fix: expose bootstrap-admin-* options (#32241)
* fix: expose bootstrap-admin-* options closes: #32176 Signed-off-by: Steve Hawkins <shawkins@redhat.com> * Update quarkus/config-api/src/main/java/org/keycloak/config/BootstrapAdminOptions.java Co-authored-by: Martin Bartoš <mabartos@redhat.com> Signed-off-by: Steven Hawkins <shawkins@redhat.com> --------- Signed-off-by: Steve Hawkins <shawkins@redhat.com> Signed-off-by: Steven Hawkins <shawkins@redhat.com> Co-authored-by: Martin Bartoš <mabartos@redhat.com>
This commit is contained in:
parent
6ab3b98743
commit
d9a92f5de3
16 changed files with 206 additions and 30 deletions
|
@ -1,35 +1,39 @@
|
||||||
package org.keycloak.config;
|
package org.keycloak.config;
|
||||||
|
|
||||||
public class BootstrapAdminOptions {
|
public class BootstrapAdminOptions {
|
||||||
|
|
||||||
|
public static final String DEFAULT_TEMP_ADMIN_USERNAME = "temp-admin";
|
||||||
|
public static final String DEFAULT_TEMP_ADMIN_SERVICE = DEFAULT_TEMP_ADMIN_USERNAME;
|
||||||
|
public static final int DEFAULT_TEMP_ADMIN_EXPIRATION = 120;
|
||||||
|
private static final String USED_ONLY_WHEN = " Used only when the master realm is created.";
|
||||||
|
private static final String NON_CLI = " Use a non-CLI configuration option for this option if possible.";
|
||||||
|
|
||||||
public static final Option<String> PASSWORD = new OptionBuilder<>("bootstrap-admin-password", String.class)
|
public static final Option<String> PASSWORD = new OptionBuilder<>("bootstrap-admin-password", String.class)
|
||||||
.category(OptionCategory.BOOTSTRAP_ADMIN)
|
.category(OptionCategory.BOOTSTRAP_ADMIN)
|
||||||
.description("Bootstrap admin password")
|
.description("Temporary bootstrap admin password." + USED_ONLY_WHEN + NON_CLI)
|
||||||
.hidden()
|
|
||||||
.build();
|
.build();
|
||||||
|
|
||||||
public static final Option<String> USERNAME = new OptionBuilder<>("bootstrap-admin-username", String.class)
|
public static final Option<String> USERNAME = new OptionBuilder<>("bootstrap-admin-username", String.class)
|
||||||
.category(OptionCategory.BOOTSTRAP_ADMIN)
|
.category(OptionCategory.BOOTSTRAP_ADMIN)
|
||||||
.description("Username of the bootstrap admin")
|
.description("Temporary bootstrap admin username." + USED_ONLY_WHEN)
|
||||||
.hidden()
|
.defaultValue(DEFAULT_TEMP_ADMIN_USERNAME)
|
||||||
.build();
|
.build();
|
||||||
|
|
||||||
public static final Option<Integer> EXPIRATION = new OptionBuilder<>("bootstrap-admin-expiration", Integer.class)
|
public static final Option<Integer> EXPIRATION = new OptionBuilder<>("bootstrap-admin-expiration", Integer.class)
|
||||||
.category(OptionCategory.BOOTSTRAP_ADMIN)
|
.category(OptionCategory.BOOTSTRAP_ADMIN)
|
||||||
.description("Time in minutes for the bootstrap admin user to expire.")
|
.description("Time in minutes for the bootstrap admin user to expire." + USED_ONLY_WHEN)
|
||||||
.hidden()
|
.hidden()
|
||||||
.build();
|
.build();
|
||||||
|
|
||||||
public static final Option<String> CLIENT_ID = new OptionBuilder<>("bootstrap-admin-client-id", String.class)
|
public static final Option<String> CLIENT_ID = new OptionBuilder<>("bootstrap-admin-client-id", String.class)
|
||||||
.category(OptionCategory.BOOTSTRAP_ADMIN)
|
.category(OptionCategory.BOOTSTRAP_ADMIN)
|
||||||
.description("Client id for the admin service")
|
.description("Client id for the temporary bootstrap admin service account." + USED_ONLY_WHEN)
|
||||||
.hidden()
|
.defaultValue(DEFAULT_TEMP_ADMIN_SERVICE)
|
||||||
.build();
|
.build();
|
||||||
|
|
||||||
public static final Option<String> CLIENT_SECRET = new OptionBuilder<>("bootstrap-admin-client-secret", String.class)
|
public static final Option<String> CLIENT_SECRET = new OptionBuilder<>("bootstrap-admin-client-secret", String.class)
|
||||||
.category(OptionCategory.BOOTSTRAP_ADMIN)
|
.category(OptionCategory.BOOTSTRAP_ADMIN)
|
||||||
.description("Client secret for the admin service")
|
.description("Client secret for the temporary bootstrap admin service account." + USED_ONLY_WHEN + NON_CLI)
|
||||||
.hidden()
|
|
||||||
.build();
|
.build();
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
|
@ -18,11 +18,11 @@
|
||||||
package org.keycloak.quarkus.runtime.cli.command;
|
package org.keycloak.quarkus.runtime.cli.command;
|
||||||
|
|
||||||
import org.keycloak.common.util.IoUtils;
|
import org.keycloak.common.util.IoUtils;
|
||||||
|
import org.keycloak.config.BootstrapAdminOptions;
|
||||||
import org.keycloak.models.KeycloakSessionFactory;
|
import org.keycloak.models.KeycloakSessionFactory;
|
||||||
import org.keycloak.models.utils.KeycloakModelUtils;
|
import org.keycloak.models.utils.KeycloakModelUtils;
|
||||||
import org.keycloak.quarkus.runtime.cli.PropertyException;
|
import org.keycloak.quarkus.runtime.cli.PropertyException;
|
||||||
import org.keycloak.quarkus.runtime.integration.jaxrs.QuarkusKeycloakApplication;
|
import org.keycloak.quarkus.runtime.integration.jaxrs.QuarkusKeycloakApplication;
|
||||||
import org.keycloak.services.managers.ApplianceBootstrap;
|
|
||||||
import org.keycloak.services.resources.KeycloakApplication;
|
import org.keycloak.services.resources.KeycloakApplication;
|
||||||
|
|
||||||
import picocli.CommandLine.ArgGroup;
|
import picocli.CommandLine.ArgGroup;
|
||||||
|
@ -38,7 +38,7 @@ public class BootstrapAdminService extends AbstractNonServerCommand {
|
||||||
|
|
||||||
static class ClientIdOptions {
|
static class ClientIdOptions {
|
||||||
@Option(names = { "--client-id" }, description = "Client id, defaults to "
|
@Option(names = { "--client-id" }, description = "Client id, defaults to "
|
||||||
+ ApplianceBootstrap.DEFAULT_TEMP_ADMIN_SERVICE)
|
+ BootstrapAdminOptions.DEFAULT_TEMP_ADMIN_SERVICE)
|
||||||
String clientId;
|
String clientId;
|
||||||
|
|
||||||
@Option(names = { "--client-id:env" }, description = "Environment variable name for the client id")
|
@Option(names = { "--client-id:env" }, description = "Environment variable name for the client id")
|
||||||
|
@ -69,7 +69,7 @@ public class BootstrapAdminService extends AbstractNonServerCommand {
|
||||||
clientId = clientIdOptions.clientId;
|
clientId = clientIdOptions.clientId;
|
||||||
}
|
}
|
||||||
} else if (!bootstrap.noPrompt) {
|
} else if (!bootstrap.noPrompt) {
|
||||||
clientId = IoUtils.readLineFromConsole("client id", ApplianceBootstrap.DEFAULT_TEMP_ADMIN_SERVICE);
|
clientId = IoUtils.readLineFromConsole("client id", BootstrapAdminOptions.DEFAULT_TEMP_ADMIN_SERVICE);
|
||||||
}
|
}
|
||||||
|
|
||||||
if (clientSecretEnv == null) {
|
if (clientSecretEnv == null) {
|
||||||
|
|
|
@ -18,11 +18,11 @@
|
||||||
package org.keycloak.quarkus.runtime.cli.command;
|
package org.keycloak.quarkus.runtime.cli.command;
|
||||||
|
|
||||||
import org.keycloak.common.util.IoUtils;
|
import org.keycloak.common.util.IoUtils;
|
||||||
|
import org.keycloak.config.BootstrapAdminOptions;
|
||||||
import org.keycloak.models.KeycloakSessionFactory;
|
import org.keycloak.models.KeycloakSessionFactory;
|
||||||
import org.keycloak.models.utils.KeycloakModelUtils;
|
import org.keycloak.models.utils.KeycloakModelUtils;
|
||||||
import org.keycloak.quarkus.runtime.cli.PropertyException;
|
import org.keycloak.quarkus.runtime.cli.PropertyException;
|
||||||
import org.keycloak.quarkus.runtime.integration.jaxrs.QuarkusKeycloakApplication;
|
import org.keycloak.quarkus.runtime.integration.jaxrs.QuarkusKeycloakApplication;
|
||||||
import org.keycloak.services.managers.ApplianceBootstrap;
|
|
||||||
import org.keycloak.services.resources.KeycloakApplication;
|
import org.keycloak.services.resources.KeycloakApplication;
|
||||||
|
|
||||||
import picocli.CommandLine.ArgGroup;
|
import picocli.CommandLine.ArgGroup;
|
||||||
|
@ -38,7 +38,7 @@ public class BootstrapAdminUser extends AbstractNonServerCommand {
|
||||||
|
|
||||||
static class UsernameOptions {
|
static class UsernameOptions {
|
||||||
@Option(names = { "--username" }, description = "Username of admin user, defaults to "
|
@Option(names = { "--username" }, description = "Username of admin user, defaults to "
|
||||||
+ ApplianceBootstrap.DEFAULT_TEMP_ADMIN_USERNAME)
|
+ BootstrapAdminOptions.DEFAULT_TEMP_ADMIN_USERNAME)
|
||||||
String username;
|
String username;
|
||||||
|
|
||||||
@Option(names = { "--username:env" }, description = "Environment variable name for the admin username")
|
@Option(names = { "--username:env" }, description = "Environment variable name for the admin username")
|
||||||
|
@ -69,7 +69,7 @@ public class BootstrapAdminUser extends AbstractNonServerCommand {
|
||||||
username = usernameOptions.username;
|
username = usernameOptions.username;
|
||||||
}
|
}
|
||||||
} else if (!bootstrap.noPrompt) {
|
} else if (!bootstrap.noPrompt) {
|
||||||
username = IoUtils.readLineFromConsole("username", ApplianceBootstrap.DEFAULT_TEMP_ADMIN_USERNAME);
|
username = IoUtils.readLineFromConsole("username", BootstrapAdminOptions.DEFAULT_TEMP_ADMIN_USERNAME);
|
||||||
}
|
}
|
||||||
|
|
||||||
if (passwordEnv == null) {
|
if (passwordEnv == null) {
|
||||||
|
|
|
@ -18,6 +18,7 @@
|
||||||
package org.keycloak.quarkus.runtime.configuration.mappers;
|
package org.keycloak.quarkus.runtime.configuration.mappers;
|
||||||
|
|
||||||
import org.keycloak.config.BootstrapAdminOptions;
|
import org.keycloak.config.BootstrapAdminOptions;
|
||||||
|
import org.keycloak.quarkus.runtime.cli.PropertyException;
|
||||||
|
|
||||||
import static org.keycloak.quarkus.runtime.configuration.Configuration.getOptionalKcValue;
|
import static org.keycloak.quarkus.runtime.configuration.Configuration.getOptionalKcValue;
|
||||||
import static org.keycloak.quarkus.runtime.configuration.mappers.PropertyMapper.fromOption;
|
import static org.keycloak.quarkus.runtime.configuration.mappers.PropertyMapper.fromOption;
|
||||||
|
@ -30,25 +31,36 @@ public final class BootstrapAdminPropertyMappers {
|
||||||
private BootstrapAdminPropertyMappers() {
|
private BootstrapAdminPropertyMappers() {
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// We prefer validators here to isEnabled so that the options show up in help
|
||||||
public static PropertyMapper<?>[] getMappers() {
|
public static PropertyMapper<?>[] getMappers() {
|
||||||
return new PropertyMapper[]{
|
return new PropertyMapper[]{
|
||||||
fromOption(BootstrapAdminOptions.USERNAME)
|
fromOption(BootstrapAdminOptions.USERNAME)
|
||||||
.paramLabel("username")
|
.paramLabel("username")
|
||||||
.isEnabled(BootstrapAdminPropertyMappers::isPasswordSet, PASSWORD_SET)
|
.validator((mapper, value) -> {
|
||||||
|
if (!isPasswordSet()) {
|
||||||
|
throw new PropertyException(mapper.getOption().getKey() + " available only when " + PASSWORD_SET);
|
||||||
|
}
|
||||||
|
})
|
||||||
.build(),
|
.build(),
|
||||||
fromOption(BootstrapAdminOptions.PASSWORD)
|
fromOption(BootstrapAdminOptions.PASSWORD)
|
||||||
.paramLabel("password")
|
.paramLabel("password")
|
||||||
|
.isMasked(true)
|
||||||
.build(),
|
.build(),
|
||||||
fromOption(BootstrapAdminOptions.EXPIRATION)
|
/*fromOption(BootstrapAdminOptions.EXPIRATION)
|
||||||
.paramLabel("expiration")
|
.paramLabel("expiration")
|
||||||
.isEnabled(BootstrapAdminPropertyMappers::isPasswordSet, PASSWORD_SET)
|
.isEnabled(BootstrapAdminPropertyMappers::isPasswordSet, PASSWORD_SET)
|
||||||
.build(),
|
.build(),*/
|
||||||
fromOption(BootstrapAdminOptions.CLIENT_ID)
|
fromOption(BootstrapAdminOptions.CLIENT_ID)
|
||||||
.paramLabel("client id")
|
.paramLabel("client id")
|
||||||
.isEnabled(BootstrapAdminPropertyMappers::isClientSecretSet, CLIENT_SECRET_SET)
|
.validator((mapper, value) -> {
|
||||||
|
if (!isClientSecretSet()) {
|
||||||
|
throw new PropertyException(mapper.getOption().getKey() + " available only when " + CLIENT_SECRET_SET);
|
||||||
|
}
|
||||||
|
})
|
||||||
.build(),
|
.build(),
|
||||||
fromOption(BootstrapAdminOptions.CLIENT_SECRET)
|
fromOption(BootstrapAdminOptions.CLIENT_SECRET)
|
||||||
.paramLabel("client secret")
|
.paramLabel("client secret")
|
||||||
|
.isMasked(true)
|
||||||
.build(),
|
.build(),
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
|
@ -158,4 +158,20 @@ Export:
|
||||||
--users-per-file <number>
|
--users-per-file <number>
|
||||||
Set the number of users per file. It is used only if 'users' is set to
|
Set the number of users per file. It is used only if 'users' is set to
|
||||||
'different_files'. Increasing this number leads to exponentially increasing
|
'different_files'. Increasing this number leads to exponentially increasing
|
||||||
export times. Default: 50.
|
export times. Default: 50.
|
||||||
|
|
||||||
|
Bootstrap Admin:
|
||||||
|
|
||||||
|
--bootstrap-admin-client-id <client id>
|
||||||
|
Client id for the temporary bootstrap admin service account. Used only when
|
||||||
|
the master realm is created. Default: temp-admin.
|
||||||
|
--bootstrap-admin-client-secret <client secret>
|
||||||
|
Client secret for the temporary bootstrap admin service account. Used only
|
||||||
|
when the master realm is created. Use a non-CLI configuration option for
|
||||||
|
this option if possible.
|
||||||
|
--bootstrap-admin-password <password>
|
||||||
|
Temporary bootstrap admin password. Used only when the master realm is
|
||||||
|
created. Use a non-CLI configuration option for this option if possible.
|
||||||
|
--bootstrap-admin-username <username>
|
||||||
|
Temporary bootstrap admin username. Used only when the master realm is
|
||||||
|
created. Default: temp-admin.
|
|
@ -262,4 +262,20 @@ Export:
|
||||||
--users-per-file <number>
|
--users-per-file <number>
|
||||||
Set the number of users per file. It is used only if 'users' is set to
|
Set the number of users per file. It is used only if 'users' is set to
|
||||||
'different_files'. Increasing this number leads to exponentially increasing
|
'different_files'. Increasing this number leads to exponentially increasing
|
||||||
export times. Default: 50.
|
export times. Default: 50.
|
||||||
|
|
||||||
|
Bootstrap Admin:
|
||||||
|
|
||||||
|
--bootstrap-admin-client-id <client id>
|
||||||
|
Client id for the temporary bootstrap admin service account. Used only when
|
||||||
|
the master realm is created. Default: temp-admin.
|
||||||
|
--bootstrap-admin-client-secret <client secret>
|
||||||
|
Client secret for the temporary bootstrap admin service account. Used only
|
||||||
|
when the master realm is created. Use a non-CLI configuration option for
|
||||||
|
this option if possible.
|
||||||
|
--bootstrap-admin-password <password>
|
||||||
|
Temporary bootstrap admin password. Used only when the master realm is
|
||||||
|
created. Use a non-CLI configuration option for this option if possible.
|
||||||
|
--bootstrap-admin-username <username>
|
||||||
|
Temporary bootstrap admin username. Used only when the master realm is
|
||||||
|
created. Default: temp-admin.
|
|
@ -152,4 +152,20 @@ Import:
|
||||||
--file <file> Set the path to a file that will be read.
|
--file <file> Set the path to a file that will be read.
|
||||||
--override <true|false>
|
--override <true|false>
|
||||||
Set if existing data should be overwritten. If set to false, data will be
|
Set if existing data should be overwritten. If set to false, data will be
|
||||||
ignored. Default: true.
|
ignored. Default: true.
|
||||||
|
|
||||||
|
Bootstrap Admin:
|
||||||
|
|
||||||
|
--bootstrap-admin-client-id <client id>
|
||||||
|
Client id for the temporary bootstrap admin service account. Used only when
|
||||||
|
the master realm is created. Default: temp-admin.
|
||||||
|
--bootstrap-admin-client-secret <client secret>
|
||||||
|
Client secret for the temporary bootstrap admin service account. Used only
|
||||||
|
when the master realm is created. Use a non-CLI configuration option for
|
||||||
|
this option if possible.
|
||||||
|
--bootstrap-admin-password <password>
|
||||||
|
Temporary bootstrap admin password. Used only when the master realm is
|
||||||
|
created. Use a non-CLI configuration option for this option if possible.
|
||||||
|
--bootstrap-admin-username <username>
|
||||||
|
Temporary bootstrap admin username. Used only when the master realm is
|
||||||
|
created. Default: temp-admin.
|
|
@ -256,4 +256,20 @@ Import:
|
||||||
--file <file> Set the path to a file that will be read.
|
--file <file> Set the path to a file that will be read.
|
||||||
--override <true|false>
|
--override <true|false>
|
||||||
Set if existing data should be overwritten. If set to false, data will be
|
Set if existing data should be overwritten. If set to false, data will be
|
||||||
ignored. Default: true.
|
ignored. Default: true.
|
||||||
|
|
||||||
|
Bootstrap Admin:
|
||||||
|
|
||||||
|
--bootstrap-admin-client-id <client id>
|
||||||
|
Client id for the temporary bootstrap admin service account. Used only when
|
||||||
|
the master realm is created. Default: temp-admin.
|
||||||
|
--bootstrap-admin-client-secret <client secret>
|
||||||
|
Client secret for the temporary bootstrap admin service account. Used only
|
||||||
|
when the master realm is created. Use a non-CLI configuration option for
|
||||||
|
this option if possible.
|
||||||
|
--bootstrap-admin-password <password>
|
||||||
|
Temporary bootstrap admin password. Used only when the master realm is
|
||||||
|
created. Use a non-CLI configuration option for this option if possible.
|
||||||
|
--bootstrap-admin-username <username>
|
||||||
|
Temporary bootstrap admin username. Used only when the master realm is
|
||||||
|
created. Default: temp-admin.
|
|
@ -294,6 +294,22 @@ Security:
|
||||||
feature is enabled. Possible values are: non-strict, strict. Default:
|
feature is enabled. Possible values are: non-strict, strict. Default:
|
||||||
disabled.
|
disabled.
|
||||||
|
|
||||||
|
Bootstrap Admin:
|
||||||
|
|
||||||
|
--bootstrap-admin-client-id <client id>
|
||||||
|
Client id for the temporary bootstrap admin service account. Used only when
|
||||||
|
the master realm is created. Default: temp-admin.
|
||||||
|
--bootstrap-admin-client-secret <client secret>
|
||||||
|
Client secret for the temporary bootstrap admin service account. Used only
|
||||||
|
when the master realm is created. Use a non-CLI configuration option for
|
||||||
|
this option if possible.
|
||||||
|
--bootstrap-admin-password <password>
|
||||||
|
Temporary bootstrap admin password. Used only when the master realm is
|
||||||
|
created. Use a non-CLI configuration option for this option if possible.
|
||||||
|
--bootstrap-admin-username <username>
|
||||||
|
Temporary bootstrap admin username. Used only when the master realm is
|
||||||
|
created. Default: temp-admin.
|
||||||
|
|
||||||
Do NOT start the server using this command when deploying to production.
|
Do NOT start the server using this command when deploying to production.
|
||||||
|
|
||||||
Use 'kc.sh start-dev --help-all' to list all available options, including build
|
Use 'kc.sh start-dev --help-all' to list all available options, including build
|
||||||
|
|
|
@ -470,6 +470,22 @@ Security:
|
||||||
feature is enabled. Possible values are: non-strict, strict. Default:
|
feature is enabled. Possible values are: non-strict, strict. Default:
|
||||||
disabled.
|
disabled.
|
||||||
|
|
||||||
|
Bootstrap Admin:
|
||||||
|
|
||||||
|
--bootstrap-admin-client-id <client id>
|
||||||
|
Client id for the temporary bootstrap admin service account. Used only when
|
||||||
|
the master realm is created. Default: temp-admin.
|
||||||
|
--bootstrap-admin-client-secret <client secret>
|
||||||
|
Client secret for the temporary bootstrap admin service account. Used only
|
||||||
|
when the master realm is created. Use a non-CLI configuration option for
|
||||||
|
this option if possible.
|
||||||
|
--bootstrap-admin-password <password>
|
||||||
|
Temporary bootstrap admin password. Used only when the master realm is
|
||||||
|
created. Use a non-CLI configuration option for this option if possible.
|
||||||
|
--bootstrap-admin-username <username>
|
||||||
|
Temporary bootstrap admin username. Used only when the master realm is
|
||||||
|
created. Default: temp-admin.
|
||||||
|
|
||||||
Do NOT start the server using this command when deploying to production.
|
Do NOT start the server using this command when deploying to production.
|
||||||
|
|
||||||
Use 'kc.sh start-dev --help-all' to list all available options, including build
|
Use 'kc.sh start-dev --help-all' to list all available options, including build
|
||||||
|
|
|
@ -295,6 +295,22 @@ Security:
|
||||||
feature is enabled. Possible values are: non-strict, strict. Default:
|
feature is enabled. Possible values are: non-strict, strict. Default:
|
||||||
disabled.
|
disabled.
|
||||||
|
|
||||||
|
Bootstrap Admin:
|
||||||
|
|
||||||
|
--bootstrap-admin-client-id <client id>
|
||||||
|
Client id for the temporary bootstrap admin service account. Used only when
|
||||||
|
the master realm is created. Default: temp-admin.
|
||||||
|
--bootstrap-admin-client-secret <client secret>
|
||||||
|
Client secret for the temporary bootstrap admin service account. Used only
|
||||||
|
when the master realm is created. Use a non-CLI configuration option for
|
||||||
|
this option if possible.
|
||||||
|
--bootstrap-admin-password <password>
|
||||||
|
Temporary bootstrap admin password. Used only when the master realm is
|
||||||
|
created. Use a non-CLI configuration option for this option if possible.
|
||||||
|
--bootstrap-admin-username <username>
|
||||||
|
Temporary bootstrap admin username. Used only when the master realm is
|
||||||
|
created. Default: temp-admin.
|
||||||
|
|
||||||
By default, this command tries to update the server configuration by running a
|
By default, this command tries to update the server configuration by running a
|
||||||
'build' before starting the server. You can disable this behavior by using the
|
'build' before starting the server. You can disable this behavior by using the
|
||||||
'--optimized' option:
|
'--optimized' option:
|
||||||
|
|
|
@ -471,6 +471,22 @@ Security:
|
||||||
feature is enabled. Possible values are: non-strict, strict. Default:
|
feature is enabled. Possible values are: non-strict, strict. Default:
|
||||||
disabled.
|
disabled.
|
||||||
|
|
||||||
|
Bootstrap Admin:
|
||||||
|
|
||||||
|
--bootstrap-admin-client-id <client id>
|
||||||
|
Client id for the temporary bootstrap admin service account. Used only when
|
||||||
|
the master realm is created. Default: temp-admin.
|
||||||
|
--bootstrap-admin-client-secret <client secret>
|
||||||
|
Client secret for the temporary bootstrap admin service account. Used only
|
||||||
|
when the master realm is created. Use a non-CLI configuration option for
|
||||||
|
this option if possible.
|
||||||
|
--bootstrap-admin-password <password>
|
||||||
|
Temporary bootstrap admin password. Used only when the master realm is
|
||||||
|
created. Use a non-CLI configuration option for this option if possible.
|
||||||
|
--bootstrap-admin-username <username>
|
||||||
|
Temporary bootstrap admin username. Used only when the master realm is
|
||||||
|
created. Default: temp-admin.
|
||||||
|
|
||||||
By default, this command tries to update the server configuration by running a
|
By default, this command tries to update the server configuration by running a
|
||||||
'build' before starting the server. You can disable this behavior by using the
|
'build' before starting the server. You can disable this behavior by using the
|
||||||
'--optimized' option:
|
'--optimized' option:
|
||||||
|
|
|
@ -237,6 +237,22 @@ Truststore:
|
||||||
List of pkcs12 (p12 or pfx file extensions), PEM files, or directories
|
List of pkcs12 (p12 or pfx file extensions), PEM files, or directories
|
||||||
containing those files that will be used as a system truststore.
|
containing those files that will be used as a system truststore.
|
||||||
|
|
||||||
|
Bootstrap Admin:
|
||||||
|
|
||||||
|
--bootstrap-admin-client-id <client id>
|
||||||
|
Client id for the temporary bootstrap admin service account. Used only when
|
||||||
|
the master realm is created. Default: temp-admin.
|
||||||
|
--bootstrap-admin-client-secret <client secret>
|
||||||
|
Client secret for the temporary bootstrap admin service account. Used only
|
||||||
|
when the master realm is created. Use a non-CLI configuration option for
|
||||||
|
this option if possible.
|
||||||
|
--bootstrap-admin-password <password>
|
||||||
|
Temporary bootstrap admin password. Used only when the master realm is
|
||||||
|
created. Use a non-CLI configuration option for this option if possible.
|
||||||
|
--bootstrap-admin-username <username>
|
||||||
|
Temporary bootstrap admin username. Used only when the master realm is
|
||||||
|
created. Default: temp-admin.
|
||||||
|
|
||||||
By default, this command tries to update the server configuration by running a
|
By default, this command tries to update the server configuration by running a
|
||||||
'build' before starting the server. You can disable this behavior by using the
|
'build' before starting the server. You can disable this behavior by using the
|
||||||
'--optimized' option:
|
'--optimized' option:
|
||||||
|
|
|
@ -403,6 +403,22 @@ Truststore:
|
||||||
List of pkcs12 (p12 or pfx file extensions), PEM files, or directories
|
List of pkcs12 (p12 or pfx file extensions), PEM files, or directories
|
||||||
containing those files that will be used as a system truststore.
|
containing those files that will be used as a system truststore.
|
||||||
|
|
||||||
|
Bootstrap Admin:
|
||||||
|
|
||||||
|
--bootstrap-admin-client-id <client id>
|
||||||
|
Client id for the temporary bootstrap admin service account. Used only when
|
||||||
|
the master realm is created. Default: temp-admin.
|
||||||
|
--bootstrap-admin-client-secret <client secret>
|
||||||
|
Client secret for the temporary bootstrap admin service account. Used only
|
||||||
|
when the master realm is created. Use a non-CLI configuration option for
|
||||||
|
this option if possible.
|
||||||
|
--bootstrap-admin-password <password>
|
||||||
|
Temporary bootstrap admin password. Used only when the master realm is
|
||||||
|
created. Use a non-CLI configuration option for this option if possible.
|
||||||
|
--bootstrap-admin-username <username>
|
||||||
|
Temporary bootstrap admin username. Used only when the master realm is
|
||||||
|
created. Default: temp-admin.
|
||||||
|
|
||||||
By default, this command tries to update the server configuration by running a
|
By default, this command tries to update the server configuration by running a
|
||||||
'build' before starting the server. You can disable this behavior by using the
|
'build' before starting the server. You can disable this behavior by using the
|
||||||
'--optimized' option:
|
'--optimized' option:
|
||||||
|
|
|
@ -246,7 +246,10 @@
|
||||||
<groupId>org.keycloak</groupId>
|
<groupId>org.keycloak</groupId>
|
||||||
<artifactId>keycloak-model-storage-private</artifactId>
|
<artifactId>keycloak-model-storage-private</artifactId>
|
||||||
</dependency>
|
</dependency>
|
||||||
|
<dependency>
|
||||||
|
<groupId>org.keycloak</groupId>
|
||||||
|
<artifactId>keycloak-config-api</artifactId>
|
||||||
|
</dependency>
|
||||||
</dependencies>
|
</dependencies>
|
||||||
<build>
|
<build>
|
||||||
<plugins>
|
<plugins>
|
||||||
|
|
|
@ -19,6 +19,7 @@ package org.keycloak.services.managers;
|
||||||
import org.keycloak.Config;
|
import org.keycloak.Config;
|
||||||
import org.keycloak.common.Version;
|
import org.keycloak.common.Version;
|
||||||
import org.keycloak.common.enums.SslRequired;
|
import org.keycloak.common.enums.SslRequired;
|
||||||
|
import org.keycloak.config.BootstrapAdminOptions;
|
||||||
import org.keycloak.models.AdminRoles;
|
import org.keycloak.models.AdminRoles;
|
||||||
import org.keycloak.models.ClientModel;
|
import org.keycloak.models.ClientModel;
|
||||||
import org.keycloak.models.Constants;
|
import org.keycloak.models.Constants;
|
||||||
|
@ -45,10 +46,6 @@ import static org.keycloak.models.Constants.IS_TEMP_ADMIN_ATTR_NAME;
|
||||||
*/
|
*/
|
||||||
public class ApplianceBootstrap {
|
public class ApplianceBootstrap {
|
||||||
|
|
||||||
public static final String DEFAULT_TEMP_ADMIN_USERNAME = "temp-admin";
|
|
||||||
public static final String DEFAULT_TEMP_ADMIN_SERVICE = "temp-admin";
|
|
||||||
public static final int DEFAULT_TEMP_ADMIN_EXPIRATION = 120;
|
|
||||||
|
|
||||||
private final KeycloakSession session;
|
private final KeycloakSession session;
|
||||||
|
|
||||||
public ApplianceBootstrap(KeycloakSession session) {
|
public ApplianceBootstrap(KeycloakSession session) {
|
||||||
|
@ -127,7 +124,7 @@ public class ApplianceBootstrap {
|
||||||
RealmModel realm = session.realms().getRealmByName(Config.getAdminRealm());
|
RealmModel realm = session.realms().getRealmByName(Config.getAdminRealm());
|
||||||
session.getContext().setRealm(realm);
|
session.getContext().setRealm(realm);
|
||||||
|
|
||||||
username = StringUtil.isBlank(username) ? DEFAULT_TEMP_ADMIN_USERNAME : username;
|
username = StringUtil.isBlank(username) ? BootstrapAdminOptions.DEFAULT_TEMP_ADMIN_USERNAME : username;
|
||||||
//expriationMinutes = expriationMinutes == null ? DEFAULT_TEMP_ADMIN_EXPIRATION : expriationMinutes;
|
//expriationMinutes = expriationMinutes == null ? DEFAULT_TEMP_ADMIN_EXPIRATION : expriationMinutes;
|
||||||
|
|
||||||
if (initialUser && session.users().getUsersCount(realm) > 0) {
|
if (initialUser && session.users().getUsersCount(realm) > 0) {
|
||||||
|
@ -165,7 +162,7 @@ public class ApplianceBootstrap {
|
||||||
RealmModel realm = session.realms().getRealmByName(Config.getAdminRealm());
|
RealmModel realm = session.realms().getRealmByName(Config.getAdminRealm());
|
||||||
session.getContext().setRealm(realm);
|
session.getContext().setRealm(realm);
|
||||||
|
|
||||||
clientId = StringUtil.isBlank(clientId) ? DEFAULT_TEMP_ADMIN_SERVICE : clientId;
|
clientId = StringUtil.isBlank(clientId) ? BootstrapAdminOptions.DEFAULT_TEMP_ADMIN_SERVICE : clientId;
|
||||||
//expriationMinutes = expriationMinutes == null ? DEFAULT_TEMP_ADMIN_EXPIRATION : expriationMinutes;
|
//expriationMinutes = expriationMinutes == null ? DEFAULT_TEMP_ADMIN_EXPIRATION : expriationMinutes;
|
||||||
|
|
||||||
ClientRepresentation adminClient = new ClientRepresentation();
|
ClientRepresentation adminClient = new ClientRepresentation();
|
||||||
|
|
Loading…
Reference in a new issue