From b16d76982ec98daffd411f7892eefcb02a7a2887 Mon Sep 17 00:00:00 2001 From: Ryan Emerson Date: Mon, 15 Sep 2025 13:02:30 +0100 Subject: [PATCH 1/8] Validate wait_timeout parameter on MySQL and MariaDB Closes #42300 Signed-off-by: Ryan Emerson --- .../topics/changes/changes-26_4_0.adoc | 11 +++++++ docs/guides/server/db.adoc | 14 +++++++++ .../org/keycloak/config/DatabaseOptions.java | 5 ++++ .../mappers/DatabasePropertyMappers.java | 14 +++++++++ .../QuarkusJpaConnectionProviderFactory.java | 29 +++++++++++++++++++ .../quarkus/runtime/cli/PicocliTest.java | 6 ++-- ...est.testBootstrapAdminService.approved.txt | 4 +++ ...stTest.testBootstrapAdminUser.approved.txt | 4 +++ ...ommandDistTest.testExportHelp.approved.txt | 4 +++ ...andDistTest.testExportHelpAll.approved.txt | 4 +++ ...ommandDistTest.testImportHelp.approved.txt | 4 +++ ...andDistTest.testImportHelpAll.approved.txt | 4 +++ ...mandDistTest.testStartDevHelp.approved.txt | 4 +++ ...dDistTest.testStartDevHelpAll.approved.txt | 4 +++ ...CommandDistTest.testStartHelp.approved.txt | 4 +++ ...mandDistTest.testStartHelpAll.approved.txt | 4 +++ ...stTest.testStartOptimizedHelp.approved.txt | 4 +++ ...est.testStartOptimizedHelpAll.approved.txt | 4 +++ ...tUpdateCompatibilityCheckHelp.approved.txt | 4 +++ ...dateCompatibilityCheckHelpAll.approved.txt | 4 +++ ...dateCompatibilityMetadataHelp.approved.txt | 4 +++ ...eCompatibilityMetadataHelpAll.approved.txt | 4 +++ 22 files changed, 140 insertions(+), 3 deletions(-) diff --git a/docs/documentation/upgrading/topics/changes/changes-26_4_0.adoc b/docs/documentation/upgrading/topics/changes/changes-26_4_0.adoc index 9e06822fc72b..45f6a2642e03 100644 --- a/docs/documentation/upgrading/topics/changes/changes-26_4_0.adoc +++ b/docs/documentation/upgrading/topics/changes/changes-26_4_0.adoc @@ -49,6 +49,17 @@ Starting with this release, and when using the original PostgreSQL driver, {proj You can override this behavior by setting your own value for `targetServerType` in the DB URL or additional properties. +=== MySQL and MariaDB wait_timeout validation + +In order to prevent connections being closed unexpectedly by the database server, it is necessary to ensure that the {project_name} +connection pool is correctly configured with respect to the server's `wait_timeout` setting. + +Starting with this release, {project_name} defines a default `db-pool-max-lifetime` of 7 hours and 50 minutes for MySQL +and MariaDB databases as the default `wait_timeout` is 8 hours. + +If the server defines a `wait_timeout` which is greater than the default, or provided, `db-pool-max-lifetime` value, then +a warning will be logged on {project_name} startup. + === Cache configuration removed from cache-ispn.xml The `conf/cache-ispn.xml` file no longer contains the default cache configurations. diff --git a/docs/guides/server/db.adoc b/docs/guides/server/db.adoc index 98cd28d85a53..0bf5124c591e 100644 --- a/docs/guides/server/db.adoc +++ b/docs/guides/server/db.adoc @@ -359,3 +359,17 @@ In the same way the migrationExport to point to a specific file and location: For more information, check the link:{upgrading_guide_link}#_migrate_db[Migrating the database] documentation. + +== Configuring the connection pool + +=== MySQL and MariaDB + +In order to prevent 'No operations allowed after connection closed' exceptions from being thrown, it is necessary to ensure +that {project_name}'s connection pool has a connection maximum lifetime that is less than the server's configured `wait_timeout`. +When using the MySQL and MariaDB database, {project_name} configures a default max lifetime of 7 hours and 50 minutes, as +this is less than the default server value of 8 hours. + +If you are explicitly configuring the `wait_timeout` in your database, it is necessary to ensure that you configure a +`db-pool-max-lifetime` value that is less than the `wait_timeout`. The recommended best practice, is to define this value +to be your `wait_timeout` minus a few minutes. Failure to correctly configure the `db-pool-max-lifetime` will result in +{project_name} logging a warning on startup. diff --git a/quarkus/config-api/src/main/java/org/keycloak/config/DatabaseOptions.java b/quarkus/config-api/src/main/java/org/keycloak/config/DatabaseOptions.java index 4854d0d4a5c2..33ffc1b098a4 100644 --- a/quarkus/config-api/src/main/java/org/keycloak/config/DatabaseOptions.java +++ b/quarkus/config-api/src/main/java/org/keycloak/config/DatabaseOptions.java @@ -89,6 +89,11 @@ public class DatabaseOptions { .description("The maximum size of the connection pool.") .build(); + public static final Option DB_POOL_MAX_LIFETIME = new OptionBuilder<>("db-pool-max-lifetime", String.class) + .category(OptionCategory.DATABASE) + .description("The maximum time a connection remains in the pool, after which it will be closed upon return and replaced as necessary. Requires a ISO 8601 Duration string.") + .build(); + public static final Option DB_SQL_JPA_DEBUG = new OptionBuilder<>("db-debug-jpql", Boolean.class) .category(OptionCategory.DATABASE) .defaultValue(false) diff --git a/quarkus/runtime/src/main/java/org/keycloak/quarkus/runtime/configuration/mappers/DatabasePropertyMappers.java b/quarkus/runtime/src/main/java/org/keycloak/quarkus/runtime/configuration/mappers/DatabasePropertyMappers.java index cf7f30f44d4f..97f8aa8f3c6f 100644 --- a/quarkus/runtime/src/main/java/org/keycloak/quarkus/runtime/configuration/mappers/DatabasePropertyMappers.java +++ b/quarkus/runtime/src/main/java/org/keycloak/quarkus/runtime/configuration/mappers/DatabasePropertyMappers.java @@ -94,6 +94,11 @@ public List> getPropertyMappers() { .to("quarkus.datasource.jdbc.max-size") .paramLabel("size") .build(), + fromOption(DatabaseOptions.DB_POOL_MAX_LIFETIME) + .to("quarkus.datasource.jdbc.max-lifetime") + .mapFrom(DB, DatabasePropertyMappers::transformPoolMaxLifetime) + .paramLabel("duration") + .build(), fromOption(DatabaseOptions.DB_SQL_JPA_DEBUG) .build(), fromOption(DatabaseOptions.DB_SQL_LOG_SLOW_QUERIES) @@ -179,6 +184,15 @@ private static String transformMinPoolSize(String database, ConfigSourceIntercep return isDevModeDatabase(database) ? "1" : getParentPoolMinSize.get(); } + private static String transformPoolMaxLifetime(String db, ConfigSourceInterceptorContext context) { + Database.Vendor vendor = Database.getVendor(db).orElseThrow(); + return switch (vendor) { + // Default to max lifetime slightly less than the default `wait_timeout` of 8 hours + case MYSQL, MARIADB -> "PT7H50M"; + default -> ""; + }; + } + public static final class Datasources { /** diff --git a/quarkus/runtime/src/main/java/org/keycloak/quarkus/runtime/storage/database/jpa/QuarkusJpaConnectionProviderFactory.java b/quarkus/runtime/src/main/java/org/keycloak/quarkus/runtime/storage/database/jpa/QuarkusJpaConnectionProviderFactory.java index ef401223e65a..78547faa977e 100644 --- a/quarkus/runtime/src/main/java/org/keycloak/quarkus/runtime/storage/database/jpa/QuarkusJpaConnectionProviderFactory.java +++ b/quarkus/runtime/src/main/java/org/keycloak/quarkus/runtime/storage/database/jpa/QuarkusJpaConnectionProviderFactory.java @@ -27,6 +27,7 @@ import java.sql.ResultSet; import java.sql.SQLException; import java.sql.Statement; +import java.time.Duration; import java.util.LinkedHashMap; import java.util.List; import java.util.Map; @@ -40,6 +41,8 @@ import org.jboss.logging.Logger; import org.keycloak.ServerStartupError; import org.keycloak.common.Version; +import org.keycloak.config.DatabaseOptions; +import org.keycloak.config.database.Database; import org.keycloak.connections.jpa.updater.JpaUpdaterProvider; import org.keycloak.connections.jpa.util.JpaUtils; import org.keycloak.migration.MigrationModelManager; @@ -52,6 +55,7 @@ import org.keycloak.provider.ProviderConfigurationBuilder; import org.keycloak.provider.ServerInfoAwareProviderFactory; import org.keycloak.quarkus.runtime.Environment; +import org.keycloak.quarkus.runtime.configuration.Configuration; /** * @author Stian Thorgersen @@ -124,6 +128,7 @@ public void postInit(KeycloakSessionFactory factory) { } else { Version.RESOURCES_VERSION = id; } + checkMySQLWaitTimeout(); } @Override @@ -292,4 +297,28 @@ private void export(Connection connection, String schema, File databaseUpdateFil dbLock2.releaseLock(); } } + + private void checkMySQLWaitTimeout() { + String db = Configuration.getConfigValue(DatabaseOptions.DB).getValue(); + Database.Vendor vendor = Database.getVendor(db).orElseThrow(); + if (!(Database.Vendor.MYSQL == vendor || Database.Vendor.MARIADB == vendor)) + return; + + try (Connection connection = getConnection(); + Statement statement = connection.createStatement(); + ResultSet rs = statement.executeQuery("SHOW VARIABLES LIKE 'wait_timeout'")) { + if (rs.next()) { + var waitTimeout = rs.getInt(2); + var poolMaxLifetime = Duration.parse(Configuration.getConfigValue(DatabaseOptions.DB_POOL_MAX_LIFETIME).getValue()); + if (poolMaxLifetime.getSeconds() > waitTimeout) { + logger.warnf("%1$s 'wait_timeout=%2$d' is less than the configured '%3$s' duration. " + + "This can cause 'No operations allowed after connection closed' exceptions, which can impact Keycloak operations. " + + "To avoid such issue, it is highly recommended to set '%3$s' to a duration greater than '%2$d' seconds.", + vendor, waitTimeout, DatabaseOptions.DB_POOL_MAX_LIFETIME.getKey(), poolMaxLifetime); + } + } + } catch (SQLException e) { + logger.warnf(e, "Unable to validate %s 'wait_timeout' due to database exception", vendor); + } + } } diff --git a/quarkus/runtime/src/test/java/org/keycloak/quarkus/runtime/cli/PicocliTest.java b/quarkus/runtime/src/test/java/org/keycloak/quarkus/runtime/cli/PicocliTest.java index be38c35f86ba..34350ab2cb90 100644 --- a/quarkus/runtime/src/test/java/org/keycloak/quarkus/runtime/cli/PicocliTest.java +++ b/quarkus/runtime/src/test/java/org/keycloak/quarkus/runtime/cli/PicocliTest.java @@ -262,7 +262,7 @@ public void failUnknownOptionWhitespaceSeparatorNotShowingValue() { assertEquals(CommandLine.ExitCode.USAGE, nonRunningPicocli.exitCode); assertThat(nonRunningPicocli.getErrString(), containsString(Help.defaultColorScheme(Help.Ansi.AUTO) .errorText("Unknown option: '--db-pasword'") - + "\nPossible solutions: --db-url, --db-url-host, --db-url-database, --db-url-port, --db-url-properties, --db-username, --db-password, --db-schema, --db-pool-initial-size, --db-pool-min-size, --db-pool-max-size, --db-debug-jpql, --db-log-slow-queries-threshold, --db-driver, --db")); + + "\nPossible solutions: --db-url, --db-url-host, --db-url-database, --db-url-port, --db-url-properties, --db-username, --db-password, --db-schema, --db-pool-initial-size, --db-pool-min-size, --db-pool-max-size, --db-pool-max-lifetime, --db-debug-jpql, --db-log-slow-queries-threshold, --db-driver, --db")); } @Test @@ -271,7 +271,7 @@ public void failUnknownOptionEqualsSeparatorNotShowingValue() { assertEquals(CommandLine.ExitCode.USAGE, nonRunningPicocli.exitCode); assertThat(nonRunningPicocli.getErrString(), containsString(Help.defaultColorScheme(Help.Ansi.AUTO) .errorText("Unknown option: '--db-pasword'") - + "\nPossible solutions: --db-url, --db-url-host, --db-url-database, --db-url-port, --db-url-properties, --db-username, --db-password, --db-schema, --db-pool-initial-size, --db-pool-min-size, --db-pool-max-size, --db-debug-jpql, --db-log-slow-queries-threshold, --db-driver, --db")); + + "\nPossible solutions: --db-url, --db-url-host, --db-url-database, --db-url-port, --db-url-properties, --db-username, --db-password, --db-schema, --db-pool-initial-size, --db-pool-min-size, --db-pool-max-size, --db-pool-max-lifetime, --db-debug-jpql, --db-log-slow-queries-threshold, --db-driver, --db")); } @Test @@ -281,7 +281,7 @@ public void failWithFirstOptionOnMultipleUnknownOptions() { assertEquals(CommandLine.ExitCode.USAGE, nonRunningPicocli.exitCode); assertThat(nonRunningPicocli.getErrString(), containsString(Help.defaultColorScheme(Help.Ansi.AUTO) .errorText("Unknown option: '--db-pasword'") - + "\nPossible solutions: --db-url, --db-url-host, --db-url-database, --db-url-port, --db-url-properties, --db-username, --db-password, --db-schema, --db-pool-initial-size, --db-pool-min-size, --db-pool-max-size, --db-debug-jpql, --db-log-slow-queries-threshold, --db-driver, --db")); + + "\nPossible solutions: --db-url, --db-url-host, --db-url-database, --db-url-port, --db-url-properties, --db-username, --db-password, --db-schema, --db-pool-initial-size, --db-pool-min-size, --db-pool-max-size, --db-pool-max-lifetime, --db-debug-jpql, --db-log-slow-queries-threshold, --db-driver, --db")); } @Test diff --git a/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testBootstrapAdminService.approved.txt b/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testBootstrapAdminService.approved.txt index b74e6783609d..7b39c1194313 100644 --- a/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testBootstrapAdminService.approved.txt +++ b/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testBootstrapAdminService.approved.txt @@ -46,6 +46,10 @@ Database: The password of the database user. --db-pool-initial-size The initial size of the connection pool. +--db-pool-max-lifetime + The maximum time a connection remains in the pool, after which it will be + closed upon return and replaced as necessary. Requires a ISO 8601 Duration + string. --db-pool-max-size The maximum size of the connection pool. Default: 100. --db-pool-min-size diff --git a/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testBootstrapAdminUser.approved.txt b/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testBootstrapAdminUser.approved.txt index 57b6134479e1..91e85d641d56 100644 --- a/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testBootstrapAdminUser.approved.txt +++ b/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testBootstrapAdminUser.approved.txt @@ -48,6 +48,10 @@ Database: The password of the database user. --db-pool-initial-size The initial size of the connection pool. +--db-pool-max-lifetime + The maximum time a connection remains in the pool, after which it will be + closed upon return and replaced as necessary. Requires a ISO 8601 Duration + string. --db-pool-max-size The maximum size of the connection pool. Default: 100. --db-pool-min-size diff --git a/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testExportHelp.approved.txt b/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testExportHelp.approved.txt index 195b2b893ee5..11f6c9c88039 100644 --- a/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testExportHelp.approved.txt +++ b/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testExportHelp.approved.txt @@ -41,6 +41,10 @@ Database: The password of the database user. --db-pool-initial-size The initial size of the connection pool. +--db-pool-max-lifetime + The maximum time a connection remains in the pool, after which it will be + closed upon return and replaced as necessary. Requires a ISO 8601 Duration + string. --db-pool-max-size The maximum size of the connection pool. Default: 100. --db-pool-min-size diff --git a/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testExportHelpAll.approved.txt b/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testExportHelpAll.approved.txt index 67a62f88c61f..f2d0d79224a5 100644 --- a/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testExportHelpAll.approved.txt +++ b/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testExportHelpAll.approved.txt @@ -41,6 +41,10 @@ Database: The password of the database user. --db-pool-initial-size The initial size of the connection pool. +--db-pool-max-lifetime + The maximum time a connection remains in the pool, after which it will be + closed upon return and replaced as necessary. Requires a ISO 8601 Duration + string. --db-pool-max-size The maximum size of the connection pool. Default: 100. --db-pool-min-size diff --git a/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testImportHelp.approved.txt b/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testImportHelp.approved.txt index e787d2458d64..ee45cecfa7ba 100644 --- a/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testImportHelp.approved.txt +++ b/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testImportHelp.approved.txt @@ -41,6 +41,10 @@ Database: The password of the database user. --db-pool-initial-size The initial size of the connection pool. +--db-pool-max-lifetime + The maximum time a connection remains in the pool, after which it will be + closed upon return and replaced as necessary. Requires a ISO 8601 Duration + string. --db-pool-max-size The maximum size of the connection pool. Default: 100. --db-pool-min-size diff --git a/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testImportHelpAll.approved.txt b/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testImportHelpAll.approved.txt index 36a1b8fcf4c1..3cdf2918860c 100644 --- a/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testImportHelpAll.approved.txt +++ b/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testImportHelpAll.approved.txt @@ -41,6 +41,10 @@ Database: The password of the database user. --db-pool-initial-size The initial size of the connection pool. +--db-pool-max-lifetime + The maximum time a connection remains in the pool, after which it will be + closed upon return and replaced as necessary. Requires a ISO 8601 Duration + string. --db-pool-max-size The maximum size of the connection pool. Default: 100. --db-pool-min-size diff --git a/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testStartDevHelp.approved.txt b/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testStartDevHelp.approved.txt index 9cc753c840ef..55e34c8e8770 100644 --- a/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testStartDevHelp.approved.txt +++ b/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testStartDevHelp.approved.txt @@ -89,6 +89,10 @@ Database: The password of the database user. --db-pool-initial-size The initial size of the connection pool. +--db-pool-max-lifetime + The maximum time a connection remains in the pool, after which it will be + closed upon return and replaced as necessary. Requires a ISO 8601 Duration + string. --db-pool-max-size The maximum size of the connection pool. Default: 100. --db-pool-min-size diff --git a/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testStartDevHelpAll.approved.txt b/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testStartDevHelpAll.approved.txt index ce7482be15de..d7763b2082d0 100644 --- a/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testStartDevHelpAll.approved.txt +++ b/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testStartDevHelpAll.approved.txt @@ -156,6 +156,10 @@ Database: The password of the database user. --db-pool-initial-size The initial size of the connection pool. +--db-pool-max-lifetime + The maximum time a connection remains in the pool, after which it will be + closed upon return and replaced as necessary. Requires a ISO 8601 Duration + string. --db-pool-max-size The maximum size of the connection pool. Default: 100. --db-pool-min-size diff --git a/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testStartHelp.approved.txt b/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testStartHelp.approved.txt index 478ffc06f333..02731eecf65a 100644 --- a/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testStartHelp.approved.txt +++ b/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testStartHelp.approved.txt @@ -137,6 +137,10 @@ Database: The password of the database user. --db-pool-initial-size The initial size of the connection pool. +--db-pool-max-lifetime + The maximum time a connection remains in the pool, after which it will be + closed upon return and replaced as necessary. Requires a ISO 8601 Duration + string. --db-pool-max-size The maximum size of the connection pool. Default: 100. --db-pool-min-size diff --git a/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testStartHelpAll.approved.txt b/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testStartHelpAll.approved.txt index 6140c47ff4d2..201bdf265a5c 100644 --- a/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testStartHelpAll.approved.txt +++ b/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testStartHelpAll.approved.txt @@ -157,6 +157,10 @@ Database: The password of the database user. --db-pool-initial-size The initial size of the connection pool. +--db-pool-max-lifetime + The maximum time a connection remains in the pool, after which it will be + closed upon return and replaced as necessary. Requires a ISO 8601 Duration + string. --db-pool-max-size The maximum size of the connection pool. Default: 100. --db-pool-min-size diff --git a/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testStartOptimizedHelp.approved.txt b/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testStartOptimizedHelp.approved.txt index f640a544bdfb..3c7cedaaa2ae 100644 --- a/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testStartOptimizedHelp.approved.txt +++ b/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testStartOptimizedHelp.approved.txt @@ -131,6 +131,10 @@ Database: The password of the database user. --db-pool-initial-size The initial size of the connection pool. +--db-pool-max-lifetime + The maximum time a connection remains in the pool, after which it will be + closed upon return and replaced as necessary. Requires a ISO 8601 Duration + string. --db-pool-max-size The maximum size of the connection pool. Default: 100. --db-pool-min-size diff --git a/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testStartOptimizedHelpAll.approved.txt b/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testStartOptimizedHelpAll.approved.txt index 142d2d3b3ef6..136903246e52 100644 --- a/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testStartOptimizedHelpAll.approved.txt +++ b/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testStartOptimizedHelpAll.approved.txt @@ -151,6 +151,10 @@ Database: The password of the database user. --db-pool-initial-size The initial size of the connection pool. +--db-pool-max-lifetime + The maximum time a connection remains in the pool, after which it will be + closed upon return and replaced as necessary. Requires a ISO 8601 Duration + string. --db-pool-max-size The maximum size of the connection pool. Default: 100. --db-pool-min-size diff --git a/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testUpdateCompatibilityCheckHelp.approved.txt b/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testUpdateCompatibilityCheckHelp.approved.txt index 9372defb2a5a..edd57f38db45 100644 --- a/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testUpdateCompatibilityCheckHelp.approved.txt +++ b/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testUpdateCompatibilityCheckHelp.approved.txt @@ -136,6 +136,10 @@ Database: The password of the database user. --db-pool-initial-size The initial size of the connection pool. +--db-pool-max-lifetime + The maximum time a connection remains in the pool, after which it will be + closed upon return and replaced as necessary. Requires a ISO 8601 Duration + string. --db-pool-max-size The maximum size of the connection pool. Default: 100. --db-pool-min-size diff --git a/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testUpdateCompatibilityCheckHelpAll.approved.txt b/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testUpdateCompatibilityCheckHelpAll.approved.txt index 4d63b37af82b..c40d4eb11e50 100644 --- a/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testUpdateCompatibilityCheckHelpAll.approved.txt +++ b/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testUpdateCompatibilityCheckHelpAll.approved.txt @@ -156,6 +156,10 @@ Database: The password of the database user. --db-pool-initial-size The initial size of the connection pool. +--db-pool-max-lifetime + The maximum time a connection remains in the pool, after which it will be + closed upon return and replaced as necessary. Requires a ISO 8601 Duration + string. --db-pool-max-size The maximum size of the connection pool. Default: 100. --db-pool-min-size diff --git a/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testUpdateCompatibilityMetadataHelp.approved.txt b/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testUpdateCompatibilityMetadataHelp.approved.txt index 5c32f8dc7e66..d6644c8a4acf 100644 --- a/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testUpdateCompatibilityMetadataHelp.approved.txt +++ b/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testUpdateCompatibilityMetadataHelp.approved.txt @@ -134,6 +134,10 @@ Database: The password of the database user. --db-pool-initial-size The initial size of the connection pool. +--db-pool-max-lifetime + The maximum time a connection remains in the pool, after which it will be + closed upon return and replaced as necessary. Requires a ISO 8601 Duration + string. --db-pool-max-size The maximum size of the connection pool. Default: 100. --db-pool-min-size diff --git a/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testUpdateCompatibilityMetadataHelpAll.approved.txt b/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testUpdateCompatibilityMetadataHelpAll.approved.txt index ad480fe78c50..26f9a303ccd5 100644 --- a/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testUpdateCompatibilityMetadataHelpAll.approved.txt +++ b/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testUpdateCompatibilityMetadataHelpAll.approved.txt @@ -154,6 +154,10 @@ Database: The password of the database user. --db-pool-initial-size The initial size of the connection pool. +--db-pool-max-lifetime + The maximum time a connection remains in the pool, after which it will be + closed upon return and replaced as necessary. Requires a ISO 8601 Duration + string. --db-pool-max-size The maximum size of the connection pool. Default: 100. --db-pool-min-size From 6f8921c5dacbbf486233c2529c4346ebee44ea77 Mon Sep 17 00:00:00 2001 From: Alexander Schwartz Date: Mon, 15 Sep 2025 21:10:50 +0200 Subject: [PATCH 2/8] Adding tests Signed-off-by: Alexander Schwartz --- .../keycloak/it/storage/database/dist/MariaDBDistTest.java | 7 +++++++ .../keycloak/it/storage/database/dist/MySQLDistTest.java | 7 +++++++ 2 files changed, 14 insertions(+) diff --git a/quarkus/tests/integration/src/test/java/org/keycloak/it/storage/database/dist/MariaDBDistTest.java b/quarkus/tests/integration/src/test/java/org/keycloak/it/storage/database/dist/MariaDBDistTest.java index 4a80f633b49a..bb11f983995e 100644 --- a/quarkus/tests/integration/src/test/java/org/keycloak/it/storage/database/dist/MariaDBDistTest.java +++ b/quarkus/tests/integration/src/test/java/org/keycloak/it/storage/database/dist/MariaDBDistTest.java @@ -47,4 +47,11 @@ public void testKeycloakDbUpdateScript(CLIResult cliResult, RawDistRootPath rawD assertManualDbInitialization(cliResult, rawDistRootPath); } + @Tag(DistributionTest.STORAGE) + @Test + @Launch({"start", AbstractAutoBuildCommand.OPTIMIZED_BUILD_OPTION_LONG, "--http-enabled=true", "--hostname-strict=false", "--db-pool-max-lifetime=28800"}) + public void testWarningForTooShortLifetime(CLIResult cliResult) { + cliResult.assertMessage("set 'db-pool-max-lifetime' to a duration smaller than '28800' seconds."); + } + } diff --git a/quarkus/tests/integration/src/test/java/org/keycloak/it/storage/database/dist/MySQLDistTest.java b/quarkus/tests/integration/src/test/java/org/keycloak/it/storage/database/dist/MySQLDistTest.java index 7f7dd78c3164..88d8f364e823 100644 --- a/quarkus/tests/integration/src/test/java/org/keycloak/it/storage/database/dist/MySQLDistTest.java +++ b/quarkus/tests/integration/src/test/java/org/keycloak/it/storage/database/dist/MySQLDistTest.java @@ -29,4 +29,11 @@ protected void testSuccessful(CLIResult result) { public void testKeycloakDbUpdateScript(CLIResult cliResult, RawDistRootPath rawDistRootPath) { assertManualDbInitialization(cliResult, rawDistRootPath); } + + @Tag(DistributionTest.STORAGE) + @Test + @Launch({"start", AbstractAutoBuildCommand.OPTIMIZED_BUILD_OPTION_LONG, "--http-enabled=true", "--hostname-strict=false", "--db-pool-max-lifetime=28800"}) + public void testWarningForTooShortLifetime(CLIResult cliResult) { + cliResult.assertMessage("set 'db-pool-max-lifetime' to a duration smaller than '28800' seconds."); + } } From f121e412d93cd486b63132a5653d557f36a2d90e Mon Sep 17 00:00:00 2001 From: Alexander Schwartz Date: Mon, 15 Sep 2025 21:11:54 +0200 Subject: [PATCH 3/8] Adjusted duration converter, message and comparison Signed-off-by: Alexander Schwartz --- .../jpa/QuarkusJpaConnectionProviderFactory.java | 13 +++++++------ 1 file changed, 7 insertions(+), 6 deletions(-) diff --git a/quarkus/runtime/src/main/java/org/keycloak/quarkus/runtime/storage/database/jpa/QuarkusJpaConnectionProviderFactory.java b/quarkus/runtime/src/main/java/org/keycloak/quarkus/runtime/storage/database/jpa/QuarkusJpaConnectionProviderFactory.java index 78547faa977e..79860aa80fff 100644 --- a/quarkus/runtime/src/main/java/org/keycloak/quarkus/runtime/storage/database/jpa/QuarkusJpaConnectionProviderFactory.java +++ b/quarkus/runtime/src/main/java/org/keycloak/quarkus/runtime/storage/database/jpa/QuarkusJpaConnectionProviderFactory.java @@ -27,11 +27,11 @@ import java.sql.ResultSet; import java.sql.SQLException; import java.sql.Statement; -import java.time.Duration; import java.util.LinkedHashMap; import java.util.List; import java.util.Map; +import io.quarkus.runtime.configuration.DurationConverter; import jakarta.enterprise.inject.Instance; import jakarta.persistence.EntityManager; import jakarta.persistence.EntityManagerFactory; @@ -98,6 +98,8 @@ private void addSpecificNamedQueries(KeycloakSession session) { public void postInit(KeycloakSessionFactory factory) { super.postInit(factory); + checkMySQLWaitTimeout(); + String id = null; String version = null; String schema = getSchema(); @@ -128,7 +130,6 @@ public void postInit(KeycloakSessionFactory factory) { } else { Version.RESOURCES_VERSION = id; } - checkMySQLWaitTimeout(); } @Override @@ -309,11 +310,11 @@ private void checkMySQLWaitTimeout() { ResultSet rs = statement.executeQuery("SHOW VARIABLES LIKE 'wait_timeout'")) { if (rs.next()) { var waitTimeout = rs.getInt(2); - var poolMaxLifetime = Duration.parse(Configuration.getConfigValue(DatabaseOptions.DB_POOL_MAX_LIFETIME).getValue()); - if (poolMaxLifetime.getSeconds() > waitTimeout) { - logger.warnf("%1$s 'wait_timeout=%2$d' is less than the configured '%3$s' duration. " + + var poolMaxLifetime = DurationConverter.parseDuration(Configuration.getConfigValue(DatabaseOptions.DB_POOL_MAX_LIFETIME).getValue()); + if (poolMaxLifetime.getSeconds() >= waitTimeout) { + logger.warnf("%1$s 'wait_timeout=%2$d' is less or equal than the configured '%3$s' duration. " + "This can cause 'No operations allowed after connection closed' exceptions, which can impact Keycloak operations. " + - "To avoid such issue, it is highly recommended to set '%3$s' to a duration greater than '%2$d' seconds.", + "To avoid such issue, set '%3$s' to a duration smaller than '%2$d' seconds.", vendor, waitTimeout, DatabaseOptions.DB_POOL_MAX_LIFETIME.getKey(), poolMaxLifetime); } } From 68eb598b183ecc7938d0cd0054508db366c4455d Mon Sep 17 00:00:00 2001 From: Alexander Schwartz Date: Mon, 15 Sep 2025 21:12:03 +0200 Subject: [PATCH 4/8] Updated test Signed-off-by: Alexander Schwartz --- quarkus/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/quarkus/README.md b/quarkus/README.md index a3466111d068..f97368de258e 100644 --- a/quarkus/README.md +++ b/quarkus/README.md @@ -111,7 +111,7 @@ There are also some container based tests to check if Keycloak starts using one These tests are disabled by default. They using Quarkus development mode predefined database containers by default and can be run in the `tests` subdirectory by using e.g. - ../mvnw clean install -Dkc.test.storage.database=true -Dtest=MariaDBStartDatabaseTest + ../../mvnw clean install -Ptest-database -Dtest=MariaDBDistTest to spin up a MariaDB container and start Keycloak with it. From 3fccb9ac04e816a3309d99618569fbdba2f85490 Mon Sep 17 00:00:00 2001 From: Alexander Schwartz Date: Mon, 15 Sep 2025 21:13:24 +0200 Subject: [PATCH 5/8] Refactoring description to match Quarkus behavior Signed-off-by: Alexander Schwartz --- .../org/keycloak/config/DatabaseOptions.java | 4 +++- .../java/org/keycloak/config/HttpOptions.java | 4 +++- .../keycloak/config/ManagementOptions.java | 6 +++-- .../java/org/keycloak/config/OptionsUtil.java | 22 +++++++++++++++++++ 4 files changed, 32 insertions(+), 4 deletions(-) create mode 100644 quarkus/config-api/src/main/java/org/keycloak/config/OptionsUtil.java diff --git a/quarkus/config-api/src/main/java/org/keycloak/config/DatabaseOptions.java b/quarkus/config-api/src/main/java/org/keycloak/config/DatabaseOptions.java index 33ffc1b098a4..9e7aa9357948 100644 --- a/quarkus/config-api/src/main/java/org/keycloak/config/DatabaseOptions.java +++ b/quarkus/config-api/src/main/java/org/keycloak/config/DatabaseOptions.java @@ -8,6 +8,8 @@ import java.util.Optional; import java.util.function.Consumer; +import static org.keycloak.config.OptionsUtil.DURATION_DESCRIPTION; + public class DatabaseOptions { public static final Option DB_DIALECT = new OptionBuilder<>("db-dialect", String.class) @@ -91,7 +93,7 @@ public class DatabaseOptions { public static final Option DB_POOL_MAX_LIFETIME = new OptionBuilder<>("db-pool-max-lifetime", String.class) .category(OptionCategory.DATABASE) - .description("The maximum time a connection remains in the pool, after which it will be closed upon return and replaced as necessary. Requires a ISO 8601 Duration string.") + .description("The maximum time a connection remains in the pool, after which it will be closed upon return and replaced as necessary. " + DURATION_DESCRIPTION) .build(); public static final Option DB_SQL_JPA_DEBUG = new OptionBuilder<>("db-debug-jpql", Boolean.class) diff --git a/quarkus/config-api/src/main/java/org/keycloak/config/HttpOptions.java b/quarkus/config-api/src/main/java/org/keycloak/config/HttpOptions.java index 1d8c56460687..9b0258c232d5 100644 --- a/quarkus/config-api/src/main/java/org/keycloak/config/HttpOptions.java +++ b/quarkus/config-api/src/main/java/org/keycloak/config/HttpOptions.java @@ -6,6 +6,8 @@ import org.keycloak.common.crypto.FipsMode; +import static org.keycloak.config.OptionsUtil.DURATION_DESCRIPTION; + public class HttpOptions { public static final Option HTTP_ENABLED = new OptionBuilder<>("http-enabled", Boolean.class) @@ -65,7 +67,7 @@ public enum ClientAuth { public static final Option HTTPS_CERTIFICATES_RELOAD_PERIOD = new OptionBuilder<>("https-certificates-reload-period", String.class) .category(OptionCategory.HTTP) - .description("Interval on which to reload key store, trust store, and certificate files referenced by https-* options. May be a java.time.Duration value, an integer number of seconds, or an integer followed by one of [ms, h, m, s, d]. Must be greater than 30 seconds. Use -1 to disable.") + .description("Interval on which to reload key store, trust store, and certificate files referenced by https-* options. " + DURATION_DESCRIPTION + " Must be greater than 30 seconds. Use -1 to disable.") .defaultValue("1h") .build(); diff --git a/quarkus/config-api/src/main/java/org/keycloak/config/ManagementOptions.java b/quarkus/config-api/src/main/java/org/keycloak/config/ManagementOptions.java index ec20e25ae8ac..0fabf25ebd22 100644 --- a/quarkus/config-api/src/main/java/org/keycloak/config/ManagementOptions.java +++ b/quarkus/config-api/src/main/java/org/keycloak/config/ManagementOptions.java @@ -19,6 +19,8 @@ import java.io.File; import java.util.List; +import static org.keycloak.config.OptionsUtil.DURATION_DESCRIPTION; + /** * Options for the management interface that handles management endpoints (f.e. health and metrics endpoints) */ @@ -105,8 +107,8 @@ public enum Scheme { public static final Option HTTPS_MANAGEMENT_CERTIFICATES_RELOAD_PERIOD = new OptionBuilder<>("https-management-certificates-reload-period", String.class) .category(OptionCategory.MANAGEMENT) .description("Interval on which to reload key store, trust store, and certificate files referenced by https-management-* options for the management server. " + - "May be a java.time.Duration value, an integer number of seconds, or an integer followed by one of [ms, h, m, s, d]. " + - "Must be greater than 30 seconds. Use -1 to disable. " + + DURATION_DESCRIPTION + + " Must be greater than 30 seconds. Use -1 to disable. " + "If not given, the value is inherited from HTTP options. " + RELEVANT_MSG) .defaultValue("1h") .build(); diff --git a/quarkus/config-api/src/main/java/org/keycloak/config/OptionsUtil.java b/quarkus/config-api/src/main/java/org/keycloak/config/OptionsUtil.java new file mode 100644 index 000000000000..a36bf2f533c8 --- /dev/null +++ b/quarkus/config-api/src/main/java/org/keycloak/config/OptionsUtil.java @@ -0,0 +1,22 @@ +/* + * Copyright 2025 Red Hat, Inc. and/or its affiliates + * and other contributors as indicated by the @author tags. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.keycloak.config; + +public interface OptionsUtil { + String DURATION_DESCRIPTION = "May be an ISO 8601 duration value, an integer number of seconds, or an integer followed by one of [ms, h, m, s, d]."; +} From 3111665591d3ab3c77887c935bfbab66a8342ba3 Mon Sep 17 00:00:00 2001 From: Alexander Schwartz Date: Mon, 15 Sep 2025 21:21:24 +0200 Subject: [PATCH 6/8] Updated texts Signed-off-by: Alexander Schwartz --- ...andDistTest.testBootstrapAdminService.approved.txt | 9 +++++---- ...ommandDistTest.testBootstrapAdminUser.approved.txt | 9 +++++---- .../HelpCommandDistTest.testExportHelp.approved.txt | 9 +++++---- ...HelpCommandDistTest.testExportHelpAll.approved.txt | 9 +++++---- .../HelpCommandDistTest.testImportHelp.approved.txt | 9 +++++---- ...HelpCommandDistTest.testImportHelpAll.approved.txt | 9 +++++---- .../HelpCommandDistTest.testStartDevHelp.approved.txt | 11 ++++++----- ...lpCommandDistTest.testStartDevHelpAll.approved.txt | 11 ++++++----- .../HelpCommandDistTest.testStartHelp.approved.txt | 11 ++++++----- .../HelpCommandDistTest.testStartHelpAll.approved.txt | 11 ++++++----- ...ommandDistTest.testStartOptimizedHelp.approved.txt | 11 ++++++----- ...andDistTest.testStartOptimizedHelpAll.approved.txt | 11 ++++++----- ...Test.testUpdateCompatibilityCheckHelp.approved.txt | 11 ++++++----- ...t.testUpdateCompatibilityCheckHelpAll.approved.txt | 11 ++++++----- ...t.testUpdateCompatibilityMetadataHelp.approved.txt | 11 ++++++----- ...estUpdateCompatibilityMetadataHelpAll.approved.txt | 11 ++++++----- 16 files changed, 90 insertions(+), 74 deletions(-) diff --git a/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testBootstrapAdminService.approved.txt b/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testBootstrapAdminService.approved.txt index 7b39c1194313..0f32ce431980 100644 --- a/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testBootstrapAdminService.approved.txt +++ b/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testBootstrapAdminService.approved.txt @@ -48,8 +48,9 @@ Database: The initial size of the connection pool. --db-pool-max-lifetime The maximum time a connection remains in the pool, after which it will be - closed upon return and replaced as necessary. Requires a ISO 8601 Duration - string. + closed upon return and replaced as necessary. May be an ISO 8601 duration + value, an integer number of seconds, or an integer followed by one of [ms, + h, m, s, d]. --db-pool-max-size The maximum size of the connection pool. Default: 100. --db-pool-min-size @@ -179,8 +180,8 @@ Management: details. Available only when http-management-scheme is inherited. --https-management-certificates-reload-period Interval on which to reload key store, trust store, and certificate files - referenced by https-management-* options for the management server. May be a - java.time.Duration value, an integer number of seconds, or an integer + referenced by https-management-* options for the management server. May be + an ISO 8601 duration value, an integer number of seconds, or an integer followed by one of [ms, h, m, s, d]. Must be greater than 30 seconds. Use -1 to disable. If not given, the value is inherited from HTTP options. Relevant only when something is exposed on the management interface - see the guide diff --git a/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testBootstrapAdminUser.approved.txt b/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testBootstrapAdminUser.approved.txt index 91e85d641d56..178c2f0de14c 100644 --- a/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testBootstrapAdminUser.approved.txt +++ b/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testBootstrapAdminUser.approved.txt @@ -50,8 +50,9 @@ Database: The initial size of the connection pool. --db-pool-max-lifetime The maximum time a connection remains in the pool, after which it will be - closed upon return and replaced as necessary. Requires a ISO 8601 Duration - string. + closed upon return and replaced as necessary. May be an ISO 8601 duration + value, an integer number of seconds, or an integer followed by one of [ms, + h, m, s, d]. --db-pool-max-size The maximum size of the connection pool. Default: 100. --db-pool-min-size @@ -181,8 +182,8 @@ Management: details. Available only when http-management-scheme is inherited. --https-management-certificates-reload-period Interval on which to reload key store, trust store, and certificate files - referenced by https-management-* options for the management server. May be a - java.time.Duration value, an integer number of seconds, or an integer + referenced by https-management-* options for the management server. May be + an ISO 8601 duration value, an integer number of seconds, or an integer followed by one of [ms, h, m, s, d]. Must be greater than 30 seconds. Use -1 to disable. If not given, the value is inherited from HTTP options. Relevant only when something is exposed on the management interface - see the guide diff --git a/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testExportHelp.approved.txt b/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testExportHelp.approved.txt index 11f6c9c88039..7d4a166b5d91 100644 --- a/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testExportHelp.approved.txt +++ b/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testExportHelp.approved.txt @@ -43,8 +43,9 @@ Database: The initial size of the connection pool. --db-pool-max-lifetime The maximum time a connection remains in the pool, after which it will be - closed upon return and replaced as necessary. Requires a ISO 8601 Duration - string. + closed upon return and replaced as necessary. May be an ISO 8601 duration + value, an integer number of seconds, or an integer followed by one of [ms, + h, m, s, d]. --db-pool-max-size The maximum size of the connection pool. Default: 100. --db-pool-min-size @@ -174,8 +175,8 @@ Management: details. Available only when http-management-scheme is inherited. --https-management-certificates-reload-period Interval on which to reload key store, trust store, and certificate files - referenced by https-management-* options for the management server. May be a - java.time.Duration value, an integer number of seconds, or an integer + referenced by https-management-* options for the management server. May be + an ISO 8601 duration value, an integer number of seconds, or an integer followed by one of [ms, h, m, s, d]. Must be greater than 30 seconds. Use -1 to disable. If not given, the value is inherited from HTTP options. Relevant only when something is exposed on the management interface - see the guide diff --git a/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testExportHelpAll.approved.txt b/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testExportHelpAll.approved.txt index f2d0d79224a5..f7acf31374e7 100644 --- a/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testExportHelpAll.approved.txt +++ b/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testExportHelpAll.approved.txt @@ -43,8 +43,9 @@ Database: The initial size of the connection pool. --db-pool-max-lifetime The maximum time a connection remains in the pool, after which it will be - closed upon return and replaced as necessary. Requires a ISO 8601 Duration - string. + closed upon return and replaced as necessary. May be an ISO 8601 duration + value, an integer number of seconds, or an integer followed by one of [ms, + h, m, s, d]. --db-pool-max-size The maximum size of the connection pool. Default: 100. --db-pool-min-size @@ -188,8 +189,8 @@ Management: details. Available only when http-management-scheme is inherited. --https-management-certificates-reload-period Interval on which to reload key store, trust store, and certificate files - referenced by https-management-* options for the management server. May be a - java.time.Duration value, an integer number of seconds, or an integer + referenced by https-management-* options for the management server. May be + an ISO 8601 duration value, an integer number of seconds, or an integer followed by one of [ms, h, m, s, d]. Must be greater than 30 seconds. Use -1 to disable. If not given, the value is inherited from HTTP options. Relevant only when something is exposed on the management interface - see the guide diff --git a/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testImportHelp.approved.txt b/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testImportHelp.approved.txt index ee45cecfa7ba..e212c032116c 100644 --- a/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testImportHelp.approved.txt +++ b/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testImportHelp.approved.txt @@ -43,8 +43,9 @@ Database: The initial size of the connection pool. --db-pool-max-lifetime The maximum time a connection remains in the pool, after which it will be - closed upon return and replaced as necessary. Requires a ISO 8601 Duration - string. + closed upon return and replaced as necessary. May be an ISO 8601 duration + value, an integer number of seconds, or an integer followed by one of [ms, + h, m, s, d]. --db-pool-max-size The maximum size of the connection pool. Default: 100. --db-pool-min-size @@ -174,8 +175,8 @@ Management: details. Available only when http-management-scheme is inherited. --https-management-certificates-reload-period Interval on which to reload key store, trust store, and certificate files - referenced by https-management-* options for the management server. May be a - java.time.Duration value, an integer number of seconds, or an integer + referenced by https-management-* options for the management server. May be + an ISO 8601 duration value, an integer number of seconds, or an integer followed by one of [ms, h, m, s, d]. Must be greater than 30 seconds. Use -1 to disable. If not given, the value is inherited from HTTP options. Relevant only when something is exposed on the management interface - see the guide diff --git a/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testImportHelpAll.approved.txt b/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testImportHelpAll.approved.txt index 3cdf2918860c..dd3d9433e9fe 100644 --- a/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testImportHelpAll.approved.txt +++ b/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testImportHelpAll.approved.txt @@ -43,8 +43,9 @@ Database: The initial size of the connection pool. --db-pool-max-lifetime The maximum time a connection remains in the pool, after which it will be - closed upon return and replaced as necessary. Requires a ISO 8601 Duration - string. + closed upon return and replaced as necessary. May be an ISO 8601 duration + value, an integer number of seconds, or an integer followed by one of [ms, + h, m, s, d]. --db-pool-max-size The maximum size of the connection pool. Default: 100. --db-pool-min-size @@ -188,8 +189,8 @@ Management: details. Available only when http-management-scheme is inherited. --https-management-certificates-reload-period Interval on which to reload key store, trust store, and certificate files - referenced by https-management-* options for the management server. May be a - java.time.Duration value, an integer number of seconds, or an integer + referenced by https-management-* options for the management server. May be + an ISO 8601 duration value, an integer number of seconds, or an integer followed by one of [ms, h, m, s, d]. Must be greater than 30 seconds. Use -1 to disable. If not given, the value is inherited from HTTP options. Relevant only when something is exposed on the management interface - see the guide diff --git a/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testStartDevHelp.approved.txt b/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testStartDevHelp.approved.txt index 55e34c8e8770..ceeec660f171 100644 --- a/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testStartDevHelp.approved.txt +++ b/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testStartDevHelp.approved.txt @@ -91,8 +91,9 @@ Database: The initial size of the connection pool. --db-pool-max-lifetime The maximum time a connection remains in the pool, after which it will be - closed upon return and replaced as necessary. Requires a ISO 8601 Duration - string. + closed upon return and replaced as necessary. May be an ISO 8601 duration + value, an integer number of seconds, or an integer followed by one of [ms, + h, m, s, d]. --db-pool-max-size The maximum size of the connection pool. Default: 100. --db-pool-min-size @@ -239,7 +240,7 @@ HTTP(S): The file path to a private key in PEM format. --https-certificates-reload-period Interval on which to reload key store, trust store, and certificate files - referenced by https-* options. May be a java.time.Duration value, an integer + referenced by https-* options. May be an ISO 8601 duration value, an integer number of seconds, or an integer followed by one of [ms, h, m, s, d]. Must be greater than 30 seconds. Use -1 to disable. Default: 1h. --https-cipher-suites @@ -311,8 +312,8 @@ Management: details. Available only when http-management-scheme is inherited. --https-management-certificates-reload-period Interval on which to reload key store, trust store, and certificate files - referenced by https-management-* options for the management server. May be a - java.time.Duration value, an integer number of seconds, or an integer + referenced by https-management-* options for the management server. May be + an ISO 8601 duration value, an integer number of seconds, or an integer followed by one of [ms, h, m, s, d]. Must be greater than 30 seconds. Use -1 to disable. If not given, the value is inherited from HTTP options. Relevant only when something is exposed on the management interface - see the guide diff --git a/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testStartDevHelpAll.approved.txt b/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testStartDevHelpAll.approved.txt index d7763b2082d0..10f93552ed5c 100644 --- a/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testStartDevHelpAll.approved.txt +++ b/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testStartDevHelpAll.approved.txt @@ -158,8 +158,9 @@ Database: The initial size of the connection pool. --db-pool-max-lifetime The maximum time a connection remains in the pool, after which it will be - closed upon return and replaced as necessary. Requires a ISO 8601 Duration - string. + closed upon return and replaced as necessary. May be an ISO 8601 duration + value, an integer number of seconds, or an integer followed by one of [ms, + h, m, s, d]. --db-pool-max-size The maximum size of the connection pool. Default: 100. --db-pool-min-size @@ -315,7 +316,7 @@ HTTP(S): The file path to a private key in PEM format. --https-certificates-reload-period Interval on which to reload key store, trust store, and certificate files - referenced by https-* options. May be a java.time.Duration value, an integer + referenced by https-* options. May be an ISO 8601 duration value, an integer number of seconds, or an integer followed by one of [ms, h, m, s, d]. Must be greater than 30 seconds. Use -1 to disable. Default: 1h. --https-cipher-suites @@ -401,8 +402,8 @@ Management: details. Available only when http-management-scheme is inherited. --https-management-certificates-reload-period Interval on which to reload key store, trust store, and certificate files - referenced by https-management-* options for the management server. May be a - java.time.Duration value, an integer number of seconds, or an integer + referenced by https-management-* options for the management server. May be + an ISO 8601 duration value, an integer number of seconds, or an integer followed by one of [ms, h, m, s, d]. Must be greater than 30 seconds. Use -1 to disable. If not given, the value is inherited from HTTP options. Relevant only when something is exposed on the management interface - see the guide diff --git a/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testStartHelp.approved.txt b/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testStartHelp.approved.txt index 02731eecf65a..4be02504111c 100644 --- a/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testStartHelp.approved.txt +++ b/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testStartHelp.approved.txt @@ -139,8 +139,9 @@ Database: The initial size of the connection pool. --db-pool-max-lifetime The maximum time a connection remains in the pool, after which it will be - closed upon return and replaced as necessary. Requires a ISO 8601 Duration - string. + closed upon return and replaced as necessary. May be an ISO 8601 duration + value, an integer number of seconds, or an integer followed by one of [ms, + h, m, s, d]. --db-pool-max-size The maximum size of the connection pool. Default: 100. --db-pool-min-size @@ -287,7 +288,7 @@ HTTP(S): The file path to a private key in PEM format. --https-certificates-reload-period Interval on which to reload key store, trust store, and certificate files - referenced by https-* options. May be a java.time.Duration value, an integer + referenced by https-* options. May be an ISO 8601 duration value, an integer number of seconds, or an integer followed by one of [ms, h, m, s, d]. Must be greater than 30 seconds. Use -1 to disable. Default: 1h. --https-cipher-suites @@ -359,8 +360,8 @@ Management: details. Available only when http-management-scheme is inherited. --https-management-certificates-reload-period Interval on which to reload key store, trust store, and certificate files - referenced by https-management-* options for the management server. May be a - java.time.Duration value, an integer number of seconds, or an integer + referenced by https-management-* options for the management server. May be + an ISO 8601 duration value, an integer number of seconds, or an integer followed by one of [ms, h, m, s, d]. Must be greater than 30 seconds. Use -1 to disable. If not given, the value is inherited from HTTP options. Relevant only when something is exposed on the management interface - see the guide diff --git a/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testStartHelpAll.approved.txt b/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testStartHelpAll.approved.txt index 201bdf265a5c..70e49a636db5 100644 --- a/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testStartHelpAll.approved.txt +++ b/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testStartHelpAll.approved.txt @@ -159,8 +159,9 @@ Database: The initial size of the connection pool. --db-pool-max-lifetime The maximum time a connection remains in the pool, after which it will be - closed upon return and replaced as necessary. Requires a ISO 8601 Duration - string. + closed upon return and replaced as necessary. May be an ISO 8601 duration + value, an integer number of seconds, or an integer followed by one of [ms, + h, m, s, d]. --db-pool-max-size The maximum size of the connection pool. Default: 100. --db-pool-min-size @@ -316,7 +317,7 @@ HTTP(S): The file path to a private key in PEM format. --https-certificates-reload-period Interval on which to reload key store, trust store, and certificate files - referenced by https-* options. May be a java.time.Duration value, an integer + referenced by https-* options. May be an ISO 8601 duration value, an integer number of seconds, or an integer followed by one of [ms, h, m, s, d]. Must be greater than 30 seconds. Use -1 to disable. Default: 1h. --https-cipher-suites @@ -402,8 +403,8 @@ Management: details. Available only when http-management-scheme is inherited. --https-management-certificates-reload-period Interval on which to reload key store, trust store, and certificate files - referenced by https-management-* options for the management server. May be a - java.time.Duration value, an integer number of seconds, or an integer + referenced by https-management-* options for the management server. May be + an ISO 8601 duration value, an integer number of seconds, or an integer followed by one of [ms, h, m, s, d]. Must be greater than 30 seconds. Use -1 to disable. If not given, the value is inherited from HTTP options. Relevant only when something is exposed on the management interface - see the guide diff --git a/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testStartOptimizedHelp.approved.txt b/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testStartOptimizedHelp.approved.txt index 3c7cedaaa2ae..eeddb8b3d15b 100644 --- a/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testStartOptimizedHelp.approved.txt +++ b/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testStartOptimizedHelp.approved.txt @@ -133,8 +133,9 @@ Database: The initial size of the connection pool. --db-pool-max-lifetime The maximum time a connection remains in the pool, after which it will be - closed upon return and replaced as necessary. Requires a ISO 8601 Duration - string. + closed upon return and replaced as necessary. May be an ISO 8601 duration + value, an integer number of seconds, or an integer followed by one of [ms, + h, m, s, d]. --db-pool-max-size The maximum size of the connection pool. Default: 100. --db-pool-min-size @@ -256,7 +257,7 @@ HTTP(S): The file path to a private key in PEM format. --https-certificates-reload-period Interval on which to reload key store, trust store, and certificate files - referenced by https-* options. May be a java.time.Duration value, an integer + referenced by https-* options. May be an ISO 8601 duration value, an integer number of seconds, or an integer followed by one of [ms, h, m, s, d]. Must be greater than 30 seconds. Use -1 to disable. Default: 1h. --https-cipher-suites @@ -313,8 +314,8 @@ Management: details. Available only when http-management-scheme is inherited. --https-management-certificates-reload-period Interval on which to reload key store, trust store, and certificate files - referenced by https-management-* options for the management server. May be a - java.time.Duration value, an integer number of seconds, or an integer + referenced by https-management-* options for the management server. May be + an ISO 8601 duration value, an integer number of seconds, or an integer followed by one of [ms, h, m, s, d]. Must be greater than 30 seconds. Use -1 to disable. If not given, the value is inherited from HTTP options. Relevant only when something is exposed on the management interface - see the guide diff --git a/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testStartOptimizedHelpAll.approved.txt b/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testStartOptimizedHelpAll.approved.txt index 136903246e52..915739daf2c0 100644 --- a/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testStartOptimizedHelpAll.approved.txt +++ b/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testStartOptimizedHelpAll.approved.txt @@ -153,8 +153,9 @@ Database: The initial size of the connection pool. --db-pool-max-lifetime The maximum time a connection remains in the pool, after which it will be - closed upon return and replaced as necessary. Requires a ISO 8601 Duration - string. + closed upon return and replaced as necessary. May be an ISO 8601 duration + value, an integer number of seconds, or an integer followed by one of [ms, + h, m, s, d]. --db-pool-max-size The maximum size of the connection pool. Default: 100. --db-pool-min-size @@ -285,7 +286,7 @@ HTTP(S): The file path to a private key in PEM format. --https-certificates-reload-period Interval on which to reload key store, trust store, and certificate files - referenced by https-* options. May be a java.time.Duration value, an integer + referenced by https-* options. May be an ISO 8601 duration value, an integer number of seconds, or an integer followed by one of [ms, h, m, s, d]. Must be greater than 30 seconds. Use -1 to disable. Default: 1h. --https-cipher-suites @@ -352,8 +353,8 @@ Management: details. Available only when http-management-scheme is inherited. --https-management-certificates-reload-period Interval on which to reload key store, trust store, and certificate files - referenced by https-management-* options for the management server. May be a - java.time.Duration value, an integer number of seconds, or an integer + referenced by https-management-* options for the management server. May be + an ISO 8601 duration value, an integer number of seconds, or an integer followed by one of [ms, h, m, s, d]. Must be greater than 30 seconds. Use -1 to disable. If not given, the value is inherited from HTTP options. Relevant only when something is exposed on the management interface - see the guide diff --git a/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testUpdateCompatibilityCheckHelp.approved.txt b/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testUpdateCompatibilityCheckHelp.approved.txt index edd57f38db45..dc0be0381cfd 100644 --- a/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testUpdateCompatibilityCheckHelp.approved.txt +++ b/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testUpdateCompatibilityCheckHelp.approved.txt @@ -138,8 +138,9 @@ Database: The initial size of the connection pool. --db-pool-max-lifetime The maximum time a connection remains in the pool, after which it will be - closed upon return and replaced as necessary. Requires a ISO 8601 Duration - string. + closed upon return and replaced as necessary. May be an ISO 8601 duration + value, an integer number of seconds, or an integer followed by one of [ms, + h, m, s, d]. --db-pool-max-size The maximum size of the connection pool. Default: 100. --db-pool-min-size @@ -286,7 +287,7 @@ HTTP(S): The file path to a private key in PEM format. --https-certificates-reload-period Interval on which to reload key store, trust store, and certificate files - referenced by https-* options. May be a java.time.Duration value, an integer + referenced by https-* options. May be an ISO 8601 duration value, an integer number of seconds, or an integer followed by one of [ms, h, m, s, d]. Must be greater than 30 seconds. Use -1 to disable. Default: 1h. --https-cipher-suites @@ -358,8 +359,8 @@ Management: details. Available only when http-management-scheme is inherited. --https-management-certificates-reload-period Interval on which to reload key store, trust store, and certificate files - referenced by https-management-* options for the management server. May be a - java.time.Duration value, an integer number of seconds, or an integer + referenced by https-management-* options for the management server. May be + an ISO 8601 duration value, an integer number of seconds, or an integer followed by one of [ms, h, m, s, d]. Must be greater than 30 seconds. Use -1 to disable. If not given, the value is inherited from HTTP options. Relevant only when something is exposed on the management interface - see the guide diff --git a/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testUpdateCompatibilityCheckHelpAll.approved.txt b/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testUpdateCompatibilityCheckHelpAll.approved.txt index c40d4eb11e50..3576108c1752 100644 --- a/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testUpdateCompatibilityCheckHelpAll.approved.txt +++ b/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testUpdateCompatibilityCheckHelpAll.approved.txt @@ -158,8 +158,9 @@ Database: The initial size of the connection pool. --db-pool-max-lifetime The maximum time a connection remains in the pool, after which it will be - closed upon return and replaced as necessary. Requires a ISO 8601 Duration - string. + closed upon return and replaced as necessary. May be an ISO 8601 duration + value, an integer number of seconds, or an integer followed by one of [ms, + h, m, s, d]. --db-pool-max-size The maximum size of the connection pool. Default: 100. --db-pool-min-size @@ -315,7 +316,7 @@ HTTP(S): The file path to a private key in PEM format. --https-certificates-reload-period Interval on which to reload key store, trust store, and certificate files - referenced by https-* options. May be a java.time.Duration value, an integer + referenced by https-* options. May be an ISO 8601 duration value, an integer number of seconds, or an integer followed by one of [ms, h, m, s, d]. Must be greater than 30 seconds. Use -1 to disable. Default: 1h. --https-cipher-suites @@ -401,8 +402,8 @@ Management: details. Available only when http-management-scheme is inherited. --https-management-certificates-reload-period Interval on which to reload key store, trust store, and certificate files - referenced by https-management-* options for the management server. May be a - java.time.Duration value, an integer number of seconds, or an integer + referenced by https-management-* options for the management server. May be + an ISO 8601 duration value, an integer number of seconds, or an integer followed by one of [ms, h, m, s, d]. Must be greater than 30 seconds. Use -1 to disable. If not given, the value is inherited from HTTP options. Relevant only when something is exposed on the management interface - see the guide diff --git a/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testUpdateCompatibilityMetadataHelp.approved.txt b/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testUpdateCompatibilityMetadataHelp.approved.txt index d6644c8a4acf..5d038df3bcab 100644 --- a/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testUpdateCompatibilityMetadataHelp.approved.txt +++ b/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testUpdateCompatibilityMetadataHelp.approved.txt @@ -136,8 +136,9 @@ Database: The initial size of the connection pool. --db-pool-max-lifetime The maximum time a connection remains in the pool, after which it will be - closed upon return and replaced as necessary. Requires a ISO 8601 Duration - string. + closed upon return and replaced as necessary. May be an ISO 8601 duration + value, an integer number of seconds, or an integer followed by one of [ms, + h, m, s, d]. --db-pool-max-size The maximum size of the connection pool. Default: 100. --db-pool-min-size @@ -284,7 +285,7 @@ HTTP(S): The file path to a private key in PEM format. --https-certificates-reload-period Interval on which to reload key store, trust store, and certificate files - referenced by https-* options. May be a java.time.Duration value, an integer + referenced by https-* options. May be an ISO 8601 duration value, an integer number of seconds, or an integer followed by one of [ms, h, m, s, d]. Must be greater than 30 seconds. Use -1 to disable. Default: 1h. --https-cipher-suites @@ -356,8 +357,8 @@ Management: details. Available only when http-management-scheme is inherited. --https-management-certificates-reload-period Interval on which to reload key store, trust store, and certificate files - referenced by https-management-* options for the management server. May be a - java.time.Duration value, an integer number of seconds, or an integer + referenced by https-management-* options for the management server. May be + an ISO 8601 duration value, an integer number of seconds, or an integer followed by one of [ms, h, m, s, d]. Must be greater than 30 seconds. Use -1 to disable. If not given, the value is inherited from HTTP options. Relevant only when something is exposed on the management interface - see the guide diff --git a/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testUpdateCompatibilityMetadataHelpAll.approved.txt b/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testUpdateCompatibilityMetadataHelpAll.approved.txt index 26f9a303ccd5..8da250f5de45 100644 --- a/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testUpdateCompatibilityMetadataHelpAll.approved.txt +++ b/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testUpdateCompatibilityMetadataHelpAll.approved.txt @@ -156,8 +156,9 @@ Database: The initial size of the connection pool. --db-pool-max-lifetime The maximum time a connection remains in the pool, after which it will be - closed upon return and replaced as necessary. Requires a ISO 8601 Duration - string. + closed upon return and replaced as necessary. May be an ISO 8601 duration + value, an integer number of seconds, or an integer followed by one of [ms, + h, m, s, d]. --db-pool-max-size The maximum size of the connection pool. Default: 100. --db-pool-min-size @@ -313,7 +314,7 @@ HTTP(S): The file path to a private key in PEM format. --https-certificates-reload-period Interval on which to reload key store, trust store, and certificate files - referenced by https-* options. May be a java.time.Duration value, an integer + referenced by https-* options. May be an ISO 8601 duration value, an integer number of seconds, or an integer followed by one of [ms, h, m, s, d]. Must be greater than 30 seconds. Use -1 to disable. Default: 1h. --https-cipher-suites @@ -399,8 +400,8 @@ Management: details. Available only when http-management-scheme is inherited. --https-management-certificates-reload-period Interval on which to reload key store, trust store, and certificate files - referenced by https-management-* options for the management server. May be a - java.time.Duration value, an integer number of seconds, or an integer + referenced by https-management-* options for the management server. May be + an ISO 8601 duration value, an integer number of seconds, or an integer followed by one of [ms, h, m, s, d]. Must be greater than 30 seconds. Use -1 to disable. If not given, the value is inherited from HTTP options. Relevant only when something is exposed on the management interface - see the guide From 3b139db18279c81744dc7e1369d923521aef1e5c Mon Sep 17 00:00:00 2001 From: Ryan Emerson Date: Tue, 16 Sep 2025 09:18:50 +0100 Subject: [PATCH 7/8] Fix relative path in README and remove all uses of -Dkc.test.storage.database=true Signed-off-by: Ryan Emerson --- quarkus/README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/quarkus/README.md b/quarkus/README.md index f97368de258e..9c6da944bd98 100644 --- a/quarkus/README.md +++ b/quarkus/README.md @@ -111,7 +111,7 @@ There are also some container based tests to check if Keycloak starts using one These tests are disabled by default. They using Quarkus development mode predefined database containers by default and can be run in the `tests` subdirectory by using e.g. - ../../mvnw clean install -Ptest-database -Dtest=MariaDBDistTest + ../mvnw clean install -Ptest-database -Dtest=MariaDBDistTest to spin up a MariaDB container and start Keycloak with it. @@ -119,7 +119,7 @@ To use a specific database container image, use the option `-Dkc.db.postgresql.c Example: - ../mvnw clean install -Dkc.test.storage.database=true -Dtest=PostgreSQLDistTest -Dkc.db.postgresql.container.image=postgres:alpine + ../mvnw clean install -Ptest-database -Dtest=PostgreSQLDistTest -Dkc.db.postgresql.container.image=postgres:alpine ### Updating Expectations From d8844080fbd86a3b1eae4f404109f69192ed1171 Mon Sep 17 00:00:00 2001 From: Ryan Emerson Date: Tue, 16 Sep 2025 09:21:05 +0100 Subject: [PATCH 8/8] Update log warning text Signed-off-by: Ryan Emerson --- .../database/jpa/QuarkusJpaConnectionProviderFactory.java | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/quarkus/runtime/src/main/java/org/keycloak/quarkus/runtime/storage/database/jpa/QuarkusJpaConnectionProviderFactory.java b/quarkus/runtime/src/main/java/org/keycloak/quarkus/runtime/storage/database/jpa/QuarkusJpaConnectionProviderFactory.java index 79860aa80fff..723c47306807 100644 --- a/quarkus/runtime/src/main/java/org/keycloak/quarkus/runtime/storage/database/jpa/QuarkusJpaConnectionProviderFactory.java +++ b/quarkus/runtime/src/main/java/org/keycloak/quarkus/runtime/storage/database/jpa/QuarkusJpaConnectionProviderFactory.java @@ -312,9 +312,9 @@ private void checkMySQLWaitTimeout() { var waitTimeout = rs.getInt(2); var poolMaxLifetime = DurationConverter.parseDuration(Configuration.getConfigValue(DatabaseOptions.DB_POOL_MAX_LIFETIME).getValue()); if (poolMaxLifetime.getSeconds() >= waitTimeout) { - logger.warnf("%1$s 'wait_timeout=%2$d' is less or equal than the configured '%3$s' duration. " + + logger.warnf("%1$s 'wait_timeout=%2$d' is less than or equal to the configured '%3$s' duration. " + "This can cause 'No operations allowed after connection closed' exceptions, which can impact Keycloak operations. " + - "To avoid such issue, set '%3$s' to a duration smaller than '%2$d' seconds.", + "To avoid such issues, set '%3$s' to a duration smaller than '%2$d' seconds.", vendor, waitTimeout, DatabaseOptions.DB_POOL_MAX_LIFETIME.getKey(), poolMaxLifetime); } }