From 98f74026c6cf2b7b7be8e779a0ae8c2a1339b69a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Martin=20Barto=C5=A1?= Date: Wed, 5 Feb 2025 13:39:21 +0000 Subject: [PATCH] Certificate reloading does not work for the management interface (#37052) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Fixes #37039 Signed-off-by: Martin Bartoš Co-authored-by: Steven Hawkins --- .../release_notes/topics/26_2_0.adoc | 7 +++++++ .../org/keycloak/config/ManagementOptions.java | 9 +++++++++ .../mappers/ManagementPropertyMappers.java | 7 +++++++ .../quarkus/runtime/cli/PicocliTest.java | 17 +++++++++++++++++ .../test/ManagementConfigurationTest.java | 12 ++++++++++++ ...pCommandDistTest.testExportHelp.approved.txt | 8 ++++++++ ...mmandDistTest.testExportHelpAll.approved.txt | 8 ++++++++ ...pCommandDistTest.testImportHelp.approved.txt | 8 ++++++++ ...mmandDistTest.testImportHelpAll.approved.txt | 8 ++++++++ ...ommandDistTest.testStartDevHelp.approved.txt | 10 +++++++++- ...andDistTest.testStartDevHelpAll.approved.txt | 8 ++++++++ ...lpCommandDistTest.testStartHelp.approved.txt | 10 +++++++++- ...ommandDistTest.testStartHelpAll.approved.txt | 8 ++++++++ ...DistTest.testStartOptimizedHelp.approved.txt | 10 +++++++++- ...tTest.testStartOptimizedHelpAll.approved.txt | 8 ++++++++ ...estUpdateCompatibilityCheckHelp.approved.txt | 10 +++++++++- ...UpdateCompatibilityCheckHelpAll.approved.txt | 8 ++++++++ ...UpdateCompatibilityMetadataHelp.approved.txt | 10 +++++++++- ...ateCompatibilityMetadataHelpAll.approved.txt | 8 ++++++++ 19 files changed, 169 insertions(+), 5 deletions(-) diff --git a/docs/documentation/release_notes/topics/26_2_0.adoc b/docs/documentation/release_notes/topics/26_2_0.adoc index d514ca18e74..568c08c7f77 100644 --- a/docs/documentation/release_notes/topics/26_2_0.adoc +++ b/docs/documentation/release_notes/topics/26_2_0.adoc @@ -9,6 +9,13 @@ A `direction` query parameter was also added, allowing controlling the order of Finally, the returned event representations now also include the `id`, which provides a unique identifier for an event. += Option to reload trust and key material for the management interface + +The `https-management-certificates-reload-period` option can be set to define the reloading period of key store, trust store, and certificate files referenced by `https-management-*` options for the management interface. +Use -1 to disable reloading. Defaults to `https-certificates-reload-period`, which defaults to 1h (one hour). + +For more information, check the link:https://www.keycloak.org/server/management-interface#_tls_support[Configuring the Management Interface] guide. + = New cache for CRLs loaded for the X.509 authenticator Now the Certificate Revocation Lists (CRL), that are used to validate certificates in the X.509 authenticator, are cached inside a new infinispan cache called `crl`. Caching improves the validation performance and decreases the memory consumption because just one CRL is maintained per source. diff --git a/quarkus/config-api/src/main/java/org/keycloak/config/ManagementOptions.java b/quarkus/config-api/src/main/java/org/keycloak/config/ManagementOptions.java index e1b8c6e3215..abb169b2aae 100644 --- a/quarkus/config-api/src/main/java/org/keycloak/config/ManagementOptions.java +++ b/quarkus/config-api/src/main/java/org/keycloak/config/ManagementOptions.java @@ -84,6 +84,15 @@ public class ManagementOptions { .hidden() .build(); + public static final Option HTTPS_MANAGEMENT_CERTIFICATES_RELOAD_PERIOD = new OptionBuilder<>("https-management-certificates-reload-period", String.class) + .category(OptionCategory.MANAGEMENT) + .description("Interval on which to reload key store, trust store, and certificate files referenced by https-management-* options for the management server. " + + "May be a java.time.Duration value, an integer number of seconds, or an integer followed by one of [ms, h, m, s, d]. " + + "Must be greater than 30 seconds. Use -1 to disable. " + + "If not given, the value is inherited from HTTP options. " + RELEVANT_MSG) + .defaultValue("1h") + .build(); + public static final Option HTTPS_MANAGEMENT_CERTIFICATE_FILE = new OptionBuilder<>("https-management-certificate-file", File.class) .category(OptionCategory.MANAGEMENT) .description("The file path to a server certificate or certificate chain in PEM format for the management server. If not given, the value is inherited from HTTP options. " + RELEVANT_MSG) diff --git a/quarkus/runtime/src/main/java/org/keycloak/quarkus/runtime/configuration/mappers/ManagementPropertyMappers.java b/quarkus/runtime/src/main/java/org/keycloak/quarkus/runtime/configuration/mappers/ManagementPropertyMappers.java index c4d1bc941c7..7c170c665ae 100644 --- a/quarkus/runtime/src/main/java/org/keycloak/quarkus/runtime/configuration/mappers/ManagementPropertyMappers.java +++ b/quarkus/runtime/src/main/java/org/keycloak/quarkus/runtime/configuration/mappers/ManagementPropertyMappers.java @@ -71,6 +71,13 @@ public class ManagementPropertyMappers { .to("quarkus.management.ssl.protocols") .paramLabel("protocols") .build(), + fromOption(ManagementOptions.HTTPS_MANAGEMENT_CERTIFICATES_RELOAD_PERIOD) + .mapFrom(HttpOptions.HTTPS_CERTIFICATES_RELOAD_PERIOD) + .to("quarkus.management.ssl.certificate.reload-period") + // -1 means no reload + .transformer((value, context) -> "-1".equals(value) ? null : value) + .paramLabel("reload period") + .build(), fromOption(ManagementOptions.HTTPS_MANAGEMENT_CERTIFICATE_FILE) .mapFrom(HttpOptions.HTTPS_CERTIFICATE_FILE) .to("quarkus.management.ssl.certificate.files") diff --git a/quarkus/runtime/src/test/java/org/keycloak/quarkus/runtime/cli/PicocliTest.java b/quarkus/runtime/src/test/java/org/keycloak/quarkus/runtime/cli/PicocliTest.java index 4a9af22a1b4..3b013580334 100644 --- a/quarkus/runtime/src/test/java/org/keycloak/quarkus/runtime/cli/PicocliTest.java +++ b/quarkus/runtime/src/test/java/org/keycloak/quarkus/runtime/cli/PicocliTest.java @@ -125,6 +125,23 @@ public class PicocliTest extends AbstractConfigurationTest { assertNull(nonRunningPicocli.config.getConfigValue("quarkus.http.ssl.certificate.reload-period").getValue()); } + @Test + public void testNegativeArgumentMgmtInterfaceCertReload() { + NonRunningPicocli nonRunningPicocli = pseudoLaunch("start-dev"); + assertEquals(CommandLine.ExitCode.OK, nonRunningPicocli.exitCode); + assertEquals("1h", + nonRunningPicocli.config.getConfigValue("quarkus.management.ssl.certificate.reload-period").getValue()); + + nonRunningPicocli = pseudoLaunch("start-dev", "--https-management-certificates-reload-period=-1"); + assertEquals(CommandLine.ExitCode.OK, nonRunningPicocli.exitCode); + assertNull(nonRunningPicocli.config.getConfigValue("quarkus.management.ssl.certificate.reload-period").getValue()); + + nonRunningPicocli = pseudoLaunch("start-dev", "--https-certificates-reload-period=5m"); + assertEquals(CommandLine.ExitCode.OK, nonRunningPicocli.exitCode); + assertEquals("5m", + nonRunningPicocli.config.getConfigValue("quarkus.management.ssl.certificate.reload-period").getValue()); + } + @Test public void testInvalidArgumentType() { NonRunningPicocli nonRunningPicocli = pseudoLaunch("start-dev", "--http-port=a"); diff --git a/quarkus/runtime/src/test/java/org/keycloak/quarkus/runtime/configuration/test/ManagementConfigurationTest.java b/quarkus/runtime/src/test/java/org/keycloak/quarkus/runtime/configuration/test/ManagementConfigurationTest.java index 76e3a98cee8..c90f786a16c 100644 --- a/quarkus/runtime/src/test/java/org/keycloak/quarkus/runtime/configuration/test/ManagementConfigurationTest.java +++ b/quarkus/runtime/src/test/java/org/keycloak/quarkus/runtime/configuration/test/ManagementConfigurationTest.java @@ -230,6 +230,18 @@ public class ManagementConfigurationTest extends AbstractConfigurationTest { assertManagementHttpsEnabled(false); } + @Test + public void managementDefaultHttpsCertificatesReload() { + makeInterfaceOccupied(); + putEnvVar("KC_HTTPS_CERTIFICATES_RELOAD_PERIOD", "2d"); + + initConfig(); + + assertConfig("https-management-certificates-reload-period", "2d"); + assertManagementEnabled(true); + assertManagementHttpsEnabled(false); + } + @Test public void managementEnabledDefaultHttpsKeystore(){ makeInterfaceOccupied(); diff --git a/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testExportHelp.approved.txt b/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testExportHelp.approved.txt index 73786b2bab4..e33453624c9 100644 --- a/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testExportHelp.approved.txt +++ b/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testExportHelp.approved.txt @@ -89,6 +89,14 @@ Management: The file path to a private key in PEM format for the management server. If not given, the value is inherited from HTTP options. Relevant only when something is exposed on the management interface - see the guide for details. +--https-management-certificates-reload-period + Interval on which to reload key store, trust store, and certificate files + referenced by https-management-* options for the management server. May be a + java.time.Duration value, an integer number of seconds, or an integer + followed by one of [ms, h, m, s, d]. Must be greater than 30 seconds. Use -1 + to disable. If not given, the value is inherited from HTTP options. Relevant + only when something is exposed on the management interface - see the guide + for details. Default: 1h. --https-management-client-auth Configures the management interface to require/request client authentication. If not given, the value is inherited from HTTP options. Relevant only when diff --git a/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testExportHelpAll.approved.txt b/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testExportHelpAll.approved.txt index 8c5edd3e2b7..d821e7b85a3 100644 --- a/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testExportHelpAll.approved.txt +++ b/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testExportHelpAll.approved.txt @@ -89,6 +89,14 @@ Management: The file path to a private key in PEM format for the management server. If not given, the value is inherited from HTTP options. Relevant only when something is exposed on the management interface - see the guide for details. +--https-management-certificates-reload-period + Interval on which to reload key store, trust store, and certificate files + referenced by https-management-* options for the management server. May be a + java.time.Duration value, an integer number of seconds, or an integer + followed by one of [ms, h, m, s, d]. Must be greater than 30 seconds. Use -1 + to disable. If not given, the value is inherited from HTTP options. Relevant + only when something is exposed on the management interface - see the guide + for details. Default: 1h. --https-management-client-auth Configures the management interface to require/request client authentication. If not given, the value is inherited from HTTP options. Relevant only when diff --git a/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testImportHelp.approved.txt b/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testImportHelp.approved.txt index 0bd8ce473e0..39ab804a1f4 100644 --- a/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testImportHelp.approved.txt +++ b/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testImportHelp.approved.txt @@ -89,6 +89,14 @@ Management: The file path to a private key in PEM format for the management server. If not given, the value is inherited from HTTP options. Relevant only when something is exposed on the management interface - see the guide for details. +--https-management-certificates-reload-period + Interval on which to reload key store, trust store, and certificate files + referenced by https-management-* options for the management server. May be a + java.time.Duration value, an integer number of seconds, or an integer + followed by one of [ms, h, m, s, d]. Must be greater than 30 seconds. Use -1 + to disable. If not given, the value is inherited from HTTP options. Relevant + only when something is exposed on the management interface - see the guide + for details. Default: 1h. --https-management-client-auth Configures the management interface to require/request client authentication. If not given, the value is inherited from HTTP options. Relevant only when diff --git a/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testImportHelpAll.approved.txt b/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testImportHelpAll.approved.txt index 207d848a086..d0d4fd95e8d 100644 --- a/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testImportHelpAll.approved.txt +++ b/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testImportHelpAll.approved.txt @@ -89,6 +89,14 @@ Management: The file path to a private key in PEM format for the management server. If not given, the value is inherited from HTTP options. Relevant only when something is exposed on the management interface - see the guide for details. +--https-management-certificates-reload-period + Interval on which to reload key store, trust store, and certificate files + referenced by https-management-* options for the management server. May be a + java.time.Duration value, an integer number of seconds, or an integer + followed by one of [ms, h, m, s, d]. Must be greater than 30 seconds. Use -1 + to disable. If not given, the value is inherited from HTTP options. Relevant + only when something is exposed on the management interface - see the guide + for details. Default: 1h. --https-management-client-auth Configures the management interface to require/request client authentication. If not given, the value is inherited from HTTP options. Relevant only when diff --git a/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testStartDevHelp.approved.txt b/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testStartDevHelp.approved.txt index 9d671739d92..831865bd519 100644 --- a/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testStartDevHelp.approved.txt +++ b/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testStartDevHelp.approved.txt @@ -234,6 +234,14 @@ Management: The file path to a private key in PEM format for the management server. If not given, the value is inherited from HTTP options. Relevant only when something is exposed on the management interface - see the guide for details. +--https-management-certificates-reload-period + Interval on which to reload key store, trust store, and certificate files + referenced by https-management-* options for the management server. May be a + java.time.Duration value, an integer number of seconds, or an integer + followed by one of [ms, h, m, s, d]. Must be greater than 30 seconds. Use -1 + to disable. If not given, the value is inherited from HTTP options. Relevant + only when something is exposed on the management interface - see the guide + for details. Default: 1h. --https-management-client-auth Configures the management interface to require/request client authentication. If not given, the value is inherited from HTTP options. Relevant only when @@ -363,4 +371,4 @@ Bootstrap Admin: Do NOT start the server using this command when deploying to production. Use 'kc.sh start-dev --help-all' to list all available options, including build -options. +options. \ No newline at end of file diff --git a/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testStartDevHelpAll.approved.txt b/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testStartDevHelpAll.approved.txt index 85289916ca7..b41839bfaaa 100644 --- a/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testStartDevHelpAll.approved.txt +++ b/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testStartDevHelpAll.approved.txt @@ -269,6 +269,14 @@ Management: The file path to a private key in PEM format for the management server. If not given, the value is inherited from HTTP options. Relevant only when something is exposed on the management interface - see the guide for details. +--https-management-certificates-reload-period + Interval on which to reload key store, trust store, and certificate files + referenced by https-management-* options for the management server. May be a + java.time.Duration value, an integer number of seconds, or an integer + followed by one of [ms, h, m, s, d]. Must be greater than 30 seconds. Use -1 + to disable. If not given, the value is inherited from HTTP options. Relevant + only when something is exposed on the management interface - see the guide + for details. Default: 1h. --https-management-client-auth Configures the management interface to require/request client authentication. If not given, the value is inherited from HTTP options. Relevant only when diff --git a/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testStartHelp.approved.txt b/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testStartHelp.approved.txt index a70b707badd..e16d3790472 100644 --- a/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testStartHelp.approved.txt +++ b/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testStartHelp.approved.txt @@ -241,6 +241,14 @@ Management: The file path to a private key in PEM format for the management server. If not given, the value is inherited from HTTP options. Relevant only when something is exposed on the management interface - see the guide for details. +--https-management-certificates-reload-period + Interval on which to reload key store, trust store, and certificate files + referenced by https-management-* options for the management server. May be a + java.time.Duration value, an integer number of seconds, or an integer + followed by one of [ms, h, m, s, d]. Must be greater than 30 seconds. Use -1 + to disable. If not given, the value is inherited from HTTP options. Relevant + only when something is exposed on the management interface - see the guide + for details. Default: 1h. --https-management-client-auth Configures the management interface to require/request client authentication. If not given, the value is inherited from HTTP options. Relevant only when @@ -374,4 +382,4 @@ By default, this command tries to update the server configuration by running a $ kc.sh start '--optimized' By doing that, the server should start faster based on any previous -configuration you have set when manually running the 'build' command. +configuration you have set when manually running the 'build' command. \ No newline at end of file diff --git a/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testStartHelpAll.approved.txt b/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testStartHelpAll.approved.txt index 88baa700143..1193bc49f9f 100644 --- a/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testStartHelpAll.approved.txt +++ b/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testStartHelpAll.approved.txt @@ -270,6 +270,14 @@ Management: The file path to a private key in PEM format for the management server. If not given, the value is inherited from HTTP options. Relevant only when something is exposed on the management interface - see the guide for details. +--https-management-certificates-reload-period + Interval on which to reload key store, trust store, and certificate files + referenced by https-management-* options for the management server. May be a + java.time.Duration value, an integer number of seconds, or an integer + followed by one of [ms, h, m, s, d]. Must be greater than 30 seconds. Use -1 + to disable. If not given, the value is inherited from HTTP options. Relevant + only when something is exposed on the management interface - see the guide + for details. Default: 1h. --https-management-client-auth Configures the management interface to require/request client authentication. If not given, the value is inherited from HTTP options. Relevant only when diff --git a/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testStartOptimizedHelp.approved.txt b/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testStartOptimizedHelp.approved.txt index 5a2a4adfe2f..f530a22255b 100644 --- a/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testStartOptimizedHelp.approved.txt +++ b/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testStartOptimizedHelp.approved.txt @@ -206,6 +206,14 @@ Management: The file path to a private key in PEM format for the management server. If not given, the value is inherited from HTTP options. Relevant only when something is exposed on the management interface - see the guide for details. +--https-management-certificates-reload-period + Interval on which to reload key store, trust store, and certificate files + referenced by https-management-* options for the management server. May be a + java.time.Duration value, an integer number of seconds, or an integer + followed by one of [ms, h, m, s, d]. Must be greater than 30 seconds. Use -1 + to disable. If not given, the value is inherited from HTTP options. Relevant + only when something is exposed on the management interface - see the guide + for details. Default: 1h. --https-management-key-store-file The key store which holds the certificate information instead of specifying separate files for the management server. If not given, the value is @@ -308,4 +316,4 @@ By default, this command tries to update the server configuration by running a $ kc.sh start '--optimized' By doing that, the server should start faster based on any previous -configuration you have set when manually running the 'build' command. +configuration you have set when manually running the 'build' command. \ No newline at end of file diff --git a/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testStartOptimizedHelpAll.approved.txt b/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testStartOptimizedHelpAll.approved.txt index 1c363979b84..cda1c92a3fa 100644 --- a/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testStartOptimizedHelpAll.approved.txt +++ b/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testStartOptimizedHelpAll.approved.txt @@ -235,6 +235,14 @@ Management: The file path to a private key in PEM format for the management server. If not given, the value is inherited from HTTP options. Relevant only when something is exposed on the management interface - see the guide for details. +--https-management-certificates-reload-period + Interval on which to reload key store, trust store, and certificate files + referenced by https-management-* options for the management server. May be a + java.time.Duration value, an integer number of seconds, or an integer + followed by one of [ms, h, m, s, d]. Must be greater than 30 seconds. Use -1 + to disable. If not given, the value is inherited from HTTP options. Relevant + only when something is exposed on the management interface - see the guide + for details. Default: 1h. --https-management-key-store-file The key store which holds the certificate information instead of specifying separate files for the management server. If not given, the value is diff --git a/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testUpdateCompatibilityCheckHelp.approved.txt b/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testUpdateCompatibilityCheckHelp.approved.txt index c439ef80098..212d296d883 100644 --- a/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testUpdateCompatibilityCheckHelp.approved.txt +++ b/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testUpdateCompatibilityCheckHelp.approved.txt @@ -240,6 +240,14 @@ Management: The file path to a private key in PEM format for the management server. If not given, the value is inherited from HTTP options. Relevant only when something is exposed on the management interface - see the guide for details. +--https-management-certificates-reload-period + Interval on which to reload key store, trust store, and certificate files + referenced by https-management-* options for the management server. May be a + java.time.Duration value, an integer number of seconds, or an integer + followed by one of [ms, h, m, s, d]. Must be greater than 30 seconds. Use -1 + to disable. If not given, the value is inherited from HTTP options. Relevant + only when something is exposed on the management interface - see the guide + for details. Default: 1h. --https-management-client-auth Configures the management interface to require/request client authentication. If not given, the value is inherited from HTTP options. Relevant only when @@ -364,4 +372,4 @@ Bootstrap Admin: --bootstrap-admin-username Temporary bootstrap admin username. Used only when the master realm is created. Available only when bootstrap admin password is set. Default: - temp-admin. + temp-admin. \ No newline at end of file diff --git a/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testUpdateCompatibilityCheckHelpAll.approved.txt b/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testUpdateCompatibilityCheckHelpAll.approved.txt index 563b9835c88..7497efd4800 100644 --- a/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testUpdateCompatibilityCheckHelpAll.approved.txt +++ b/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testUpdateCompatibilityCheckHelpAll.approved.txt @@ -269,6 +269,14 @@ Management: The file path to a private key in PEM format for the management server. If not given, the value is inherited from HTTP options. Relevant only when something is exposed on the management interface - see the guide for details. +--https-management-certificates-reload-period + Interval on which to reload key store, trust store, and certificate files + referenced by https-management-* options for the management server. May be a + java.time.Duration value, an integer number of seconds, or an integer + followed by one of [ms, h, m, s, d]. Must be greater than 30 seconds. Use -1 + to disable. If not given, the value is inherited from HTTP options. Relevant + only when something is exposed on the management interface - see the guide + for details. Default: 1h. --https-management-client-auth Configures the management interface to require/request client authentication. If not given, the value is inherited from HTTP options. Relevant only when diff --git a/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testUpdateCompatibilityMetadataHelp.approved.txt b/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testUpdateCompatibilityMetadataHelp.approved.txt index 3bf37026e0e..8d33913030e 100644 --- a/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testUpdateCompatibilityMetadataHelp.approved.txt +++ b/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testUpdateCompatibilityMetadataHelp.approved.txt @@ -238,6 +238,14 @@ Management: The file path to a private key in PEM format for the management server. If not given, the value is inherited from HTTP options. Relevant only when something is exposed on the management interface - see the guide for details. +--https-management-certificates-reload-period + Interval on which to reload key store, trust store, and certificate files + referenced by https-management-* options for the management server. May be a + java.time.Duration value, an integer number of seconds, or an integer + followed by one of [ms, h, m, s, d]. Must be greater than 30 seconds. Use -1 + to disable. If not given, the value is inherited from HTTP options. Relevant + only when something is exposed on the management interface - see the guide + for details. Default: 1h. --https-management-client-auth Configures the management interface to require/request client authentication. If not given, the value is inherited from HTTP options. Relevant only when @@ -362,4 +370,4 @@ Bootstrap Admin: --bootstrap-admin-username Temporary bootstrap admin username. Used only when the master realm is created. Available only when bootstrap admin password is set. Default: - temp-admin. + temp-admin. \ No newline at end of file diff --git a/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testUpdateCompatibilityMetadataHelpAll.approved.txt b/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testUpdateCompatibilityMetadataHelpAll.approved.txt index 530d705cc1b..703645c4950 100644 --- a/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testUpdateCompatibilityMetadataHelpAll.approved.txt +++ b/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testUpdateCompatibilityMetadataHelpAll.approved.txt @@ -267,6 +267,14 @@ Management: The file path to a private key in PEM format for the management server. If not given, the value is inherited from HTTP options. Relevant only when something is exposed on the management interface - see the guide for details. +--https-management-certificates-reload-period + Interval on which to reload key store, trust store, and certificate files + referenced by https-management-* options for the management server. May be a + java.time.Duration value, an integer number of seconds, or an integer + followed by one of [ms, h, m, s, d]. Must be greater than 30 seconds. Use -1 + to disable. If not given, the value is inherited from HTTP options. Relevant + only when something is exposed on the management interface - see the guide + for details. Default: 1h. --https-management-client-auth Configures the management interface to require/request client authentication. If not given, the value is inherited from HTTP options. Relevant only when