Merge pull request #17125 from gsmet/1.13.4-backports-1

1.13.4 backports 1

bom/application/pom.xml

@@ -89,7 +89,7 @@
         <!-- What we actually depend on for the annotations, as latest Graal is not available in Maven fast enough: -->
         <graal-sdk.version>21.0.0</graal-sdk.version>
         <gizmo.version>1.0.7.Final</gizmo.version>
-        <jackson.version>2.12.1</jackson.version>
+        <jackson.version>2.12.3</jackson.version>
         <commons-logging-jboss-logging.version>1.0.0.Final</commons-logging-jboss-logging.version>
         <commons-lang3.version>3.12.0</commons-lang3.version>
         <commons-codec.version>1.14</commons-codec.version>
@@ -188,7 +188,7 @@
         <jna.version>5.3.1</jna.version><!-- should satisfy both testcontainers and mongodb -->
         <antlr.version>4.8</antlr.version>
         <quarkus-security.version>1.1.4.Final</quarkus-security.version>
-        <keycloak.version>12.0.4</keycloak.version>
+        <keycloak.version>13.0.0</keycloak.version>
         <logstash-gelf.version>1.14.1</logstash-gelf.version>
         <jsch.version>0.1.55</jsch.version>
         <jzlib.version>1.1.1</jzlib.version>

build-parent/pom.xml

@@ -92,7 +92,7 @@
 
         <!-- The image to use for tests that run Keycloak -->
         <!-- IMPORTANT: If this is changed you must also update bom/application/pom.xml to match the version -->
-        <keycloak.docker.image>quay.io/keycloak/keycloak:12.0.3</keycloak.docker.image>
+        <keycloak.docker.image>quay.io/keycloak/keycloak:13.0.0</keycloak.docker.image>
 
         <unboundid-ldap.version>4.0.13</unboundid-ldap.version>
 

docs/src/main/asciidoc/hibernate-orm.adoc

@@ -415,7 +415,7 @@ or jars, you can make sure that your jar is treated like a Quarkus application l
 
 This will allow Quarkus to index and enhance your entities as if they were inside the current project.
 
-[[dev-mode]]]
+[[dev-mode]]
 == Hibernate ORM in development mode
 
 Quarkus development mode is really useful for applications that mix front end or services and database access.

docs/src/main/asciidoc/kafka.adoc

@@ -354,7 +354,7 @@ You can build the native executable with:
 Sometimes, you need to have an imperative way of sending messages.
 
 For example, if you need to send a message to a stream, from inside a REST endpoint, when receiving a POST request.
-In this case, you cannot use `@Output` because your method has parameters.
+In this case, you cannot use `@Outgoing` because your method has parameters.
 
 For this, you can use an `Emitter`.
 

docs/src/main/asciidoc/reactive-sql-clients.adoc

@@ -531,6 +531,64 @@ return SqlClientHelper.inTransactionUni(client, tx -> tx
         .onItem().ignore().andContinueWithNull());
 ----
 
+== Working with batch query results
+
+When executing batch queries, reactive SQL clients return a `RowSet` that corresponds to the results of the first element in the batch.
+To get the results of the following batch elements, you must invoke the `RowSet#next` method until it returns `null`.
+
+Let's say you want to update some rows and compute the total number of affected rows.
+You must inspect each `RowSet`:
+
+[source, java]
+----
+PreparedQuery<RowSet<Row>> preparedQuery = client.preparedQuery("UPDATE fruits SET name = $1 WHERE id = $2");
+
+Uni<RowSet<Row>> rowSet = preparedQuery.executeBatch(Arrays.asList(
+        Tuple.of("Orange", 1),
+        Tuple.of("Pear", 2),
+        Tuple.of("Apple", 3)));
+
+Uni<Integer> totalAffected = rowSet.onItem().transform(res -> {
+    int total = 0;
+    do {
+        total += res.rowCount(); // <1>
+    } while ((res = res.next()) != null); // <2>
+    return total;
+});
+----
+<1> Compute the sum of `RowSet#rowCount`.
+<2> Invoke `RowSet#next` until it returns `null`.
+
+As another example, if you want to load all the rows you just inserted, you must concatenate the contents of each `RowSet`:
+
+[source, java]
+----
+PreparedQuery<RowSet<Row>> preparedQuery = client.preparedQuery("INSERT INTO fruits (name) VALUES ($1) RETURNING *");
+
+Uni<RowSet<Row>> rowSet = preparedQuery.executeBatch(Arrays.asList(
+        Tuple.of("Orange"),
+        Tuple.of("Pear"),
+        Tuple.of("Apple")));
+
+// Generate a Multi of RowSet items
+Multi<RowSet<Row>> rowSets = rowSet.onItem().transformToMulti(res -> {
+    return Multi.createFrom().generator(() -> res, (rs, emitter) -> {
+        RowSet<Row> next = null;
+        if (rs != null) {
+            emitter.emit(rs);
+            next = rs.next();
+        }
+        if (next == null) {
+            emitter.complete();
+        }
+        return next;
+    });
+});
+
+// Transform each RowSet into Multi of Row items and Concatenate
+Multi<Row> rows = rowSets.onItem().transformToMultiAndConcatenate(Multi.createFrom()::iterable);
+----
+
 == Multiple Datasources
 
 The reactive SQL clients support defining several datasources.

docs/src/main/asciidoc/security-customization.adoc

@@ -321,6 +321,18 @@ and add the BouncyCastle FIPS provider dependency:
 </dependency>
 ----
 
+[NOTE]
+====
+`BCFIPS` provider option is supported in native image but the algorithm self-tests which rely on `java.security.SecureRandom` to verify the generated keys have been removed for these tests to pass. The following classes have been affected:
+- `org.bouncycastle.crypto.general.DSA`
+- `org.bouncycastle.crypto.general.DSTU4145`
+- `org.bouncycastle.crypto.general.ECGOST3410`
+- `org.bouncycastle.crypto.general.GOST3410`
+- `org.bouncycastle.crypto.fips.FipsDSA`
+- `org.bouncycastle.crypto.fips.FipsEC`
+- `org.bouncycastle.crypto.fips.FipsRSA`
+====
+
 === BouncyCastle JSSE FIPS
 
 If you need to register an `org.bouncycastle.jsse.provider.BouncyCastleJsseProvider` JSSE provider and use it in combination with `org.bouncycastle.jcajce.provider.BouncyCastleFipsProvider` instead of the default SunJSSE provider then please set a `BCFIPSJSSE` provider name:
@@ -365,6 +377,11 @@ One can generate a keystore with this type and provider like this:
 keytool -genkey -alias server -keyalg RSA -keystore server-keystore.jks -keysize 2048 -keypass password -provider org.bouncycastle.jcajce.provider.BouncyCastleFipsProvider -providerpath $PATH_TO_BC_FIPS_JAR -storetype BCFKS
 ----
 
+[NOTE]
+====
+`BCFIPSJSSE` provider option is currently not supported in native image.
+====
+
 == Reactive Security
 
 If you are going to use security in a reactive environment, you will likely need SmallRye Context Propagation:

docs/src/main/asciidoc/security-jwt.adoc

@@ -308,11 +308,14 @@ Create a `security-jwt-quickstart/src/main/resources/application.properties` wit
 .application.properties for TokenSecuredResource
 [source, properties]
 ----
-mp.jwt.verify.publickey.location=META-INF/resources/publicKey.pem #<1>
+mp.jwt.verify.publickey.location=publicKey.pem #<1>
 mp.jwt.verify.issuer=https://example.com/issuer #<2>
+
+quarkus.native.resources.includes=publicKey.pem #<3>
 ----
-<1> We are setting public key location to point to a classpath publicKey.pem resource location. We will add this key in part B, <<Adding a Public Key>>.
+<1> We are setting public key location to point to a classpath publicKey.pem location. We will add this key in part B, <<Adding a Public Key>>.
 <2> We are setting the issuer to the URL string `https://example.com/issuer`.
+<3> We are including the public key as a resource in the native executable.
 
 === Adding a Public Key
 
@@ -321,9 +324,7 @@ The {mp-jwt} specification requires that JWTs that are signed with the RSA-256 s
 turn requires a RSA public key pair. On the REST endpoint server side, you need to configure the location of the RSA public
 key to use to verify the JWT sent along with requests. The `mp.jwt.verify.publickey.location=publicKey.pem` setting configured
 previously expects that the public key is available on the classpath as `publicKey.pem`. To accomplish this, copy the following
-content to a `security-jwt-quickstart/src/main/resources/META-INF/resources/publicKey.pem` file.
-
-NOTE: Adding `publicKey.pem` to `resources/META-INF/resources` ensures that it is available in the native image without having to provide a GraalVM resource file.
+content to a `security-jwt-quickstart/src/main/resources/publicKey.pem` file.
 
 .RSA Public Key PEM Content
 [source, text]

docs/src/main/asciidoc/writing-native-applications-tips.adoc

@@ -27,7 +27,34 @@ Resources that are meant to be part of the native executable need to be configur
 
 Quarkus automatically includes the resources present in `META-INF/resources` (the web resources) but, outside of this directory, you are on your own.
 
-To include more resources in the native executable, create a `resources-config.json` (the most common location is within `src/main/resources`) JSON file defining which resources should be included:
+[WARNING]
+====
+Note that you need to be extremely careful here as anything in `META-INF/resources` will be exposed as static web resources.
+So this directory is not a shortcut for "let's automatically include these resources in the native executable" and should only be used for static web resources.
+
+Other resources should be declared explicitly.
+====
+
+To include more resources in the native executable, the easiest way is to use the `quarkus.native.resources.includes` configuration property,
+and its counterpart to exclude resources `quarkus.native.resources.excludes`.
+
+Both configuration properties support glob patterns.
+
+For instance, having the following properties in your `application.properties`:
+
+[source,properties]
+----
+quarkus.native.resources.includes=foo/**,bar/**/*.txt
+quarkus.native.resources.excludes=foo/private/**
+----
+
+will include:
+
+* all files in the `foo/` directory and its subdirectories except for files in `foo/private/` and its subdirectories,
+* all text files in the `bar/` directory and its subdirectories.
+
+If globs are not sufficiently precise for your use case and you need to rely on regular expressions or if you prefer relying on the GraalVM infrastructure,
+you can also create a `resources-config.json` (the most common location is within `src/main/resources`) JSON file defining which resources should be included:
 
 [source,json]
 ----

extensions/arc/deployment/src/main/java/io/quarkus/arc/deployment/SyntheticBeanBuildItem.java

@@ -141,6 +141,5 @@ Supplier<?> getSupplier() {
         RuntimeValue<?> getRuntimeValue() {
             return runtimeValue;
         }
-
     }
 }

extensions/artemis-core/deployment/src/main/java/io/quarkus/artemis/core/deployment/ArtemisCoreProcessor.java

@@ -49,7 +49,8 @@ public class ArtemisCoreProcessor {
     @BuildStep
     NativeImageConfigBuildItem config() {
         return NativeImageConfigBuildItem.builder()
-                .addRuntimeInitializedClass("org.apache.activemq.artemis.api.core.ActiveMQBuffers").build();
+                .addRuntimeInitializedClass("org.apache.activemq.artemis.api.core.ActiveMQBuffers")
+                .addRuntimeInitializedClass("org.apache.activemq.artemis.utils.RandomUtil").build();
     }
 
     @BuildStep

extensions/datasource/deployment-spi/src/main/java/io/quarkus/datasource/deployment/spi/DevServicesDatasourceProvider.java

@@ -3,12 +3,14 @@
 import java.io.Closeable;
 import java.util.Map;
 import java.util.Optional;
+import java.util.OptionalInt;
 
 public interface DevServicesDatasourceProvider {
 
     RunningDevServicesDatasource startDatabase(Optional<String> username, Optional<String> password,
             Optional<String> datasourceName,
-            Optional<String> imageName, Map<String, String> additionalProperties);
+            Optional<String> imageName, Map<String, String> additionalProperties,
+            OptionalInt port);
 
     class RunningDevServicesDatasource {
 

extensions/datasource/deployment/src/main/java/io/quarkus/datasource/deployment/devservices/DevServicesDatasourceProcessor.java

@@ -217,7 +217,8 @@ private DevServicesDatasourceResultBuildItem.DbResult startDevDb(String dbName,
                 .startDatabase(ConfigProvider.getConfig().getOptionalValue(prefix + "username", String.class),
                         ConfigProvider.getConfig().getOptionalValue(prefix + "password", String.class),
                         Optional.ofNullable(dbName), dataSourceBuildTimeConfig.devservices.imageName,
-                        dataSourceBuildTimeConfig.devservices.properties);
+                        dataSourceBuildTimeConfig.devservices.properties,
+                        dataSourceBuildTimeConfig.devservices.port);
         closeableList.add(datasource.getCloseTask());
 
         Map<String, String> devDebProperties = new HashMap<>();

extensions/datasource/runtime/src/main/java/io/quarkus/datasource/runtime/DevServicesBuildTimeConfig.java

@@ -2,6 +2,7 @@
 
 import java.util.Map;
 import java.util.Optional;
+import java.util.OptionalInt;
 
 import io.quarkus.runtime.annotations.ConfigGroup;
 import io.quarkus.runtime.annotations.ConfigItem;
@@ -32,4 +33,12 @@ public class DevServicesBuildTimeConfig {
      */
     @ConfigItem
     public Map<String, String> properties;
+
+    /**
+     * Optional fixed port the dev service will listen to.
+     * <p>
+     * If not defined, the port will be chosen randomly.
+     */
+    @ConfigItem
+    public OptionalInt port;
 }

extensions/devservices/db2/src/main/java/io/quarkus/devservices/db2/deployment/DB2DevServicesProcessor.java

@@ -4,6 +4,7 @@
 import java.io.IOException;
 import java.util.Map;
 import java.util.Optional;
+import java.util.OptionalInt;
 
 import org.testcontainers.containers.Db2Container;
 import org.testcontainers.utility.DockerImageName;
@@ -25,13 +26,22 @@ DevServicesDatasourceProviderBuildItem setupDB2() {
         return new DevServicesDatasourceProviderBuildItem(DatabaseKind.DB2, new DevServicesDatasourceProvider() {
             @Override
             public RunningDevServicesDatasource startDatabase(Optional<String> username, Optional<String> password,
-                    Optional<String> datasourceName, Optional<String> imageName, Map<String, String> additionalProperties) {
+                    Optional<String> datasourceName, Optional<String> imageName, Map<String, String> additionalProperties,
+                    OptionalInt fixedExposedPort) {
                 Db2Container container = new Db2Container(
                         DockerImageName.parse(imageName.orElse("ibmcom/db2:" + TAG))
-                                .asCompatibleSubstituteFor(DockerImageName.parse("ibmcom/db2")))
-                                        .withPassword(password.orElse("quarkus"))
-                                        .withUsername(username.orElse("quarkus"))
-                                        .withDatabaseName(datasourceName.orElse("default"));
+                                .asCompatibleSubstituteFor(DockerImageName.parse("ibmcom/db2"))) {
+                    @Override
+                    protected void configure() {
+                        super.configure();
+                        if (fixedExposedPort.isPresent()) {
+                            addFixedExposedPort(fixedExposedPort.getAsInt(), DB2_PORT);
+                        }
+                    };
+                }
+                        .withPassword(password.orElse("quarkus"))
+                        .withUsername(username.orElse("quarkus"))
+                        .withDatabaseName(datasourceName.orElse("default"));
                 additionalProperties.forEach(container::withUrlParam);
                 container.start();
                 return new RunningDevServicesDatasource(container.getJdbcUrl(), container.getUsername(),

extensions/devservices/derby/src/main/java/io/quarkus/devservices/postgresql/deployment/DerbyDevServicesProcessor.java

@@ -3,8 +3,10 @@
 import java.io.Closeable;
 import java.io.IOException;
 import java.io.PrintWriter;
+import java.net.InetAddress;
 import java.util.Map;
 import java.util.Optional;
+import java.util.OptionalInt;
 
 import org.apache.derby.drda.NetworkServerControl;
 
@@ -23,9 +25,11 @@ DevServicesDatasourceProviderBuildItem setupDerby() {
         return new DevServicesDatasourceProviderBuildItem(DatabaseKind.DERBY, new DevServicesDatasourceProvider() {
             @Override
             public RunningDevServicesDatasource startDatabase(Optional<String> username, Optional<String> password,
-                    Optional<String> datasourceName, Optional<String> imageName, Map<String, String> additionalProperties) {
+                    Optional<String> datasourceName, Optional<String> imageName, Map<String, String> additionalProperties,
+                    OptionalInt fixedExposedPort) {
                 try {
-                    NetworkServerControl server = new NetworkServerControl();
+                    int port = fixedExposedPort.isPresent() ? fixedExposedPort.getAsInt() : 1527;
+                    NetworkServerControl server = new NetworkServerControl(InetAddress.getByName("localhost"), port);
                     server.start(new PrintWriter(System.out));
                     for (int i = 1; i <= NUMBER_OF_PINGS; i++) {
                         try {
@@ -52,15 +56,16 @@ public RunningDevServicesDatasource startDatabase(Optional<String> username, Opt
                         additionalArgs.append(i.getValue());
                     }
                     return new RunningDevServicesDatasource(
-                            "jdbc:derby://localhost:1527/memory:" + datasourceName.orElse("quarkus") + ";create=true"
+                            "jdbc:derby://localhost:" + port + "/memory:" + datasourceName.orElse("quarkus") + ";create=true"
                                     + additionalArgs.toString(),
                             null,
                             null,
                             new Closeable() {
                                 @Override
                                 public void close() throws IOException {
                                     try {
-                                        NetworkServerControl server = new NetworkServerControl();
+                                        NetworkServerControl server = new NetworkServerControl(
+                                                InetAddress.getByName("localhost"), port);
                                         server.shutdown();
                                         System.out.println("[INFO] Derby database was shut down");
                                     } catch (Exception e) {

extensions/devservices/h2/src/main/java/io/quarkus/devservices/postgresql/deployment/H2DevServicesProcessor.java

@@ -8,6 +8,7 @@
 import java.sql.Statement;
 import java.util.Map;
 import java.util.Optional;
+import java.util.OptionalInt;
 
 import org.h2.tools.Server;
 
@@ -23,9 +24,11 @@ DevServicesDatasourceProviderBuildItem setupH2() {
         return new DevServicesDatasourceProviderBuildItem(DatabaseKind.H2, new DevServicesDatasourceProvider() {
             @Override
             public RunningDevServicesDatasource startDatabase(Optional<String> username, Optional<String> password,
-                    Optional<String> datasourceName, Optional<String> imageName, Map<String, String> additionalProperties) {
+                    Optional<String> datasourceName, Optional<String> imageName, Map<String, String> additionalProperties,
+                    OptionalInt port) {
                 try {
-                    final Server tcpServer = Server.createTcpServer("-tcpPort", "0");
+                    final Server tcpServer = Server.createTcpServer("-tcpPort",
+                            port.isPresent() ? String.valueOf(port.getAsInt()) : "0");
                     tcpServer.start();
 
                     StringBuilder additionalArgs = new StringBuilder();