Skip to content

Commit

Permalink
Filter configuration names from the quarkus namespace in the Gradle p…
Browse files Browse the repository at this point in the history
…lugin
  • Loading branch information
radcortez committed Oct 31, 2023
1 parent c0bacff commit a8ecb34
Show file tree
Hide file tree
Showing 3 changed files with 47 additions and 5 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -130,6 +130,37 @@ private EffectiveConfig buildEffectiveConfiguration(Map<String, Object> properti
.build();
}

/**
* Filters resolved Gradle configuration for properties in the Quarkus namespace
* (as in start with <code>quarkus.</code>). This avoids exposing configuration that may contain secrets or
* passwords not related to Quarkus (for instance environment variables storing sensitive data for other systems).
*
* @param appArtifact the application dependency to retrive the quarkus application name and version.
* @return a filtered view of the configuration only with <code>quarkus.</code> names.
*/
protected Map<String, String> buildSystemProperties(ResolvedDependency appArtifact) {
Map<String, String> buildSystemProperties = new HashMap<>();
buildSystemProperties.putIfAbsent("quarkus.application.name", appArtifact.getArtifactId());
buildSystemProperties.putIfAbsent("quarkus.application.version", appArtifact.getVersion());

for (Map.Entry<String, String> entry : forcedPropertiesProperty.get().entrySet()) {
if (entry.getKey().startsWith("quarkus.")) {
buildSystemProperties.put(entry.getKey(), entry.getValue());
}
}
for (Map.Entry<String, String> entry : quarkusBuildProperties.get().entrySet()) {
if (entry.getKey().startsWith("quarkus.")) {
buildSystemProperties.put(entry.getKey(), entry.getValue());
}
}
for (Map.Entry<String, ?> entry : project.getProperties().entrySet()) {
if (entry.getKey().startsWith("quarkus.") && entry.getValue() != null) {
buildSystemProperties.put(entry.getKey(), entry.getValue().toString());
}
}
return buildSystemProperties;
}

private String quarkusProfile() {
String profile = System.getProperty(QUARKUS_PROFILE);
if (profile == null) {
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,7 @@
import java.io.IOException;
import java.nio.file.Files;
import java.nio.file.Path;
import java.util.HashMap;
import java.util.Map;
import java.util.stream.Collectors;

Expand Down Expand Up @@ -205,22 +206,28 @@ void generateBuild() {
});

ApplicationModel appModel = resolveAppModelForBuild();
Map<String, String> configMap = extension().buildEffectiveConfiguration(appModel.getAppArtifact()).configMap();
Map<String, String> configMap = new HashMap<>();
for (Map.Entry<String, String> entry : extension().buildEffectiveConfiguration(appModel.getAppArtifact()).configMap()
.entrySet()) {
if (entry.getKey().startsWith("quarkus.")) {
configMap.put(entry.getKey(), entry.getValue());
}
}

getLogger().info("Starting Quarkus application build for package type {}", packageType);

if (getLogger().isEnabled(LogLevel.INFO)) {
getLogger().info("Effective properties: {}",
configMap.entrySet().stream()
.filter(e -> e.getKey().startsWith("quarkus.")).map(Object::toString)
.map(Object::toString)
.sorted()
.collect(Collectors.joining("\n ", "\n ", "")));
}

WorkQueue workQueue = workQueue(configMap, () -> extension().buildForkOptions);

workQueue.submit(BuildWorker.class, params -> {
params.getBuildSystemProperties().putAll(configMap);
params.getBuildSystemProperties().putAll(extension().buildSystemProperties(appModel.getAppArtifact()));
params.getBaseName().set(extension().finalName());
params.getTargetDirectory().set(buildDir.toFile());
params.getAppModel().set(appModel);
Expand Down
8 changes: 6 additions & 2 deletions docs/src/main/asciidoc/reaugmentation.adoc
Original file line number Diff line number Diff line change
Expand Up @@ -21,7 +21,6 @@ Initialization steps that used to happen when an EAR file was deployed on a Jaka
CDI beans added after augmentation won't work (because of the missing proxy classes) as well as build time properties (e.g. `quarkus.datasource.db-kind`) changed after augmentation will be ignored.
Build time properties are marked with a lock icon (icon:lock[]) in the xref:all-config.adoc[list of all configuration options].
It doesn't matter if you use profiles or any other way to override the properties.
The build time properties that were active during augmentation are baked into the build.

> Re-augmentation is the process of recreating the augmentation output for a different build time configuration

Expand All @@ -33,7 +32,7 @@ If there are only two or three build time properties that depend on the user env
Please notice that you won't be able to use native images with the package type `mutable-jar`.
Think of the consequences and what other options you have!

It is not a good idea to do re-augmentation at runtime unless you miss the good old times when starting up a server took several minutes and you could enjoy a cup of coffee until it was ready.
It is not a good idea to do re-augmentation at runtime unless you miss the good old times when starting up a server took several minutes, and you could enjoy a cup of coffee until it was ready.

== How to re-augment a Quarkus application

Expand All @@ -46,6 +45,11 @@ TIP: By default, you'll get a warning if a build time property has been changed
You may set the `quarkus.configuration.build-time-mismatch-at-runtime=fail` property to make sure your application does not start up if there is a mismatch.
However, as of this writing changing `quarkus.datasource.db-kind` at runtime did neither fail nor produce a warning but was silently ignored.

WARNING: Build time configuration provided by build tools (`properties` in Maven `pom.xml` or `gradle.properties`
in Gradle) in the `quarkus` namespace will be part of the `mutable-jar` distribution, including configuration from
`quarkus` that reference secrets or passwords. Please, do not include sensitive information in the build tool
configuration files.

=== 1. Build your application as `mutable-jar`

[source,bash]
Expand Down

0 comments on commit a8ecb34

Please sign in to comment.