diff --git a/.github/workflows/dynamic-matrix-poc.yml b/.github/workflows/dynamic-matrix-poc.yml deleted file mode 100644 index 5a0e84f..0000000 --- a/.github/workflows/dynamic-matrix-poc.yml +++ /dev/null @@ -1,52 +0,0 @@ -name: Dynamic Matrix Test - -on: - workflow_dispatch: - -jobs: - define-matrix: - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v3 - with: - fetch-depth: 2 - - run: | - if [ ${{ github.event_name }} == 'pull_request' ]; then - echo "Changes:" - git diff --name-only HEAD^ - echo "" - fi - - echo 'MATRIX<> $GITHUB_ENV - echo '[' >> $GITHUB_ENV - echo '{ "server": "quarkus", "tests": "LoginTest" }' >> $GITHUB_ENV - if [ ${{ github.event_name }} != 'pull_request' ] || ( git diff --name-only HEAD^ | grep -q '^undertow/' ); then - echo ', { "server": "undertow", "tests": "LogoutTest" }' >> $GITHUB_ENV - fi - echo ']' >> $GITHUB_ENV - echo 'EOF' >> $GITHUB_ENV - outputs: - matrix: ${{ env.MATRIX }} - - echo: - needs: define-matrix - - runs-on: ubuntu-latest - - steps: - - name: Echo - run: | - echo "${{ needs.define-matrix.outputs.matrix }}" - - greet: - needs: define-matrix - strategy: - matrix: - include: ${{ fromJson(needs.define-matrix.outputs.matrix) }} - - runs-on: ubuntu-latest - - steps: - - name: Echo - run: | - echo "${{ matrix.server }} ${{ matrix.tests }}" diff --git a/.github/workflows/junit-flaky.yml b/.github/workflows/junit-flaky.yml deleted file mode 100644 index c961bf4..0000000 --- a/.github/workflows/junit-flaky.yml +++ /dev/null @@ -1,46 +0,0 @@ -name: Keycloak CI - -on: - pull_request: - push: - workflow_dispatch: - -jobs: - base-integration-tests: - name: Base IT - runs-on: ubuntu-latest - strategy: - matrix: - group: [1, 2] - steps: - - uses: actions/checkout@v3 - - uses: actions/setup-java@v3 - with: - distribution: 'temurin' - java-version: 11 - cache: 'maven' - - run: - mvn install -Dsurefire.rerunFailingTestsCount=100 -f junit-testsuite-poc/pom.xml - - uses: ./.github/actions/report-flaky-test - env: - GH_TOKEN: ${{ github.token }} - with: - job-name: Base IT - - unit-tests: - name: Unit Tests - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v3 - - uses: actions/setup-java@v3 - with: - distribution: 'temurin' - java-version: 11 - cache: 'maven' - - run: - mvn install -Dsurefire.rerunFailingTestsCount=100 -f junit-testsuite-poc/pom.xml - - uses: ./.github/actions/report-flaky-test - env: - GH_TOKEN: ${{ github.token }} - with: - job-name: Unit Tests \ No newline at end of file diff --git a/.github/workflows/manual.yml b/.github/workflows/manual.yml index 2f7e6f8..3a5e411 100644 --- a/.github/workflows/manual.yml +++ b/.github/workflows/manual.yml @@ -1,11 +1,14 @@ name: Info +env: + DEFAULT_LINUX_RUNNER: 'ubuntu-latest' + on: workflow_dispatch: jobs: cpu: - runs-on: ubuntu-latest + runs-on: ${{ vars.DEFAULT_LINUX_RUNNER || 'ubuntu-latest' }} steps: - name: lscpu diff --git a/README.md b/README.md index c33230d..ae266aa 100644 --- a/README.md +++ b/README.md @@ -1,9 +1,7 @@ -Requires: +markdown-playground +=================== +[link1] +[link2][something] -* [GitHub CLI](https://cli.github.com/) - -Scripts: - -* `kc-workflow-health.sh` - Show % success of workflows (`./kc-workflow-health.sh -d 3` will show % success last 3 days) -* `kc-ci-failures.sh` - Show failures in Keycloak CI workflow (`./kc-ci-failures.sh -d 3 -u` will show unique failures last 3 days) -* `kc-pr-ci-wait-time.sh` - Show waiting time from PR created/updated to CI complets (`./kc-pr-ci-wait-time.sh -d 7` will show wait time for PRs merged last 7 days) +[link1]: http://something "My first link" +[link2]: http://else "My second link" diff --git a/docs/FIPS/README.md b/docs/FIPS/README.md new file mode 100644 index 0000000..4080fb1 --- /dev/null +++ b/docs/FIPS/README.md @@ -0,0 +1,64 @@ +Add the following from https://www.bouncycastle.org/download/bouncy-castle-java-fips/#latest to `$KC_HOME/providers/`: +``` +bc-fips-2.0.0.jar +bcpkix-fips-2.0.7.jar +bctls-fips-2.0.19.jar +bcutil-fips-2.0.3.jar +``` + +Download Java from `https://adoptium.net/` and update `conf/security/java.security` file to have the following providers: + +``` +security.provider.1=org.bouncycastle.jcajce.provider.BouncyCastleFipsProvider +security.provider.2=org.bouncycastle.jsse.provider.BouncyCastleJsseProvider fips:BCFIPS +security.provider.3=sun.security.provider.Sun +``` + +Note: Without `sun.security.provider.Sun` Keycloak doesn't start + +Generate a self-signed certificate for Keycloak: +``` +cd $KC_HOME/conf +openssl req -x509 -newkey rsa:4096 -keyout key.pem -out cert.pem -sha256 -days 3650 -nodes -subj "/CN=localhost" +``` + +Start Keycloak with: +``` +bin/kc.sh start --features=fips --https-certificate-file=conf/cert.pem --https-certificate-key-file=conf/key.pem --hostname-strict=false +``` + +### SHA-1 not available + +Without `sun.security.provider.Sun ` the following error is thrown on startup: + +``` +Exception in thread "main" java.lang.reflect.InvocationTargetException + at java.base/jdk.internal.reflect.DirectMethodHandleAccessor.invoke(DirectMethodHandleAccessor.java:118) + at java.base/java.lang.reflect.Method.invoke(Method.java:580) + at io.quarkus.bootstrap.runner.QuarkusEntryPoint.doRun(QuarkusEntryPoint.java:62) + at io.quarkus.bootstrap.runner.QuarkusEntryPoint.main(QuarkusEntryPoint.java:33) +Caused by: java.lang.InternalError: internal error: SHA-1 not available. + at java.base/sun.security.provider.SecureRandom.init(SecureRandom.java:116) + at java.base/sun.security.provider.SecureRandom.(SecureRandom.java:87) + at java.base/java.security.SecureRandom.getDefaultPRNG(SecureRandom.java:293) + at java.base/java.security.SecureRandom.(SecureRandom.java:225) + at java.base/java.util.UUID$Holder.(UUID.java:104) + at java.base/java.util.UUID.randomUUID(UUID.java:150) + at io.quarkus.runtime.configuration.ConfigUtils.configBuilder(ConfigUtils.java:67) + at io.quarkus.runtime.configuration.QuarkusConfigFactory.getConfigFor(QuarkusConfigFactory.java:27) + at io.smallrye.config.SmallRyeConfigProviderResolver.getConfig(SmallRyeConfigProviderResolver.java:78) + at io.smallrye.config.SmallRyeConfigProviderResolver.getConfig(SmallRyeConfigProviderResolver.java:66) + at org.keycloak.quarkus.runtime.configuration.Configuration.getConfig(Configuration.java:79) + at org.keycloak.quarkus.runtime.configuration.Configuration.getBuildTimeProperty(Configuration.java:101) + at org.keycloak.quarkus.runtime.cli.Picocli.requiresReAugmentation(Picocli.java:250) + at org.keycloak.quarkus.runtime.cli.Picocli.runReAugmentationIfNeeded(Picocli.java:227) + at org.keycloak.quarkus.runtime.cli.Picocli.parseAndRun(Picocli.java:132) + at org.keycloak.quarkus.runtime.KeycloakMain.main(KeycloakMain.java:106) + at java.base/jdk.internal.reflect.DirectMethodHandleAccessor.invoke(DirectMethodHandleAccessor.java:103) + ... 3 more +Caused by: java.security.NoSuchAlgorithmException: SHA MessageDigest not available + at java.base/sun.security.jca.GetInstance.getInstance(GetInstance.java:159) + at java.base/java.security.MessageDigest.getInstance(MessageDigest.java:185) + at java.base/sun.security.provider.SecureRandom.init(SecureRandom.java:114) + ... 19 more +``` diff --git a/kc-ext/spiffe-authenticator/pom.xml b/kc-ext/spiffe-authenticator/pom.xml index 372d059..2fd4741 100644 --- a/kc-ext/spiffe-authenticator/pom.xml +++ b/kc-ext/spiffe-authenticator/pom.xml @@ -9,7 +9,7 @@ 1.0-SNAPSHOT - 26.0.0 + 26.0.6 17 17