Sync documentation of main branch

_generated-doc/main/config/quarkus-oidc_quarkus.oidc.adoc

@@ -62,7 +62,7 @@ a|icon:lock[title=Fixed at build time] [[quarkus-oidc_quarkus-oidc-devui-web-cli
 
 [.description]
 --
-The WebClient timeout. Use this property to configure how long an HTTP client used by Dev UI handlers will wait for a response when requesting tokens from OpenId Connect Provider and sending them to the service endpoint. This timeout is also used by the OIDC dev service admin client.
+The WebClient timeout. Use this property to configure how long an HTTP client used by Dev UI handlers will wait for a response when requesting tokens from OpenId Connect Provider and sending them to the service endpoint.
 
 
 ifdef::add-copy-button-to-env-var[]

_generated-doc/main/infra/quarkus-all-build-items.adoc

@@ -3638,6 +3638,44 @@ _No Javadoc found_
 _No Javadoc found_
 
 
+|===
+== DevServices - Keycloak
+[.configuration-reference,cols=2*]
+|===
+h|Class Name
+h|Attributes 
+
+
+
+
+a| https://github.com/quarkusio/quarkus/blob/main/extensions/devservices/keycloak/src/main/java/io/quarkus/devservices/keycloak/KeycloakDevServicesConfigBuildItem.java[`io.quarkus.devservices.keycloak.KeycloakDevServicesConfigBuildItem`, window="_blank"]
+[.description]
+--
+_No Javadoc found_
+-- a|`java.util.Map<String,String> config` 
+
+_No Javadoc found_
+
+`java.util.Map<String,Object> properties` 
+
+_No Javadoc found_
+
+`boolean containerRestarted` 
+
+_No Javadoc found_
+
+
+
+
+a| https://github.com/quarkusio/quarkus/blob/main/extensions/devservices/keycloak/src/main/java/io/quarkus/devservices/keycloak/KeycloakDevServicesRequiredBuildItem.java[`io.quarkus.devservices.keycloak.KeycloakDevServicesRequiredBuildItem`, window="_blank"]
+[.description]
+--
+A marker build item signifying that integrating extensions (like OIDC and OIDC client) are enabled. The Keycloak Dev Service will be started in DEV mode if at least one item is produced and the Dev Service is not disabled in other fashion.
+-- a|`io.quarkus.devservices.keycloak.Capability capability` 
+
+_No Javadoc found_
+
+
 |===
 == Elasticsearch REST client common
 [.configuration-reference,cols=2*]
@@ -5657,40 +5695,6 @@ Build item used to carry running DevService values to Dev UI.
 _No Javadoc found_
 
 
-|===
-== OpenID Connect Adapter
-[.configuration-reference,cols=2*]
-|===
-h|Class Name
-h|Attributes 
-
-
-
-
-a| https://github.com/quarkusio/quarkus/blob/main/extensions/oidc/deployment/src/main/java/io/quarkus/oidc/deployment/devservices/keycloak/KeycloakDevServicesConfigBuildItem.java[`io.quarkus.oidc.deployment.devservices.keycloak.KeycloakDevServicesConfigBuildItem`, window="_blank"]
-[.description]
---
-_No Javadoc found_
--- a|`java.util.Map<String,String> config` 
-
-_No Javadoc found_
-
-`java.util.Map<String,Object> properties` 
-
-_No Javadoc found_
-
-`boolean containerRestarted` 
-
-_No Javadoc found_
-
-
-
-
-a| https://github.com/quarkusio/quarkus/blob/main/extensions/oidc/deployment/src/main/java/io/quarkus/oidc/deployment/devservices/OidcDevServicesBuildItem.java[`io.quarkus.oidc.deployment.devservices.OidcDevServicesBuildItem`, window="_blank"]
-[.description]
---
-Marker build item which indicates that Dev Services for OIDC are provided by another extension. Dev Services for Keycloak will be disabled if this item is detected.
--- a|None
 |===
 == OpenID Connect Client
 [.configuration-reference,cols=2*]

_versions/main/guides/cdi-reference.adoc

@@ -1331,6 +1331,28 @@ public void register(RegistrationContext context) {
 
 <1> The argument is the bindings source class.
 
+=== `Instance.Handle.close()` Behavior
+
+Per the CDI specification, the `Instance.Handle.close()` method always delegates to `destroy()`.
+In ArC, this is only true in the <<strict_mode>>.
+
+In the default mode, the `close()` method only delegates to `destroy()` when the bean is `@Dependent` (or when the instance handle does not represent a CDI contextual object).
+When the instance handle represents a bean of any other scope, the `close()` method does nothing; the bean is left as is and will be destroyed whenever its context is destroyed.
+
+This is to make the following code behave as one would naively expect:
+
+[source,java]
+----
+Instance<T> instance = ...;
+try (Instance.Handle<T> handle : instance.getHandle()) {
+   T value = handle.get();
+   ... use value ...
+}
+----
+
+The `@Dependent` beans are destroyed immediately, while other beans are not destroyed at all.
+This is important when multiple beans of different scopes might be returned by the `Instance`.
+
 [[reactive_pitfalls]]
 == Pitfalls with Reactive Programming
 

_versions/main/guides/dev-services.adoc

@@ -102,7 +102,7 @@ The Keycloak Dev Service will be enabled when the `quarkus-oidc` extension is pr
 the server address has not been explicitly configured. More information can be found in the
 xref:security-openid-connect-dev-services.adoc[OIDC Dev Services Guide].
 
-include::{generated-dir}/config/quarkus-oidc_quarkus.keycloak.devservices.adoc[opts=optional, leveloffset=+1]
+include::{generated-dir}/config/quarkus-devservices-keycloak_quarkus.keycloak.adoc[opts=optional, leveloffset=+1]
 
 === Kubernetes
 

_versions/main/guides/security-oidc-configuration-properties-reference.adoc

@@ -19,7 +19,7 @@ include::{generated-dir}/config/quarkus-oidc_quarkus.oidc.adoc[opts=optional, le
 
 == Keycloak Dev Services configuration
 
-include::{generated-dir}/config/quarkus-oidc_quarkus.keycloak.adoc[opts=optional, leveloffset=+1]
+include::{generated-dir}/config/quarkus-devservices-keycloak_quarkus.keycloak.adoc[opts=optional, leveloffset=+1]
 
 == References
 

_versions/main/guides/tls-registry-reference.adoc

@@ -21,7 +21,11 @@ The TLS Registry consolidates settings and supports multiple named configuration
 Therefore, you can tailor TLS settings for different application parts.
 This flexibility is particularly useful when different components require distinct security configurations.
 
-The TLS Registry extension is automatically included in your project when you use compatible extensions, such as Quarkus REST, gRPC, or Reactive Routes.
+The TLS Registry extension is automatically included in your project when you use compatible extensions, such as Quarkus REST, gRPC
+ifndef::no-reactive-routes[]
+, or Reactive Routes
+endif::no-reactive-routes[]
+.
 As a result, applications that use the TLS Registry can be ready to handle secure communications out of the box.
 TLS Registry also provides features like automatic certificate reloading, Let's Encrypt (ACME) integration, Kubernetes Cert-Manager support, and compatibility with various keystore formats, such as PKCS12, PEM, and JKS.
 
@@ -655,6 +659,7 @@ quarkus.tls.http.key-store.pem.0.key=tls.key
 IMPORTANT: Impacted server and client may need to listen to the `CertificateReloadedEvent` to apply the new certificates.
 This is automatically done for the Quarkus HTTP server, including the management interface if it is enabled.
 
+ifndef::no-kubernetes-secrets-or-cert-manager[]
 == Using Kubernetes secrets or cert-manager
 
 When running in Kubernetes, you can use Kubernetes secrets to store the keystores and truststores.
@@ -765,6 +770,9 @@ The generated secret includes the following files:
 %prod.quarkus.http.tls-configuration-name=http
 %prod.quarkus.http.insecure-requests=disabled
 ----
+endif::no-kubernetes-secrets-or-cert-manager[]
+// The reason for this ifndef condition is that this content is not supported in product docs.
+// Feel free to add more content to this chapter, but make sure this condition encloses it.
 
 == Working with OpenShift serving certificates
 
@@ -1211,6 +1219,7 @@ sudo update-ca-certificates
 sudo security -v remove-trusted-cert -d /Users/clement/.quarkus/quarkus-dev-root-ca.pem
 ----
 
+ifndef::no-lets-encrypt[]
 [[lets-encrypt]]
 == Automatic certificate management with Let's Encrypt
 
@@ -1313,7 +1322,7 @@ java -jar quarkus-run.jar
 .. Keep the application running and request your first Let's Encrypt certificate.
 
 [[lets-encrypt-issue-certificate]]
-=== Issue a certificate:
+=== Issue a certificate
 
 . From the application directory, run the `issue-certificate` command to acquire your first Let's Encrypt certificate:
 +
@@ -1363,7 +1372,7 @@ Once the Let's Encrypt certificate chain and private key have been successfully
 The TLS registry is notified when a new certificate and private key are ready, and it automatically reloads them.
 
 [[lets-encrypt-ngrok]]
-=== Testing with ngrok:
+=== Testing with ngrok
 
 link:https://ngrok.com/[ngrok] can be used to provide a secure HTTPS tunnel to your application running on localhost, and make it easy to test HTTPS based applications.
 
@@ -1394,3 +1403,6 @@ ngrok http --domain <YOUR-NGROK-DOMAIN> 8080 --scheme http <1>
 Note that the application will be accessible from `http://YOUR-NGROK-DOMAIN` on port `80` but redirected to your local machine on port `8080`.
 
 . Test the Quarkus Let's Encrypt ACME feature from your local machine.
+endif::no-lets-encrypt[]
+// The reason for this ifndef condition is that this content is not supported in product docs.
+// Feel free to add more content to this chapter, but make sure this condition encloses it.