From d9a92f5de30d5af642db65ea00f2ab9510e6713a Mon Sep 17 00:00:00 2001 From: Steven Hawkins Date: Wed, 21 Aug 2024 09:52:38 -0400 Subject: [PATCH] fix: expose bootstrap-admin-* options (#32241) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * fix: expose bootstrap-admin-* options closes: #32176 Signed-off-by: Steve Hawkins * Update quarkus/config-api/src/main/java/org/keycloak/config/BootstrapAdminOptions.java Co-authored-by: Martin Bartoš Signed-off-by: Steven Hawkins --------- Signed-off-by: Steve Hawkins Signed-off-by: Steven Hawkins Co-authored-by: Martin Bartoš --- .../config/BootstrapAdminOptions.java | 22 +++++++++++-------- .../cli/command/BootstrapAdminService.java | 6 ++--- .../cli/command/BootstrapAdminUser.java | 6 ++--- .../BootstrapAdminPropertyMappers.java | 20 +++++++++++++---- ...ommandDistTest.testExportHelp.approved.txt | 18 ++++++++++++++- ...andDistTest.testExportHelpAll.approved.txt | 18 ++++++++++++++- ...ommandDistTest.testImportHelp.approved.txt | 18 ++++++++++++++- ...andDistTest.testImportHelpAll.approved.txt | 18 ++++++++++++++- ...mandDistTest.testStartDevHelp.approved.txt | 16 ++++++++++++++ ...dDistTest.testStartDevHelpAll.approved.txt | 16 ++++++++++++++ ...CommandDistTest.testStartHelp.approved.txt | 16 ++++++++++++++ ...mandDistTest.testStartHelpAll.approved.txt | 16 ++++++++++++++ ...stTest.testStartOptimizedHelp.approved.txt | 16 ++++++++++++++ ...est.testStartOptimizedHelpAll.approved.txt | 16 ++++++++++++++ services/pom.xml | 5 ++++- .../services/managers/ApplianceBootstrap.java | 9 +++----- 16 files changed, 206 insertions(+), 30 deletions(-) diff --git a/quarkus/config-api/src/main/java/org/keycloak/config/BootstrapAdminOptions.java b/quarkus/config-api/src/main/java/org/keycloak/config/BootstrapAdminOptions.java index 21a7305001..82224ac40d 100644 --- a/quarkus/config-api/src/main/java/org/keycloak/config/BootstrapAdminOptions.java +++ b/quarkus/config-api/src/main/java/org/keycloak/config/BootstrapAdminOptions.java @@ -1,35 +1,39 @@ package org.keycloak.config; public class BootstrapAdminOptions { + + public static final String DEFAULT_TEMP_ADMIN_USERNAME = "temp-admin"; + public static final String DEFAULT_TEMP_ADMIN_SERVICE = DEFAULT_TEMP_ADMIN_USERNAME; + public static final int DEFAULT_TEMP_ADMIN_EXPIRATION = 120; + private static final String USED_ONLY_WHEN = " Used only when the master realm is created."; + private static final String NON_CLI = " Use a non-CLI configuration option for this option if possible."; public static final Option PASSWORD = new OptionBuilder<>("bootstrap-admin-password", String.class) .category(OptionCategory.BOOTSTRAP_ADMIN) - .description("Bootstrap admin password") - .hidden() + .description("Temporary bootstrap admin password." + USED_ONLY_WHEN + NON_CLI) .build(); public static final Option USERNAME = new OptionBuilder<>("bootstrap-admin-username", String.class) .category(OptionCategory.BOOTSTRAP_ADMIN) - .description("Username of the bootstrap admin") - .hidden() + .description("Temporary bootstrap admin username." + USED_ONLY_WHEN) + .defaultValue(DEFAULT_TEMP_ADMIN_USERNAME) .build(); public static final Option EXPIRATION = new OptionBuilder<>("bootstrap-admin-expiration", Integer.class) .category(OptionCategory.BOOTSTRAP_ADMIN) - .description("Time in minutes for the bootstrap admin user to expire.") + .description("Time in minutes for the bootstrap admin user to expire." + USED_ONLY_WHEN) .hidden() .build(); public static final Option CLIENT_ID = new OptionBuilder<>("bootstrap-admin-client-id", String.class) .category(OptionCategory.BOOTSTRAP_ADMIN) - .description("Client id for the admin service") - .hidden() + .description("Client id for the temporary bootstrap admin service account." + USED_ONLY_WHEN) + .defaultValue(DEFAULT_TEMP_ADMIN_SERVICE) .build(); public static final Option CLIENT_SECRET = new OptionBuilder<>("bootstrap-admin-client-secret", String.class) .category(OptionCategory.BOOTSTRAP_ADMIN) - .description("Client secret for the admin service") - .hidden() + .description("Client secret for the temporary bootstrap admin service account." + USED_ONLY_WHEN + NON_CLI) .build(); } diff --git a/quarkus/runtime/src/main/java/org/keycloak/quarkus/runtime/cli/command/BootstrapAdminService.java b/quarkus/runtime/src/main/java/org/keycloak/quarkus/runtime/cli/command/BootstrapAdminService.java index ad644e4e1a..3d3c5adf80 100644 --- a/quarkus/runtime/src/main/java/org/keycloak/quarkus/runtime/cli/command/BootstrapAdminService.java +++ b/quarkus/runtime/src/main/java/org/keycloak/quarkus/runtime/cli/command/BootstrapAdminService.java @@ -18,11 +18,11 @@ package org.keycloak.quarkus.runtime.cli.command; import org.keycloak.common.util.IoUtils; +import org.keycloak.config.BootstrapAdminOptions; import org.keycloak.models.KeycloakSessionFactory; import org.keycloak.models.utils.KeycloakModelUtils; import org.keycloak.quarkus.runtime.cli.PropertyException; import org.keycloak.quarkus.runtime.integration.jaxrs.QuarkusKeycloakApplication; -import org.keycloak.services.managers.ApplianceBootstrap; import org.keycloak.services.resources.KeycloakApplication; import picocli.CommandLine.ArgGroup; @@ -38,7 +38,7 @@ public class BootstrapAdminService extends AbstractNonServerCommand { static class ClientIdOptions { @Option(names = { "--client-id" }, description = "Client id, defaults to " - + ApplianceBootstrap.DEFAULT_TEMP_ADMIN_SERVICE) + + BootstrapAdminOptions.DEFAULT_TEMP_ADMIN_SERVICE) String clientId; @Option(names = { "--client-id:env" }, description = "Environment variable name for the client id") @@ -69,7 +69,7 @@ public class BootstrapAdminService extends AbstractNonServerCommand { clientId = clientIdOptions.clientId; } } else if (!bootstrap.noPrompt) { - clientId = IoUtils.readLineFromConsole("client id", ApplianceBootstrap.DEFAULT_TEMP_ADMIN_SERVICE); + clientId = IoUtils.readLineFromConsole("client id", BootstrapAdminOptions.DEFAULT_TEMP_ADMIN_SERVICE); } if (clientSecretEnv == null) { diff --git a/quarkus/runtime/src/main/java/org/keycloak/quarkus/runtime/cli/command/BootstrapAdminUser.java b/quarkus/runtime/src/main/java/org/keycloak/quarkus/runtime/cli/command/BootstrapAdminUser.java index ce20e941eb..aff5278e3c 100644 --- a/quarkus/runtime/src/main/java/org/keycloak/quarkus/runtime/cli/command/BootstrapAdminUser.java +++ b/quarkus/runtime/src/main/java/org/keycloak/quarkus/runtime/cli/command/BootstrapAdminUser.java @@ -18,11 +18,11 @@ package org.keycloak.quarkus.runtime.cli.command; import org.keycloak.common.util.IoUtils; +import org.keycloak.config.BootstrapAdminOptions; import org.keycloak.models.KeycloakSessionFactory; import org.keycloak.models.utils.KeycloakModelUtils; import org.keycloak.quarkus.runtime.cli.PropertyException; import org.keycloak.quarkus.runtime.integration.jaxrs.QuarkusKeycloakApplication; -import org.keycloak.services.managers.ApplianceBootstrap; import org.keycloak.services.resources.KeycloakApplication; import picocli.CommandLine.ArgGroup; @@ -38,7 +38,7 @@ public class BootstrapAdminUser extends AbstractNonServerCommand { static class UsernameOptions { @Option(names = { "--username" }, description = "Username of admin user, defaults to " - + ApplianceBootstrap.DEFAULT_TEMP_ADMIN_USERNAME) + + BootstrapAdminOptions.DEFAULT_TEMP_ADMIN_USERNAME) String username; @Option(names = { "--username:env" }, description = "Environment variable name for the admin username") @@ -69,7 +69,7 @@ public class BootstrapAdminUser extends AbstractNonServerCommand { username = usernameOptions.username; } } else if (!bootstrap.noPrompt) { - username = IoUtils.readLineFromConsole("username", ApplianceBootstrap.DEFAULT_TEMP_ADMIN_USERNAME); + username = IoUtils.readLineFromConsole("username", BootstrapAdminOptions.DEFAULT_TEMP_ADMIN_USERNAME); } if (passwordEnv == null) { diff --git a/quarkus/runtime/src/main/java/org/keycloak/quarkus/runtime/configuration/mappers/BootstrapAdminPropertyMappers.java b/quarkus/runtime/src/main/java/org/keycloak/quarkus/runtime/configuration/mappers/BootstrapAdminPropertyMappers.java index 8fa0aef5dc..1d53767b65 100644 --- a/quarkus/runtime/src/main/java/org/keycloak/quarkus/runtime/configuration/mappers/BootstrapAdminPropertyMappers.java +++ b/quarkus/runtime/src/main/java/org/keycloak/quarkus/runtime/configuration/mappers/BootstrapAdminPropertyMappers.java @@ -18,6 +18,7 @@ package org.keycloak.quarkus.runtime.configuration.mappers; import org.keycloak.config.BootstrapAdminOptions; +import org.keycloak.quarkus.runtime.cli.PropertyException; import static org.keycloak.quarkus.runtime.configuration.Configuration.getOptionalKcValue; import static org.keycloak.quarkus.runtime.configuration.mappers.PropertyMapper.fromOption; @@ -30,25 +31,36 @@ public final class BootstrapAdminPropertyMappers { private BootstrapAdminPropertyMappers() { } + // We prefer validators here to isEnabled so that the options show up in help public static PropertyMapper[] getMappers() { return new PropertyMapper[]{ fromOption(BootstrapAdminOptions.USERNAME) .paramLabel("username") - .isEnabled(BootstrapAdminPropertyMappers::isPasswordSet, PASSWORD_SET) + .validator((mapper, value) -> { + if (!isPasswordSet()) { + throw new PropertyException(mapper.getOption().getKey() + " available only when " + PASSWORD_SET); + } + }) .build(), fromOption(BootstrapAdminOptions.PASSWORD) .paramLabel("password") + .isMasked(true) .build(), - fromOption(BootstrapAdminOptions.EXPIRATION) + /*fromOption(BootstrapAdminOptions.EXPIRATION) .paramLabel("expiration") .isEnabled(BootstrapAdminPropertyMappers::isPasswordSet, PASSWORD_SET) - .build(), + .build(),*/ fromOption(BootstrapAdminOptions.CLIENT_ID) .paramLabel("client id") - .isEnabled(BootstrapAdminPropertyMappers::isClientSecretSet, CLIENT_SECRET_SET) + .validator((mapper, value) -> { + if (!isClientSecretSet()) { + throw new PropertyException(mapper.getOption().getKey() + " available only when " + CLIENT_SECRET_SET); + } + }) .build(), fromOption(BootstrapAdminOptions.CLIENT_SECRET) .paramLabel("client secret") + .isMasked(true) .build(), }; } diff --git a/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testExportHelp.approved.txt b/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testExportHelp.approved.txt index 6157473bdf..1eeec74d49 100644 --- a/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testExportHelp.approved.txt +++ b/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testExportHelp.approved.txt @@ -158,4 +158,20 @@ Export: --users-per-file Set the number of users per file. It is used only if 'users' is set to 'different_files'. Increasing this number leads to exponentially increasing - export times. Default: 50. \ No newline at end of file + export times. Default: 50. + +Bootstrap Admin: + +--bootstrap-admin-client-id + Client id for the temporary bootstrap admin service account. Used only when + the master realm is created. Default: temp-admin. +--bootstrap-admin-client-secret + Client secret for the temporary bootstrap admin service account. Used only + when the master realm is created. Use a non-CLI configuration option for + this option if possible. +--bootstrap-admin-password + Temporary bootstrap admin password. Used only when the master realm is + created. Use a non-CLI configuration option for this option if possible. +--bootstrap-admin-username + Temporary bootstrap admin username. Used only when the master realm is + created. Default: temp-admin. \ No newline at end of file diff --git a/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testExportHelpAll.approved.txt b/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testExportHelpAll.approved.txt index dd9a75fb00..69400c5602 100644 --- a/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testExportHelpAll.approved.txt +++ b/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testExportHelpAll.approved.txt @@ -262,4 +262,20 @@ Export: --users-per-file Set the number of users per file. It is used only if 'users' is set to 'different_files'. Increasing this number leads to exponentially increasing - export times. Default: 50. \ No newline at end of file + export times. Default: 50. + +Bootstrap Admin: + +--bootstrap-admin-client-id + Client id for the temporary bootstrap admin service account. Used only when + the master realm is created. Default: temp-admin. +--bootstrap-admin-client-secret + Client secret for the temporary bootstrap admin service account. Used only + when the master realm is created. Use a non-CLI configuration option for + this option if possible. +--bootstrap-admin-password + Temporary bootstrap admin password. Used only when the master realm is + created. Use a non-CLI configuration option for this option if possible. +--bootstrap-admin-username + Temporary bootstrap admin username. Used only when the master realm is + created. Default: temp-admin. \ No newline at end of file diff --git a/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testImportHelp.approved.txt b/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testImportHelp.approved.txt index 2be0772a8f..dfde31e3ce 100644 --- a/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testImportHelp.approved.txt +++ b/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testImportHelp.approved.txt @@ -152,4 +152,20 @@ Import: --file Set the path to a file that will be read. --override Set if existing data should be overwritten. If set to false, data will be - ignored. Default: true. \ No newline at end of file + ignored. Default: true. + +Bootstrap Admin: + +--bootstrap-admin-client-id + Client id for the temporary bootstrap admin service account. Used only when + the master realm is created. Default: temp-admin. +--bootstrap-admin-client-secret + Client secret for the temporary bootstrap admin service account. Used only + when the master realm is created. Use a non-CLI configuration option for + this option if possible. +--bootstrap-admin-password + Temporary bootstrap admin password. Used only when the master realm is + created. Use a non-CLI configuration option for this option if possible. +--bootstrap-admin-username + Temporary bootstrap admin username. Used only when the master realm is + created. Default: temp-admin. \ No newline at end of file diff --git a/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testImportHelpAll.approved.txt b/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testImportHelpAll.approved.txt index ecc75cedce..dcf0ceec09 100644 --- a/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testImportHelpAll.approved.txt +++ b/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testImportHelpAll.approved.txt @@ -256,4 +256,20 @@ Import: --file Set the path to a file that will be read. --override Set if existing data should be overwritten. If set to false, data will be - ignored. Default: true. \ No newline at end of file + ignored. Default: true. + +Bootstrap Admin: + +--bootstrap-admin-client-id + Client id for the temporary bootstrap admin service account. Used only when + the master realm is created. Default: temp-admin. +--bootstrap-admin-client-secret + Client secret for the temporary bootstrap admin service account. Used only + when the master realm is created. Use a non-CLI configuration option for + this option if possible. +--bootstrap-admin-password + Temporary bootstrap admin password. Used only when the master realm is + created. Use a non-CLI configuration option for this option if possible. +--bootstrap-admin-username + Temporary bootstrap admin username. Used only when the master realm is + created. Default: temp-admin. \ No newline at end of file diff --git a/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testStartDevHelp.approved.txt b/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testStartDevHelp.approved.txt index 31f2153d93..23803c869b 100644 --- a/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testStartDevHelp.approved.txt +++ b/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testStartDevHelp.approved.txt @@ -294,6 +294,22 @@ Security: feature is enabled. Possible values are: non-strict, strict. Default: disabled. +Bootstrap Admin: + +--bootstrap-admin-client-id + Client id for the temporary bootstrap admin service account. Used only when + the master realm is created. Default: temp-admin. +--bootstrap-admin-client-secret + Client secret for the temporary bootstrap admin service account. Used only + when the master realm is created. Use a non-CLI configuration option for + this option if possible. +--bootstrap-admin-password + Temporary bootstrap admin password. Used only when the master realm is + created. Use a non-CLI configuration option for this option if possible. +--bootstrap-admin-username + Temporary bootstrap admin username. Used only when the master realm is + created. Default: temp-admin. + Do NOT start the server using this command when deploying to production. Use 'kc.sh start-dev --help-all' to list all available options, including build diff --git a/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testStartDevHelpAll.approved.txt b/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testStartDevHelpAll.approved.txt index d8215ee70b..b7155576f7 100644 --- a/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testStartDevHelpAll.approved.txt +++ b/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testStartDevHelpAll.approved.txt @@ -470,6 +470,22 @@ Security: feature is enabled. Possible values are: non-strict, strict. Default: disabled. +Bootstrap Admin: + +--bootstrap-admin-client-id + Client id for the temporary bootstrap admin service account. Used only when + the master realm is created. Default: temp-admin. +--bootstrap-admin-client-secret + Client secret for the temporary bootstrap admin service account. Used only + when the master realm is created. Use a non-CLI configuration option for + this option if possible. +--bootstrap-admin-password + Temporary bootstrap admin password. Used only when the master realm is + created. Use a non-CLI configuration option for this option if possible. +--bootstrap-admin-username + Temporary bootstrap admin username. Used only when the master realm is + created. Default: temp-admin. + Do NOT start the server using this command when deploying to production. Use 'kc.sh start-dev --help-all' to list all available options, including build diff --git a/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testStartHelp.approved.txt b/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testStartHelp.approved.txt index 3c283c3ba9..0e0f586124 100644 --- a/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testStartHelp.approved.txt +++ b/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testStartHelp.approved.txt @@ -295,6 +295,22 @@ Security: feature is enabled. Possible values are: non-strict, strict. Default: disabled. +Bootstrap Admin: + +--bootstrap-admin-client-id + Client id for the temporary bootstrap admin service account. Used only when + the master realm is created. Default: temp-admin. +--bootstrap-admin-client-secret + Client secret for the temporary bootstrap admin service account. Used only + when the master realm is created. Use a non-CLI configuration option for + this option if possible. +--bootstrap-admin-password + Temporary bootstrap admin password. Used only when the master realm is + created. Use a non-CLI configuration option for this option if possible. +--bootstrap-admin-username + Temporary bootstrap admin username. Used only when the master realm is + created. Default: temp-admin. + By default, this command tries to update the server configuration by running a 'build' before starting the server. You can disable this behavior by using the '--optimized' option: diff --git a/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testStartHelpAll.approved.txt b/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testStartHelpAll.approved.txt index 6cc1c143e4..88a70ed3f3 100644 --- a/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testStartHelpAll.approved.txt +++ b/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testStartHelpAll.approved.txt @@ -471,6 +471,22 @@ Security: feature is enabled. Possible values are: non-strict, strict. Default: disabled. +Bootstrap Admin: + +--bootstrap-admin-client-id + Client id for the temporary bootstrap admin service account. Used only when + the master realm is created. Default: temp-admin. +--bootstrap-admin-client-secret + Client secret for the temporary bootstrap admin service account. Used only + when the master realm is created. Use a non-CLI configuration option for + this option if possible. +--bootstrap-admin-password + Temporary bootstrap admin password. Used only when the master realm is + created. Use a non-CLI configuration option for this option if possible. +--bootstrap-admin-username + Temporary bootstrap admin username. Used only when the master realm is + created. Default: temp-admin. + By default, this command tries to update the server configuration by running a 'build' before starting the server. You can disable this behavior by using the '--optimized' option: diff --git a/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testStartOptimizedHelp.approved.txt b/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testStartOptimizedHelp.approved.txt index 06592210d3..e47ccfb585 100644 --- a/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testStartOptimizedHelp.approved.txt +++ b/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testStartOptimizedHelp.approved.txt @@ -237,6 +237,22 @@ Truststore: List of pkcs12 (p12 or pfx file extensions), PEM files, or directories containing those files that will be used as a system truststore. +Bootstrap Admin: + +--bootstrap-admin-client-id + Client id for the temporary bootstrap admin service account. Used only when + the master realm is created. Default: temp-admin. +--bootstrap-admin-client-secret + Client secret for the temporary bootstrap admin service account. Used only + when the master realm is created. Use a non-CLI configuration option for + this option if possible. +--bootstrap-admin-password + Temporary bootstrap admin password. Used only when the master realm is + created. Use a non-CLI configuration option for this option if possible. +--bootstrap-admin-username + Temporary bootstrap admin username. Used only when the master realm is + created. Default: temp-admin. + By default, this command tries to update the server configuration by running a 'build' before starting the server. You can disable this behavior by using the '--optimized' option: diff --git a/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testStartOptimizedHelpAll.approved.txt b/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testStartOptimizedHelpAll.approved.txt index bc0048b41d..c993bc32fb 100644 --- a/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testStartOptimizedHelpAll.approved.txt +++ b/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testStartOptimizedHelpAll.approved.txt @@ -403,6 +403,22 @@ Truststore: List of pkcs12 (p12 or pfx file extensions), PEM files, or directories containing those files that will be used as a system truststore. +Bootstrap Admin: + +--bootstrap-admin-client-id + Client id for the temporary bootstrap admin service account. Used only when + the master realm is created. Default: temp-admin. +--bootstrap-admin-client-secret + Client secret for the temporary bootstrap admin service account. Used only + when the master realm is created. Use a non-CLI configuration option for + this option if possible. +--bootstrap-admin-password + Temporary bootstrap admin password. Used only when the master realm is + created. Use a non-CLI configuration option for this option if possible. +--bootstrap-admin-username + Temporary bootstrap admin username. Used only when the master realm is + created. Default: temp-admin. + By default, this command tries to update the server configuration by running a 'build' before starting the server. You can disable this behavior by using the '--optimized' option: diff --git a/services/pom.xml b/services/pom.xml index 31733aa923..324d4570af 100755 --- a/services/pom.xml +++ b/services/pom.xml @@ -246,7 +246,10 @@ org.keycloak keycloak-model-storage-private - + + org.keycloak + keycloak-config-api + diff --git a/services/src/main/java/org/keycloak/services/managers/ApplianceBootstrap.java b/services/src/main/java/org/keycloak/services/managers/ApplianceBootstrap.java index fb4c9624e7..3ed64e0564 100755 --- a/services/src/main/java/org/keycloak/services/managers/ApplianceBootstrap.java +++ b/services/src/main/java/org/keycloak/services/managers/ApplianceBootstrap.java @@ -19,6 +19,7 @@ package org.keycloak.services.managers; import org.keycloak.Config; import org.keycloak.common.Version; import org.keycloak.common.enums.SslRequired; +import org.keycloak.config.BootstrapAdminOptions; import org.keycloak.models.AdminRoles; import org.keycloak.models.ClientModel; import org.keycloak.models.Constants; @@ -45,10 +46,6 @@ import static org.keycloak.models.Constants.IS_TEMP_ADMIN_ATTR_NAME; */ public class ApplianceBootstrap { - public static final String DEFAULT_TEMP_ADMIN_USERNAME = "temp-admin"; - public static final String DEFAULT_TEMP_ADMIN_SERVICE = "temp-admin"; - public static final int DEFAULT_TEMP_ADMIN_EXPIRATION = 120; - private final KeycloakSession session; public ApplianceBootstrap(KeycloakSession session) { @@ -127,7 +124,7 @@ public class ApplianceBootstrap { RealmModel realm = session.realms().getRealmByName(Config.getAdminRealm()); session.getContext().setRealm(realm); - username = StringUtil.isBlank(username) ? DEFAULT_TEMP_ADMIN_USERNAME : username; + username = StringUtil.isBlank(username) ? BootstrapAdminOptions.DEFAULT_TEMP_ADMIN_USERNAME : username; //expriationMinutes = expriationMinutes == null ? DEFAULT_TEMP_ADMIN_EXPIRATION : expriationMinutes; if (initialUser && session.users().getUsersCount(realm) > 0) { @@ -165,7 +162,7 @@ public class ApplianceBootstrap { RealmModel realm = session.realms().getRealmByName(Config.getAdminRealm()); session.getContext().setRealm(realm); - clientId = StringUtil.isBlank(clientId) ? DEFAULT_TEMP_ADMIN_SERVICE : clientId; + clientId = StringUtil.isBlank(clientId) ? BootstrapAdminOptions.DEFAULT_TEMP_ADMIN_SERVICE : clientId; //expriationMinutes = expriationMinutes == null ? DEFAULT_TEMP_ADMIN_EXPIRATION : expriationMinutes; ClientRepresentation adminClient = new ClientRepresentation();