add NullAway and fix issues

Author: ThoSap

README.md

@@ -50,7 +50,7 @@ make test
 1. Open the `Services` tool on the left side of the IDE
 2. Click on "+" and select "Quarkus"
 
-Afterwards, the project can be started in IntelliJ by navigating to `Run` -> `Run '...'`.
+Afterward, the project can be started in IntelliJ by navigating to `Run` -> `Run '...'`.
 
 ## Packaging and running the application
 

build.gradle.kts

@@ -1,3 +1,5 @@
+import net.ltgt.gradle.errorprone.CheckSeverity
+import net.ltgt.gradle.errorprone.errorprone
 import org.gradle.api.tasks.testing.logging.TestExceptionFormat
 import org.gradle.api.tasks.testing.logging.TestLogEvent
 
@@ -6,11 +8,12 @@ plugins {
     java
     checkstyle
     id("io.quarkus")
+    alias(libs.plugins.errorPronePlugin)
     alias(libs.plugins.jooqPlugin)
 }
 
 description = "AboutBits PostgreSQL Operator"
-group = "com.aboutbits.postgresql"
+group = "it.aboutbits.postgresql"
 version = "0.0.1-SNAPSHOT"
 
 val quarkusPlatformGroupId: String by project
@@ -91,6 +94,12 @@ dependencies {
     testImplementation("org.awaitility:awaitility")
     testImplementation(libs.assertj)
     testImplementation(libs.datafaker)
+
+    /**
+     * NullAway
+     */
+    errorprone(libs.errorProne)
+    errorprone(libs.nullAway)
 }
 
 sourceSets {
@@ -114,6 +123,11 @@ java {
 tasks.withType<JavaCompile> {
     options.encoding = "UTF-8"
     options.compilerArgs.add("-parameters")
+
+    options.errorprone {
+        check("NullAway", CheckSeverity.ERROR)
+        option("NullAway:AnnotatedPackages", "it.aboutbits.postgresql")
+    }
 }
 
 tasks.quarkusDev {

gradle/libs.versions.toml

@@ -14,8 +14,15 @@ scram-client = "3.2"
 assertj = "3.27.6"
 checkstyle = "12.2.0"
 datafaker = "2.5.3"
+errorProne = "2.45.0"
+errorPronePlugin = "4.2.0"
+nullAway = "0.12.15"
 
 [plugins]
+# https://github.com/tbroyer/gradle-errorprone-plugin
+# https://mvnrepository.com/artifact/net.ltgt.errorprone/net.ltgt.errorprone.gradle.plugin
+errorPronePlugin = { id = "net.ltgt.errorprone", version.ref = "errorPronePlugin" }
+
 # https://www.jooq.org/doc/latest/manual/code-generation/codegen-execution/codegen-gradle/
 # https://github.com/jOOQ/jOOQ/tree/main/jOOQ-codegen-gradle
 # https://mvnrepository.com/artifact/org.jooq.jooq-codegen-gradle/org.jooq.jooq-codegen-gradle.gradle.plugin
@@ -82,3 +89,12 @@ checkstyle = { group = "com.puppycrawl.tools", name = "checkstyle", version.ref
 # https://github.com/datafaker-net/datafaker
 # https://mvnrepository.com/artifact/net.datafaker/datafaker
 datafaker = { group = "net.datafaker", name = "datafaker", version.ref = "datafaker" }
+
+# https://errorprone.info/
+# https://github.com/google/error-prone
+# https://mvnrepository.com/artifact/com.google.errorprone/error_prone_core
+errorProne = { group = "com.google.errorprone", name = "error_prone_core", version.ref = "errorProne" }
+
+# https://github.com/uber/NullAway
+# https://mvnrepository.com/artifact/com.uber.nullaway/nullaway
+nullAway = { group = "com.uber.nullaway", name = "nullaway", version.ref = "nullAway" }

lombok.config

@@ -4,3 +4,6 @@ config.stopBubbling = true
 lombok.copyableAnnotations += org.jspecify.annotations.Nullable
 lombok.copyableAnnotations += org.jspecify.annotations.NonNull
 lombok.addNullAnnotations = jspecify
+
+# Required for NullAway
+lombok.addLombokGeneratedAnnotation = true

src/main/java/it/aboutbits/postgresql/core/BaseReconciler.java

@@ -5,7 +5,6 @@
 import io.javaoperatorsdk.operator.api.reconciler.UpdateControl;
 import it.aboutbits.postgresql.crd.connection.ClusterConnection;
 import lombok.extern.slf4j.Slf4j;
-import org.jspecify.annotations.NonNull;
 import org.jspecify.annotations.NullMarked;
 import org.jspecify.annotations.Nullable;
 
@@ -18,12 +17,12 @@
 @NullMarked
 @Slf4j
 public abstract class BaseReconciler<CR extends CustomResource<?, S> & Named, S extends CRStatus> {
-    @NonNull
     protected abstract S newStatus();
 
     public S initializeStatus(CR resource) {
         S status = resource.getStatus();
 
+        //noinspection ConstantConditions
         if (status == null) {
             status = newStatus();
 
@@ -62,6 +61,7 @@ public Optional<ClusterConnection> getReferencedClusterConnection(
                 .withName(connectionName)
                 .get();
 
+        //noinspection ConstantConditions
         if (clusterConnection == null) {
             log.error(
                     "The specified ClusterConnection does not exist [clusterConnection={}/{}]",

src/main/java/it/aboutbits/postgresql/core/KubernetesUtil.java

@@ -4,6 +4,7 @@
 import it.aboutbits.postgresql.crd.connection.ClusterConnection;
 import org.jspecify.annotations.NullMarked;
 
+import java.nio.charset.Charset;
 import java.util.Base64;
 
 @NullMarked
@@ -67,7 +68,8 @@ public static Credentials getSecretRefCredentials(
         var username = usernameBase64 == null
                 ? null
                 : new String(
-                        Base64.getDecoder().decode(usernameBase64)
+                        Base64.getDecoder().decode(usernameBase64),
+                        Charset.defaultCharset()
                 );
 
         var passwordBase64 = data.get(SECRET_DATA_BASIC_AUTH_PASSWORD_KEY);
@@ -78,7 +80,8 @@ public static Credentials getSecretRefCredentials(
             ));
         }
         var password = new String(
-                Base64.getDecoder().decode(passwordBase64)
+                Base64.getDecoder().decode(passwordBase64),
+                Charset.defaultCharset()
         );
 
         return new Credentials(

src/main/java/it/aboutbits/postgresql/core/PostgreSQLAuthenticationUtil.java

@@ -2,6 +2,7 @@
 
 import com.ongres.scram.common.StringPreparation;
 import it.aboutbits.postgresql.crd.role.RoleSpec;
+import lombok.extern.slf4j.Slf4j;
 import org.jooq.DSLContext;
 import org.jspecify.annotations.NullMarked;
 
@@ -20,6 +21,7 @@
 import static it.aboutbits.postgresql.core.infrastructure.persistence.Tables.PG_AUTHID;
 
 @NullMarked
+@Slf4j
 public final class PostgreSQLAuthenticationUtil {
     private static final String MD5 = "MD5";
     private static final String SHA_256 = "SHA-256";
@@ -89,7 +91,8 @@ private static boolean verifyPostgresScramSha256(String postgresVerifier, String
         int iterations;
         try {
             iterations = Integer.parseInt(iterationsAndSalt.substring(0, colonIterationsAndSalt));
-        } catch (NumberFormatException ex) {
+        } catch (NumberFormatException e) {
+            log.error("Invalid iterations format in PostgreSQL verifier: %s".formatted(postgresVerifier), e);
             return false;
         }
         if (iterations <= 0) {
@@ -110,7 +113,8 @@ private static boolean verifyPostgresScramSha256(String postgresVerifier, String
         try {
             salt = Base64.getDecoder().decode(saltB64);
             currentStoredKey = Base64.getDecoder().decode(storedKeyB64);
-        } catch (IllegalArgumentException ex) {
+        } catch (IllegalArgumentException e) {
+            log.error("Invalid salt or stored key format in PostgreSQL verifier: %s".formatted(postgresVerifier), e);
             return false;
         }
 
@@ -119,7 +123,7 @@ private static boolean verifyPostgresScramSha256(String postgresVerifier, String
         byte[] expectedStoredKey = null;
         try {
             // RFC 5802/7677:
-            // saltedPassword := Hi(password, salt, iterations)  (PBKDF2-HMAC-SHA-256, 32 bytes)
+            // saltedPassword := Hi(password, salt, iterations) (PBKDF2-HMAC-SHA-256, 32 bytes)
             // clientKey      := HMAC(saltedPassword, "Client Key")
             // storedKey      := H(clientKey)  (SHA-256)
             saltedPassword = pbkdf2HmacSha256(preparedPassword, salt, iterations, 32);
@@ -160,7 +164,8 @@ private static boolean verifyPostgresMd5(
                     3,
                     postgresMd5.length()
             );
-        } catch (IllegalArgumentException ex) {
+        } catch (IllegalArgumentException e) {
+            log.error("Invalid MD5 format in PostgreSQL verifier: %s".formatted(postgresMd5), e);
             return false; // not valid hex
         }
 

src/main/java/it/aboutbits/postgresql/core/SecretRef.java

@@ -11,7 +11,7 @@
 @Setter
 public class SecretRef {
     @Required
-    private String name;
+    private String name = "";
 
     /**
      * The namespace where the Secret is located.

src/main/java/it/aboutbits/postgresql/crd/connection/ClusterConnectionReconciler.java

@@ -9,8 +9,9 @@
 import it.aboutbits.postgresql.core.PostgreSQLContextFactory;
 import lombok.RequiredArgsConstructor;
 import lombok.extern.slf4j.Slf4j;
-import org.jspecify.annotations.NonNull;
+import org.jspecify.annotations.NullMarked;
 
+@NullMarked
 @Slf4j
 @RequiredArgsConstructor
 public class ClusterConnectionReconciler
@@ -43,7 +44,7 @@ public UpdateControl<ClusterConnection> reconcile(
     }
 
     @Override
-    protected @NonNull CRStatus newStatus() {
+    protected CRStatus newStatus() {
         return new CRStatus();
     }
 }

src/main/java/it/aboutbits/postgresql/crd/role/RoleFlags.java

@@ -3,7 +3,9 @@
 import lombok.Getter;
 import lombok.RequiredArgsConstructor;
 import lombok.experimental.Accessors;
+import org.jspecify.annotations.NullMarked;
 
+@NullMarked
 @Getter
 @Accessors(fluent = true)
 @RequiredArgsConstructor