diff --git a/docs/guides/server/management-interface.adoc b/docs/guides/server/management-interface.adoc index d575832c85..0991b0ba47 100644 --- a/docs/guides/server/management-interface.adoc +++ b/docs/guides/server/management-interface.adoc @@ -13,7 +13,8 @@ The most significant advantage might be seen in Kubernetes environments as the s == Management interface configuration -The management interface is turned on by default, so management endpoints such as `/metrics`, and `/health` are exposed on the default management port `9000`. +The management interface is turned on when something is exposed on it. +Management endpoints such as `/metrics` and `/health` are exposed on the default management port `9000` when metrics and health are enabled. The management interface provides a set of options and is fully configurable. In order to change the port for the management interface, you can use the {project_name} option `http-management-port`. diff --git a/quarkus/config-api/src/main/java/org/keycloak/config/ManagementOptions.java b/quarkus/config-api/src/main/java/org/keycloak/config/ManagementOptions.java index a15cfbe33a..e1b8c6e321 100644 --- a/quarkus/config-api/src/main/java/org/keycloak/config/ManagementOptions.java +++ b/quarkus/config-api/src/main/java/org/keycloak/config/ManagementOptions.java @@ -24,6 +24,13 @@ import java.util.List; */ public class ManagementOptions { + public static final Option HTTP_MANAGEMENT_ENABLED = new OptionBuilder<>("http-management-enabled", Boolean.class) + .category(OptionCategory.MANAGEMENT) + .description("Placeholder for resolving state of the management interface. If set, the value is ignored.") + .buildTime(true) + .hidden() + .build(); + public static final Option LEGACY_OBSERVABILITY_INTERFACE = new OptionBuilder<>("legacy-observability-interface", Boolean.class) .category(OptionCategory.MANAGEMENT) .deprecated() @@ -32,30 +39,32 @@ public class ManagementOptions { .buildTime(true) .build(); + static String RELEVANT_MSG = "Relevant only when something is exposed on the management interface - see the guide for details."; + public static final Option HTTP_MANAGEMENT_RELATIVE_PATH = new OptionBuilder<>("http-management-relative-path", String.class) .category(OptionCategory.MANAGEMENT) - .description("Set the path relative to '/' for serving resources from management interface. The path must start with a '/'. If not given, the value is inherited from HTTP options.") + .description("Set the path relative to '/' for serving resources from management interface. The path must start with a '/'. If not given, the value is inherited from HTTP options. " + RELEVANT_MSG) .defaultValue("/") .buildTime(true) .build(); public static final Option HTTP_MANAGEMENT_PORT = new OptionBuilder<>("http-management-port", Integer.class) .category(OptionCategory.MANAGEMENT) - .description("Port of the management interface.") + .description("Port of the management interface. " + RELEVANT_MSG) .defaultValue(9000) .build(); public static final Option HTTP_MANAGEMENT_HOST = new OptionBuilder<>("http-management-host", String.class) .hidden() .category(OptionCategory.MANAGEMENT) - .description("Host of the management interface. If not given, the value is inherited from HTTP options.") + .description("Host of the management interface. If not given, the value is inherited from HTTP options. " + RELEVANT_MSG) .defaultValue("0.0.0.0") .build(); //HTTPS public static final Option HTTPS_MANAGEMENT_CLIENT_AUTH = new OptionBuilder<>("https-management-client-auth", HttpOptions.ClientAuth.class) .category(OptionCategory.MANAGEMENT) - .description("Configures the management interface to require/request client authentication. If not given, the value is inherited from HTTP options.") + .description("Configures the management interface to require/request client authentication. If not given, the value is inherited from HTTP options. " + RELEVANT_MSG) .defaultValue(HttpOptions.ClientAuth.none) .buildTime(true) .build(); @@ -63,42 +72,42 @@ public class ManagementOptions { public static final Option HTTPS_MANAGEMENT_CIPHER_SUITES = new OptionBuilder<>("https-management-cipher-suites", String.class) .hidden() .category(OptionCategory.MANAGEMENT) - .description("The cipher suites to use for the management server. If not given, the value is inherited from HTTP options.") + .description("The cipher suites to use for the management server. If not given, the value is inherited from HTTP options. " + RELEVANT_MSG) .hidden() .build(); public static final Option> HTTPS_MANAGEMENT_PROTOCOLS = OptionBuilder.listOptionBuilder("https-management-protocols", String.class) .hidden() .category(OptionCategory.MANAGEMENT) - .description("The list of protocols to explicitly enable for the management server. If not given, the value is inherited from HTTP options.") + .description("The list of protocols to explicitly enable for the management server. If not given, the value is inherited from HTTP options. " + RELEVANT_MSG) .defaultValue(List.of("TLSv1.3,TLSv1.2")) .hidden() .build(); public static final Option HTTPS_MANAGEMENT_CERTIFICATE_FILE = new OptionBuilder<>("https-management-certificate-file", File.class) .category(OptionCategory.MANAGEMENT) - .description("The file path to a server certificate or certificate chain in PEM format for the management server. If not given, the value is inherited from HTTP options.") + .description("The file path to a server certificate or certificate chain in PEM format for the management server. If not given, the value is inherited from HTTP options. " + RELEVANT_MSG) .build(); public static final Option HTTPS_MANAGEMENT_CERTIFICATE_KEY_FILE = new OptionBuilder<>("https-management-certificate-key-file", File.class) .category(OptionCategory.MANAGEMENT) - .description("The file path to a private key in PEM format for the management server. If not given, the value is inherited from HTTP options.") + .description("The file path to a private key in PEM format for the management server. If not given, the value is inherited from HTTP options. " + RELEVANT_MSG) .build(); public static final Option HTTPS_MANAGEMENT_KEY_STORE_FILE = new OptionBuilder<>("https-management-key-store-file", File.class) .category(OptionCategory.MANAGEMENT) - .description("The key store which holds the certificate information instead of specifying separate files for the management server. If not given, the value is inherited from HTTP options.") + .description("The key store which holds the certificate information instead of specifying separate files for the management server. If not given, the value is inherited from HTTP options. " + RELEVANT_MSG) .build(); public static final Option HTTPS_MANAGEMENT_KEY_STORE_PASSWORD = new OptionBuilder<>("https-management-key-store-password", String.class) .category(OptionCategory.MANAGEMENT) - .description("The password of the key store file for the management server. If not given, the value is inherited from HTTP options.") + .description("The password of the key store file for the management server. If not given, the value is inherited from HTTP options. " + RELEVANT_MSG) .defaultValue("password") .build(); public static final Option HTTPS_MANAGEMENT_KEY_STORE_TYPE = new OptionBuilder<>("https-management-key-store-type", String.class) .hidden() .category(OptionCategory.MANAGEMENT) - .description("The type of the key store file for the management server. If not given, the value is inherited from HTTP options.") + .description("The type of the key store file for the management server. If not given, the value is inherited from HTTP options. " + RELEVANT_MSG) .build(); } diff --git a/quarkus/runtime/src/main/java/org/keycloak/quarkus/runtime/configuration/mappers/ManagementPropertyMappers.java b/quarkus/runtime/src/main/java/org/keycloak/quarkus/runtime/configuration/mappers/ManagementPropertyMappers.java index 9bf4a7e789..2249977de1 100644 --- a/quarkus/runtime/src/main/java/org/keycloak/quarkus/runtime/configuration/mappers/ManagementPropertyMappers.java +++ b/quarkus/runtime/src/main/java/org/keycloak/quarkus/runtime/configuration/mappers/ManagementPropertyMappers.java @@ -16,90 +16,82 @@ */ package org.keycloak.quarkus.runtime.configuration.mappers; -import io.smallrye.config.ConfigSourceInterceptorContext; +import org.keycloak.config.HealthOptions; import org.keycloak.config.HttpOptions; import org.keycloak.config.ManagementOptions; +import org.keycloak.config.MetricsOptions; import org.keycloak.quarkus.runtime.Messages; import org.keycloak.quarkus.runtime.cli.PropertyException; import org.keycloak.quarkus.runtime.configuration.Configuration; import java.util.Optional; +import static org.keycloak.config.ManagementOptions.LEGACY_OBSERVABILITY_INTERFACE; import static org.keycloak.quarkus.runtime.configuration.Configuration.isTrue; import static org.keycloak.quarkus.runtime.configuration.mappers.PropertyMapper.fromOption; public class ManagementPropertyMappers { - private static final String MANAGEMENT_ENABLED_MSG = "Management interface is enabled"; private ManagementPropertyMappers() { } public static PropertyMapper[] getManagementPropertyMappers() { return new PropertyMapper[]{ + fromOption(ManagementOptions.HTTP_MANAGEMENT_ENABLED) + .to("quarkus.management.enabled") + .transformer((val, ctx) -> managementEnabledTransformer()) + .build(), fromOption(ManagementOptions.LEGACY_OBSERVABILITY_INTERFACE) - .to("quarkus.management.enabled") // ATM, the management interface state is only based on the legacy-observability-interface property - .paramLabel(Boolean.TRUE + "|" + Boolean.FALSE) - .transformer(ManagementPropertyMappers::managementEnabledTransformer) .build(), fromOption(ManagementOptions.HTTP_MANAGEMENT_RELATIVE_PATH) - .isEnabled(ManagementPropertyMappers::isManagementEnabled, MANAGEMENT_ENABLED_MSG) .mapFrom(HttpOptions.HTTP_RELATIVE_PATH.getKey()) .to("quarkus.management.root-path") .paramLabel("path") .build(), fromOption(ManagementOptions.HTTP_MANAGEMENT_PORT) - .isEnabled(ManagementPropertyMappers::isManagementEnabled, MANAGEMENT_ENABLED_MSG) .to("quarkus.management.port") .paramLabel("port") .build(), fromOption(ManagementOptions.HTTP_MANAGEMENT_HOST) - .isEnabled(ManagementPropertyMappers::isManagementEnabled, MANAGEMENT_ENABLED_MSG) .mapFrom(HttpOptions.HTTP_HOST.getKey()) .to("quarkus.management.host") .paramLabel("host") .build(), // HTTPS fromOption(ManagementOptions.HTTPS_MANAGEMENT_CLIENT_AUTH) - .isEnabled(ManagementPropertyMappers::isManagementEnabled, MANAGEMENT_ENABLED_MSG) .mapFrom(HttpOptions.HTTPS_CLIENT_AUTH.getKey()) .to("quarkus.management.ssl.client-auth") .paramLabel("auth") .build(), fromOption(ManagementOptions.HTTPS_MANAGEMENT_CIPHER_SUITES) - .isEnabled(ManagementPropertyMappers::isManagementEnabled, MANAGEMENT_ENABLED_MSG) .mapFrom(HttpOptions.HTTPS_CIPHER_SUITES.getKey()) .to("quarkus.management.ssl.cipher-suites") .paramLabel("ciphers") .build(), fromOption(ManagementOptions.HTTPS_MANAGEMENT_PROTOCOLS) - .isEnabled(ManagementPropertyMappers::isManagementEnabled, MANAGEMENT_ENABLED_MSG) .mapFrom(HttpOptions.HTTPS_PROTOCOLS.getKey()) .to("quarkus.management.ssl.protocols") .paramLabel("protocols") .build(), fromOption(ManagementOptions.HTTPS_MANAGEMENT_CERTIFICATE_FILE) - .isEnabled(ManagementPropertyMappers::isManagementEnabled, MANAGEMENT_ENABLED_MSG) .mapFrom(HttpOptions.HTTPS_CERTIFICATE_FILE.getKey()) .to("quarkus.management.ssl.certificate.files") .validator((mapper, value) -> validateTlsProperties()) .paramLabel("file") .build(), fromOption(ManagementOptions.HTTPS_MANAGEMENT_CERTIFICATE_KEY_FILE) - .isEnabled(ManagementPropertyMappers::isManagementEnabled, MANAGEMENT_ENABLED_MSG) .mapFrom(HttpOptions.HTTPS_CERTIFICATE_KEY_FILE.getKey()) .to("quarkus.management.ssl.certificate.key-files") .validator((mapper, value) -> validateTlsProperties()) .paramLabel("file") .build(), fromOption(ManagementOptions.HTTPS_MANAGEMENT_KEY_STORE_FILE) - .isEnabled(ManagementPropertyMappers::isManagementEnabled, MANAGEMENT_ENABLED_MSG) .mapFrom(HttpOptions.HTTPS_KEY_STORE_FILE.getKey()) .to("quarkus.management.ssl.certificate.key-store-file") .validator((mapper, value) -> validateTlsProperties()) .paramLabel("file") .build(), fromOption(ManagementOptions.HTTPS_MANAGEMENT_KEY_STORE_PASSWORD) - .isEnabled(ManagementPropertyMappers::isManagementEnabled, MANAGEMENT_ENABLED_MSG) .mapFrom(HttpOptions.HTTPS_KEY_STORE_PASSWORD.getKey()) .to("quarkus.management.ssl.certificate.key-store-password") .validator((mapper, value) -> validateTlsProperties()) @@ -107,7 +99,6 @@ public class ManagementPropertyMappers { .isMasked(true) .build(), fromOption(ManagementOptions.HTTPS_MANAGEMENT_KEY_STORE_TYPE) - .isEnabled(ManagementPropertyMappers::isManagementEnabled, MANAGEMENT_ENABLED_MSG) .mapFrom(HttpOptions.HTTPS_KEY_STORE_TYPE.getKey()) .to("quarkus.management.ssl.certificate.key-store-file-type") .transformer((value, config) -> value.or(() -> Configuration.getOptionalKcValue(HttpOptions.HTTPS_KEY_STORE_TYPE.getKey()))) @@ -117,7 +108,15 @@ public class ManagementPropertyMappers { } public static boolean isManagementEnabled() { - return isTrue("quarkus.management.enabled"); + if (isTrue(LEGACY_OBSERVABILITY_INTERFACE)) { + return false; + } + var isManagementOccupied = isTrue(HealthOptions.HEALTH_ENABLED) || isTrue(MetricsOptions.METRICS_ENABLED); + return isManagementOccupied; + } + + private static Optional managementEnabledTransformer() { + return Optional.of(Boolean.toString(isManagementEnabled())); } public static boolean isManagementTlsEnabled() { @@ -135,12 +134,4 @@ public class ManagementPropertyMappers { throw new PropertyException(Messages.httpsConfigurationNotSet()); } } - - private static Optional managementEnabledTransformer(Optional value, ConfigSourceInterceptorContext ctx) { - if (value.isPresent()) { - var b = Boolean.parseBoolean(value.get()); - return Optional.of(Boolean.toString(!b)); // negate the output - } - return Optional.of(Boolean.TRUE.toString()); - } } diff --git a/quarkus/runtime/src/test/java/org/keycloak/quarkus/runtime/configuration/test/ManagementConfigurationTest.java b/quarkus/runtime/src/test/java/org/keycloak/quarkus/runtime/configuration/test/ManagementConfigurationTest.java index 8ec36f1dcb..76e3a98cee 100644 --- a/quarkus/runtime/src/test/java/org/keycloak/quarkus/runtime/configuration/test/ManagementConfigurationTest.java +++ b/quarkus/runtime/src/test/java/org/keycloak/quarkus/runtime/configuration/test/ManagementConfigurationTest.java @@ -36,12 +36,43 @@ public class ManagementConfigurationTest extends AbstractConfigurationTest { "http-management-host", "0.0.0.0" )); - assertManagementEnabled(true); - assertManagementHttpsEnabled(false); + assertManagementEnabled(false); + } + + @Test + public void healthOccupied() { + assertOccupied("KC_HEALTH_ENABLED"); + } + + @Test + public void metricsOccupied() { + assertOccupied("KC_METRICS_ENABLED"); + } + + @Test + public void healthMetricsOccupied() { + assertOccupied("KC_HEALTH_ENABLED", "KC_METRICS_ENABLED"); + } + + @Test + public void immutableManagementEnabledProperty() { + initConfig(); + assertConfig("http-management-enabled", "false"); + + putEnvVar("KC_MANAGEMENT_ENABLED", "true"); + + initConfig(); + assertConfig("http-management-enabled", "false"); + + putEnvVar("KC_MANAGEMENT_ENABLED", "something-wrong"); + + initConfig(); + assertConfig("http-management-enabled", "false"); } @Test public void managementBasicChanges() { + makeInterfaceOccupied(); putEnvVars(Map.of( "KC_HTTP_MANAGEMENT_PORT", "9999", "KC_HTTP_MANAGEMENT_RELATIVE_PATH", "/management2", @@ -61,6 +92,7 @@ public class ManagementConfigurationTest extends AbstractConfigurationTest { @Test public void managementRelativePath() { + makeInterfaceOccupied(); putEnvVar("KC_HTTP_RELATIVE_PATH", "/management3"); initConfig(); @@ -74,6 +106,7 @@ public class ManagementConfigurationTest extends AbstractConfigurationTest { @Test public void managementHttpsValues() { + makeInterfaceOccupied(); putEnvVars(Map.of( "KC_HTTP_MANAGEMENT_HOST", "host1", "KC_HTTPS_MANAGEMENT_CLIENT_AUTH", "requested", @@ -105,6 +138,7 @@ public class ManagementConfigurationTest extends AbstractConfigurationTest { @Test public void managementMappedValues() { + makeInterfaceOccupied(); putEnvVars(Map.of( "KC_HTTP_HOST", "host123", "KC_HTTPS_CLIENT_AUTH", "required", @@ -136,6 +170,7 @@ public class ManagementConfigurationTest extends AbstractConfigurationTest { @Test public void managementDefaultHttps() { + makeInterfaceOccupied(); putEnvVars(Map.of( "KC_HTTPS_CERTIFICATE_FILE", "/some/path/srv.crt.pem", "KC_HTTPS_CERTIFICATE_KEY_FILE", "/some/path/srv.key.pem" @@ -155,6 +190,7 @@ public class ManagementConfigurationTest extends AbstractConfigurationTest { @Test public void managementDefaultHttpsManagementProps() { + makeInterfaceOccupied(); putEnvVars(Map.of( "KC_HTTPS_MANAGEMENT_CERTIFICATE_FILE", "/some/path/srv.crt.pem", "KC_HTTPS_MANAGEMENT_CERTIFICATE_KEY_FILE", "/some/path/srv.key.pem" @@ -172,6 +208,7 @@ public class ManagementConfigurationTest extends AbstractConfigurationTest { @Test public void managementDefaultHttpsCertDisabled() { + makeInterfaceOccupied(); putEnvVar("KC_HTTPS_CERTIFICATE_FILE", "/some/path/srv.crt.pem"); initConfig(); @@ -183,6 +220,7 @@ public class ManagementConfigurationTest extends AbstractConfigurationTest { @Test public void managementDefaultHttpsKeyDisabled() { + makeInterfaceOccupied(); putEnvVar("KC_HTTPS_CERTIFICATE_KEY_FILE", "/some/path/srv.key.pem"); initConfig(); @@ -194,6 +232,7 @@ public class ManagementConfigurationTest extends AbstractConfigurationTest { @Test public void managementEnabledDefaultHttpsKeystore(){ + makeInterfaceOccupied(); putEnvVar("KC_HTTPS_KEY_STORE_FILE", "keystore.p12"); initConfig(); @@ -208,6 +247,7 @@ public class ManagementConfigurationTest extends AbstractConfigurationTest { @Test public void fipsKeystoreType(){ + makeInterfaceOccupied(); putEnvVar("KC_FIPS_MODE", "strict"); initConfig(); @@ -221,6 +261,7 @@ public class ManagementConfigurationTest extends AbstractConfigurationTest { @Test public void keystoreType(){ + makeInterfaceOccupied(); putEnvVars(Map.of( "KC_HTTPS_KEY_STORE_TYPE", "pkcs12", "KC_HTTPS_MANAGEMENT_KEY_STORE_TYPE", "BCFKS" @@ -237,6 +278,7 @@ public class ManagementConfigurationTest extends AbstractConfigurationTest { @Test public void legacyObservabilityInterface() { + makeInterfaceOccupied(); putEnvVar("KC_LEGACY_OBSERVABILITY_INTERFACE", "true"); initConfig(); @@ -247,6 +289,7 @@ public class ManagementConfigurationTest extends AbstractConfigurationTest { @Test public void legacyObservabilityInterfaceFalse() { + makeInterfaceOccupied(); putEnvVar("KC_LEGACY_OBSERVABILITY_INTERFACE", "false"); initConfig(); @@ -255,6 +298,10 @@ public class ManagementConfigurationTest extends AbstractConfigurationTest { assertManagementEnabled(true); } + private void makeInterfaceOccupied() { + putEnvVar("KC_HEALTH_ENABLED", "true"); + } + private void assertManagementEnabled(boolean expected) { assertThat("Expected value for Management interface state is different", ManagementPropertyMappers.isManagementEnabled(), is(expected)); } @@ -262,4 +309,21 @@ public class ManagementConfigurationTest extends AbstractConfigurationTest { private void assertManagementHttpsEnabled(boolean expected) { assertThat("Expected value for Management HTTPS is different", ManagementPropertyMappers.isManagementTlsEnabled(), is(expected)); } + + private void assertOccupied(String... envVarChangeState) { + for (var env : envVarChangeState) { + putEnvVar(env, "true"); + } + + initConfig(); + + assertConfig(Map.of( + "http-management-port", "9000", + "http-management-relative-path", "/", + "http-management-host", "0.0.0.0" + )); + + assertManagementEnabled(true); + assertManagementHttpsEnabled(false); + } } diff --git a/quarkus/tests/integration/src/test/java/org/keycloak/it/cli/dist/HealthDistTest.java b/quarkus/tests/integration/src/test/java/org/keycloak/it/cli/dist/HealthDistTest.java index 0661222b67..e919cfe5c4 100644 --- a/quarkus/tests/integration/src/test/java/org/keycloak/it/cli/dist/HealthDistTest.java +++ b/quarkus/tests/integration/src/test/java/org/keycloak/it/cli/dist/HealthDistTest.java @@ -24,7 +24,9 @@ import org.keycloak.it.utils.KeycloakDistribution; import static io.restassured.RestAssured.when; import static org.hamcrest.CoreMatchers.equalTo; +import static org.junit.jupiter.api.Assertions.assertThrows; +import java.io.IOException; import java.util.List; import java.util.concurrent.CompletableFuture; import java.util.concurrent.TimeUnit; @@ -36,21 +38,11 @@ public class HealthDistTest { @Test @Launch({ "start-dev" }) - void testHealthEndpointNotEnabled() { + void testHealthEndpointNotEnabled(KeycloakDistribution distribution) { + assertThrows(IOException.class, () -> when().get("/health"), "Connection refused must be thrown"); + distribution.setRequestPort(8080); when().get("/health").then() .statusCode(404); - when().get("/q/health").then() - .statusCode(404); - when().get("/health/live").then() - .statusCode(404); - when().get("/q/health/live").then() - .statusCode(404); - when().get("/health/ready").then() - .statusCode(404); - when().get("/q/health/ready").then() - .statusCode(404); - when().get("/lb-check").then() - .statusCode(404); } @Test diff --git a/quarkus/tests/integration/src/test/java/org/keycloak/it/cli/dist/ManagementOffDistTest.java b/quarkus/tests/integration/src/test/java/org/keycloak/it/cli/dist/ManagementOffDistTest.java new file mode 100644 index 0000000000..f13bb356d2 --- /dev/null +++ b/quarkus/tests/integration/src/test/java/org/keycloak/it/cli/dist/ManagementOffDistTest.java @@ -0,0 +1,44 @@ +/* + * Copyright 2024 Red Hat, Inc. and/or its affiliates + * and other contributors as indicated by the @author tags. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.keycloak.it.cli.dist; + +import io.quarkus.test.junit.main.Launch; +import io.quarkus.test.junit.main.LaunchResult; +import org.junit.jupiter.api.Test; +import org.keycloak.it.junit5.extension.CLIResult; +import org.keycloak.it.junit5.extension.DistributionTest; + +import java.io.IOException; + +import static io.restassured.RestAssured.when; +import static org.junit.jupiter.api.Assertions.assertThrows; + +@DistributionTest(keepAlive = true, + requestPort = 9000, + containerExposedPorts = {9000, 8080}) +public class ManagementOffDistTest { + + @Test + @Launch({"start-dev"}) + public void notOccupied(LaunchResult result) { + CLIResult cliResult = (CLIResult) result; + cliResult.assertNoMessage("Management interface listening on"); + + assertThrows(IOException.class, () -> when().get("/"), "Connection refused must be thrown"); + assertThrows(IOException.class, () -> when().get("/health"), "Connection refused must be thrown"); + } +} diff --git a/quarkus/tests/integration/src/test/java/org/keycloak/it/cli/dist/MetricsDistTest.java b/quarkus/tests/integration/src/test/java/org/keycloak/it/cli/dist/MetricsDistTest.java index c7f6730701..b35fb8b959 100644 --- a/quarkus/tests/integration/src/test/java/org/keycloak/it/cli/dist/MetricsDistTest.java +++ b/quarkus/tests/integration/src/test/java/org/keycloak/it/cli/dist/MetricsDistTest.java @@ -20,7 +20,9 @@ package org.keycloak.it.cli.dist; import static io.restassured.RestAssured.when; import static org.hamcrest.Matchers.containsString; import static org.hamcrest.Matchers.not; +import static org.junit.jupiter.api.Assertions.assertThrows; +import java.io.IOException; import java.util.List; import java.util.concurrent.CompletableFuture; import java.util.concurrent.TimeUnit; @@ -37,7 +39,12 @@ public class MetricsDistTest { @Test @Launch({ "start-dev" }) - void testMetricsEndpointNotEnabled() { + void testMetricsEndpointNotEnabled(KeycloakDistribution distribution) { + assertThrows(IOException.class, () -> when().get("/metrics"), "Connection refused must be thrown"); + assertThrows(IOException.class, () -> when().get("/q/metrics"), "Connection refused must be thrown"); + + distribution.setRequestPort(8080); + when().get("/metrics").then() .statusCode(404); when().get("/q/metrics").then() diff --git a/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testBuildHelp.approved.txt b/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testBuildHelp.approved.txt index 7b7e744be1..a1fdbba983 100644 --- a/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testBuildHelp.approved.txt +++ b/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testBuildHelp.approved.txt @@ -56,13 +56,13 @@ Management: --http-management-relative-path Set the path relative to '/' for serving resources from management interface. The path must start with a '/'. If not given, the value is inherited from - HTTP options. Default: /. Available only when Management interface is - enabled. + HTTP options. Relevant only when something is exposed on the management + interface - see the guide for details. Default: /. --https-management-client-auth Configures the management interface to require/request client authentication. - If not given, the value is inherited from HTTP options. Possible values are: - none, request, required. Default: none. Available only when Management - interface is enabled. + If not given, the value is inherited from HTTP options. Relevant only when + something is exposed on the management interface - see the guide for + details. Possible values are: none, request, required. Default: none. --legacy-observability-interface DEPRECATED. If metrics/health endpoints should be exposed on the main HTTP server (not recommended). If set to true, the management interface is diff --git a/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testExportHelp.approved.txt b/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testExportHelp.approved.txt index 3a9b6cb78c..6157473bdf 100644 --- a/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testExportHelp.approved.txt +++ b/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testExportHelp.approved.txt @@ -71,35 +71,37 @@ Feature: Management: --http-management-port - Port of the management interface. Default: 9000. Available only when - Management interface is enabled. + Port of the management interface. Relevant only when something is exposed on + the management interface - see the guide for details. Default: 9000. --http-management-relative-path Set the path relative to '/' for serving resources from management interface. The path must start with a '/'. If not given, the value is inherited from - HTTP options. Default: /. Available only when Management interface is - enabled. + HTTP options. Relevant only when something is exposed on the management + interface - see the guide for details. Default: /. --https-management-certificate-file The file path to a server certificate or certificate chain in PEM format for the management server. If not given, the value is inherited from HTTP - options. Available only when Management interface is enabled. + options. Relevant only when something is exposed on the management interface + - see the guide for details. --https-management-certificate-key-file The file path to a private key in PEM format for the management server. If not - given, the value is inherited from HTTP options. Available only when - Management interface is enabled. + given, the value is inherited from HTTP options. Relevant only when + something is exposed on the management interface - see the guide for details. --https-management-client-auth Configures the management interface to require/request client authentication. - If not given, the value is inherited from HTTP options. Possible values are: - none, request, required. Default: none. Available only when Management - interface is enabled. + If not given, the value is inherited from HTTP options. Relevant only when + something is exposed on the management interface - see the guide for + details. Possible values are: none, request, required. Default: none. --https-management-key-store-file The key store which holds the certificate information instead of specifying separate files for the management server. If not given, the value is - inherited from HTTP options. Available only when Management interface is - enabled. + inherited from HTTP options. Relevant only when something is exposed on the + management interface - see the guide for details. --https-management-key-store-password The password of the key store file for the management server. If not given, - the value is inherited from HTTP options. Default: password. Available only - when Management interface is enabled. + the value is inherited from HTTP options. Relevant only when something is + exposed on the management interface - see the guide for details. Default: + password. --legacy-observability-interface DEPRECATED. If metrics/health endpoints should be exposed on the main HTTP server (not recommended). If set to true, the management interface is diff --git a/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testExportHelpAll.approved.txt b/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testExportHelpAll.approved.txt index 87476536fc..dd9a75fb00 100644 --- a/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testExportHelpAll.approved.txt +++ b/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testExportHelpAll.approved.txt @@ -71,35 +71,37 @@ Feature: Management: --http-management-port - Port of the management interface. Default: 9000. Available only when - Management interface is enabled. + Port of the management interface. Relevant only when something is exposed on + the management interface - see the guide for details. Default: 9000. --http-management-relative-path Set the path relative to '/' for serving resources from management interface. The path must start with a '/'. If not given, the value is inherited from - HTTP options. Default: /. Available only when Management interface is - enabled. + HTTP options. Relevant only when something is exposed on the management + interface - see the guide for details. Default: /. --https-management-certificate-file The file path to a server certificate or certificate chain in PEM format for the management server. If not given, the value is inherited from HTTP - options. Available only when Management interface is enabled. + options. Relevant only when something is exposed on the management interface + - see the guide for details. --https-management-certificate-key-file The file path to a private key in PEM format for the management server. If not - given, the value is inherited from HTTP options. Available only when - Management interface is enabled. + given, the value is inherited from HTTP options. Relevant only when + something is exposed on the management interface - see the guide for details. --https-management-client-auth Configures the management interface to require/request client authentication. - If not given, the value is inherited from HTTP options. Possible values are: - none, request, required. Default: none. Available only when Management - interface is enabled. + If not given, the value is inherited from HTTP options. Relevant only when + something is exposed on the management interface - see the guide for + details. Possible values are: none, request, required. Default: none. --https-management-key-store-file The key store which holds the certificate information instead of specifying separate files for the management server. If not given, the value is - inherited from HTTP options. Available only when Management interface is - enabled. + inherited from HTTP options. Relevant only when something is exposed on the + management interface - see the guide for details. --https-management-key-store-password The password of the key store file for the management server. If not given, - the value is inherited from HTTP options. Default: password. Available only - when Management interface is enabled. + the value is inherited from HTTP options. Relevant only when something is + exposed on the management interface - see the guide for details. Default: + password. --legacy-observability-interface DEPRECATED. If metrics/health endpoints should be exposed on the main HTTP server (not recommended). If set to true, the management interface is diff --git a/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testImportHelp.approved.txt b/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testImportHelp.approved.txt index df72745476..2be0772a8f 100644 --- a/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testImportHelp.approved.txt +++ b/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testImportHelp.approved.txt @@ -71,35 +71,37 @@ Feature: Management: --http-management-port - Port of the management interface. Default: 9000. Available only when - Management interface is enabled. + Port of the management interface. Relevant only when something is exposed on + the management interface - see the guide for details. Default: 9000. --http-management-relative-path Set the path relative to '/' for serving resources from management interface. The path must start with a '/'. If not given, the value is inherited from - HTTP options. Default: /. Available only when Management interface is - enabled. + HTTP options. Relevant only when something is exposed on the management + interface - see the guide for details. Default: /. --https-management-certificate-file The file path to a server certificate or certificate chain in PEM format for the management server. If not given, the value is inherited from HTTP - options. Available only when Management interface is enabled. + options. Relevant only when something is exposed on the management interface + - see the guide for details. --https-management-certificate-key-file The file path to a private key in PEM format for the management server. If not - given, the value is inherited from HTTP options. Available only when - Management interface is enabled. + given, the value is inherited from HTTP options. Relevant only when + something is exposed on the management interface - see the guide for details. --https-management-client-auth Configures the management interface to require/request client authentication. - If not given, the value is inherited from HTTP options. Possible values are: - none, request, required. Default: none. Available only when Management - interface is enabled. + If not given, the value is inherited from HTTP options. Relevant only when + something is exposed on the management interface - see the guide for + details. Possible values are: none, request, required. Default: none. --https-management-key-store-file The key store which holds the certificate information instead of specifying separate files for the management server. If not given, the value is - inherited from HTTP options. Available only when Management interface is - enabled. + inherited from HTTP options. Relevant only when something is exposed on the + management interface - see the guide for details. --https-management-key-store-password The password of the key store file for the management server. If not given, - the value is inherited from HTTP options. Default: password. Available only - when Management interface is enabled. + the value is inherited from HTTP options. Relevant only when something is + exposed on the management interface - see the guide for details. Default: + password. --legacy-observability-interface DEPRECATED. If metrics/health endpoints should be exposed on the main HTTP server (not recommended). If set to true, the management interface is diff --git a/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testImportHelpAll.approved.txt b/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testImportHelpAll.approved.txt index 5a47dbbd3b..ecc75cedce 100644 --- a/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testImportHelpAll.approved.txt +++ b/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testImportHelpAll.approved.txt @@ -71,35 +71,37 @@ Feature: Management: --http-management-port - Port of the management interface. Default: 9000. Available only when - Management interface is enabled. + Port of the management interface. Relevant only when something is exposed on + the management interface - see the guide for details. Default: 9000. --http-management-relative-path Set the path relative to '/' for serving resources from management interface. The path must start with a '/'. If not given, the value is inherited from - HTTP options. Default: /. Available only when Management interface is - enabled. + HTTP options. Relevant only when something is exposed on the management + interface - see the guide for details. Default: /. --https-management-certificate-file The file path to a server certificate or certificate chain in PEM format for the management server. If not given, the value is inherited from HTTP - options. Available only when Management interface is enabled. + options. Relevant only when something is exposed on the management interface + - see the guide for details. --https-management-certificate-key-file The file path to a private key in PEM format for the management server. If not - given, the value is inherited from HTTP options. Available only when - Management interface is enabled. + given, the value is inherited from HTTP options. Relevant only when + something is exposed on the management interface - see the guide for details. --https-management-client-auth Configures the management interface to require/request client authentication. - If not given, the value is inherited from HTTP options. Possible values are: - none, request, required. Default: none. Available only when Management - interface is enabled. + If not given, the value is inherited from HTTP options. Relevant only when + something is exposed on the management interface - see the guide for + details. Possible values are: none, request, required. Default: none. --https-management-key-store-file The key store which holds the certificate information instead of specifying separate files for the management server. If not given, the value is - inherited from HTTP options. Available only when Management interface is - enabled. + inherited from HTTP options. Relevant only when something is exposed on the + management interface - see the guide for details. --https-management-key-store-password The password of the key store file for the management server. If not given, - the value is inherited from HTTP options. Default: password. Available only - when Management interface is enabled. + the value is inherited from HTTP options. Relevant only when something is + exposed on the management interface - see the guide for details. Default: + password. --legacy-observability-interface DEPRECATED. If metrics/health endpoints should be exposed on the main HTTP server (not recommended). If set to true, the management interface is diff --git a/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testStartDevHelp.approved.txt b/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testStartDevHelp.approved.txt index e04de0ed5a..31f2153d93 100644 --- a/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testStartDevHelp.approved.txt +++ b/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testStartDevHelp.approved.txt @@ -193,35 +193,37 @@ Health: Management: --http-management-port - Port of the management interface. Default: 9000. Available only when - Management interface is enabled. + Port of the management interface. Relevant only when something is exposed on + the management interface - see the guide for details. Default: 9000. --http-management-relative-path Set the path relative to '/' for serving resources from management interface. The path must start with a '/'. If not given, the value is inherited from - HTTP options. Default: /. Available only when Management interface is - enabled. + HTTP options. Relevant only when something is exposed on the management + interface - see the guide for details. Default: /. --https-management-certificate-file The file path to a server certificate or certificate chain in PEM format for the management server. If not given, the value is inherited from HTTP - options. Available only when Management interface is enabled. + options. Relevant only when something is exposed on the management interface + - see the guide for details. --https-management-certificate-key-file The file path to a private key in PEM format for the management server. If not - given, the value is inherited from HTTP options. Available only when - Management interface is enabled. + given, the value is inherited from HTTP options. Relevant only when + something is exposed on the management interface - see the guide for details. --https-management-client-auth Configures the management interface to require/request client authentication. - If not given, the value is inherited from HTTP options. Possible values are: - none, request, required. Default: none. Available only when Management - interface is enabled. + If not given, the value is inherited from HTTP options. Relevant only when + something is exposed on the management interface - see the guide for + details. Possible values are: none, request, required. Default: none. --https-management-key-store-file The key store which holds the certificate information instead of specifying separate files for the management server. If not given, the value is - inherited from HTTP options. Available only when Management interface is - enabled. + inherited from HTTP options. Relevant only when something is exposed on the + management interface - see the guide for details. --https-management-key-store-password The password of the key store file for the management server. If not given, - the value is inherited from HTTP options. Default: password. Available only - when Management interface is enabled. + the value is inherited from HTTP options. Relevant only when something is + exposed on the management interface - see the guide for details. Default: + password. --legacy-observability-interface DEPRECATED. If metrics/health endpoints should be exposed on the main HTTP server (not recommended). If set to true, the management interface is diff --git a/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testStartDevHelpAll.approved.txt b/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testStartDevHelpAll.approved.txt index f38f8bc566..d8215ee70b 100644 --- a/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testStartDevHelpAll.approved.txt +++ b/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testStartDevHelpAll.approved.txt @@ -265,35 +265,37 @@ Health: Management: --http-management-port - Port of the management interface. Default: 9000. Available only when - Management interface is enabled. + Port of the management interface. Relevant only when something is exposed on + the management interface - see the guide for details. Default: 9000. --http-management-relative-path Set the path relative to '/' for serving resources from management interface. The path must start with a '/'. If not given, the value is inherited from - HTTP options. Default: /. Available only when Management interface is - enabled. + HTTP options. Relevant only when something is exposed on the management + interface - see the guide for details. Default: /. --https-management-certificate-file The file path to a server certificate or certificate chain in PEM format for the management server. If not given, the value is inherited from HTTP - options. Available only when Management interface is enabled. + options. Relevant only when something is exposed on the management interface + - see the guide for details. --https-management-certificate-key-file The file path to a private key in PEM format for the management server. If not - given, the value is inherited from HTTP options. Available only when - Management interface is enabled. + given, the value is inherited from HTTP options. Relevant only when + something is exposed on the management interface - see the guide for details. --https-management-client-auth Configures the management interface to require/request client authentication. - If not given, the value is inherited from HTTP options. Possible values are: - none, request, required. Default: none. Available only when Management - interface is enabled. + If not given, the value is inherited from HTTP options. Relevant only when + something is exposed on the management interface - see the guide for + details. Possible values are: none, request, required. Default: none. --https-management-key-store-file The key store which holds the certificate information instead of specifying separate files for the management server. If not given, the value is - inherited from HTTP options. Available only when Management interface is - enabled. + inherited from HTTP options. Relevant only when something is exposed on the + management interface - see the guide for details. --https-management-key-store-password The password of the key store file for the management server. If not given, - the value is inherited from HTTP options. Default: password. Available only - when Management interface is enabled. + the value is inherited from HTTP options. Relevant only when something is + exposed on the management interface - see the guide for details. Default: + password. --legacy-observability-interface DEPRECATED. If metrics/health endpoints should be exposed on the main HTTP server (not recommended). If set to true, the management interface is diff --git a/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testStartHelp.approved.txt b/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testStartHelp.approved.txt index 9fbadc571a..3c283c3ba9 100644 --- a/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testStartHelp.approved.txt +++ b/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testStartHelp.approved.txt @@ -194,35 +194,37 @@ Health: Management: --http-management-port - Port of the management interface. Default: 9000. Available only when - Management interface is enabled. + Port of the management interface. Relevant only when something is exposed on + the management interface - see the guide for details. Default: 9000. --http-management-relative-path Set the path relative to '/' for serving resources from management interface. The path must start with a '/'. If not given, the value is inherited from - HTTP options. Default: /. Available only when Management interface is - enabled. + HTTP options. Relevant only when something is exposed on the management + interface - see the guide for details. Default: /. --https-management-certificate-file The file path to a server certificate or certificate chain in PEM format for the management server. If not given, the value is inherited from HTTP - options. Available only when Management interface is enabled. + options. Relevant only when something is exposed on the management interface + - see the guide for details. --https-management-certificate-key-file The file path to a private key in PEM format for the management server. If not - given, the value is inherited from HTTP options. Available only when - Management interface is enabled. + given, the value is inherited from HTTP options. Relevant only when + something is exposed on the management interface - see the guide for details. --https-management-client-auth Configures the management interface to require/request client authentication. - If not given, the value is inherited from HTTP options. Possible values are: - none, request, required. Default: none. Available only when Management - interface is enabled. + If not given, the value is inherited from HTTP options. Relevant only when + something is exposed on the management interface - see the guide for + details. Possible values are: none, request, required. Default: none. --https-management-key-store-file The key store which holds the certificate information instead of specifying separate files for the management server. If not given, the value is - inherited from HTTP options. Available only when Management interface is - enabled. + inherited from HTTP options. Relevant only when something is exposed on the + management interface - see the guide for details. --https-management-key-store-password The password of the key store file for the management server. If not given, - the value is inherited from HTTP options. Default: password. Available only - when Management interface is enabled. + the value is inherited from HTTP options. Relevant only when something is + exposed on the management interface - see the guide for details. Default: + password. --legacy-observability-interface DEPRECATED. If metrics/health endpoints should be exposed on the main HTTP server (not recommended). If set to true, the management interface is diff --git a/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testStartHelpAll.approved.txt b/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testStartHelpAll.approved.txt index f02608e8ca..6cc1c143e4 100644 --- a/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testStartHelpAll.approved.txt +++ b/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testStartHelpAll.approved.txt @@ -266,35 +266,37 @@ Health: Management: --http-management-port - Port of the management interface. Default: 9000. Available only when - Management interface is enabled. + Port of the management interface. Relevant only when something is exposed on + the management interface - see the guide for details. Default: 9000. --http-management-relative-path Set the path relative to '/' for serving resources from management interface. The path must start with a '/'. If not given, the value is inherited from - HTTP options. Default: /. Available only when Management interface is - enabled. + HTTP options. Relevant only when something is exposed on the management + interface - see the guide for details. Default: /. --https-management-certificate-file The file path to a server certificate or certificate chain in PEM format for the management server. If not given, the value is inherited from HTTP - options. Available only when Management interface is enabled. + options. Relevant only when something is exposed on the management interface + - see the guide for details. --https-management-certificate-key-file The file path to a private key in PEM format for the management server. If not - given, the value is inherited from HTTP options. Available only when - Management interface is enabled. + given, the value is inherited from HTTP options. Relevant only when + something is exposed on the management interface - see the guide for details. --https-management-client-auth Configures the management interface to require/request client authentication. - If not given, the value is inherited from HTTP options. Possible values are: - none, request, required. Default: none. Available only when Management - interface is enabled. + If not given, the value is inherited from HTTP options. Relevant only when + something is exposed on the management interface - see the guide for + details. Possible values are: none, request, required. Default: none. --https-management-key-store-file The key store which holds the certificate information instead of specifying separate files for the management server. If not given, the value is - inherited from HTTP options. Available only when Management interface is - enabled. + inherited from HTTP options. Relevant only when something is exposed on the + management interface - see the guide for details. --https-management-key-store-password The password of the key store file for the management server. If not given, - the value is inherited from HTTP options. Default: password. Available only - when Management interface is enabled. + the value is inherited from HTTP options. Relevant only when something is + exposed on the management interface - see the guide for details. Default: + password. --legacy-observability-interface DEPRECATED. If metrics/health endpoints should be exposed on the main HTTP server (not recommended). If set to true, the management interface is diff --git a/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testStartOptimizedHelp.approved.txt b/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testStartOptimizedHelp.approved.txt index 935e0c9149..06592210d3 100644 --- a/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testStartOptimizedHelp.approved.txt +++ b/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testStartOptimizedHelp.approved.txt @@ -166,25 +166,27 @@ HTTP(S): Management: --http-management-port - Port of the management interface. Default: 9000. Available only when - Management interface is enabled. + Port of the management interface. Relevant only when something is exposed on + the management interface - see the guide for details. Default: 9000. --https-management-certificate-file The file path to a server certificate or certificate chain in PEM format for the management server. If not given, the value is inherited from HTTP - options. Available only when Management interface is enabled. + options. Relevant only when something is exposed on the management interface + - see the guide for details. --https-management-certificate-key-file The file path to a private key in PEM format for the management server. If not - given, the value is inherited from HTTP options. Available only when - Management interface is enabled. + given, the value is inherited from HTTP options. Relevant only when + something is exposed on the management interface - see the guide for details. --https-management-key-store-file The key store which holds the certificate information instead of specifying separate files for the management server. If not given, the value is - inherited from HTTP options. Available only when Management interface is - enabled. + inherited from HTTP options. Relevant only when something is exposed on the + management interface - see the guide for details. --https-management-key-store-password The password of the key store file for the management server. If not given, - the value is inherited from HTTP options. Default: password. Available only - when Management interface is enabled. + the value is inherited from HTTP options. Relevant only when something is + exposed on the management interface - see the guide for details. Default: + password. Proxy: diff --git a/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testStartOptimizedHelpAll.approved.txt b/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testStartOptimizedHelpAll.approved.txt index 317ffda597..bc0048b41d 100644 --- a/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testStartOptimizedHelpAll.approved.txt +++ b/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testStartOptimizedHelpAll.approved.txt @@ -238,25 +238,27 @@ HTTP(S): Management: --http-management-port - Port of the management interface. Default: 9000. Available only when - Management interface is enabled. + Port of the management interface. Relevant only when something is exposed on + the management interface - see the guide for details. Default: 9000. --https-management-certificate-file The file path to a server certificate or certificate chain in PEM format for the management server. If not given, the value is inherited from HTTP - options. Available only when Management interface is enabled. + options. Relevant only when something is exposed on the management interface + - see the guide for details. --https-management-certificate-key-file The file path to a private key in PEM format for the management server. If not - given, the value is inherited from HTTP options. Available only when - Management interface is enabled. + given, the value is inherited from HTTP options. Relevant only when + something is exposed on the management interface - see the guide for details. --https-management-key-store-file The key store which holds the certificate information instead of specifying separate files for the management server. If not given, the value is - inherited from HTTP options. Available only when Management interface is - enabled. + inherited from HTTP options. Relevant only when something is exposed on the + management interface - see the guide for details. --https-management-key-store-password The password of the key store file for the management server. If not given, - the value is inherited from HTTP options. Default: password. Available only - when Management interface is enabled. + the value is inherited from HTTP options. Relevant only when something is + exposed on the management interface - see the guide for details. Default: + password. Proxy: diff --git a/testsuite/integration-arquillian/servers/auth-server/quarkus/src/main/content/conf/keycloak.conf b/testsuite/integration-arquillian/servers/auth-server/quarkus/src/main/content/conf/keycloak.conf index 1ca2551ea9..0c461f8fe9 100644 --- a/testsuite/integration-arquillian/servers/auth-server/quarkus/src/main/content/conf/keycloak.conf +++ b/testsuite/integration-arquillian/servers/auth-server/quarkus/src/main/content/conf/keycloak.conf @@ -41,3 +41,6 @@ spi-connections-http-client-default-reuse-connections=false # set known protocol ports for basicsamltest spi-login-protocol-saml-known-protocols=http=8180,https=8543 + +# expose something on management interface to turn it on +health-enabled=true diff --git a/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/arquillian/containers/AbstractQuarkusDeployableContainer.java b/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/arquillian/containers/AbstractQuarkusDeployableContainer.java index cc50ecba26..5bcde885c7 100644 --- a/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/arquillian/containers/AbstractQuarkusDeployableContainer.java +++ b/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/arquillian/containers/AbstractQuarkusDeployableContainer.java @@ -168,7 +168,7 @@ public abstract class AbstractQuarkusDeployableContainer implements DeployableCo if (suiteContext.get().isAuthServerMigrationEnabled()) { commands.add("--hostname-strict=false"); commands.add("--hostname-strict-https=false"); - } else { // Do not set management port for older versions of Keycloak for migration tests - available since Keycloak ~22 + } else { // Do not set management port for older versions of Keycloak for migration tests - available since Keycloak 25 commands.add("--http-management-port=" + configuration.getManagementPort()); } @@ -232,6 +232,7 @@ public abstract class AbstractQuarkusDeployableContainer implements DeployableCo private static void prepareCommandsForRebuilding(List commands) { commands.removeIf("--optimized"::equals); commands.add("--http-relative-path=/auth"); + commands.add("--health-enabled=true"); // expose something to management interface to turn it on } protected void addFeaturesOption(List commands) {