Merge pull request #26569 from gsmet/2.10.2-backports-2

2.10.2 backports 2

bom/application/pom.xml

@@ -174,7 +174,7 @@
         <jna.version>5.8.0</jna.version><!-- should satisfy both testcontainers and mongodb -->
         <antlr.version>4.9.2</antlr.version>
         <quarkus-security.version>1.1.4.Final</quarkus-security.version>
-        <keycloak.version>18.0.1</keycloak.version>
+        <keycloak.version>18.0.2</keycloak.version>
         <logstash-gelf.version>1.15.0</logstash-gelf.version>
         <checker-qual.version>3.22.0</checker-qual.version>
         <error-prone-annotations.version>2.13.1</error-prone-annotations.version>
@@ -1203,6 +1203,11 @@
                 <artifactId>quarkus-jdbc-derby</artifactId>
                 <version>${project.version}</version>
             </dependency>
+            <dependency>
+                <groupId>io.quarkus</groupId>
+                <artifactId>quarkus-jdbc-derby-deployment</artifactId>
+                <version>${project.version}</version>
+            </dependency>
             <dependency>
                 <groupId>io.quarkus</groupId>
                 <artifactId>quarkus-kafka-client</artifactId>

build-parent/pom.xml

@@ -102,7 +102,7 @@
 
         <!-- The image to use for tests that run Keycloak -->
         <!-- IMPORTANT: If this is changed you must also update bom/application/pom.xml and KeycloakBuildTimeConfig/DevServicesConfig in quarkus-oidc/deployment to match the version -->
-        <keycloak.version>18.0.1</keycloak.version>
+        <keycloak.version>18.0.2</keycloak.version>
         <keycloak.docker.image>quay.io/keycloak/keycloak:${keycloak.version}</keycloak.docker.image>
         <keycloak.docker.legacy.image>quay.io/keycloak/keycloak:${keycloak.version}-legacy</keycloak.docker.legacy.image>
 

docs/src/main/asciidoc/datasource.adoc

@@ -650,3 +650,93 @@ include::{generated-dir}/config/quarkus-reactive-oracle-client.adoc[opts=optiona
 === Reactive PostgreSQL Specific Configuration
 
 include::{generated-dir}/config/quarkus-reactive-pg-client.adoc[opts=optional, leveloffset=+1]
+
+
+[[reactive-url]]
+== Reactive Datasource URL Reference
+
+=== DB2
+
+`db2://[user[:[password]]@]host[:port][/database][?<key1>=<value1>[&<key2>=<value2>]]`
+
+Example:: `db2://dbuser:[email protected]:50000/mydb`
+
+Currently, the client supports the following parameter keys:
+
+* `host`
+* `port`
+* `user`
+* `password`
+* `database`
+
+NOTE: Configuring parameters in connection URL will override the default properties.
+
+=== Microsoft SQL Server
+
+`sqlserver://[user[:[password]]@]host[:port][/database][?<key1>=<value1>[&<key2>=<value2>]]`
+
+Example:: `sqlserver://dbuser:[email protected]:1433/mydb`
+
+Currently, the client supports the following parameter keys:
+
+* `host`
+* `port`
+* `user`
+* `password`
+* `database`
+
+NOTE: Configuring parameters in connection URL will override the default properties.
+
+=== MySQL / MariaDB
+
+`mysql://[user[:[password]]@]host[:port][/database][?<key1>=<value1>[&<key2>=<value2>]]`
+
+Example:: `mysql://dbuser:[email protected]:3211/mydb`
+
+Currently, the client supports the following parameter keys (case-insensitive):
+
+* `host`
+* `port`
+* `user`
+* `password`
+* `schema`
+* `socket`
+* `useAffectedRows`
+
+NOTE: Configuring parameters in connection URL will override the default properties.
+
+=== Oracle
+
+==== EZConnect Format
+
+`oracle:thin:@[[protocol:]//]host[:port][/service_name][:server_mode][/instance_name][?connection properties]`
+
+Example:: `oracle:thin:@mydbhost1:5521/mydbservice?connect_timeout=10sec`
+
+==== TNS Alias Format
+
+`oracle:thin:@<alias_name>[?connection properties]`
+
+Example:: `oracle:thin:@prod_db?TNS_ADMIN=/work/tns/`
+
+=== PostgreSQL
+
+`postgresql://[user[:[password]]@]host[:port][/database][?<key1>=<value1>[&<key2>=<value2>]]`
+
+Example:: `postgresql://dbuser:[email protected]:5432/mydb`
+
+Currently, the client supports the following parameter keys:
+
+* `host`
+* `port`
+* `user`
+* `password`
+* `dbname`
+* `sslmode`
+* additional properties, including:
+** `application_name`
+** `fallback_application_name`
+** `search_path`
+** `options`
+
+NOTE: Configuring parameters in connection URL will override the default properties.

docs/src/main/asciidoc/grpc-service-consumption.adoc

@@ -396,3 +396,10 @@ To disable the gRPC client metrics when `quarkus-micrometer` is used, add the fo
 ----
 quarkus.micrometer.binder.grpc-client.enabled=false
 ----
+
+== Dev Mode
+
+By default, when starting the application in dev mode, a gRPC server is started, even if no services are configured.
+You can configure the gRPC extension's dev mode behavior using the following properties.
+
+include::{generated-dir}/config/quarkus-grpc-config-group-grpc-dev-mode-config.adoc[opts=optional, leveloffset=+1]

extensions/kubernetes/vanilla/deployment/src/main/java/io/quarkus/kubernetes/deployment/KubernetesCommonHelper.java

@@ -182,7 +182,7 @@ public static List<DecoratorBuildItem> createDecorators(Optional<Project> projec
 
         //Handle RBAC
         if (!roleBindings.isEmpty()) {
-            result.add(new DecoratorBuildItem(target, new ApplyServiceAccountNameDecorator(name)));
+            result.add(new DecoratorBuildItem(target, new ApplyServiceAccountNameDecorator(name, name)));
             result.add(new DecoratorBuildItem(target, new AddServiceAccountResourceDecorator(name)));
             roles.forEach(r -> result.add(new DecoratorBuildItem(target, new AddRoleResourceDecorator(name, r))));
             roleBindings.forEach(rb -> {

extensions/kubernetes/vanilla/deployment/src/main/java/io/quarkus/kubernetes/deployment/KubernetesDeployer.java

@@ -37,6 +37,7 @@
 import io.fabric8.openshift.api.model.Route;
 import io.fabric8.openshift.client.OpenShiftClient;
 import io.quarkus.container.image.deployment.ContainerImageCapabilitiesUtil;
+import io.quarkus.container.image.deployment.ContainerImageConfig;
 import io.quarkus.container.spi.ContainerImageInfoBuildItem;
 import io.quarkus.deployment.Capabilities;
 import io.quarkus.deployment.Capability;
@@ -64,7 +65,9 @@ public class KubernetesDeployer {
     public void selectDeploymentTarget(ContainerImageInfoBuildItem containerImageInfo,
             EnabledKubernetesDeploymentTargetsBuildItem targets,
             Capabilities capabilities,
-            BuildProducer<SelectedKubernetesDeploymentTargetBuildItem> selectedDeploymentTarget) {
+            ContainerImageConfig containerImageConfig,
+            BuildProducer<SelectedKubernetesDeploymentTargetBuildItem> selectedDeploymentTarget,
+            BuildProducer<PreventImplicitContainerImagePushBuildItem> preventImplicitContainerImagePush) {
 
         Optional<String> activeContainerImageCapability = ContainerImageCapabilitiesUtil
                 .getActiveContainerImageCapability(capabilities);
@@ -75,8 +78,11 @@ public void selectDeploymentTarget(ContainerImageInfoBuildItem containerImageInf
         }
 
         final DeploymentTargetEntry selectedTarget = determineDeploymentTarget(
-                containerImageInfo, targets, activeContainerImageCapability.get());
+                containerImageInfo, targets, activeContainerImageCapability.get(), containerImageConfig);
         selectedDeploymentTarget.produce(new SelectedKubernetesDeploymentTargetBuildItem(selectedTarget));
+        if (MINIKUBE.equals(selectedTarget.getName())) {
+            preventImplicitContainerImagePush.produce(new PreventImplicitContainerImagePushBuildItem());
+        }
     }
 
     @BuildStep
@@ -141,7 +147,8 @@ public void deploy(KubernetesClientBuildItem kubernetesClient,
      */
     private DeploymentTargetEntry determineDeploymentTarget(
             ContainerImageInfoBuildItem containerImageInfo,
-            EnabledKubernetesDeploymentTargetsBuildItem targets, String activeContainerImageCapability) {
+            EnabledKubernetesDeploymentTargetsBuildItem targets, String activeContainerImageCapability,
+            ContainerImageConfig containerImageConfig) {
         final DeploymentTargetEntry selectedTarget;
 
         boolean checkForMissingRegistry = true;
@@ -180,6 +187,8 @@ private DeploymentTargetEntry determineDeploymentTarget(
 
         } else if (MINIKUBE.equals(selectedTarget.getName())) {
             checkForMissingRegistry = false;
+        } else if (containerImageConfig.isPushExplicitlyDisabled()) {
+            checkForMissingRegistry = false;
         }
 
         if (checkForMissingRegistry && !containerImageInfo.getRegistry().isPresent()) {

extensions/kubernetes/vanilla/deployment/src/main/java/io/quarkus/kubernetes/deployment/KubernetesDeployerPrerequisite.java

@@ -1,5 +1,6 @@
 package io.quarkus.kubernetes.deployment;
 
+import java.util.List;
 import java.util.Optional;
 
 import io.quarkus.container.spi.ContainerImageBuildRequestBuildItem;
@@ -16,6 +17,7 @@ public class KubernetesDeployerPrerequisite {
     public void prepare(ContainerImageInfoBuildItem containerImage,
             Optional<SelectedKubernetesDeploymentTargetBuildItem> selectedDeploymentTarget,
             Optional<FallbackContainerImageRegistryBuildItem> fallbackRegistry,
+            List<PreventImplicitContainerImagePushBuildItem> preventImplicitContainerImagePush,
             BuildProducer<ContainerImageBuildRequestBuildItem> buildRequestProducer,
             BuildProducer<ContainerImagePushRequestBuildItem> pushRequestProducer) {
 
@@ -28,11 +30,10 @@ public void prepare(ContainerImageInfoBuildItem containerImage,
         //Let's communicate to the container-image plugin that we need an image build and an image push.
         buildRequestProducer.produce(new ContainerImageBuildRequestBuildItem());
         // When a registry is present, we want to push the image
-        // However we need to make sure we don't push to the registry when deploying to Minikube
+        // However we need to make sure we don't push to the registry when deploying to a local cluster
         // since all updates are meant to find the image from the docker daemon
         boolean registryIsPresent = containerImage.getRegistry().isPresent() || fallbackRegistry.isPresent();
-        if (registryIsPresent &&
-                !selectedDeploymentTarget.get().getEntry().getName().equals(Constants.MINIKUBE)) {
+        if (registryIsPresent && preventImplicitContainerImagePush.isEmpty()) {
             pushRequestProducer.produce(new ContainerImagePushRequestBuildItem());
         }
     }

extensions/kubernetes/vanilla/deployment/src/main/java/io/quarkus/kubernetes/deployment/KubernetesProcessor.java

@@ -31,6 +31,7 @@
 import io.dekorate.project.Project;
 import io.dekorate.utils.Maps;
 import io.dekorate.utils.Strings;
+import io.quarkus.container.image.deployment.ContainerImageConfig;
 import io.quarkus.deployment.Capabilities;
 import io.quarkus.deployment.Feature;
 import io.quarkus.deployment.IsTest;
@@ -81,6 +82,14 @@ public EnabledKubernetesDeploymentTargetsBuildItem enabledKubernetesDeploymentTa
         return new EnabledKubernetesDeploymentTargetsBuildItem(entries);
     }
 
+    @BuildStep
+    public void preventContainerPush(ContainerImageConfig containerImageConfig,
+            BuildProducer<PreventImplicitContainerImagePushBuildItem> producer) {
+        if (containerImageConfig.isPushExplicitlyDisabled()) {
+            producer.produce(new PreventImplicitContainerImagePushBuildItem());
+        }
+    }
+
     @BuildStep(onlyIfNot = IsTest.class)
     public void build(ApplicationInfoBuildItem applicationInfo,
             OutputTargetBuildItem outputTarget,

extensions/kubernetes/vanilla/deployment/src/main/java/io/quarkus/kubernetes/deployment/PreventImplicitContainerImagePushBuildItem.java

@@ -0,0 +1,13 @@
+package io.quarkus.kubernetes.deployment;
+
+import io.quarkus.builder.item.MultiBuildItem;
+
+/**
+ * A build item that is used to prevent the Kubernetes processing from requesting
+ * a container image push request.
+ * This is useful for cases where the kubernetes cluster is local and the container image
+ * is built directly into a context (i.e. a docker daemon) which the cluster has access to.
+ */
+public final class PreventImplicitContainerImagePushBuildItem extends MultiBuildItem {
+
+}

extensions/oidc/deployment/src/main/java/io/quarkus/oidc/deployment/devservices/keycloak/DevServicesConfig.java

@@ -28,15 +28,15 @@ public class DevServicesConfig {
      *
      * Image with a Quarkus based distribution is used by default.
      * Image with a WildFly based distribution can be selected instead, for example:
-     * 'quay.io/keycloak/keycloak:18.0.1-legacy'.
+     * 'quay.io/keycloak/keycloak:18.0.2-legacy'.
      * <p>
      * Note Keycloak Quarkus and Keycloak WildFly images are initialized differently.
      * By default, Dev Services for Keycloak will assume it is a Keycloak Quarkus image if the image version does not end with a
      * '-legacy'
      * string.
      * Set 'quarkus.keycloak.devservices.keycloak-x-image' to override this check.
      */
-    @ConfigItem(defaultValue = "quay.io/keycloak/keycloak:18.0.1")
+    @ConfigItem(defaultValue = "quay.io/keycloak/keycloak:18.0.2")
     public String imageName;
 
     /**

extensions/resteasy-reactive/quarkus-resteasy-reactive/deployment/src/test/java/io/quarkus/resteasy/reactive/server/test/customexceptions/SecurityExceptionMapperWithResourceInfoTest.java

@@ -0,0 +1,57 @@
+package io.quarkus.resteasy.reactive.server.test.customexceptions;
+
+import static org.hamcrest.Matchers.is;
+
+import java.util.function.Supplier;
+
+import javax.annotation.security.DenyAll;
+import javax.ws.rs.GET;
+import javax.ws.rs.Path;
+import javax.ws.rs.Produces;
+import javax.ws.rs.container.ResourceInfo;
+import javax.ws.rs.core.Response;
+
+import org.jboss.resteasy.reactive.server.ServerExceptionMapper;
+import org.jboss.shrinkwrap.api.ShrinkWrap;
+import org.jboss.shrinkwrap.api.spec.JavaArchive;
+import org.junit.jupiter.api.Test;
+import org.junit.jupiter.api.extension.RegisterExtension;
+
+import io.quarkus.test.QuarkusUnitTest;
+import io.restassured.RestAssured;
+
+public class SecurityExceptionMapperWithResourceInfoTest {
+
+    @RegisterExtension
+    static QuarkusUnitTest test = new QuarkusUnitTest()
+            .setArchiveProducer(new Supplier<>() {
+                @Override
+                public JavaArchive get() {
+                    return ShrinkWrap.create(JavaArchive.class)
+                            .addClasses(Resource.class);
+                }
+            });
+
+    @Test
+    void test() {
+        RestAssured.get("/test/denied")
+                .then().statusCode(403).body(is(Resource.class.getName()));
+    }
+
+    @Path("test")
+    public static class Resource {
+        @GET
+        @Path("denied")
+        @Produces("text/plain")
+        @DenyAll
+        public String denied() {
+            return "denied";
+        }
+
+        @ServerExceptionMapper(SecurityException.class)
+        Response handle(SecurityException t, ResourceInfo resourceInfo) {
+            return Response.status(403).entity(resourceInfo.getResourceClass().getName()).build();
+        }
+    }
+
+}

extensions/resteasy-reactive/quarkus-resteasy-reactive/runtime/src/main/java/io/quarkus/resteasy/reactive/server/runtime/security/EagerSecurityHandler.java

@@ -91,7 +91,7 @@ public void onItem(Object item) {
 
                         @Override
                         public void onFailure(Throwable failure) {
-                            requestContext.resume(failure);
+                            requestContext.resume(failure, true);
                         }
                     });
         }

independent-projects/resteasy-reactive/common/runtime/src/main/java/org/jboss/resteasy/reactive/common/core/AbstractResteasyReactiveContext.java

@@ -51,8 +51,7 @@ public void resume() {
     }
 
     public synchronized void resume(Throwable throwable) {
-        handleException(throwable);
-        resume((Executor) null);
+        resume(throwable, false);
     }
 
     public synchronized void resume(Throwable throwable, boolean keepTarget) {
@@ -303,13 +302,7 @@ public H[] getHandlers() {
      * a response result and switch to the abort chain
      */
     public void handleException(Throwable t) {
-        if (abortHandlerChainStarted) {
-            handleUnrecoverableError(unwrapException(t));
-        } else {
-            this.throwable = unwrapException(t);
-            abortHandlerChainStarted = true;
-            restart(abortHandlerChain);
-        }
+        handleException(t, false);
     }
 
     public void handleException(Throwable t, boolean keepSameTarget) {

integration-tests/kubernetes/quarkus-standard-way/src/test/java/io/quarkus/it/kubernetes/WithKubernetesClientAndExistingResourcesTest.java

@@ -51,7 +51,12 @@ public void assertGeneratedResources() throws IOException {
 
         assertThat(kubernetesList).filteredOn(h -> "Deployment".equals(h.getKind())).allSatisfy(h -> {
             Deployment deployment = (Deployment) h;
-            assertThat(deployment.getSpec().getTemplate().getSpec().getServiceAccountName()).isEqualTo(APPLICATION_NAME);
+            String serviceAccountName = deployment.getSpec().getTemplate().getSpec().getServiceAccountName();
+            if (h.getMetadata().getName().equals(APPLICATION_NAME)) {
+                assertThat(serviceAccountName).isEqualTo(APPLICATION_NAME);
+            } else {
+                assertThat(serviceAccountName).isNull();
+            }
         });
 
         assertThat(kubernetesList).filteredOn(h -> "ServiceAccount".equals(h.getKind())).singleElement().satisfies(h -> {