* Validate .conf extension for --config-file option
The --config-file option and KC_CONFIG_FILE environment variable
silently ignored configuration files that did not use the .conf
extension. This happened because the underlying SmallRye config
source loader filters by file extension, returning an empty list
for non-.conf files without any indication to the user.
Added explicit validation in both the CLI option setter and the
config source file resolution to reject files that do not end
with .conf, giving the user a clear error message instead of
silently ignoring their configuration.
Closes#46978
Signed-off-by: Tanner Smith <griffonbyte@proton.me>
* fix: validate config file extension before checking existence
Move the .conf extension check before the file existence check in
setConfigFile(). When a file with a wrong extension does not exist
relative to the working directory, the existence check would fire
first, masking the more specific extension validation error.
Closeskeycloak/keycloak#47696
Signed-off-by: Tanner Smith <griffonbyte@proton.me>
---------
Signed-off-by: Tanner Smith <griffonbyte@proton.me>
closes: #47139
Signed-off-by: Steve Hawkins <shawkins@redhat.com>
Signed-off-by: Alexander Schwartz <alexander.schwartz@ibm.com>
Co-authored-by: Alexander Schwartz <alexander.schwartz@ibm.com>
Closes#47366
Signed-off-by: Pedro Ruivo <1492066+pruivo@users.noreply.github.com>
Co-authored-by: Pedro Ruivo <1492066+pruivo@users.noreply.github.com>
* Closes: https://github.com/keycloak/keycloak/issues/47299
We propagate Java representation properties description placed in `JsonPropertyDescription` to the schema property description.
This will enable CLI client to show correct description for CLI command arguments.
Signed-off-by: Michal Vavřík <michal.vavrik@aol.com>
Closes#46861
Signed-off-by: Pedro Ruivo <1492066+pruivo@users.noreply.github.com>
Co-authored-by: Pedro Ruivo <1492066+pruivo@users.noreply.github.com>
Closes#47187
Signed-off-by: Pedro Ruivo <1492066+pruivo@users.noreply.github.com>
Signed-off-by: Alexander Schwartz <alexander.schwartz@ibm.com>
Signed-off-by: Pedro Ruivo <pruivo@users.noreply.github.com>
Co-authored-by: Pedro Ruivo <1492066+pruivo@users.noreply.github.com>
Co-authored-by: Alexander Schwartz <alexander.schwartz@ibm.com>
Co-authored-by: Steven Hawkins <shawkins@redhat.com>
* Add native KC options for JSON log service.name and service.environment fields
Closes: #47146
Signed-off-by: Daniele Mammarella <dmammare@redhat.com>
* Consolidate per-handler JSON service options into 2 global options
Replace 4 per-handler options (log-console-json-service-name, etc.)
with 2 global options (log-service-name, log-service-environment) that
apply to all log handlers (console, file, syslog).
Signed-off-by: Daniele Mammarella <dmammare@redhat.com>
* Provide logic to obtain value from parent option
Signed-off-by: Martin Bartoš <mabartos@redhat.com>
* Use generateId instead of shortId
Signed-off-by: Martin Bartoš <mabartos@redhat.com>
* Add parent option mappers, default value, and LoggingDistTest for service fields
Register log-service-name and log-service-environment as parent option
mappers so they are recognized as CLI options. Set default value
"keycloak" for log-service-name, consistent with TELEMETRY_SERVICE_NAME.
Add integration test ecsFormatServiceFields to verify ECS JSON logs
contain custom service fields on both console and file handlers.
Signed-off-by: Daniele Mammarella <dmammare@redhat.com>
* Address paramLabels
Co-authored-by: Martin Bartoš <mabartos@redhat.com>
Co-authored-by: Daniele Mammarella <dmammare@redhat.com>
Signed-off-by: Martin Bartoš <mabartos@redhat.com>
* Fix OptionsDistTest to include log-service-name and log-service-environment
Update expected "Possible solutions" strings to include the new
log-service-name and log-service-environment options.
Signed-off-by: Daniele Mammarella <dmammare@redhat.com>
---------
Signed-off-by: Daniele Mammarella <dmammare@redhat.com>
Signed-off-by: Martin Bartoš <mabartos@redhat.com>
Co-authored-by: Martin Bartoš <mabartos@redhat.com>
Closes#46603
Signed-off-by: Pedro Ruivo <1492066+pruivo@users.noreply.github.com>
Co-authored-by: Pedro Ruivo <1492066+pruivo@users.noreply.github.com>
new database related options need to null themselves in the tranformer
and not be seen by quarkus
closes: #46569
Signed-off-by: Steve Hawkins <shawkins@redhat.com>
* Downgrade server container image back to OpenJDK 21
Closes#46812
Signed-off-by: Václav Muzikář <vmuzikar@ibm.com>
* Remove JDK downgrade note, rename attribute
Signed-off-by: Václav Muzikář <vmuzikar@ibm.com>
---------
Signed-off-by: Václav Muzikář <vmuzikar@ibm.com>
Closes: #47002
Signed-off-by: Peter Zaoral <pzaoral@redhat.com>
Signed-off-by: Alexander Schwartz <alexander.schwartz@ibm.com>
Co-authored-by: Alexander Schwartz <alexander.schwartz@ibm.com>
* Kubernetes Truststore moved to the server
Signed-off-by: Sebastian Łaskawiec <sebastian.laskawiec@gmail.com>
* Update quarkus/config-api/src/main/java/org/keycloak/config/TruststoreOptions.java
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
Signed-off-by: Steven Hawkins <shawkins@redhat.com>
* addressing review comments and updating upgrade instructions
Signed-off-by: Steve Hawkins <shawkins@redhat.com>
* updating help command output
Signed-off-by: Steve Hawkins <shawkins@redhat.com>
* Update docs/guides/server/keycloak-truststore.adoc
Co-authored-by: Václav Muzikář <vaclav@muzikari.cz>
Signed-off-by: Sebastian Łaskawiec <sebastian.laskawiec@gmail.com>
* Comments addressed
Signed-off-by: Sebastian Łaskawiec <sebastian.laskawiec@gmail.com>
* lint errors fix
Signed-off-by: Sebastian Łaskawiec <sebastian.laskawiec@gmail.com>
* Update docs/documentation/upgrading/topics/changes/changes-26_6_0.adoc
Signed-off-by: Steven Hawkins <shawkins@redhat.com>
---------
Signed-off-by: Sebastian Łaskawiec <sebastian.laskawiec@gmail.com>
Signed-off-by: Steven Hawkins <shawkins@redhat.com>
Signed-off-by: Steve Hawkins <shawkins@redhat.com>
Co-authored-by: Steven Hawkins <shawkins@redhat.com>
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
Co-authored-by: Václav Muzikář <vaclav@muzikari.cz>
Currently when migration tasks are run, we see that the app startup fails with DB pool size 3 or less for JDBC_PING.
Hence, we started to validate that the minimal max pool size is 4 for JDBC PING.
Closes: https://github.com/keycloak/keycloak/issues/46673
Signed-off-by: Michal Vavřík <michal.vavrik@aol.com>
Closes#46671
Signed-off-by: Pedro Ruivo <1492066+pruivo@users.noreply.github.com>
Signed-off-by: Alexander Schwartz <alexander.schwartz@ibm.com>
Co-authored-by: Pedro Ruivo <1492066+pruivo@users.noreply.github.com>
Co-authored-by: Alexander Schwartz <alexander.schwartz@ibm.com>
Closes#46557
Signed-off-by: Pedro Ruivo <1492066+pruivo@users.noreply.github.com>
Signed-off-by: Alexander Schwartz <alexander.schwartz@ibm.com>
Co-authored-by: Pedro Ruivo <1492066+pruivo@users.noreply.github.com>
Co-authored-by: Alexander Schwartz <alexander.schwartz@ibm.com>
Closes#19453
Signed-off-by: Pedro Ruivo <1492066+pruivo@users.noreply.github.com>
Co-authored-by: Pedro Ruivo <1492066+pruivo@users.noreply.github.com>
* [admin-v2] Enable client generators to create proper class hierarchies with inheritance
Closes: #46158
Signed-off-by: Peter Zaoral <pzaoral@redhat.com>
* Addressing reviews
* add additionalFileds to base representation
Closes: #46158
Signed-off-by: Peter Zaoral <pzaoral@redhat.com>
---------
Signed-off-by: Peter Zaoral <pzaoral@redhat.com>
This PR is mostly based on 303446b465.
Additionally, I made few tweaks to documentation and introduce a doc variable for the recommended Java version so limit required changing when migrating the recommended JDK version.
* Closes: https://github.com/keycloak/keycloak/issues/45830
Signed-off-by: Michal Vavřík <michal.vavrik@aol.com>
* fix: adding admin role invalidation when a new realm is found
closes: #45966
Signed-off-by: Steve Hawkins <shawkins@redhat.com>
* Update model/infinispan/src/main/java/org/keycloak/models/cache/infinispan/RealmCacheSession.java
Co-authored-by: Alexander Schwartz <alexander.schwartz@gmx.net>
Signed-off-by: Steven Hawkins <shawkins@redhat.com>
* adding a comment and a permission tweak for imported realms
Signed-off-by: Steve Hawkins <shawkins@redhat.com>
* checking getShouldUseLightweightToken
Signed-off-by: Steve Hawkins <shawkins@redhat.com>
---------
Signed-off-by: Steve Hawkins <shawkins@redhat.com>
Signed-off-by: Steven Hawkins <shawkins@redhat.com>
Co-authored-by: Alexander Schwartz <alexander.schwartz@gmx.net>
