diff --git a/docs/guides/server/logging.adoc b/docs/guides/server/logging.adoc index a94013d517b..055cbf068f6 100644 --- a/docs/guides/server/logging.adoc +++ b/docs/guides/server/logging.adoc @@ -334,7 +334,7 @@ You can enable file logging as follows: <@kc.start parameters="--http-access-log-enabled=true --http-access-log-file-enabled=true"/> -This automatically creates a file called `keycloak-http-access.log` in the `/data` directory of your distribution. +This automatically creates a file called `keycloak-http-access.log` in the `/data/log` directory of your distribution. ==== Change file name and suffix diff --git a/quarkus/config-api/src/main/java/org/keycloak/config/HttpAccessLogOptions.java b/quarkus/config-api/src/main/java/org/keycloak/config/HttpAccessLogOptions.java index 74dc7da7720..6a5e43d99bc 100644 --- a/quarkus/config-api/src/main/java/org/keycloak/config/HttpAccessLogOptions.java +++ b/quarkus/config-api/src/main/java/org/keycloak/config/HttpAccessLogOptions.java @@ -63,7 +63,7 @@ public class HttpAccessLogOptions { public static final Option HTTP_ACCESS_LOG_FILE_NAME = new OptionBuilder<>("http-access-log-file-name", String.class) .category(OptionCategory.HTTP_ACCESS_LOG) - .description("The HTTP access log file base name, which will create a log file name concatenating base and suffix (e.g. 'keycloak-http-access.log'). The file is located in the '/data' directory of the distribution.") + .description("The HTTP access log file base name, which will create a log file name concatenating base and suffix (e.g. 'keycloak-http-access.log'). The file is located in the '/data/log' directory of the distribution.") .defaultValue("keycloak-http-access") .build(); diff --git a/quarkus/deployment/src/main/java/org/keycloak/quarkus/deployment/KeycloakProcessor.java b/quarkus/deployment/src/main/java/org/keycloak/quarkus/deployment/KeycloakProcessor.java index 9f19bc399f3..9c5d11366d4 100644 --- a/quarkus/deployment/src/main/java/org/keycloak/quarkus/deployment/KeycloakProcessor.java +++ b/quarkus/deployment/src/main/java/org/keycloak/quarkus/deployment/KeycloakProcessor.java @@ -248,13 +248,17 @@ class KeycloakProcessor { @BuildStep @Produce(ConfigBuildItem.class) void initConfig(KeycloakRecorder recorder) { - // other buildsteps directly use the Config - // so directly init it Config.init(new MicroProfileConfigProvider()); - // also init in byte code for the actual server start recorder.initConfig(); } + @Record(ExecutionTime.STATIC_INIT) + @BuildStep + @Consume(ConfigBuildItem.class) + void createHttpAccessLogDirectory(KeycloakRecorder recorder) { + recorder.createHttpAccessLogDirectory(); + } + @Record(ExecutionTime.STATIC_INIT) @BuildStep @Consume(ConfigBuildItem.class) diff --git a/quarkus/runtime/src/main/java/org/keycloak/quarkus/runtime/KeycloakRecorder.java b/quarkus/runtime/src/main/java/org/keycloak/quarkus/runtime/KeycloakRecorder.java index bbd9139ab0e..c2fa6837d97 100644 --- a/quarkus/runtime/src/main/java/org/keycloak/quarkus/runtime/KeycloakRecorder.java +++ b/quarkus/runtime/src/main/java/org/keycloak/quarkus/runtime/KeycloakRecorder.java @@ -33,6 +33,7 @@ import org.keycloak.common.crypto.CryptoProvider; import org.keycloak.common.crypto.FipsMode; import org.keycloak.config.DatabaseOptions; import org.keycloak.config.HealthOptions; +import org.keycloak.config.HttpAccessLogOptions; import org.keycloak.config.HttpOptions; import org.keycloak.config.MetricsOptions; import org.keycloak.config.OpenApiOptions; @@ -71,6 +72,17 @@ public class KeycloakRecorder { Config.init(new MicroProfileConfigProvider()); } + public void createHttpAccessLogDirectory() { + if (Configuration.isTrue(HttpAccessLogOptions.HTTP_ACCESS_LOG_FILE_ENABLED)) { + Environment.getHomeDir().ifPresent(homeDir -> { + File logDir = new File(homeDir, "data" + File.separator + "log"); + if (!logDir.exists() && !logDir.mkdirs() && !logDir.exists()) { + throw new RuntimeException("Failed to create HTTP Access log directory"); + } + }); + } + } + public void configureProfile(Profile.ProfileName profileName, Map features) { Profile.init(profileName, features); } diff --git a/quarkus/runtime/src/main/resources/application.properties b/quarkus/runtime/src/main/resources/application.properties index 5438536f181..d6bb3efb820 100644 --- a/quarkus/runtime/src/main/resources/application.properties +++ b/quarkus/runtime/src/main/resources/application.properties @@ -7,7 +7,7 @@ quarkus.banner.enabled=false # Set Keycloak category for HTTP access log quarkus.http.access-log.category=org.keycloak.http.access-log -quarkus.http.access-log.log-directory=${kc.home.dir:default}${file.separator}data +quarkus.http.access-log.log-directory=${kc.home.dir:default}${file.separator}data${file.separator}log # Enables metrics from other extensions if metrics is enabled quarkus.datasource.metrics.enabled=${quarkus.micrometer.enabled:false} diff --git a/quarkus/tests/integration/src/test/java/org/keycloak/it/cli/dist/LoggingDistTest.java b/quarkus/tests/integration/src/test/java/org/keycloak/it/cli/dist/LoggingDistTest.java index 70bc441f125..ebee717dd24 100644 --- a/quarkus/tests/integration/src/test/java/org/keycloak/it/cli/dist/LoggingDistTest.java +++ b/quarkus/tests/integration/src/test/java/org/keycloak/it/cli/dist/LoggingDistTest.java @@ -296,7 +296,7 @@ public class LoggingDistTest { } protected static String readHttpAccessLogFile(RawDistRootPath path, String logName) { - return readFile(path.getDistRootPath() + File.separator + "data" + File.separator + logName, "HTTP Access log"); + return readFile(path.getDistRootPath() + File.separator + "data" + File.separator + "log" + File.separator + logName, "HTTP Access log"); } protected static String readFile(String path, String fileType) { @@ -338,7 +338,7 @@ public class LoggingDistTest { .statusCode(200); fileCliResult.assertNoMessage("127.0.0.1 GET /realms/master/clients/account/redirect"); - Awaitility.await().atMost(5, TimeUnit.SECONDS).untilAsserted(() -> { + Awaitility.await().atMost(10, TimeUnit.SECONDS).ignoreExceptions().untilAsserted(() -> { String data = readHttpAccessLogFile(path, "keycloak-http-access.log"); assertNotNull(data); assertThat(data, containsString("127.0.0.1 GET /realms/master/.well-known/openid-configuration")); @@ -358,10 +358,12 @@ public class LoggingDistTest { .statusCode(200); cliResult.assertNoMessage("http://127.0.0.1:8080/realms/master/clients/account/redirect"); - String data = readHttpAccessLogFile(path, "my-custom-http-access.txt"); - assertNotNull(data); - assertThat(data, containsString("GET /realms/master/.well-known/openid-configuration HTTP/1.1")); - assertThat(data, containsString("GET /realms/master/clients/account/redirect")); + Awaitility.await().atMost(10, TimeUnit.SECONDS).ignoreExceptions().untilAsserted(() -> { + String data = readHttpAccessLogFile(path, "my-custom-http-access.txt"); + assertNotNull(data); + assertThat(data, containsString("GET /realms/master/.well-known/openid-configuration HTTP/1.1")); + assertThat(data, containsString("GET /realms/master/clients/account/redirect")); + }); } // Telemetry Logs diff --git a/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testStartDevHelpAll.approved.txt b/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testStartDevHelpAll.approved.txt index 1a9ae7a7985..98a444911b0 100644 --- a/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testStartDevHelpAll.approved.txt +++ b/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testStartDevHelpAll.approved.txt @@ -378,7 +378,7 @@ HTTP Access log: --http-access-log-file-name The HTTP access log file base name, which will create a log file name concatenating base and suffix (e.g. 'keycloak-http-access.log'). The file is - located in the '/data' directory of the distribution. Default: + located in the '/data/log' directory of the distribution. Default: keycloak-http-access. Available only when HTTP Access logging to file is enabled. --http-access-log-file-rotate diff --git a/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testStartHelpAll.approved.txt b/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testStartHelpAll.approved.txt index b2d6dff523d..5e2b35a8777 100644 --- a/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testStartHelpAll.approved.txt +++ b/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testStartHelpAll.approved.txt @@ -379,7 +379,7 @@ HTTP Access log: --http-access-log-file-name The HTTP access log file base name, which will create a log file name concatenating base and suffix (e.g. 'keycloak-http-access.log'). The file is - located in the '/data' directory of the distribution. Default: + located in the '/data/log' directory of the distribution. Default: keycloak-http-access. Available only when HTTP Access logging to file is enabled. --http-access-log-file-rotate diff --git a/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testStartOptimizedHelpAll.approved.txt b/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testStartOptimizedHelpAll.approved.txt index 64056a5d408..cd6540665c6 100644 --- a/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testStartOptimizedHelpAll.approved.txt +++ b/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testStartOptimizedHelpAll.approved.txt @@ -341,7 +341,7 @@ HTTP Access log: --http-access-log-file-name The HTTP access log file base name, which will create a log file name concatenating base and suffix (e.g. 'keycloak-http-access.log'). The file is - located in the '/data' directory of the distribution. Default: + located in the '/data/log' directory of the distribution. Default: keycloak-http-access. Available only when HTTP Access logging to file is enabled. --http-access-log-file-rotate diff --git a/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testUpdateCompatibilityCheckHelpAll.approved.txt b/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testUpdateCompatibilityCheckHelpAll.approved.txt index 54b0be5662f..4af617fc23b 100644 --- a/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testUpdateCompatibilityCheckHelpAll.approved.txt +++ b/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testUpdateCompatibilityCheckHelpAll.approved.txt @@ -378,7 +378,7 @@ HTTP Access log: --http-access-log-file-name The HTTP access log file base name, which will create a log file name concatenating base and suffix (e.g. 'keycloak-http-access.log'). The file is - located in the '/data' directory of the distribution. Default: + located in the '/data/log' directory of the distribution. Default: keycloak-http-access. Available only when HTTP Access logging to file is enabled. --http-access-log-file-rotate diff --git a/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testUpdateCompatibilityMetadataHelpAll.approved.txt b/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testUpdateCompatibilityMetadataHelpAll.approved.txt index 4b7be502ad9..d297cc5dd15 100644 --- a/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testUpdateCompatibilityMetadataHelpAll.approved.txt +++ b/quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testUpdateCompatibilityMetadataHelpAll.approved.txt @@ -376,7 +376,7 @@ HTTP Access log: --http-access-log-file-name The HTTP access log file base name, which will create a log file name concatenating base and suffix (e.g. 'keycloak-http-access.log'). The file is - located in the '/data' directory of the distribution. Default: + located in the '/data/log' directory of the distribution. Default: keycloak-http-access. Available only when HTTP Access logging to file is enabled. --http-access-log-file-rotate