Merge branch 'main' into issue-6763

CHANGELOG.md

@@ -6,6 +6,7 @@
 
 #### Improvements
 
+* Fix #6863: ensuring SerialExecutor does not throw RejectedExecutionException to prevent unnecessary error logs
 * Fix #6763: CRDGenerator: YAML output customization
 
 #### Dependency Upgrade

extensions/certmanager/model/src/generated/java/io/fabric8/certmanager/api/model/acme/v1/AzureManagedIdentity.java

@@ -39,7 +39,8 @@
 @JsonInclude(JsonInclude.Include.NON_NULL)
 @JsonPropertyOrder({
     "clientID",
-    "resourceID"
+    "resourceID",
+    "tenantID"
 })
 @ToString
 @EqualsAndHashCode
@@ -70,6 +71,8 @@ public class AzureManagedIdentity implements Editable<AzureManagedIdentityBuilde
     private String clientID;
     @JsonProperty("resourceID")
     private String resourceID;
+    @JsonProperty("tenantID")
+    private String tenantID;
     @JsonIgnore
     private Map<String, Object> additionalProperties = new LinkedHashMap<String, Object>();
 
@@ -79,10 +82,11 @@ public class AzureManagedIdentity implements Editable<AzureManagedIdentityBuilde
     public AzureManagedIdentity() {
     }
 
-    public AzureManagedIdentity(String clientID, String resourceID) {
+    public AzureManagedIdentity(String clientID, String resourceID, String tenantID) {
         super();
         this.clientID = clientID;
         this.resourceID = resourceID;
+        this.tenantID = tenantID;
     }
 
     /**
@@ -117,6 +121,22 @@ public void setResourceID(String resourceID) {
         this.resourceID = resourceID;
     }
 
+    /**
+     * tenant ID of the managed identity, can not be used at the same time as resourceID
+     */
+    @JsonProperty("tenantID")
+    public String getTenantID() {
+        return tenantID;
+    }
+
+    /**
+     * tenant ID of the managed identity, can not be used at the same time as resourceID
+     */
+    @JsonProperty("tenantID")
+    public void setTenantID(String tenantID) {
+        this.tenantID = tenantID;
+    }
+
     @JsonIgnore
     public AzureManagedIdentityBuilder edit() {
         return new AzureManagedIdentityBuilder(this);

extensions/certmanager/model/src/generated/java/io/fabric8/certmanager/api/model/v1/JKSKeystore.java

@@ -34,13 +34,14 @@
 import lombok.experimental.Accessors;
 
 /**
- * JKS configures options for storing a JKS keystore in the `spec.secretName` Secret resource.
+ * JKS configures options for storing a JKS keystore in the target secret. Either PasswordSecretRef or Password must be provided.
  */
 @JsonDeserialize(using = com.fasterxml.jackson.databind.JsonDeserializer.None.class)
 @JsonInclude(JsonInclude.Include.NON_NULL)
 @JsonPropertyOrder({
     "alias",
     "create",
+    "password",
     "passwordSecretRef"
 })
 @ToString
@@ -72,6 +73,8 @@ public class JKSKeystore implements Editable<JKSKeystoreBuilder>, KubernetesReso
     private String alias;
     @JsonProperty("create")
     private Boolean create;
+    @JsonProperty("password")
+    private String password;
     @JsonProperty("passwordSecretRef")
     private SecretKeySelector passwordSecretRef;
     @JsonIgnore
@@ -83,10 +86,11 @@ public class JKSKeystore implements Editable<JKSKeystoreBuilder>, KubernetesReso
     public JKSKeystore() {
     }
 
-    public JKSKeystore(String alias, Boolean create, SecretKeySelector passwordSecretRef) {
+    public JKSKeystore(String alias, Boolean create, String password, SecretKeySelector passwordSecretRef) {
         super();
         this.alias = alias;
         this.create = create;
+        this.password = password;
         this.passwordSecretRef = passwordSecretRef;
     }
 
@@ -107,31 +111,47 @@ public void setAlias(String alias) {
     }
 
     /**
-     * Create enables JKS keystore creation for the Certificate. If true, a file named `keystore.jks` will be created in the target Secret resource, encrypted using the password stored in `passwordSecretRef`. The keystore file will be updated immediately. If the issuer provided a CA certificate, a file named `truststore.jks` will also be created in the target Secret resource, encrypted using the password stored in `passwordSecretRef` containing the issuing Certificate Authority
+     * Create enables JKS keystore creation for the Certificate. If true, a file named `keystore.jks` will be created in the target Secret resource, encrypted using the password stored in `passwordSecretRef` or `password`. The keystore file will be updated immediately. If the issuer provided a CA certificate, a file named `truststore.jks` will also be created in the target Secret resource, encrypted using the password stored in `passwordSecretRef` containing the issuing Certificate Authority
      */
     @JsonProperty("create")
     public Boolean getCreate() {
         return create;
     }
 
     /**
-     * Create enables JKS keystore creation for the Certificate. If true, a file named `keystore.jks` will be created in the target Secret resource, encrypted using the password stored in `passwordSecretRef`. The keystore file will be updated immediately. If the issuer provided a CA certificate, a file named `truststore.jks` will also be created in the target Secret resource, encrypted using the password stored in `passwordSecretRef` containing the issuing Certificate Authority
+     * Create enables JKS keystore creation for the Certificate. If true, a file named `keystore.jks` will be created in the target Secret resource, encrypted using the password stored in `passwordSecretRef` or `password`. The keystore file will be updated immediately. If the issuer provided a CA certificate, a file named `truststore.jks` will also be created in the target Secret resource, encrypted using the password stored in `passwordSecretRef` containing the issuing Certificate Authority
      */
     @JsonProperty("create")
     public void setCreate(Boolean create) {
         this.create = create;
     }
 
     /**
-     * JKS configures options for storing a JKS keystore in the `spec.secretName` Secret resource.
+     * Password provides a literal password used to encrypt the JKS keystore. Mutually exclusive with passwordSecretRef. One of password or passwordSecretRef must provide a password with a non-zero length.
+     */
+    @JsonProperty("password")
+    public String getPassword() {
+        return password;
+    }
+
+    /**
+     * Password provides a literal password used to encrypt the JKS keystore. Mutually exclusive with passwordSecretRef. One of password or passwordSecretRef must provide a password with a non-zero length.
+     */
+    @JsonProperty("password")
+    public void setPassword(String password) {
+        this.password = password;
+    }
+
+    /**
+     * JKS configures options for storing a JKS keystore in the target secret. Either PasswordSecretRef or Password must be provided.
      */
     @JsonProperty("passwordSecretRef")
     public SecretKeySelector getPasswordSecretRef() {
         return passwordSecretRef;
     }
 
     /**
-     * JKS configures options for storing a JKS keystore in the `spec.secretName` Secret resource.
+     * JKS configures options for storing a JKS keystore in the target secret. Either PasswordSecretRef or Password must be provided.
      */
     @JsonProperty("passwordSecretRef")
     public void setPasswordSecretRef(SecretKeySelector passwordSecretRef) {

extensions/certmanager/model/src/generated/java/io/fabric8/certmanager/api/model/v1/PKCS12Keystore.java

@@ -40,6 +40,7 @@
 @JsonInclude(JsonInclude.Include.NON_NULL)
 @JsonPropertyOrder({
     "create",
+    "password",
     "passwordSecretRef",
     "profile"
 })
@@ -70,6 +71,8 @@ public class PKCS12Keystore implements Editable<PKCS12KeystoreBuilder>, Kubernet
 
     @JsonProperty("create")
     private Boolean create;
+    @JsonProperty("password")
+    private String password;
     @JsonProperty("passwordSecretRef")
     private SecretKeySelector passwordSecretRef;
     @JsonProperty("profile")
@@ -83,29 +86,46 @@ public class PKCS12Keystore implements Editable<PKCS12KeystoreBuilder>, Kubernet
     public PKCS12Keystore() {
     }
 
-    public PKCS12Keystore(Boolean create, SecretKeySelector passwordSecretRef, String profile) {
+    public PKCS12Keystore(Boolean create, String password, SecretKeySelector passwordSecretRef, String profile) {
         super();
         this.create = create;
+        this.password = password;
         this.passwordSecretRef = passwordSecretRef;
         this.profile = profile;
     }
 
     /**
-     * Create enables PKCS12 keystore creation for the Certificate. If true, a file named `keystore.p12` will be created in the target Secret resource, encrypted using the password stored in `passwordSecretRef`. The keystore file will be updated immediately. If the issuer provided a CA certificate, a file named `truststore.p12` will also be created in the target Secret resource, encrypted using the password stored in `passwordSecretRef` containing the issuing Certificate Authority
+     * Create enables PKCS12 keystore creation for the Certificate. If true, a file named `keystore.p12` will be created in the target Secret resource, encrypted using the password stored in `passwordSecretRef` or in `password`. The keystore file will be updated immediately. If the issuer provided a CA certificate, a file named `truststore.p12` will also be created in the target Secret resource, encrypted using the password stored in `passwordSecretRef` containing the issuing Certificate Authority
      */
     @JsonProperty("create")
     public Boolean getCreate() {
         return create;
     }
 
     /**
-     * Create enables PKCS12 keystore creation for the Certificate. If true, a file named `keystore.p12` will be created in the target Secret resource, encrypted using the password stored in `passwordSecretRef`. The keystore file will be updated immediately. If the issuer provided a CA certificate, a file named `truststore.p12` will also be created in the target Secret resource, encrypted using the password stored in `passwordSecretRef` containing the issuing Certificate Authority
+     * Create enables PKCS12 keystore creation for the Certificate. If true, a file named `keystore.p12` will be created in the target Secret resource, encrypted using the password stored in `passwordSecretRef` or in `password`. The keystore file will be updated immediately. If the issuer provided a CA certificate, a file named `truststore.p12` will also be created in the target Secret resource, encrypted using the password stored in `passwordSecretRef` containing the issuing Certificate Authority
      */
     @JsonProperty("create")
     public void setCreate(Boolean create) {
         this.create = create;
     }
 
+    /**
+     * Password provides a literal password used to encrypt the PKCS#12 keystore. Mutually exclusive with passwordSecretRef. One of password or passwordSecretRef must provide a password with a non-zero length.
+     */
+    @JsonProperty("password")
+    public String getPassword() {
+        return password;
+    }
+
+    /**
+     * Password provides a literal password used to encrypt the PKCS#12 keystore. Mutually exclusive with passwordSecretRef. One of password or passwordSecretRef must provide a password with a non-zero length.
+     */
+    @JsonProperty("password")
+    public void setPassword(String password) {
+        this.password = password;
+    }
+
     /**
      * PKCS12 configures options for storing a PKCS12 keystore in the `spec.secretName` Secret resource.
      */

kubernetes-client/src/main/java/io/fabric8/kubernetes/client/dsl/internal/ExecWebSocketListener.java

@@ -47,7 +47,6 @@
 import java.util.concurrent.Executor;
 import java.util.concurrent.ExecutorService;
 import java.util.concurrent.Executors;
-import java.util.concurrent.RejectedExecutionException;
 import java.util.concurrent.atomic.AtomicBoolean;
 import java.util.concurrent.atomic.AtomicReference;
 
@@ -371,23 +370,19 @@ public void onClose(WebSocket webSocket, int code, String reason) {
     }
     closeWebSocketOnce(code, reason);
     LOGGER.debug("Exec Web Socket: On Close with code:[{}], due to: [{}]", code, reason);
-    try {
-      serialExecutor.execute(() -> {
-        try {
-          if (exitCode.complete(null)) {
-            // this is expected for processes that don't terminate - uploads for example
-            LOGGER.debug("Exec Web Socket: completed with a null exit code - no status was received prior to onClose");
-          }
-          cleanUpOnce();
-        } finally {
-          if (listener != null) {
-            listener.onClose(code, reason);
-          }
+    serialExecutor.execute(() -> {
+      try {
+        if (exitCode.complete(null)) {
+          // this is expected for processes that don't terminate - uploads for example
+          LOGGER.debug("Exec Web Socket: completed with a null exit code - no status was received prior to onClose");
         }
-      });
-    } catch (RejectedExecutionException e) {
-      LOGGER.debug("Client already shutdown, aborting normal closure", e);
-    }
+        cleanUpOnce();
+      } finally {
+        if (listener != null) {
+          listener.onClose(code, reason);
+        }
+      }
+    });
   }
 
   @Override

kubernetes-client/src/main/java/io/fabric8/kubernetes/client/dsl/internal/PortForwarderWebsocketListener.java

@@ -32,7 +32,6 @@
 import java.util.concurrent.Executor;
 import java.util.concurrent.ExecutorService;
 import java.util.concurrent.Executors;
-import java.util.concurrent.RejectedExecutionException;
 import java.util.concurrent.atomic.AtomicBoolean;
 import java.util.function.BooleanSupplier;
 
@@ -130,27 +129,23 @@ public void onMessage(WebSocket webSocket, ByteBuffer buffer) {
     } else {
       // Data
       if (out != null) {
-        try {
-          serialExecutor.execute(() -> {
-            try {
-              while (buffer.hasRemaining()) {
-                int written = out.write(buffer); // channel byte already skipped
-                if (written == 0) {
-                  // out is non-blocking, prevent a busy loop
-                  Thread.sleep(50);
-                }
-              }
-              webSocket.request();
-            } catch (IOException | InterruptedException e) {
-              if (e instanceof InterruptedException) {
-                Thread.currentThread().interrupt();
+        serialExecutor.execute(() -> {
+          try {
+            while (buffer.hasRemaining()) {
+              int written = out.write(buffer); // channel byte already skipped
+              if (written == 0) {
+                // out is non-blocking, prevent a busy loop
+                Thread.sleep(50);
               }
-              clientError(webSocket, "forwarding data to the client", e);
             }
-          });
-        } catch (RejectedExecutionException e) {
-          // just ignore 
-        }
+            webSocket.request();
+          } catch (IOException | InterruptedException e) {
+            if (e instanceof InterruptedException) {
+              Thread.currentThread().interrupt();
+            }
+            clientError(webSocket, "forwarding data to the client", e);
+          }
+        });
       }
     }
   }

kubernetes-client/src/main/java/io/fabric8/kubernetes/client/informers/impl/cache/ProcessorStore.java

@@ -113,7 +113,7 @@ public void retainAll(Set<String> nextKeys, Consumer<Executor> cacheStateComplet
       }
     });
     if (cacheStateComplete != null) {
-      cacheStateComplete.accept(this.processor::executeIfPossible);
+      cacheStateComplete.accept(this.processor.getSerialExecutor()::execute);
     }
   }
 

kubernetes-client/src/main/java/io/fabric8/kubernetes/client/informers/impl/cache/SharedProcessor.java

@@ -26,7 +26,6 @@
 import java.util.List;
 import java.util.Optional;
 import java.util.concurrent.Executor;
-import java.util.concurrent.RejectedExecutionException;
 import java.util.concurrent.locks.ReadWriteLock;
 import java.util.concurrent.locks.ReentrantReadWriteLock;
 import java.util.function.Consumer;
@@ -108,20 +107,16 @@ public void distribute(Consumer<ProcessorListener<T>> operation, boolean isSync)
     } finally {
       lock.readLock().unlock();
     }
-    try {
-      executor.execute(() -> {
-        for (ProcessorListener<T> listener : toCall) {
-          try {
-            operation.accept(listener);
-          } catch (Exception ex) {
-            log.error("{} failed invoking {} event handler: {}", informerDescription, listener.getHandler(), ex.getMessage(),
-                ex);
-          }
+    executor.execute(() -> {
+      for (ProcessorListener<T> listener : toCall) {
+        try {
+          operation.accept(listener);
+        } catch (Exception ex) {
+          log.error("{} failed invoking {} event handler: {}", informerDescription, listener.getHandler(), ex.getMessage(),
+              ex);
         }
-      });
-    } catch (RejectedExecutionException e) {
-      // do nothing
-    }
+      }
+    });
   }
 
   public boolean shouldResync() {
@@ -202,11 +197,8 @@ public Optional<Long> getMinimalNonZeroResyncPeriod() {
     }
   }
 
-  public void executeIfPossible(Runnable runnable) {
-    try {
-      this.executor.execute(runnable);
-    } catch (RejectedExecutionException e) {
-      // already shutdown
-    }
+  public SerialExecutor getSerialExecutor() {
+    return executor;
   }
+
 }