of the trust store file. +--https-trust-store-type + The type of the trust store file. If not given, the type is automatically + detected based on the file name. If 'fips-mode' is set to 'strict' and no + value is set, it defaults to 'BCFKS'. + +Health: + +--health-enabled + If the server should expose health check endpoints. If enabled, health checks + are available at the '/health', '/health/ready' and '/health/live' + endpoints. Default: false. + +Config: + +--config-keystore + Specifies a path to the KeyStore Configuration Source. +--config-keystore-password + Specifies a password to the KeyStore Configuration Source. +--config-keystore-type + Specifies a type of the KeyStore Configuration Source. Default: PKCS12. + +Metrics: + +--metrics-enabled + If the server should expose metrics. If enabled, metrics are available at the + '/metrics' endpoint. Default: false. + +Proxy: + +--proxy The proxy address forwarding mode if the server is behind a reverse proxy. + Possible values are: none, edge, reencrypt, passthrough. Default: none. + +Vault: + +--vault Enables a vault provider. Possible values are: file, keystore. +--vault-dir If set, secrets can be obtained by reading the content of files within the + given directory. +--vault-file Path to the keystore file. +--vault-pass Password for the vault keystore. +--vault-type Specifies the type of the keystore file. Default: PKCS12. + +Logging: + +--log Enable one or more log handlers in a comma-separated list. Possible values + are: console, file, gelf. Default: console. +--log-console-color + Enable or disable colors when logging to console. Default: false. +--log-console-format + The format of unstructured console log entries. If the format has spaces in + it, escape the value using "". Default: %d{yyyy-MM-dd HH:mm:ss,SSS} % + -5p [%c] (%t) %s%e%n. +--log-console-output + Set the log output to JSON or default (plain) unstructured logging. Possible + values are: default, json. Default: default. +--log-file Set the log file path and filename. Default: data\log\keycloak.log. +--log-file-format + Set a format specific to file log entries. Default: %d{yyyy-MM-dd HH:mm:ss, + SSS} %-5p [%c] (%t) %s%e%n. +--log-file-output + Set the log output to JSON or default (plain) unstructured logging. Possible + values are: default, json. Default: default. +--log-gelf-facility + The facility (name of the process) that sends the message. Default: keycloak. +--log-gelf-host + Hostname of the Logstash or Graylog Host. By default UDP is used, prefix the + host with 'tcp:' to switch to TCP. Example: 'tcp:localhost' Default: + localhost. +--log-gelf-include-location + Include source code location. Default: true. +--log-gelf-include-message-parameters + Include message parameters from the log event. Default: true. +--log-gelf-include-stack-trace + If set to true, occuring stack traces are included in the 'StackTrace' field + in the GELF output. Default: true. +--log-gelf-level + The log level specifying which message levels will be logged by the GELF + logger. Message levels lower than this value will be discarded. Default: + INFO. +--log-gelf-max-message-size + Maximum message size (in bytes). If the message size is exceeded, GELF will + submit the message in multiple chunks. Default: 8192. +--log-gelf-port + The port the Logstash or Graylog Host is called on. Default: 12201. +--log-gelf-timestamp-format + Set the format for the GELF timestamp field. Uses Java SimpleDateFormat + pattern. Default: yyyy-MM-dd HH:mm:ss,SSS. +--log-level + The log level of the root category or a comma-separated list of individual + categories and their levels. For the root category, you don't need to + specify a category. Default: info. + +Security: + +--fips-mode Sets the FIPS mode. If 'non-strict' is set, FIPS is enabled but on + non-approved mode. For full FIPS compliance, set 'strict' to run on approved + mode. This option defaults to 'disabled' when 'fips' feature is disabled, + which is by default. This option defaults to 'non-strict' when 'fips' + feature is enabled. Possible values are: non-strict, strict. Default: + disabled. + +By default, this command tries to update the server configuration by running a +'build' before starting the server. You can disable this behavior by using the +'--optimized' option: + + $ kc.bat start '--optimized' + +By doing that, the server should start faster based on any previous +configuration you have set when manually running the 'build' command. \ No newline at end of file diff --git a/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testStartOptimizedHelp.windows.approved.txt b/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testStartOptimizedHelp.windows.approved.txt index 5a35664fb3..a213f85eae 100644 --- a/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testStartOptimizedHelp.windows.approved.txt +++ b/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testStartOptimizedHelp.windows.approved.txt @@ -1,181 +1,200 @@ -Start the server. - -Usage: - -kc.bat start [OPTIONS] - -Use this command to run the server in production. - -Options: - --b, --auto-build (Deprecated) Automatically detects whether the server configuration changed - and a new server image must be built prior to starting the server. This - option provides an alternative to manually running the 'build' prior to - starting the server. Use this configuration carefully in production as it - might impact the startup time. --h, --help This help message. ---help-all This same help message but with additional options. ---import-realm Import realms during startup by reading any realm configuration file from the - 'data/import' directory. ---optimized Use this option to achieve an optimal startup time if you have previously - built a server image using the 'build' command. - -Database: - ---db-password - The password of the database user. ---db-pool-initial-size - The initial size of the connection pool. ---db-pool-max-size - The maximum size of the connection pool. Default: 100. ---db-pool-min-size - The minimal size of the connection pool. ---db-schema The database schema to be used. ---db-url The full database JDBC URL. If not provided, a default URL is set based on the - selected database vendor. For instance, if using 'postgres', the default - JDBC URL would be 'jdbc:postgresql://localhost/keycloak'. ---db-url-database - Sets the database name of the default JDBC URL of the chosen vendor. If the - `db-url` option is set, this option is ignored. ---db-url-host - Sets the hostname of the default JDBC URL of the chosen vendor. If the - `db-url` option is set, this option is ignored. ---db-url-port Sets the port of the default JDBC URL of the chosen vendor. If the `db-url` - option is set, this option is ignored. ---db-url-properties - Sets the properties of the default JDBC URL of the chosen vendor. If the - `db-url` option is set, this option is ignored. ---db-username - The username of the database user. - -Hostname: - ---hostname - Hostname for the Keycloak server. ---hostname-admin - The hostname for accessing the administration console. Use this option if you - are exposing the administration console using a hostname other than the - value set to the 'hostname' option. ---hostname-admin-url - Set the base URL for accessing the administration console, including scheme, - host, port and path ---hostname-path - This should be set if proxy uses a different context-path for Keycloak. ---hostname-port - The port used by the proxy when exposing the hostname. Set this option if the - proxy uses a port other than the default HTTP and HTTPS ports. Default: -1. ---hostname-strict - Disables dynamically resolving the hostname from request headers. Should - always be set to true in production, unless proxy verifies the Host header. - Default: true. ---hostname-strict-backchannel - By default backchannel URLs are dynamically resolved from request headers to - allow internal and external applications. If all applications use the public - URL this option should be enabled. Default: false. ---hostname-url Set the base URL for frontend URLs, including scheme, host, port and path. - -HTTP/TLS: - ---http-enabled - Enables the HTTP listener. Default: false. ---http-host The used HTTP Host. Default: 0.0.0.0. ---http-port The used HTTP port. Default: 8080. ---https-certificate-file - The file path to a server certificate or certificate chain in PEM format. ---https-certificate-key-file - The file path to a private key in PEM format. ---https-cipher-suites - The cipher suites to use. If none is given, a reasonable default is selected. ---https-client-auth - Configures the server to require/request client authentication. Possible - values are: none, request, required. Default: none. ---https-key-store-file - The key store which holds the certificate information instead of specifying - separate files. ---https-key-store-password - The password of the key store file. Default: password. ---https-key-store-type - The type of the key store file. If not given, the type is automatically - detected based on the file name. If 'fips-mode' is set to 'strict' and no - value is set, it defaults to 'BCFKS'. ---https-port The used HTTPS port. Default: 8443. ---https-protocols - The list of protocols to explicitly enable. Default: TLSv1.3,TLSv1.2. ---https-trust-store-file - The trust store which holds the certificate information of the certificates to - trust. ---https-trust-store-password - The password of the trust store file. ---https-trust-store-type - The type of the trust store file. If not given, the type is automatically - detected based on the file name. If 'fips-mode' is set to 'strict' and no - value is set, it defaults to 'BCFKS'. - -Proxy: - ---proxy The proxy address forwarding mode if the server is behind a reverse proxy. - Possible values are: none, edge, reencrypt, passthrough. Default: none. - -Vault: - ---vault-dir If set, secrets can be obtained by reading the content of files within the - given directory. - -Logging: - ---log Enable one or more log handlers in a comma-separated list. Possible values - are: console, file, gelf. Default: console. ---log-console-color - Enable or disable colors when logging to console. Default: false. ---log-console-format - The format of unstructured console log entries. If the format has spaces in - it, escape the value using "". Default: %d{yyyy-MM-dd HH:mm:ss,SSS} % - -5p [%c] (%t) %s%e%n. ---log-console-output - Set the log output to JSON or default (plain) unstructured logging. Possible - values are: default, json. Default: default. ---log-file Set the log file path and filename. Default: data/log/keycloak.log. ---log-file-format - Set a format specific to file log entries. Default: %d{yyyy-MM-dd HH:mm:ss, - SSS} %-5p [%c] (%t) %s%e%n. ---log-file-output - Set the log output to JSON or default (plain) unstructured logging. Possible - values are: default, json. Default: default. ---log-gelf-facility - The facility (name of the process) that sends the message. Default: keycloak. ---log-gelf-host - Hostname of the Logstash or Graylog Host. By default UDP is used, prefix the - host with 'tcp:' to switch to TCP. Example: 'tcp:localhost' Default: - localhost. ---log-gelf-include-location - Include source code location. Default: true. ---log-gelf-include-message-parameters - Include message parameters from the log event. Default: true. ---log-gelf-include-stack-trace - If set to true, occuring stack traces are included in the 'StackTrace' field - in the GELF output. Default: true. ---log-gelf-level - The log level specifying which message levels will be logged by the GELF - logger. Message levels lower than this value will be discarded. Default: - INFO. ---log-gelf-max-message-size - Maximum message size (in bytes). If the message size is exceeded, GELF will - submit the message in multiple chunks. Default: 8192. ---log-gelf-port - The port the Logstash or Graylog Host is called on. Default: 12201. ---log-gelf-timestamp-format - Set the format for the GELF timestamp field. Uses Java SimpleDateFormat - pattern. Default: yyyy-MM-dd HH:mm:ss,SSS. ---log-level - The log level of the root category or a comma-separated list of individual - categories and their levels. For the root category, you don't need to - specify a category. Default: info. - -By default, this command tries to update the server configuration by running a -'build' before starting the server. You can disable this behavior by using the -'--optimized' option: - - $ kc.bat start '--optimized' - -By doing that, the server should start faster based on any previous -configuration you have set when manually running the 'build' command. +Start the server. + +Usage: + +kc.bat start [OPTIONS] + +Use this command to run the server in production. + +Options: + +-b, --auto-build (Deprecated) Automatically detects whether the server configuration changed + and a new server image must be built prior to starting the server. This + option provides an alternative to manually running the 'build' prior to + starting the server. Use this configuration carefully in production as it + might impact the startup time. +-h, --help This help message. +--help-all This same help message but with additional options. +--import-realm Import realms during startup by reading any realm configuration file from the + 'data/import' directory. +--optimized Use this option to achieve an optimal startup time if you have previously + built a server image using the 'build' command. + +Database: + +--db-driver The fully qualified class name of the JDBC driver. If not set, a default + driver is set accordingly to the chosen database. +--db-password + The password of the database user. +--db-pool-initial-size + The initial size of the connection pool. +--db-pool-max-size + The maximum size of the connection pool. Default: 100. +--db-pool-min-size + The minimal size of the connection pool. +--db-schema The database schema to be used. +--db-url The full database JDBC URL. If not provided, a default URL is set based on the + selected database vendor. For instance, if using 'postgres', the default + JDBC URL would be 'jdbc:postgresql://localhost/keycloak'. +--db-url-database + Sets the database name of the default JDBC URL of the chosen vendor. If the + `db-url` option is set, this option is ignored. +--db-url-host + Sets the hostname of the default JDBC URL of the chosen vendor. If the + `db-url` option is set, this option is ignored. +--db-url-port Sets the port of the default JDBC URL of the chosen vendor. If the `db-url` + option is set, this option is ignored. +--db-url-properties + Sets the properties of the default JDBC URL of the chosen vendor. Make sure to + set the properties accordingly to the format expected by the database + vendor, as well as appending the right character at the beginning of this + property value. If the `db-url` option is set, this option is ignored. +--db-username + The username of the database user. + +Hostname: + +--hostname + Hostname for the Keycloak server. +--hostname-admin + The hostname for accessing the administration console. Use this option if you + are exposing the administration console using a hostname other than the + value set to the 'hostname' option. +--hostname-admin-url + Set the base URL for accessing the administration console, including scheme, + host, port and path +--hostname-debug + Toggle the hostname debug page that is accessible at + /realms/master/hostname-debug Default: false. +--hostname-path + This should be set if proxy uses a different context-path for Keycloak. +--hostname-port + The port used by the proxy when exposing the hostname. Set this option if the + proxy uses a port other than the default HTTP and HTTPS ports. Default: -1. +--hostname-strict + Disables dynamically resolving the hostname from request headers. Should + always be set to true in production, unless proxy verifies the Host header. + Default: true. +--hostname-strict-backchannel + By default backchannel URLs are dynamically resolved from request headers to + allow internal and external applications. If all applications use the public + URL this option should be enabled. Default: false. +--hostname-url Set the base URL for frontend URLs, including scheme, host, port and path. + +HTTP/TLS: + +--http-enabled + Enables the HTTP listener. Default: false. +--http-host The used HTTP Host. Default: 0.0.0.0. +--http-port The used HTTP port. Default: 8080. +--https-certificate-file + The file path to a server certificate or certificate chain in PEM format. +--https-certificate-key-file + The file path to a private key in PEM format. +--https-cipher-suites + The cipher suites to use. If none is given, a reasonable default is selected. +--https-client-auth + Configures the server to require/request client authentication. Possible + values are: none, request, required. Default: none. +--https-key-store-file + The key store which holds the certificate information instead of specifying + separate files. +--https-key-store-password + The password of the key store file. Default: password. +--https-key-store-type + The type of the key store file. If not given, the type is automatically + detected based on the file name. If 'fips-mode' is set to 'strict' and no + value is set, it defaults to 'BCFKS'. +--https-port The used HTTPS port. Default: 8443. +--https-protocols + The list of protocols to explicitly enable. Default: TLSv1.3,TLSv1.2. +--https-trust-store-file + The trust store which holds the certificate information of the certificates to + trust. +--https-trust-store-password + The password of the trust store file. +--https-trust-store-type + The type of the trust store file. If not given, the type is automatically + detected based on the file name. If 'fips-mode' is set to 'strict' and no + value is set, it defaults to 'BCFKS'. + +Config: + +--config-keystore + Specifies a path to the KeyStore Configuration Source. +--config-keystore-password + Specifies a password to the KeyStore Configuration Source. +--config-keystore-type + Specifies a type of the KeyStore Configuration Source. Default: PKCS12. + +Proxy: + +--proxy The proxy address forwarding mode if the server is behind a reverse proxy. + Possible values are: none, edge, reencrypt, passthrough. Default: none. + +Vault: + +--vault-dir If set, secrets can be obtained by reading the content of files within the + given directory. +--vault-file Path to the keystore file. +--vault-pass Password for the vault keystore. +--vault-type Specifies the type of the keystore file. Default: PKCS12. + +Logging: + +--log Enable one or more log handlers in a comma-separated list. Possible values + are: console, file, gelf. Default: console. +--log-console-color + Enable or disable colors when logging to console. Default: false. +--log-console-format + The format of unstructured console log entries. If the format has spaces in + it, escape the value using "". Default: %d{yyyy-MM-dd HH:mm:ss,SSS} % + -5p [%c] (%t) %s%e%n. +--log-console-output + Set the log output to JSON or default (plain) unstructured logging. Possible + values are: default, json. Default: default. +--log-file Set the log file path and filename. Default: data\log\keycloak.log. +--log-file-format + Set a format specific to file log entries. Default: %d{yyyy-MM-dd HH:mm:ss, + SSS} %-5p [%c] (%t) %s%e%n. +--log-file-output + Set the log output to JSON or default (plain) unstructured logging. Possible + values are: default, json. Default: default. +--log-gelf-facility + The facility (name of the process) that sends the message. Default: keycloak. +--log-gelf-host + Hostname of the Logstash or Graylog Host. By default UDP is used, prefix the + host with 'tcp:' to switch to TCP. Example: 'tcp:localhost' Default: + localhost. +--log-gelf-include-location + Include source code location. Default: true. +--log-gelf-include-message-parameters + Include message parameters from the log event. Default: true. +--log-gelf-include-stack-trace + If set to true, occuring stack traces are included in the 'StackTrace' field + in the GELF output. Default: true. +--log-gelf-level + The log level specifying which message levels will be logged by the GELF + logger. Message levels lower than this value will be discarded. Default: + INFO. +--log-gelf-max-message-size + Maximum message size (in bytes). If the message size is exceeded, GELF will + submit the message in multiple chunks. Default: 8192. +--log-gelf-port + The port the Logstash or Graylog Host is called on. Default: 12201. +--log-gelf-timestamp-format + Set the format for the GELF timestamp field. Uses Java SimpleDateFormat + pattern. Default: yyyy-MM-dd HH:mm:ss,SSS. +--log-level + The log level of the root category or a comma-separated list of individual + categories and their levels. For the root category, you don't need to + specify a category. Default: info. + +By default, this command tries to update the server configuration by running a +'build' before starting the server. You can disable this behavior by using the +'--optimized' option: + + $ kc.bat start '--optimized' + +By doing that, the server should start faster based on any previous +configuration you have set when manually running the 'build' command. \ No newline at end of file diff --git a/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testStartOptimizedHelpAll.windows.approved.txt b/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testStartOptimizedHelpAll.windows.approved.txt index b5d806461f..a2868213f3 100644 --- a/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testStartOptimizedHelpAll.windows.approved.txt +++ b/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testStartOptimizedHelpAll.windows.approved.txt @@ -1,200 +1,219 @@ -Start the server. - -Usage: - -kc.bat start [OPTIONS] - -Use this command to run the server in production. - -Options: - --b, --auto-build (Deprecated) Automatically detects whether the server configuration changed - and a new server image must be built prior to starting the server. This - option provides an alternative to manually running the 'build' prior to - starting the server. Use this configuration carefully in production as it - might impact the startup time. --h, --help This help message. ---help-all This same help message but with additional options. ---import-realm Import realms during startup by reading any realm configuration file from the - 'data/import' directory. ---optimized Use this option to achieve an optimal startup time if you have previously - built a server image using the 'build' command. - -Storage (Experimental): - ---storage-deployment-state-version-seed - Experimental: Secret that serves as a seed to mask the version number of - Keycloak in URLs. Need to be identical across all servers in the cluster. - Will default to a random number generated when starting the server which is - secure but will lead to problems when a loadbalancer without sticky sessions - is used or nodes are restarted. ---storage-file-dir - Experimental: Root directory for file map store. ---storage-hotrod-host - Experimental: Sets the host of the Infinispan server. ---storage-hotrod-password - Experimental: Sets the password of the Infinispan user. ---storage-hotrod-port - Experimental: Sets the port of the Infinispan server. ---storage-hotrod-username - Experimental: Sets the username of the Infinispan user. - -Database: - ---db-password - The password of the database user. ---db-pool-initial-size - The initial size of the connection pool. ---db-pool-max-size - The maximum size of the connection pool. Default: 100. ---db-pool-min-size - The minimal size of the connection pool. ---db-schema The database schema to be used. ---db-url The full database JDBC URL. If not provided, a default URL is set based on the - selected database vendor. For instance, if using 'postgres', the default - JDBC URL would be 'jdbc:postgresql://localhost/keycloak'. ---db-url-database - Sets the database name of the default JDBC URL of the chosen vendor. If the - `db-url` option is set, this option is ignored. ---db-url-host - Sets the hostname of the default JDBC URL of the chosen vendor. If the - `db-url` option is set, this option is ignored. ---db-url-port Sets the port of the default JDBC URL of the chosen vendor. If the `db-url` - option is set, this option is ignored. ---db-url-properties - Sets the properties of the default JDBC URL of the chosen vendor. If the - `db-url` option is set, this option is ignored. ---db-username - The username of the database user. - -Hostname: - ---hostname - Hostname for the Keycloak server. ---hostname-admin - The hostname for accessing the administration console. Use this option if you - are exposing the administration console using a hostname other than the - value set to the 'hostname' option. ---hostname-admin-url - Set the base URL for accessing the administration console, including scheme, - host, port and path ---hostname-path - This should be set if proxy uses a different context-path for Keycloak. ---hostname-port - The port used by the proxy when exposing the hostname. Set this option if the - proxy uses a port other than the default HTTP and HTTPS ports. Default: -1. ---hostname-strict - Disables dynamically resolving the hostname from request headers. Should - always be set to true in production, unless proxy verifies the Host header. - Default: true. ---hostname-strict-backchannel - By default backchannel URLs are dynamically resolved from request headers to - allow internal and external applications. If all applications use the public - URL this option should be enabled. Default: false. ---hostname-url Set the base URL for frontend URLs, including scheme, host, port and path. - -HTTP/TLS: - ---http-enabled - Enables the HTTP listener. Default: false. ---http-host The used HTTP Host. Default: 0.0.0.0. ---http-port The used HTTP port. Default: 8080. ---https-certificate-file - The file path to a server certificate or certificate chain in PEM format. ---https-certificate-key-file - The file path to a private key in PEM format. ---https-cipher-suites - The cipher suites to use. If none is given, a reasonable default is selected. ---https-client-auth - Configures the server to require/request client authentication. Possible - values are: none, request, required. Default: none. ---https-key-store-file - The key store which holds the certificate information instead of specifying - separate files. ---https-key-store-password - The password of the key store file. Default: password. ---https-key-store-type - The type of the key store file. If not given, the type is automatically - detected based on the file name. If 'fips-mode' is set to 'strict' and no - value is set, it defaults to 'BCFKS'. ---https-port The used HTTPS port. Default: 8443. ---https-protocols - The list of protocols to explicitly enable. Default: TLSv1.3,TLSv1.2. ---https-trust-store-file - The trust store which holds the certificate information of the certificates to - trust. ---https-trust-store-password - The password of the trust store file. ---https-trust-store-type - The type of the trust store file. If not given, the type is automatically - detected based on the file name. If 'fips-mode' is set to 'strict' and no - value is set, it defaults to 'BCFKS'. - -Proxy: - ---proxy The proxy address forwarding mode if the server is behind a reverse proxy. - Possible values are: none, edge, reencrypt, passthrough. Default: none. - -Vault: - ---vault-dir If set, secrets can be obtained by reading the content of files within the - given directory. - -Logging: - ---log Enable one or more log handlers in a comma-separated list. Possible values - are: console, file, gelf. Default: console. ---log-console-color - Enable or disable colors when logging to console. Default: false. ---log-console-format - The format of unstructured console log entries. If the format has spaces in - it, escape the value using "". Default: %d{yyyy-MM-dd HH:mm:ss,SSS} % - -5p [%c] (%t) %s%e%n. ---log-console-output - Set the log output to JSON or default (plain) unstructured logging. Possible - values are: default, json. Default: default. ---log-file Set the log file path and filename. Default: data/log/keycloak.log. ---log-file-format - Set a format specific to file log entries. Default: %d{yyyy-MM-dd HH:mm:ss, - SSS} %-5p [%c] (%t) %s%e%n. ---log-file-output - Set the log output to JSON or default (plain) unstructured logging. Possible - values are: default, json. Default: default. ---log-gelf-facility - The facility (name of the process) that sends the message. Default: keycloak. ---log-gelf-host - Hostname of the Logstash or Graylog Host. By default UDP is used, prefix the - host with 'tcp:' to switch to TCP. Example: 'tcp:localhost' Default: - localhost. ---log-gelf-include-location - Include source code location. Default: true. ---log-gelf-include-message-parameters - Include message parameters from the log event. Default: true. ---log-gelf-include-stack-trace - If set to true, occuring stack traces are included in the 'StackTrace' field - in the GELF output. Default: true. ---log-gelf-level - The log level specifying which message levels will be logged by the GELF - logger. Message levels lower than this value will be discarded. Default: - INFO. ---log-gelf-max-message-size - Maximum message size (in bytes). If the message size is exceeded, GELF will - submit the message in multiple chunks. Default: 8192. ---log-gelf-port - The port the Logstash or Graylog Host is called on. Default: 12201. ---log-gelf-timestamp-format - Set the format for the GELF timestamp field. Uses Java SimpleDateFormat - pattern. Default: yyyy-MM-dd HH:mm:ss,SSS. ---log-level - The log level of the root category or a comma-separated list of individual - categories and their levels. For the root category, you don't need to - specify a category. Default: info. - -By default, this command tries to update the server configuration by running a -'build' before starting the server. You can disable this behavior by using the -'--optimized' option: - - $ kc.bat start '--optimized' - -By doing that, the server should start faster based on any previous +Start the server. + +Usage: + +kc.bat start [OPTIONS] + +Use this command to run the server in production. + +Options: + +-b, --auto-build (Deprecated) Automatically detects whether the server configuration changed + and a new server image must be built prior to starting the server. This + option provides an alternative to manually running the 'build' prior to + starting the server. Use this configuration carefully in production as it + might impact the startup time. +-h, --help This help message. +--help-all This same help message but with additional options. +--import-realm Import realms during startup by reading any realm configuration file from the + 'data/import' directory. +--optimized Use this option to achieve an optimal startup time if you have previously + built a server image using the 'build' command. + +Storage (Experimental): + +--storage-deployment-state-version-seed + Experimental: Secret that serves as a seed to mask the version number of + Keycloak in URLs. Need to be identical across all servers in the cluster. + Will default to a random number generated when starting the server which is + secure but will lead to problems when a loadbalancer without sticky sessions + is used or nodes are restarted. +--storage-file-dir + Experimental: Root directory for file map store. +--storage-hotrod-host + Experimental: Sets the host of the Infinispan server. +--storage-hotrod-password + Experimental: Sets the password of the Infinispan user. +--storage-hotrod-port + Experimental: Sets the port of the Infinispan server. +--storage-hotrod-username + Experimental: Sets the username of the Infinispan user. + +Database: + +--db-driver The fully qualified class name of the JDBC driver. If not set, a default + driver is set accordingly to the chosen database. +--db-password + The password of the database user. +--db-pool-initial-size + The initial size of the connection pool. +--db-pool-max-size + The maximum size of the connection pool. Default: 100. +--db-pool-min-size + The minimal size of the connection pool. +--db-schema The database schema to be used. +--db-url The full database JDBC URL. If not provided, a default URL is set based on the + selected database vendor. For instance, if using 'postgres', the default + JDBC URL would be 'jdbc:postgresql://localhost/keycloak'. +--db-url-database + Sets the database name of the default JDBC URL of the chosen vendor. If the + `db-url` option is set, this option is ignored. +--db-url-host + Sets the hostname of the default JDBC URL of the chosen vendor. If the + `db-url` option is set, this option is ignored. +--db-url-port Sets the port of the default JDBC URL of the chosen vendor. If the `db-url` + option is set, this option is ignored. +--db-url-properties + Sets the properties of the default JDBC URL of the chosen vendor. Make sure to + set the properties accordingly to the format expected by the database + vendor, as well as appending the right character at the beginning of this + property value. If the `db-url` option is set, this option is ignored. +--db-username + The username of the database user. + +Hostname: + +--hostname + Hostname for the Keycloak server. +--hostname-admin + The hostname for accessing the administration console. Use this option if you + are exposing the administration console using a hostname other than the + value set to the 'hostname' option. +--hostname-admin-url + Set the base URL for accessing the administration console, including scheme, + host, port and path +--hostname-debug + Toggle the hostname debug page that is accessible at + /realms/master/hostname-debug Default: false. +--hostname-path + This should be set if proxy uses a different context-path for Keycloak. +--hostname-port + The port used by the proxy when exposing the hostname. Set this option if the + proxy uses a port other than the default HTTP and HTTPS ports. Default: -1. +--hostname-strict + Disables dynamically resolving the hostname from request headers. Should + always be set to true in production, unless proxy verifies the Host header. + Default: true. +--hostname-strict-backchannel + By default backchannel URLs are dynamically resolved from request headers to + allow internal and external applications. If all applications use the public + URL this option should be enabled. Default: false. +--hostname-url Set the base URL for frontend URLs, including scheme, host, port and path. + +HTTP/TLS: + +--http-enabled + Enables the HTTP listener. Default: false. +--http-host The used HTTP Host. Default: 0.0.0.0. +--http-port The used HTTP port. Default: 8080. +--https-certificate-file + The file path to a server certificate or certificate chain in PEM format. +--https-certificate-key-file + The file path to a private key in PEM format. +--https-cipher-suites + The cipher suites to use. If none is given, a reasonable default is selected. +--https-client-auth + Configures the server to require/request client authentication. Possible + values are: none, request, required. Default: none. +--https-key-store-file + The key store which holds the certificate information instead of specifying + separate files. +--https-key-store-password + The password of the key store file. Default: password. +--https-key-store-type + The type of the key store file. If not given, the type is automatically + detected based on the file name. If 'fips-mode' is set to 'strict' and no + value is set, it defaults to 'BCFKS'. +--https-port The used HTTPS port. Default: 8443. +--https-protocols + The list of protocols to explicitly enable. Default: TLSv1.3,TLSv1.2. +--https-trust-store-file + The trust store which holds the certificate information of the certificates to + trust. +--https-trust-store-password + The password of the trust store file. +--https-trust-store-type + The type of the trust store file. If not given, the type is automatically + detected based on the file name. If 'fips-mode' is set to 'strict' and no + value is set, it defaults to 'BCFKS'. + +Config: + +--config-keystore + Specifies a path to the KeyStore Configuration Source. +--config-keystore-password + Specifies a password to the KeyStore Configuration Source. +--config-keystore-type + Specifies a type of the KeyStore Configuration Source. Default: PKCS12. + +Proxy: + +--proxy The proxy address forwarding mode if the server is behind a reverse proxy. + Possible values are: none, edge, reencrypt, passthrough. Default: none. + +Vault: + +--vault-dir If set, secrets can be obtained by reading the content of files within the + given directory. +--vault-file Path to the keystore file. +--vault-pass Password for the vault keystore. +--vault-type Specifies the type of the keystore file. Default: PKCS12. + +Logging: + +--log Enable one or more log handlers in a comma-separated list. Possible values + are: console, file, gelf. Default: console. +--log-console-color + Enable or disable colors when logging to console. Default: false. +--log-console-format + The format of unstructured console log entries. If the format has spaces in + it, escape the value using "". Default: %d{yyyy-MM-dd HH:mm:ss,SSS} % + -5p [%c] (%t) %s%e%n. +--log-console-output + Set the log output to JSON or default (plain) unstructured logging. Possible + values are: default, json. Default: default. +--log-file Set the log file path and filename. Default: data\log\keycloak.log. +--log-file-format + Set a format specific to file log entries. Default: %d{yyyy-MM-dd HH:mm:ss, + SSS} %-5p [%c] (%t) %s%e%n. +--log-file-output + Set the log output to JSON or default (plain) unstructured logging. Possible + values are: default, json. Default: default. +--log-gelf-facility + The facility (name of the process) that sends the message. Default: keycloak. +--log-gelf-host + Hostname of the Logstash or Graylog Host. By default UDP is used, prefix the + host with 'tcp:' to switch to TCP. Example: 'tcp:localhost' Default: + localhost. +--log-gelf-include-location + Include source code location. Default: true. +--log-gelf-include-message-parameters + Include message parameters from the log event. Default: true. +--log-gelf-include-stack-trace + If set to true, occuring stack traces are included in the 'StackTrace' field + in the GELF output. Default: true. +--log-gelf-level + The log level specifying which message levels will be logged by the GELF + logger. Message levels lower than this value will be discarded. Default: + INFO. +--log-gelf-max-message-size + Maximum message size (in bytes). If the message size is exceeded, GELF will + submit the message in multiple chunks. Default: 8192. +--log-gelf-port + The port the Logstash or Graylog Host is called on. Default: 12201. +--log-gelf-timestamp-format + Set the format for the GELF timestamp field. Uses Java SimpleDateFormat + pattern. Default: yyyy-MM-dd HH:mm:ss,SSS. +--log-level + The log level of the root category or a comma-separated list of individual + categories and their levels. For the root category, you don't need to + specify a category. Default: info. + +By default, this command tries to update the server configuration by running a +'build' before starting the server. You can disable this behavior by using the +'--optimized' option: + + $ kc.bat start '--optimized' + +By doing that, the server should start faster based on any previous configuration you have set when manually running the 'build' command. \ No newline at end of file diff --git a/server-spi/src/main/java/org/keycloak/theme/ThemeSelectorProvider.java b/server-spi/src/main/java/org/keycloak/theme/ThemeSelectorProvider.java index a4d28c70fb..14b99c8220 100755 --- a/server-spi/src/main/java/org/keycloak/theme/ThemeSelectorProvider.java +++ b/server-spi/src/main/java/org/keycloak/theme/ThemeSelectorProvider.java @@ -56,6 +56,10 @@ public interface ThemeSelectorProvider extends Provider { return DEFAULT_V2; } + if ((type == Theme.Type.WELCOME) && !Profile.isFeatureEnabled(Profile.Feature.LEGACY_WELCOME)) { + return DEFAULT_V2; + } + return DEFAULT; } diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/ServerInfoTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/ServerInfoTest.java index 1b70feb34a..890d220b8e 100644 --- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/ServerInfoTest.java +++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/ServerInfoTest.java @@ -61,7 +61,7 @@ public class ServerInfoTest extends AbstractKeycloakTest { Assert.assertNames(info.getThemes().get("admin"), "base", "keycloak.v2"); Assert.assertNames(info.getThemes().get("email"), "base", "keycloak"); Assert.assertNames(info.getThemes().get("login"), "address", "base", "environment-agnostic", "keycloak"); - Assert.assertNames(info.getThemes().get("welcome"), "keycloak"); + Assert.assertNames(info.getThemes().get("welcome"), "keycloak", "keycloak.v2"); assertNotNull(info.getEnums()); diff --git a/themes/pom.xml b/themes/pom.xml index d446073fff..fcd9c3786a 100755 --- a/themes/pom.xml +++ b/themes/pom.xml @@ -15,12 +15,14 @@ src/main/resources/theme/keycloak/common/resources src/main/resources/theme/keycloak.v2/account/src + src/main/resources/theme/keycloak.v2/welcome ci --no-optional --ignore-scripts ${project.basedir}/src/main/resources/theme/keycloak/common/resources/node_modules ${project.basedir}/src/main/resources/theme/keycloak/common/resources/web_modules ${project.basedir}/src/main/resources/theme/keycloak.v2/account/src/node_modules ${project.basedir}/src/main/resources/theme/keycloak.v2/account/src/web_modules + ${project.basedir}/src/main/resources/theme/keycloak.v2/welcome/node_modules @@ -166,6 +168,83 @@ + + welcome2 + + + !skipWelcome2 + + + + + + maven-clean-plugin + + + + ${dir.welcome2}/node_modules + ${dir.welcome2}/resources/vendor + + + + + + com.github.eirslett + frontend-maven-plugin + + + setup-node + + install-node-and-npm + + initialize + + + npm-install-welcome2 + initialize + + npm + + + ${dir.welcome2} + ${args.npm.install} + + + + + ${node.version} + ../ + + + + maven-resources-plugin + + + copy-patternfly + generate-resources + + copy-resources + + + ${dir.welcome2}/resources/vendor/patternfly + + + ${dir.welcome2}/node_modules/@patternfly/patternfly + + patternfly.css + patternfly-addons.css + assets/fonts/**/* + + + + + + + + + + + common diff --git a/themes/src/main/resources/META-INF/keycloak-themes.json b/themes/src/main/resources/META-INF/keycloak-themes.json index dc2201c6af..fdaa53bba8 100755 --- a/themes/src/main/resources/META-INF/keycloak-themes.json +++ b/themes/src/main/resources/META-INF/keycloak-themes.json @@ -7,6 +7,6 @@ "types": [ "login", "common", "email", "welcome" ] }, { "name" : "keycloak.v2", - "types": [ "account", "admin" ] + "types": [ "account", "admin", "welcome" ] }] } diff --git a/themes/src/main/resources/theme/keycloak.v2/welcome/.gitignore b/themes/src/main/resources/theme/keycloak.v2/welcome/.gitignore new file mode 100644 index 0000000000..dde710a213 --- /dev/null +++ b/themes/src/main/resources/theme/keycloak.v2/welcome/.gitignore @@ -0,0 +1 @@ +resources/vendor \ No newline at end of file diff --git a/themes/src/main/resources/theme/keycloak.v2/welcome/index.ftl b/themes/src/main/resources/theme/keycloak.v2/welcome/index.ftl new file mode 100755 index 0000000000..ac13e71096 --- /dev/null +++ b/themes/src/main/resources/theme/keycloak.v2/welcome/index.ftl @@ -0,0 +1,205 @@ + + + + + Welcome to ${productName} + + + <#if properties.stylesCommon?has_content> + <#list properties.stylesCommon?split(' ') as style> + + + + <#if properties.styles?has_content> + <#list properties.styles?split(' ') as style> + + + + + +
+
+
+
+
+

Welcome to ${productName}

+
+
+ <#if adminConsoleEnabled> +
+
+
+

Administration Console

+
+
+ <#if bootstrap> + <#if localUser> +
+

Please create an initial admin user to get started.

+
+
+
+
+ +
+
+ + + +
+
+
+
+ +
+
+ + + +
+
+
+
+ +
+
+ + + +
+
+ + <#if errorMessage?has_content> +
+
+ +
+

+ ${errorMessage} +

+
+ +
+
+ +
+
+
+ <#else> +
+

+ You will need local access to create the initial admin user.

+ To create one open ${localAdminUrl}, or set the environment variables KEYCLOAK_ADMIN and KEYCLOAK_ADMIN_PASSWORD when starting the server. +

+
+ + <#else> +
+

Centrally manage all aspects of the ${productName} server.

+
+ <#if successMessage?has_content> +
+
+ +
+

+ ${successMessage} +

+
+ + + +
+
+
+ +
+
+
+

Documentation

+
+
User Guide, Admin REST API and Javadocs.
+ +
+
+ <#if properties.displayCommunityLinks = "true"> +
+
+
+
+
+

${productName} Project

+
+
The home page of the ${productName} project.
+ +
+
+
+
+
+

Mailing List

+
+
Discussions about ${productName}.
+ +
+
+
+
+
+

Issue Tracker

+
+
Report issues with ${productName}.
+ +
+
+
+
+ +
+
+
+
+
+ + diff --git a/themes/src/main/resources/theme/keycloak.v2/welcome/package-lock.json b/themes/src/main/resources/theme/keycloak.v2/welcome/package-lock.json new file mode 100644 index 0000000000..c46015af7e --- /dev/null +++ b/themes/src/main/resources/theme/keycloak.v2/welcome/package-lock.json @@ -0,0 +1,18 @@ +{ + "name": "welcome-v2", + "lockfileVersion": 3, + "requires": true, + "packages": { + "": { + "name": "welcome-v2", + "dependencies": { + "@patternfly/patternfly": "^5.0.2" + } + }, + "node_modules/@patternfly/patternfly": { + "version": "5.0.2", + "resolved": "https://registry.npmjs.org/@patternfly/patternfly/-/patternfly-5.0.2.tgz", + "integrity": "sha512-PB8+MLdYVgF1hIOxGmnVsZG+YHUX3RePe5W1oMS4gS00EmSgw1cobr1Qbpy/BqqS8/R9DRN4hZ2FKDT0d5tkFQ==" + } + } +} diff --git a/themes/src/main/resources/theme/keycloak.v2/welcome/package.json b/themes/src/main/resources/theme/keycloak.v2/welcome/package.json new file mode 100644 index 0000000000..553db63ac4 --- /dev/null +++ b/themes/src/main/resources/theme/keycloak.v2/welcome/package.json @@ -0,0 +1,6 @@ +{ + "name": "welcome-v2", + "dependencies": { + "@patternfly/patternfly": "^5.0.2" + } +} diff --git a/themes/src/main/resources/theme/keycloak.v2/welcome/theme.properties b/themes/src/main/resources/theme/keycloak.v2/welcome/theme.properties new file mode 100644 index 0000000000..4ad3377188 --- /dev/null +++ b/themes/src/main/resources/theme/keycloak.v2/welcome/theme.properties @@ -0,0 +1,6 @@ +import=common/keycloak + +styles=vendor/patternfly/patternfly.css vendor/patternfly/patternfly-addons.css + +documentationUrl=https://www.keycloak.org/documentation.html +displayCommunityLinks=true