Management Interface is turned on even though nothing is exposed on it (#31938)
* Management Interface is turned on even though nothing is exposed on it Fixes #31818 Signed-off-by: Martin Bartoš <mabartos@redhat.com> * Remove conditional enablement, add relevancy description Signed-off-by: Martin Bartoš <mabartos@redhat.com> --------- Signed-off-by: Martin Bartoš <mabartos@redhat.com>
This commit is contained in:
parent
fa7c2b5da6
commit
bf5cf47351
20 changed files with 321 additions and 189 deletions
|
@ -13,7 +13,8 @@ The most significant advantage might be seen in Kubernetes environments as the s
|
|||
|
||||
== Management interface configuration
|
||||
|
||||
The management interface is turned on by default, so management endpoints such as `/metrics`, and `/health` are exposed on the default management port `9000`.
|
||||
The management interface is turned on when something is exposed on it.
|
||||
Management endpoints such as `/metrics` and `/health` are exposed on the default management port `9000` when metrics and health are enabled.
|
||||
The management interface provides a set of options and is fully configurable.
|
||||
In order to change the port for the management interface, you can use the {project_name} option `http-management-port`.
|
||||
|
||||
|
|
|
@ -24,6 +24,13 @@ import java.util.List;
|
|||
*/
|
||||
public class ManagementOptions {
|
||||
|
||||
public static final Option<Boolean> HTTP_MANAGEMENT_ENABLED = new OptionBuilder<>("http-management-enabled", Boolean.class)
|
||||
.category(OptionCategory.MANAGEMENT)
|
||||
.description("Placeholder for resolving state of the management interface. If set, the value is ignored.")
|
||||
.buildTime(true)
|
||||
.hidden()
|
||||
.build();
|
||||
|
||||
public static final Option<Boolean> LEGACY_OBSERVABILITY_INTERFACE = new OptionBuilder<>("legacy-observability-interface", Boolean.class)
|
||||
.category(OptionCategory.MANAGEMENT)
|
||||
.deprecated()
|
||||
|
@ -32,30 +39,32 @@ public class ManagementOptions {
|
|||
.buildTime(true)
|
||||
.build();
|
||||
|
||||
static String RELEVANT_MSG = "Relevant only when something is exposed on the management interface - see the guide for details.";
|
||||
|
||||
public static final Option<String> HTTP_MANAGEMENT_RELATIVE_PATH = new OptionBuilder<>("http-management-relative-path", String.class)
|
||||
.category(OptionCategory.MANAGEMENT)
|
||||
.description("Set the path relative to '/' for serving resources from management interface. The path must start with a '/'. If not given, the value is inherited from HTTP options.")
|
||||
.description("Set the path relative to '/' for serving resources from management interface. The path must start with a '/'. If not given, the value is inherited from HTTP options. " + RELEVANT_MSG)
|
||||
.defaultValue("/")
|
||||
.buildTime(true)
|
||||
.build();
|
||||
|
||||
public static final Option<Integer> HTTP_MANAGEMENT_PORT = new OptionBuilder<>("http-management-port", Integer.class)
|
||||
.category(OptionCategory.MANAGEMENT)
|
||||
.description("Port of the management interface.")
|
||||
.description("Port of the management interface. " + RELEVANT_MSG)
|
||||
.defaultValue(9000)
|
||||
.build();
|
||||
|
||||
public static final Option<String> HTTP_MANAGEMENT_HOST = new OptionBuilder<>("http-management-host", String.class)
|
||||
.hidden()
|
||||
.category(OptionCategory.MANAGEMENT)
|
||||
.description("Host of the management interface. If not given, the value is inherited from HTTP options.")
|
||||
.description("Host of the management interface. If not given, the value is inherited from HTTP options. " + RELEVANT_MSG)
|
||||
.defaultValue("0.0.0.0")
|
||||
.build();
|
||||
|
||||
//HTTPS
|
||||
public static final Option<HttpOptions.ClientAuth> HTTPS_MANAGEMENT_CLIENT_AUTH = new OptionBuilder<>("https-management-client-auth", HttpOptions.ClientAuth.class)
|
||||
.category(OptionCategory.MANAGEMENT)
|
||||
.description("Configures the management interface to require/request client authentication. If not given, the value is inherited from HTTP options.")
|
||||
.description("Configures the management interface to require/request client authentication. If not given, the value is inherited from HTTP options. " + RELEVANT_MSG)
|
||||
.defaultValue(HttpOptions.ClientAuth.none)
|
||||
.buildTime(true)
|
||||
.build();
|
||||
|
@ -63,42 +72,42 @@ public class ManagementOptions {
|
|||
public static final Option<String> HTTPS_MANAGEMENT_CIPHER_SUITES = new OptionBuilder<>("https-management-cipher-suites", String.class)
|
||||
.hidden()
|
||||
.category(OptionCategory.MANAGEMENT)
|
||||
.description("The cipher suites to use for the management server. If not given, the value is inherited from HTTP options.")
|
||||
.description("The cipher suites to use for the management server. If not given, the value is inherited from HTTP options. " + RELEVANT_MSG)
|
||||
.hidden()
|
||||
.build();
|
||||
|
||||
public static final Option<List<String>> HTTPS_MANAGEMENT_PROTOCOLS = OptionBuilder.listOptionBuilder("https-management-protocols", String.class)
|
||||
.hidden()
|
||||
.category(OptionCategory.MANAGEMENT)
|
||||
.description("The list of protocols to explicitly enable for the management server. If not given, the value is inherited from HTTP options.")
|
||||
.description("The list of protocols to explicitly enable for the management server. If not given, the value is inherited from HTTP options. " + RELEVANT_MSG)
|
||||
.defaultValue(List.of("TLSv1.3,TLSv1.2"))
|
||||
.hidden()
|
||||
.build();
|
||||
|
||||
public static final Option<File> HTTPS_MANAGEMENT_CERTIFICATE_FILE = new OptionBuilder<>("https-management-certificate-file", File.class)
|
||||
.category(OptionCategory.MANAGEMENT)
|
||||
.description("The file path to a server certificate or certificate chain in PEM format for the management server. If not given, the value is inherited from HTTP options.")
|
||||
.description("The file path to a server certificate or certificate chain in PEM format for the management server. If not given, the value is inherited from HTTP options. " + RELEVANT_MSG)
|
||||
.build();
|
||||
|
||||
public static final Option<File> HTTPS_MANAGEMENT_CERTIFICATE_KEY_FILE = new OptionBuilder<>("https-management-certificate-key-file", File.class)
|
||||
.category(OptionCategory.MANAGEMENT)
|
||||
.description("The file path to a private key in PEM format for the management server. If not given, the value is inherited from HTTP options.")
|
||||
.description("The file path to a private key in PEM format for the management server. If not given, the value is inherited from HTTP options. " + RELEVANT_MSG)
|
||||
.build();
|
||||
|
||||
public static final Option<File> HTTPS_MANAGEMENT_KEY_STORE_FILE = new OptionBuilder<>("https-management-key-store-file", File.class)
|
||||
.category(OptionCategory.MANAGEMENT)
|
||||
.description("The key store which holds the certificate information instead of specifying separate files for the management server. If not given, the value is inherited from HTTP options.")
|
||||
.description("The key store which holds the certificate information instead of specifying separate files for the management server. If not given, the value is inherited from HTTP options. " + RELEVANT_MSG)
|
||||
.build();
|
||||
|
||||
public static final Option<String> HTTPS_MANAGEMENT_KEY_STORE_PASSWORD = new OptionBuilder<>("https-management-key-store-password", String.class)
|
||||
.category(OptionCategory.MANAGEMENT)
|
||||
.description("The password of the key store file for the management server. If not given, the value is inherited from HTTP options.")
|
||||
.description("The password of the key store file for the management server. If not given, the value is inherited from HTTP options. " + RELEVANT_MSG)
|
||||
.defaultValue("password")
|
||||
.build();
|
||||
|
||||
public static final Option<String> HTTPS_MANAGEMENT_KEY_STORE_TYPE = new OptionBuilder<>("https-management-key-store-type", String.class)
|
||||
.hidden()
|
||||
.category(OptionCategory.MANAGEMENT)
|
||||
.description("The type of the key store file for the management server. If not given, the value is inherited from HTTP options.")
|
||||
.description("The type of the key store file for the management server. If not given, the value is inherited from HTTP options. " + RELEVANT_MSG)
|
||||
.build();
|
||||
}
|
||||
|
|
|
@ -16,90 +16,82 @@
|
|||
*/
|
||||
package org.keycloak.quarkus.runtime.configuration.mappers;
|
||||
|
||||
import io.smallrye.config.ConfigSourceInterceptorContext;
|
||||
import org.keycloak.config.HealthOptions;
|
||||
import org.keycloak.config.HttpOptions;
|
||||
import org.keycloak.config.ManagementOptions;
|
||||
import org.keycloak.config.MetricsOptions;
|
||||
import org.keycloak.quarkus.runtime.Messages;
|
||||
import org.keycloak.quarkus.runtime.cli.PropertyException;
|
||||
import org.keycloak.quarkus.runtime.configuration.Configuration;
|
||||
|
||||
import java.util.Optional;
|
||||
|
||||
import static org.keycloak.config.ManagementOptions.LEGACY_OBSERVABILITY_INTERFACE;
|
||||
import static org.keycloak.quarkus.runtime.configuration.Configuration.isTrue;
|
||||
import static org.keycloak.quarkus.runtime.configuration.mappers.PropertyMapper.fromOption;
|
||||
|
||||
public class ManagementPropertyMappers {
|
||||
private static final String MANAGEMENT_ENABLED_MSG = "Management interface is enabled";
|
||||
|
||||
private ManagementPropertyMappers() {
|
||||
}
|
||||
|
||||
public static PropertyMapper<?>[] getManagementPropertyMappers() {
|
||||
return new PropertyMapper[]{
|
||||
fromOption(ManagementOptions.HTTP_MANAGEMENT_ENABLED)
|
||||
.to("quarkus.management.enabled")
|
||||
.transformer((val, ctx) -> managementEnabledTransformer())
|
||||
.build(),
|
||||
fromOption(ManagementOptions.LEGACY_OBSERVABILITY_INTERFACE)
|
||||
.to("quarkus.management.enabled") // ATM, the management interface state is only based on the legacy-observability-interface property
|
||||
.paramLabel(Boolean.TRUE + "|" + Boolean.FALSE)
|
||||
.transformer(ManagementPropertyMappers::managementEnabledTransformer)
|
||||
.build(),
|
||||
fromOption(ManagementOptions.HTTP_MANAGEMENT_RELATIVE_PATH)
|
||||
.isEnabled(ManagementPropertyMappers::isManagementEnabled, MANAGEMENT_ENABLED_MSG)
|
||||
.mapFrom(HttpOptions.HTTP_RELATIVE_PATH.getKey())
|
||||
.to("quarkus.management.root-path")
|
||||
.paramLabel("path")
|
||||
.build(),
|
||||
fromOption(ManagementOptions.HTTP_MANAGEMENT_PORT)
|
||||
.isEnabled(ManagementPropertyMappers::isManagementEnabled, MANAGEMENT_ENABLED_MSG)
|
||||
.to("quarkus.management.port")
|
||||
.paramLabel("port")
|
||||
.build(),
|
||||
fromOption(ManagementOptions.HTTP_MANAGEMENT_HOST)
|
||||
.isEnabled(ManagementPropertyMappers::isManagementEnabled, MANAGEMENT_ENABLED_MSG)
|
||||
.mapFrom(HttpOptions.HTTP_HOST.getKey())
|
||||
.to("quarkus.management.host")
|
||||
.paramLabel("host")
|
||||
.build(),
|
||||
// HTTPS
|
||||
fromOption(ManagementOptions.HTTPS_MANAGEMENT_CLIENT_AUTH)
|
||||
.isEnabled(ManagementPropertyMappers::isManagementEnabled, MANAGEMENT_ENABLED_MSG)
|
||||
.mapFrom(HttpOptions.HTTPS_CLIENT_AUTH.getKey())
|
||||
.to("quarkus.management.ssl.client-auth")
|
||||
.paramLabel("auth")
|
||||
.build(),
|
||||
fromOption(ManagementOptions.HTTPS_MANAGEMENT_CIPHER_SUITES)
|
||||
.isEnabled(ManagementPropertyMappers::isManagementEnabled, MANAGEMENT_ENABLED_MSG)
|
||||
.mapFrom(HttpOptions.HTTPS_CIPHER_SUITES.getKey())
|
||||
.to("quarkus.management.ssl.cipher-suites")
|
||||
.paramLabel("ciphers")
|
||||
.build(),
|
||||
fromOption(ManagementOptions.HTTPS_MANAGEMENT_PROTOCOLS)
|
||||
.isEnabled(ManagementPropertyMappers::isManagementEnabled, MANAGEMENT_ENABLED_MSG)
|
||||
.mapFrom(HttpOptions.HTTPS_PROTOCOLS.getKey())
|
||||
.to("quarkus.management.ssl.protocols")
|
||||
.paramLabel("protocols")
|
||||
.build(),
|
||||
fromOption(ManagementOptions.HTTPS_MANAGEMENT_CERTIFICATE_FILE)
|
||||
.isEnabled(ManagementPropertyMappers::isManagementEnabled, MANAGEMENT_ENABLED_MSG)
|
||||
.mapFrom(HttpOptions.HTTPS_CERTIFICATE_FILE.getKey())
|
||||
.to("quarkus.management.ssl.certificate.files")
|
||||
.validator((mapper, value) -> validateTlsProperties())
|
||||
.paramLabel("file")
|
||||
.build(),
|
||||
fromOption(ManagementOptions.HTTPS_MANAGEMENT_CERTIFICATE_KEY_FILE)
|
||||
.isEnabled(ManagementPropertyMappers::isManagementEnabled, MANAGEMENT_ENABLED_MSG)
|
||||
.mapFrom(HttpOptions.HTTPS_CERTIFICATE_KEY_FILE.getKey())
|
||||
.to("quarkus.management.ssl.certificate.key-files")
|
||||
.validator((mapper, value) -> validateTlsProperties())
|
||||
.paramLabel("file")
|
||||
.build(),
|
||||
fromOption(ManagementOptions.HTTPS_MANAGEMENT_KEY_STORE_FILE)
|
||||
.isEnabled(ManagementPropertyMappers::isManagementEnabled, MANAGEMENT_ENABLED_MSG)
|
||||
.mapFrom(HttpOptions.HTTPS_KEY_STORE_FILE.getKey())
|
||||
.to("quarkus.management.ssl.certificate.key-store-file")
|
||||
.validator((mapper, value) -> validateTlsProperties())
|
||||
.paramLabel("file")
|
||||
.build(),
|
||||
fromOption(ManagementOptions.HTTPS_MANAGEMENT_KEY_STORE_PASSWORD)
|
||||
.isEnabled(ManagementPropertyMappers::isManagementEnabled, MANAGEMENT_ENABLED_MSG)
|
||||
.mapFrom(HttpOptions.HTTPS_KEY_STORE_PASSWORD.getKey())
|
||||
.to("quarkus.management.ssl.certificate.key-store-password")
|
||||
.validator((mapper, value) -> validateTlsProperties())
|
||||
|
@ -107,7 +99,6 @@ public class ManagementPropertyMappers {
|
|||
.isMasked(true)
|
||||
.build(),
|
||||
fromOption(ManagementOptions.HTTPS_MANAGEMENT_KEY_STORE_TYPE)
|
||||
.isEnabled(ManagementPropertyMappers::isManagementEnabled, MANAGEMENT_ENABLED_MSG)
|
||||
.mapFrom(HttpOptions.HTTPS_KEY_STORE_TYPE.getKey())
|
||||
.to("quarkus.management.ssl.certificate.key-store-file-type")
|
||||
.transformer((value, config) -> value.or(() -> Configuration.getOptionalKcValue(HttpOptions.HTTPS_KEY_STORE_TYPE.getKey())))
|
||||
|
@ -117,7 +108,15 @@ public class ManagementPropertyMappers {
|
|||
}
|
||||
|
||||
public static boolean isManagementEnabled() {
|
||||
return isTrue("quarkus.management.enabled");
|
||||
if (isTrue(LEGACY_OBSERVABILITY_INTERFACE)) {
|
||||
return false;
|
||||
}
|
||||
var isManagementOccupied = isTrue(HealthOptions.HEALTH_ENABLED) || isTrue(MetricsOptions.METRICS_ENABLED);
|
||||
return isManagementOccupied;
|
||||
}
|
||||
|
||||
private static Optional<String> managementEnabledTransformer() {
|
||||
return Optional.of(Boolean.toString(isManagementEnabled()));
|
||||
}
|
||||
|
||||
public static boolean isManagementTlsEnabled() {
|
||||
|
@ -135,12 +134,4 @@ public class ManagementPropertyMappers {
|
|||
throw new PropertyException(Messages.httpsConfigurationNotSet());
|
||||
}
|
||||
}
|
||||
|
||||
private static Optional<String> managementEnabledTransformer(Optional<String> value, ConfigSourceInterceptorContext ctx) {
|
||||
if (value.isPresent()) {
|
||||
var b = Boolean.parseBoolean(value.get());
|
||||
return Optional.of(Boolean.toString(!b)); // negate the output
|
||||
}
|
||||
return Optional.of(Boolean.TRUE.toString());
|
||||
}
|
||||
}
|
||||
|
|
|
@ -36,12 +36,43 @@ public class ManagementConfigurationTest extends AbstractConfigurationTest {
|
|||
"http-management-host", "0.0.0.0"
|
||||
));
|
||||
|
||||
assertManagementEnabled(true);
|
||||
assertManagementHttpsEnabled(false);
|
||||
assertManagementEnabled(false);
|
||||
}
|
||||
|
||||
@Test
|
||||
public void healthOccupied() {
|
||||
assertOccupied("KC_HEALTH_ENABLED");
|
||||
}
|
||||
|
||||
@Test
|
||||
public void metricsOccupied() {
|
||||
assertOccupied("KC_METRICS_ENABLED");
|
||||
}
|
||||
|
||||
@Test
|
||||
public void healthMetricsOccupied() {
|
||||
assertOccupied("KC_HEALTH_ENABLED", "KC_METRICS_ENABLED");
|
||||
}
|
||||
|
||||
@Test
|
||||
public void immutableManagementEnabledProperty() {
|
||||
initConfig();
|
||||
assertConfig("http-management-enabled", "false");
|
||||
|
||||
putEnvVar("KC_MANAGEMENT_ENABLED", "true");
|
||||
|
||||
initConfig();
|
||||
assertConfig("http-management-enabled", "false");
|
||||
|
||||
putEnvVar("KC_MANAGEMENT_ENABLED", "something-wrong");
|
||||
|
||||
initConfig();
|
||||
assertConfig("http-management-enabled", "false");
|
||||
}
|
||||
|
||||
@Test
|
||||
public void managementBasicChanges() {
|
||||
makeInterfaceOccupied();
|
||||
putEnvVars(Map.of(
|
||||
"KC_HTTP_MANAGEMENT_PORT", "9999",
|
||||
"KC_HTTP_MANAGEMENT_RELATIVE_PATH", "/management2",
|
||||
|
@ -61,6 +92,7 @@ public class ManagementConfigurationTest extends AbstractConfigurationTest {
|
|||
|
||||
@Test
|
||||
public void managementRelativePath() {
|
||||
makeInterfaceOccupied();
|
||||
putEnvVar("KC_HTTP_RELATIVE_PATH", "/management3");
|
||||
|
||||
initConfig();
|
||||
|
@ -74,6 +106,7 @@ public class ManagementConfigurationTest extends AbstractConfigurationTest {
|
|||
|
||||
@Test
|
||||
public void managementHttpsValues() {
|
||||
makeInterfaceOccupied();
|
||||
putEnvVars(Map.of(
|
||||
"KC_HTTP_MANAGEMENT_HOST", "host1",
|
||||
"KC_HTTPS_MANAGEMENT_CLIENT_AUTH", "requested",
|
||||
|
@ -105,6 +138,7 @@ public class ManagementConfigurationTest extends AbstractConfigurationTest {
|
|||
|
||||
@Test
|
||||
public void managementMappedValues() {
|
||||
makeInterfaceOccupied();
|
||||
putEnvVars(Map.of(
|
||||
"KC_HTTP_HOST", "host123",
|
||||
"KC_HTTPS_CLIENT_AUTH", "required",
|
||||
|
@ -136,6 +170,7 @@ public class ManagementConfigurationTest extends AbstractConfigurationTest {
|
|||
|
||||
@Test
|
||||
public void managementDefaultHttps() {
|
||||
makeInterfaceOccupied();
|
||||
putEnvVars(Map.of(
|
||||
"KC_HTTPS_CERTIFICATE_FILE", "/some/path/srv.crt.pem",
|
||||
"KC_HTTPS_CERTIFICATE_KEY_FILE", "/some/path/srv.key.pem"
|
||||
|
@ -155,6 +190,7 @@ public class ManagementConfigurationTest extends AbstractConfigurationTest {
|
|||
|
||||
@Test
|
||||
public void managementDefaultHttpsManagementProps() {
|
||||
makeInterfaceOccupied();
|
||||
putEnvVars(Map.of(
|
||||
"KC_HTTPS_MANAGEMENT_CERTIFICATE_FILE", "/some/path/srv.crt.pem",
|
||||
"KC_HTTPS_MANAGEMENT_CERTIFICATE_KEY_FILE", "/some/path/srv.key.pem"
|
||||
|
@ -172,6 +208,7 @@ public class ManagementConfigurationTest extends AbstractConfigurationTest {
|
|||
|
||||
@Test
|
||||
public void managementDefaultHttpsCertDisabled() {
|
||||
makeInterfaceOccupied();
|
||||
putEnvVar("KC_HTTPS_CERTIFICATE_FILE", "/some/path/srv.crt.pem");
|
||||
|
||||
initConfig();
|
||||
|
@ -183,6 +220,7 @@ public class ManagementConfigurationTest extends AbstractConfigurationTest {
|
|||
|
||||
@Test
|
||||
public void managementDefaultHttpsKeyDisabled() {
|
||||
makeInterfaceOccupied();
|
||||
putEnvVar("KC_HTTPS_CERTIFICATE_KEY_FILE", "/some/path/srv.key.pem");
|
||||
|
||||
initConfig();
|
||||
|
@ -194,6 +232,7 @@ public class ManagementConfigurationTest extends AbstractConfigurationTest {
|
|||
|
||||
@Test
|
||||
public void managementEnabledDefaultHttpsKeystore(){
|
||||
makeInterfaceOccupied();
|
||||
putEnvVar("KC_HTTPS_KEY_STORE_FILE", "keystore.p12");
|
||||
|
||||
initConfig();
|
||||
|
@ -208,6 +247,7 @@ public class ManagementConfigurationTest extends AbstractConfigurationTest {
|
|||
|
||||
@Test
|
||||
public void fipsKeystoreType(){
|
||||
makeInterfaceOccupied();
|
||||
putEnvVar("KC_FIPS_MODE", "strict");
|
||||
|
||||
initConfig();
|
||||
|
@ -221,6 +261,7 @@ public class ManagementConfigurationTest extends AbstractConfigurationTest {
|
|||
|
||||
@Test
|
||||
public void keystoreType(){
|
||||
makeInterfaceOccupied();
|
||||
putEnvVars(Map.of(
|
||||
"KC_HTTPS_KEY_STORE_TYPE", "pkcs12",
|
||||
"KC_HTTPS_MANAGEMENT_KEY_STORE_TYPE", "BCFKS"
|
||||
|
@ -237,6 +278,7 @@ public class ManagementConfigurationTest extends AbstractConfigurationTest {
|
|||
|
||||
@Test
|
||||
public void legacyObservabilityInterface() {
|
||||
makeInterfaceOccupied();
|
||||
putEnvVar("KC_LEGACY_OBSERVABILITY_INTERFACE", "true");
|
||||
|
||||
initConfig();
|
||||
|
@ -247,6 +289,7 @@ public class ManagementConfigurationTest extends AbstractConfigurationTest {
|
|||
|
||||
@Test
|
||||
public void legacyObservabilityInterfaceFalse() {
|
||||
makeInterfaceOccupied();
|
||||
putEnvVar("KC_LEGACY_OBSERVABILITY_INTERFACE", "false");
|
||||
|
||||
initConfig();
|
||||
|
@ -255,6 +298,10 @@ public class ManagementConfigurationTest extends AbstractConfigurationTest {
|
|||
assertManagementEnabled(true);
|
||||
}
|
||||
|
||||
private void makeInterfaceOccupied() {
|
||||
putEnvVar("KC_HEALTH_ENABLED", "true");
|
||||
}
|
||||
|
||||
private void assertManagementEnabled(boolean expected) {
|
||||
assertThat("Expected value for Management interface state is different", ManagementPropertyMappers.isManagementEnabled(), is(expected));
|
||||
}
|
||||
|
@ -262,4 +309,21 @@ public class ManagementConfigurationTest extends AbstractConfigurationTest {
|
|||
private void assertManagementHttpsEnabled(boolean expected) {
|
||||
assertThat("Expected value for Management HTTPS is different", ManagementPropertyMappers.isManagementTlsEnabled(), is(expected));
|
||||
}
|
||||
|
||||
private void assertOccupied(String... envVarChangeState) {
|
||||
for (var env : envVarChangeState) {
|
||||
putEnvVar(env, "true");
|
||||
}
|
||||
|
||||
initConfig();
|
||||
|
||||
assertConfig(Map.of(
|
||||
"http-management-port", "9000",
|
||||
"http-management-relative-path", "/",
|
||||
"http-management-host", "0.0.0.0"
|
||||
));
|
||||
|
||||
assertManagementEnabled(true);
|
||||
assertManagementHttpsEnabled(false);
|
||||
}
|
||||
}
|
||||
|
|
|
@ -24,7 +24,9 @@ import org.keycloak.it.utils.KeycloakDistribution;
|
|||
|
||||
import static io.restassured.RestAssured.when;
|
||||
import static org.hamcrest.CoreMatchers.equalTo;
|
||||
import static org.junit.jupiter.api.Assertions.assertThrows;
|
||||
|
||||
import java.io.IOException;
|
||||
import java.util.List;
|
||||
import java.util.concurrent.CompletableFuture;
|
||||
import java.util.concurrent.TimeUnit;
|
||||
|
@ -36,21 +38,11 @@ public class HealthDistTest {
|
|||
|
||||
@Test
|
||||
@Launch({ "start-dev" })
|
||||
void testHealthEndpointNotEnabled() {
|
||||
void testHealthEndpointNotEnabled(KeycloakDistribution distribution) {
|
||||
assertThrows(IOException.class, () -> when().get("/health"), "Connection refused must be thrown");
|
||||
distribution.setRequestPort(8080);
|
||||
when().get("/health").then()
|
||||
.statusCode(404);
|
||||
when().get("/q/health").then()
|
||||
.statusCode(404);
|
||||
when().get("/health/live").then()
|
||||
.statusCode(404);
|
||||
when().get("/q/health/live").then()
|
||||
.statusCode(404);
|
||||
when().get("/health/ready").then()
|
||||
.statusCode(404);
|
||||
when().get("/q/health/ready").then()
|
||||
.statusCode(404);
|
||||
when().get("/lb-check").then()
|
||||
.statusCode(404);
|
||||
}
|
||||
|
||||
@Test
|
||||
|
|
44
quarkus/tests/integration/src/test/java/org/keycloak/it/cli/dist/ManagementOffDistTest.java
vendored
Normal file
44
quarkus/tests/integration/src/test/java/org/keycloak/it/cli/dist/ManagementOffDistTest.java
vendored
Normal file
|
@ -0,0 +1,44 @@
|
|||
/*
|
||||
* Copyright 2024 Red Hat, Inc. and/or its affiliates
|
||||
* and other contributors as indicated by the @author tags.
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
package org.keycloak.it.cli.dist;
|
||||
|
||||
import io.quarkus.test.junit.main.Launch;
|
||||
import io.quarkus.test.junit.main.LaunchResult;
|
||||
import org.junit.jupiter.api.Test;
|
||||
import org.keycloak.it.junit5.extension.CLIResult;
|
||||
import org.keycloak.it.junit5.extension.DistributionTest;
|
||||
|
||||
import java.io.IOException;
|
||||
|
||||
import static io.restassured.RestAssured.when;
|
||||
import static org.junit.jupiter.api.Assertions.assertThrows;
|
||||
|
||||
@DistributionTest(keepAlive = true,
|
||||
requestPort = 9000,
|
||||
containerExposedPorts = {9000, 8080})
|
||||
public class ManagementOffDistTest {
|
||||
|
||||
@Test
|
||||
@Launch({"start-dev"})
|
||||
public void notOccupied(LaunchResult result) {
|
||||
CLIResult cliResult = (CLIResult) result;
|
||||
cliResult.assertNoMessage("Management interface listening on");
|
||||
|
||||
assertThrows(IOException.class, () -> when().get("/"), "Connection refused must be thrown");
|
||||
assertThrows(IOException.class, () -> when().get("/health"), "Connection refused must be thrown");
|
||||
}
|
||||
}
|
|
@ -20,7 +20,9 @@ package org.keycloak.it.cli.dist;
|
|||
import static io.restassured.RestAssured.when;
|
||||
import static org.hamcrest.Matchers.containsString;
|
||||
import static org.hamcrest.Matchers.not;
|
||||
import static org.junit.jupiter.api.Assertions.assertThrows;
|
||||
|
||||
import java.io.IOException;
|
||||
import java.util.List;
|
||||
import java.util.concurrent.CompletableFuture;
|
||||
import java.util.concurrent.TimeUnit;
|
||||
|
@ -37,7 +39,12 @@ public class MetricsDistTest {
|
|||
|
||||
@Test
|
||||
@Launch({ "start-dev" })
|
||||
void testMetricsEndpointNotEnabled() {
|
||||
void testMetricsEndpointNotEnabled(KeycloakDistribution distribution) {
|
||||
assertThrows(IOException.class, () -> when().get("/metrics"), "Connection refused must be thrown");
|
||||
assertThrows(IOException.class, () -> when().get("/q/metrics"), "Connection refused must be thrown");
|
||||
|
||||
distribution.setRequestPort(8080);
|
||||
|
||||
when().get("/metrics").then()
|
||||
.statusCode(404);
|
||||
when().get("/q/metrics").then()
|
||||
|
|
|
@ -56,13 +56,13 @@ Management:
|
|||
--http-management-relative-path <path>
|
||||
Set the path relative to '/' for serving resources from management interface.
|
||||
The path must start with a '/'. If not given, the value is inherited from
|
||||
HTTP options. Default: /. Available only when Management interface is
|
||||
enabled.
|
||||
HTTP options. Relevant only when something is exposed on the management
|
||||
interface - see the guide for details. Default: /.
|
||||
--https-management-client-auth <auth>
|
||||
Configures the management interface to require/request client authentication.
|
||||
If not given, the value is inherited from HTTP options. Possible values are:
|
||||
none, request, required. Default: none. Available only when Management
|
||||
interface is enabled.
|
||||
If not given, the value is inherited from HTTP options. Relevant only when
|
||||
something is exposed on the management interface - see the guide for
|
||||
details. Possible values are: none, request, required. Default: none.
|
||||
--legacy-observability-interface <true|false>
|
||||
DEPRECATED. If metrics/health endpoints should be exposed on the main HTTP
|
||||
server (not recommended). If set to true, the management interface is
|
||||
|
|
|
@ -71,35 +71,37 @@ Feature:
|
|||
Management:
|
||||
|
||||
--http-management-port <port>
|
||||
Port of the management interface. Default: 9000. Available only when
|
||||
Management interface is enabled.
|
||||
Port of the management interface. Relevant only when something is exposed on
|
||||
the management interface - see the guide for details. Default: 9000.
|
||||
--http-management-relative-path <path>
|
||||
Set the path relative to '/' for serving resources from management interface.
|
||||
The path must start with a '/'. If not given, the value is inherited from
|
||||
HTTP options. Default: /. Available only when Management interface is
|
||||
enabled.
|
||||
HTTP options. Relevant only when something is exposed on the management
|
||||
interface - see the guide for details. Default: /.
|
||||
--https-management-certificate-file <file>
|
||||
The file path to a server certificate or certificate chain in PEM format for
|
||||
the management server. If not given, the value is inherited from HTTP
|
||||
options. Available only when Management interface is enabled.
|
||||
options. Relevant only when something is exposed on the management interface
|
||||
- see the guide for details.
|
||||
--https-management-certificate-key-file <file>
|
||||
The file path to a private key in PEM format for the management server. If not
|
||||
given, the value is inherited from HTTP options. Available only when
|
||||
Management interface is enabled.
|
||||
given, the value is inherited from HTTP options. Relevant only when
|
||||
something is exposed on the management interface - see the guide for details.
|
||||
--https-management-client-auth <auth>
|
||||
Configures the management interface to require/request client authentication.
|
||||
If not given, the value is inherited from HTTP options. Possible values are:
|
||||
none, request, required. Default: none. Available only when Management
|
||||
interface is enabled.
|
||||
If not given, the value is inherited from HTTP options. Relevant only when
|
||||
something is exposed on the management interface - see the guide for
|
||||
details. Possible values are: none, request, required. Default: none.
|
||||
--https-management-key-store-file <file>
|
||||
The key store which holds the certificate information instead of specifying
|
||||
separate files for the management server. If not given, the value is
|
||||
inherited from HTTP options. Available only when Management interface is
|
||||
enabled.
|
||||
inherited from HTTP options. Relevant only when something is exposed on the
|
||||
management interface - see the guide for details.
|
||||
--https-management-key-store-password <password>
|
||||
The password of the key store file for the management server. If not given,
|
||||
the value is inherited from HTTP options. Default: password. Available only
|
||||
when Management interface is enabled.
|
||||
the value is inherited from HTTP options. Relevant only when something is
|
||||
exposed on the management interface - see the guide for details. Default:
|
||||
password.
|
||||
--legacy-observability-interface <true|false>
|
||||
DEPRECATED. If metrics/health endpoints should be exposed on the main HTTP
|
||||
server (not recommended). If set to true, the management interface is
|
||||
|
|
|
@ -71,35 +71,37 @@ Feature:
|
|||
Management:
|
||||
|
||||
--http-management-port <port>
|
||||
Port of the management interface. Default: 9000. Available only when
|
||||
Management interface is enabled.
|
||||
Port of the management interface. Relevant only when something is exposed on
|
||||
the management interface - see the guide for details. Default: 9000.
|
||||
--http-management-relative-path <path>
|
||||
Set the path relative to '/' for serving resources from management interface.
|
||||
The path must start with a '/'. If not given, the value is inherited from
|
||||
HTTP options. Default: /. Available only when Management interface is
|
||||
enabled.
|
||||
HTTP options. Relevant only when something is exposed on the management
|
||||
interface - see the guide for details. Default: /.
|
||||
--https-management-certificate-file <file>
|
||||
The file path to a server certificate or certificate chain in PEM format for
|
||||
the management server. If not given, the value is inherited from HTTP
|
||||
options. Available only when Management interface is enabled.
|
||||
options. Relevant only when something is exposed on the management interface
|
||||
- see the guide for details.
|
||||
--https-management-certificate-key-file <file>
|
||||
The file path to a private key in PEM format for the management server. If not
|
||||
given, the value is inherited from HTTP options. Available only when
|
||||
Management interface is enabled.
|
||||
given, the value is inherited from HTTP options. Relevant only when
|
||||
something is exposed on the management interface - see the guide for details.
|
||||
--https-management-client-auth <auth>
|
||||
Configures the management interface to require/request client authentication.
|
||||
If not given, the value is inherited from HTTP options. Possible values are:
|
||||
none, request, required. Default: none. Available only when Management
|
||||
interface is enabled.
|
||||
If not given, the value is inherited from HTTP options. Relevant only when
|
||||
something is exposed on the management interface - see the guide for
|
||||
details. Possible values are: none, request, required. Default: none.
|
||||
--https-management-key-store-file <file>
|
||||
The key store which holds the certificate information instead of specifying
|
||||
separate files for the management server. If not given, the value is
|
||||
inherited from HTTP options. Available only when Management interface is
|
||||
enabled.
|
||||
inherited from HTTP options. Relevant only when something is exposed on the
|
||||
management interface - see the guide for details.
|
||||
--https-management-key-store-password <password>
|
||||
The password of the key store file for the management server. If not given,
|
||||
the value is inherited from HTTP options. Default: password. Available only
|
||||
when Management interface is enabled.
|
||||
the value is inherited from HTTP options. Relevant only when something is
|
||||
exposed on the management interface - see the guide for details. Default:
|
||||
password.
|
||||
--legacy-observability-interface <true|false>
|
||||
DEPRECATED. If metrics/health endpoints should be exposed on the main HTTP
|
||||
server (not recommended). If set to true, the management interface is
|
||||
|
|
|
@ -71,35 +71,37 @@ Feature:
|
|||
Management:
|
||||
|
||||
--http-management-port <port>
|
||||
Port of the management interface. Default: 9000. Available only when
|
||||
Management interface is enabled.
|
||||
Port of the management interface. Relevant only when something is exposed on
|
||||
the management interface - see the guide for details. Default: 9000.
|
||||
--http-management-relative-path <path>
|
||||
Set the path relative to '/' for serving resources from management interface.
|
||||
The path must start with a '/'. If not given, the value is inherited from
|
||||
HTTP options. Default: /. Available only when Management interface is
|
||||
enabled.
|
||||
HTTP options. Relevant only when something is exposed on the management
|
||||
interface - see the guide for details. Default: /.
|
||||
--https-management-certificate-file <file>
|
||||
The file path to a server certificate or certificate chain in PEM format for
|
||||
the management server. If not given, the value is inherited from HTTP
|
||||
options. Available only when Management interface is enabled.
|
||||
options. Relevant only when something is exposed on the management interface
|
||||
- see the guide for details.
|
||||
--https-management-certificate-key-file <file>
|
||||
The file path to a private key in PEM format for the management server. If not
|
||||
given, the value is inherited from HTTP options. Available only when
|
||||
Management interface is enabled.
|
||||
given, the value is inherited from HTTP options. Relevant only when
|
||||
something is exposed on the management interface - see the guide for details.
|
||||
--https-management-client-auth <auth>
|
||||
Configures the management interface to require/request client authentication.
|
||||
If not given, the value is inherited from HTTP options. Possible values are:
|
||||
none, request, required. Default: none. Available only when Management
|
||||
interface is enabled.
|
||||
If not given, the value is inherited from HTTP options. Relevant only when
|
||||
something is exposed on the management interface - see the guide for
|
||||
details. Possible values are: none, request, required. Default: none.
|
||||
--https-management-key-store-file <file>
|
||||
The key store which holds the certificate information instead of specifying
|
||||
separate files for the management server. If not given, the value is
|
||||
inherited from HTTP options. Available only when Management interface is
|
||||
enabled.
|
||||
inherited from HTTP options. Relevant only when something is exposed on the
|
||||
management interface - see the guide for details.
|
||||
--https-management-key-store-password <password>
|
||||
The password of the key store file for the management server. If not given,
|
||||
the value is inherited from HTTP options. Default: password. Available only
|
||||
when Management interface is enabled.
|
||||
the value is inherited from HTTP options. Relevant only when something is
|
||||
exposed on the management interface - see the guide for details. Default:
|
||||
password.
|
||||
--legacy-observability-interface <true|false>
|
||||
DEPRECATED. If metrics/health endpoints should be exposed on the main HTTP
|
||||
server (not recommended). If set to true, the management interface is
|
||||
|
|
|
@ -71,35 +71,37 @@ Feature:
|
|||
Management:
|
||||
|
||||
--http-management-port <port>
|
||||
Port of the management interface. Default: 9000. Available only when
|
||||
Management interface is enabled.
|
||||
Port of the management interface. Relevant only when something is exposed on
|
||||
the management interface - see the guide for details. Default: 9000.
|
||||
--http-management-relative-path <path>
|
||||
Set the path relative to '/' for serving resources from management interface.
|
||||
The path must start with a '/'. If not given, the value is inherited from
|
||||
HTTP options. Default: /. Available only when Management interface is
|
||||
enabled.
|
||||
HTTP options. Relevant only when something is exposed on the management
|
||||
interface - see the guide for details. Default: /.
|
||||
--https-management-certificate-file <file>
|
||||
The file path to a server certificate or certificate chain in PEM format for
|
||||
the management server. If not given, the value is inherited from HTTP
|
||||
options. Available only when Management interface is enabled.
|
||||
options. Relevant only when something is exposed on the management interface
|
||||
- see the guide for details.
|
||||
--https-management-certificate-key-file <file>
|
||||
The file path to a private key in PEM format for the management server. If not
|
||||
given, the value is inherited from HTTP options. Available only when
|
||||
Management interface is enabled.
|
||||
given, the value is inherited from HTTP options. Relevant only when
|
||||
something is exposed on the management interface - see the guide for details.
|
||||
--https-management-client-auth <auth>
|
||||
Configures the management interface to require/request client authentication.
|
||||
If not given, the value is inherited from HTTP options. Possible values are:
|
||||
none, request, required. Default: none. Available only when Management
|
||||
interface is enabled.
|
||||
If not given, the value is inherited from HTTP options. Relevant only when
|
||||
something is exposed on the management interface - see the guide for
|
||||
details. Possible values are: none, request, required. Default: none.
|
||||
--https-management-key-store-file <file>
|
||||
The key store which holds the certificate information instead of specifying
|
||||
separate files for the management server. If not given, the value is
|
||||
inherited from HTTP options. Available only when Management interface is
|
||||
enabled.
|
||||
inherited from HTTP options. Relevant only when something is exposed on the
|
||||
management interface - see the guide for details.
|
||||
--https-management-key-store-password <password>
|
||||
The password of the key store file for the management server. If not given,
|
||||
the value is inherited from HTTP options. Default: password. Available only
|
||||
when Management interface is enabled.
|
||||
the value is inherited from HTTP options. Relevant only when something is
|
||||
exposed on the management interface - see the guide for details. Default:
|
||||
password.
|
||||
--legacy-observability-interface <true|false>
|
||||
DEPRECATED. If metrics/health endpoints should be exposed on the main HTTP
|
||||
server (not recommended). If set to true, the management interface is
|
||||
|
|
|
@ -193,35 +193,37 @@ Health:
|
|||
Management:
|
||||
|
||||
--http-management-port <port>
|
||||
Port of the management interface. Default: 9000. Available only when
|
||||
Management interface is enabled.
|
||||
Port of the management interface. Relevant only when something is exposed on
|
||||
the management interface - see the guide for details. Default: 9000.
|
||||
--http-management-relative-path <path>
|
||||
Set the path relative to '/' for serving resources from management interface.
|
||||
The path must start with a '/'. If not given, the value is inherited from
|
||||
HTTP options. Default: /. Available only when Management interface is
|
||||
enabled.
|
||||
HTTP options. Relevant only when something is exposed on the management
|
||||
interface - see the guide for details. Default: /.
|
||||
--https-management-certificate-file <file>
|
||||
The file path to a server certificate or certificate chain in PEM format for
|
||||
the management server. If not given, the value is inherited from HTTP
|
||||
options. Available only when Management interface is enabled.
|
||||
options. Relevant only when something is exposed on the management interface
|
||||
- see the guide for details.
|
||||
--https-management-certificate-key-file <file>
|
||||
The file path to a private key in PEM format for the management server. If not
|
||||
given, the value is inherited from HTTP options. Available only when
|
||||
Management interface is enabled.
|
||||
given, the value is inherited from HTTP options. Relevant only when
|
||||
something is exposed on the management interface - see the guide for details.
|
||||
--https-management-client-auth <auth>
|
||||
Configures the management interface to require/request client authentication.
|
||||
If not given, the value is inherited from HTTP options. Possible values are:
|
||||
none, request, required. Default: none. Available only when Management
|
||||
interface is enabled.
|
||||
If not given, the value is inherited from HTTP options. Relevant only when
|
||||
something is exposed on the management interface - see the guide for
|
||||
details. Possible values are: none, request, required. Default: none.
|
||||
--https-management-key-store-file <file>
|
||||
The key store which holds the certificate information instead of specifying
|
||||
separate files for the management server. If not given, the value is
|
||||
inherited from HTTP options. Available only when Management interface is
|
||||
enabled.
|
||||
inherited from HTTP options. Relevant only when something is exposed on the
|
||||
management interface - see the guide for details.
|
||||
--https-management-key-store-password <password>
|
||||
The password of the key store file for the management server. If not given,
|
||||
the value is inherited from HTTP options. Default: password. Available only
|
||||
when Management interface is enabled.
|
||||
the value is inherited from HTTP options. Relevant only when something is
|
||||
exposed on the management interface - see the guide for details. Default:
|
||||
password.
|
||||
--legacy-observability-interface <true|false>
|
||||
DEPRECATED. If metrics/health endpoints should be exposed on the main HTTP
|
||||
server (not recommended). If set to true, the management interface is
|
||||
|
|
|
@ -265,35 +265,37 @@ Health:
|
|||
Management:
|
||||
|
||||
--http-management-port <port>
|
||||
Port of the management interface. Default: 9000. Available only when
|
||||
Management interface is enabled.
|
||||
Port of the management interface. Relevant only when something is exposed on
|
||||
the management interface - see the guide for details. Default: 9000.
|
||||
--http-management-relative-path <path>
|
||||
Set the path relative to '/' for serving resources from management interface.
|
||||
The path must start with a '/'. If not given, the value is inherited from
|
||||
HTTP options. Default: /. Available only when Management interface is
|
||||
enabled.
|
||||
HTTP options. Relevant only when something is exposed on the management
|
||||
interface - see the guide for details. Default: /.
|
||||
--https-management-certificate-file <file>
|
||||
The file path to a server certificate or certificate chain in PEM format for
|
||||
the management server. If not given, the value is inherited from HTTP
|
||||
options. Available only when Management interface is enabled.
|
||||
options. Relevant only when something is exposed on the management interface
|
||||
- see the guide for details.
|
||||
--https-management-certificate-key-file <file>
|
||||
The file path to a private key in PEM format for the management server. If not
|
||||
given, the value is inherited from HTTP options. Available only when
|
||||
Management interface is enabled.
|
||||
given, the value is inherited from HTTP options. Relevant only when
|
||||
something is exposed on the management interface - see the guide for details.
|
||||
--https-management-client-auth <auth>
|
||||
Configures the management interface to require/request client authentication.
|
||||
If not given, the value is inherited from HTTP options. Possible values are:
|
||||
none, request, required. Default: none. Available only when Management
|
||||
interface is enabled.
|
||||
If not given, the value is inherited from HTTP options. Relevant only when
|
||||
something is exposed on the management interface - see the guide for
|
||||
details. Possible values are: none, request, required. Default: none.
|
||||
--https-management-key-store-file <file>
|
||||
The key store which holds the certificate information instead of specifying
|
||||
separate files for the management server. If not given, the value is
|
||||
inherited from HTTP options. Available only when Management interface is
|
||||
enabled.
|
||||
inherited from HTTP options. Relevant only when something is exposed on the
|
||||
management interface - see the guide for details.
|
||||
--https-management-key-store-password <password>
|
||||
The password of the key store file for the management server. If not given,
|
||||
the value is inherited from HTTP options. Default: password. Available only
|
||||
when Management interface is enabled.
|
||||
the value is inherited from HTTP options. Relevant only when something is
|
||||
exposed on the management interface - see the guide for details. Default:
|
||||
password.
|
||||
--legacy-observability-interface <true|false>
|
||||
DEPRECATED. If metrics/health endpoints should be exposed on the main HTTP
|
||||
server (not recommended). If set to true, the management interface is
|
||||
|
|
|
@ -194,35 +194,37 @@ Health:
|
|||
Management:
|
||||
|
||||
--http-management-port <port>
|
||||
Port of the management interface. Default: 9000. Available only when
|
||||
Management interface is enabled.
|
||||
Port of the management interface. Relevant only when something is exposed on
|
||||
the management interface - see the guide for details. Default: 9000.
|
||||
--http-management-relative-path <path>
|
||||
Set the path relative to '/' for serving resources from management interface.
|
||||
The path must start with a '/'. If not given, the value is inherited from
|
||||
HTTP options. Default: /. Available only when Management interface is
|
||||
enabled.
|
||||
HTTP options. Relevant only when something is exposed on the management
|
||||
interface - see the guide for details. Default: /.
|
||||
--https-management-certificate-file <file>
|
||||
The file path to a server certificate or certificate chain in PEM format for
|
||||
the management server. If not given, the value is inherited from HTTP
|
||||
options. Available only when Management interface is enabled.
|
||||
options. Relevant only when something is exposed on the management interface
|
||||
- see the guide for details.
|
||||
--https-management-certificate-key-file <file>
|
||||
The file path to a private key in PEM format for the management server. If not
|
||||
given, the value is inherited from HTTP options. Available only when
|
||||
Management interface is enabled.
|
||||
given, the value is inherited from HTTP options. Relevant only when
|
||||
something is exposed on the management interface - see the guide for details.
|
||||
--https-management-client-auth <auth>
|
||||
Configures the management interface to require/request client authentication.
|
||||
If not given, the value is inherited from HTTP options. Possible values are:
|
||||
none, request, required. Default: none. Available only when Management
|
||||
interface is enabled.
|
||||
If not given, the value is inherited from HTTP options. Relevant only when
|
||||
something is exposed on the management interface - see the guide for
|
||||
details. Possible values are: none, request, required. Default: none.
|
||||
--https-management-key-store-file <file>
|
||||
The key store which holds the certificate information instead of specifying
|
||||
separate files for the management server. If not given, the value is
|
||||
inherited from HTTP options. Available only when Management interface is
|
||||
enabled.
|
||||
inherited from HTTP options. Relevant only when something is exposed on the
|
||||
management interface - see the guide for details.
|
||||
--https-management-key-store-password <password>
|
||||
The password of the key store file for the management server. If not given,
|
||||
the value is inherited from HTTP options. Default: password. Available only
|
||||
when Management interface is enabled.
|
||||
the value is inherited from HTTP options. Relevant only when something is
|
||||
exposed on the management interface - see the guide for details. Default:
|
||||
password.
|
||||
--legacy-observability-interface <true|false>
|
||||
DEPRECATED. If metrics/health endpoints should be exposed on the main HTTP
|
||||
server (not recommended). If set to true, the management interface is
|
||||
|
|
|
@ -266,35 +266,37 @@ Health:
|
|||
Management:
|
||||
|
||||
--http-management-port <port>
|
||||
Port of the management interface. Default: 9000. Available only when
|
||||
Management interface is enabled.
|
||||
Port of the management interface. Relevant only when something is exposed on
|
||||
the management interface - see the guide for details. Default: 9000.
|
||||
--http-management-relative-path <path>
|
||||
Set the path relative to '/' for serving resources from management interface.
|
||||
The path must start with a '/'. If not given, the value is inherited from
|
||||
HTTP options. Default: /. Available only when Management interface is
|
||||
enabled.
|
||||
HTTP options. Relevant only when something is exposed on the management
|
||||
interface - see the guide for details. Default: /.
|
||||
--https-management-certificate-file <file>
|
||||
The file path to a server certificate or certificate chain in PEM format for
|
||||
the management server. If not given, the value is inherited from HTTP
|
||||
options. Available only when Management interface is enabled.
|
||||
options. Relevant only when something is exposed on the management interface
|
||||
- see the guide for details.
|
||||
--https-management-certificate-key-file <file>
|
||||
The file path to a private key in PEM format for the management server. If not
|
||||
given, the value is inherited from HTTP options. Available only when
|
||||
Management interface is enabled.
|
||||
given, the value is inherited from HTTP options. Relevant only when
|
||||
something is exposed on the management interface - see the guide for details.
|
||||
--https-management-client-auth <auth>
|
||||
Configures the management interface to require/request client authentication.
|
||||
If not given, the value is inherited from HTTP options. Possible values are:
|
||||
none, request, required. Default: none. Available only when Management
|
||||
interface is enabled.
|
||||
If not given, the value is inherited from HTTP options. Relevant only when
|
||||
something is exposed on the management interface - see the guide for
|
||||
details. Possible values are: none, request, required. Default: none.
|
||||
--https-management-key-store-file <file>
|
||||
The key store which holds the certificate information instead of specifying
|
||||
separate files for the management server. If not given, the value is
|
||||
inherited from HTTP options. Available only when Management interface is
|
||||
enabled.
|
||||
inherited from HTTP options. Relevant only when something is exposed on the
|
||||
management interface - see the guide for details.
|
||||
--https-management-key-store-password <password>
|
||||
The password of the key store file for the management server. If not given,
|
||||
the value is inherited from HTTP options. Default: password. Available only
|
||||
when Management interface is enabled.
|
||||
the value is inherited from HTTP options. Relevant only when something is
|
||||
exposed on the management interface - see the guide for details. Default:
|
||||
password.
|
||||
--legacy-observability-interface <true|false>
|
||||
DEPRECATED. If metrics/health endpoints should be exposed on the main HTTP
|
||||
server (not recommended). If set to true, the management interface is
|
||||
|
|
|
@ -166,25 +166,27 @@ HTTP(S):
|
|||
Management:
|
||||
|
||||
--http-management-port <port>
|
||||
Port of the management interface. Default: 9000. Available only when
|
||||
Management interface is enabled.
|
||||
Port of the management interface. Relevant only when something is exposed on
|
||||
the management interface - see the guide for details. Default: 9000.
|
||||
--https-management-certificate-file <file>
|
||||
The file path to a server certificate or certificate chain in PEM format for
|
||||
the management server. If not given, the value is inherited from HTTP
|
||||
options. Available only when Management interface is enabled.
|
||||
options. Relevant only when something is exposed on the management interface
|
||||
- see the guide for details.
|
||||
--https-management-certificate-key-file <file>
|
||||
The file path to a private key in PEM format for the management server. If not
|
||||
given, the value is inherited from HTTP options. Available only when
|
||||
Management interface is enabled.
|
||||
given, the value is inherited from HTTP options. Relevant only when
|
||||
something is exposed on the management interface - see the guide for details.
|
||||
--https-management-key-store-file <file>
|
||||
The key store which holds the certificate information instead of specifying
|
||||
separate files for the management server. If not given, the value is
|
||||
inherited from HTTP options. Available only when Management interface is
|
||||
enabled.
|
||||
inherited from HTTP options. Relevant only when something is exposed on the
|
||||
management interface - see the guide for details.
|
||||
--https-management-key-store-password <password>
|
||||
The password of the key store file for the management server. If not given,
|
||||
the value is inherited from HTTP options. Default: password. Available only
|
||||
when Management interface is enabled.
|
||||
the value is inherited from HTTP options. Relevant only when something is
|
||||
exposed on the management interface - see the guide for details. Default:
|
||||
password.
|
||||
|
||||
Proxy:
|
||||
|
||||
|
|
|
@ -238,25 +238,27 @@ HTTP(S):
|
|||
Management:
|
||||
|
||||
--http-management-port <port>
|
||||
Port of the management interface. Default: 9000. Available only when
|
||||
Management interface is enabled.
|
||||
Port of the management interface. Relevant only when something is exposed on
|
||||
the management interface - see the guide for details. Default: 9000.
|
||||
--https-management-certificate-file <file>
|
||||
The file path to a server certificate or certificate chain in PEM format for
|
||||
the management server. If not given, the value is inherited from HTTP
|
||||
options. Available only when Management interface is enabled.
|
||||
options. Relevant only when something is exposed on the management interface
|
||||
- see the guide for details.
|
||||
--https-management-certificate-key-file <file>
|
||||
The file path to a private key in PEM format for the management server. If not
|
||||
given, the value is inherited from HTTP options. Available only when
|
||||
Management interface is enabled.
|
||||
given, the value is inherited from HTTP options. Relevant only when
|
||||
something is exposed on the management interface - see the guide for details.
|
||||
--https-management-key-store-file <file>
|
||||
The key store which holds the certificate information instead of specifying
|
||||
separate files for the management server. If not given, the value is
|
||||
inherited from HTTP options. Available only when Management interface is
|
||||
enabled.
|
||||
inherited from HTTP options. Relevant only when something is exposed on the
|
||||
management interface - see the guide for details.
|
||||
--https-management-key-store-password <password>
|
||||
The password of the key store file for the management server. If not given,
|
||||
the value is inherited from HTTP options. Default: password. Available only
|
||||
when Management interface is enabled.
|
||||
the value is inherited from HTTP options. Relevant only when something is
|
||||
exposed on the management interface - see the guide for details. Default:
|
||||
password.
|
||||
|
||||
Proxy:
|
||||
|
||||
|
|
|
@ -41,3 +41,6 @@ spi-connections-http-client-default-reuse-connections=false
|
|||
|
||||
# set known protocol ports for basicsamltest
|
||||
spi-login-protocol-saml-known-protocols=http=8180,https=8543
|
||||
|
||||
# expose something on management interface to turn it on
|
||||
health-enabled=true
|
||||
|
|
|
@ -168,7 +168,7 @@ public abstract class AbstractQuarkusDeployableContainer implements DeployableCo
|
|||
if (suiteContext.get().isAuthServerMigrationEnabled()) {
|
||||
commands.add("--hostname-strict=false");
|
||||
commands.add("--hostname-strict-https=false");
|
||||
} else { // Do not set management port for older versions of Keycloak for migration tests - available since Keycloak ~22
|
||||
} else { // Do not set management port for older versions of Keycloak for migration tests - available since Keycloak 25
|
||||
commands.add("--http-management-port=" + configuration.getManagementPort());
|
||||
}
|
||||
|
||||
|
@ -232,6 +232,7 @@ public abstract class AbstractQuarkusDeployableContainer implements DeployableCo
|
|||
private static void prepareCommandsForRebuilding(List<String> commands) {
|
||||
commands.removeIf("--optimized"::equals);
|
||||
commands.add("--http-relative-path=/auth");
|
||||
commands.add("--health-enabled=true"); // expose something to management interface to turn it on
|
||||
}
|
||||
|
||||
protected void addFeaturesOption(List<String> commands) {
|
||||
|
|
Loading…
Reference in a new issue