From a4b792e6ba02ad31e1aa1966b268df23c7c5b8db Mon Sep 17 00:00:00 2001 From: Mark Paluch Date: Mon, 23 Oct 2023 11:44:09 +0200 Subject: [PATCH] Guard Config Data registration against absent SessionManager. If the session manager is absent, we no not attemp to look it up. That is the case if no authentication is configured. Closes gh-705 --- .../cloud/vault/config/VaultConfigDataLoader.java | 3 ++- .../cloud/vault/config/VaultConfiguration.java | 3 ++- .../VaultConfigDataLoaderIntegrationTests.java | 15 +++++++++++++++ 3 files changed, 19 insertions(+), 2 deletions(-) diff --git a/spring-cloud-vault-config/src/main/java/org/springframework/cloud/vault/config/VaultConfigDataLoader.java b/spring-cloud-vault-config/src/main/java/org/springframework/cloud/vault/config/VaultConfigDataLoader.java index 27c89eb3b..39d191a56 100644 --- a/spring-cloud-vault-config/src/main/java/org/springframework/cloud/vault/config/VaultConfigDataLoader.java +++ b/spring-cloud-vault-config/src/main/java/org/springframework/cloud/vault/config/VaultConfigDataLoader.java @@ -252,7 +252,8 @@ private void registerSecretLeaseContainer(ConfigurableBootstrapContext bootstrap VaultConfiguration vaultConfiguration) { registerIfAbsent(bootstrap, "secretLeaseContainer", SecretLeaseContainer.class, ctx -> { - SessionManager sessionManager = ctx.get(SessionManager.class); + SessionManager sessionManager = ctx.isRegistered(SessionManager.class) ? ctx.get(SessionManager.class) + : null; SecretLeaseContainer container = vaultConfiguration.createSecretLeaseContainer(ctx.get(VaultTemplate.class), () -> ctx.get(TaskSchedulerWrapper.class).getTaskScheduler(), sessionManager); diff --git a/spring-cloud-vault-config/src/main/java/org/springframework/cloud/vault/config/VaultConfiguration.java b/spring-cloud-vault-config/src/main/java/org/springframework/cloud/vault/config/VaultConfiguration.java index b5c2bf6a8..4d79a8c03 100644 --- a/spring-cloud-vault-config/src/main/java/org/springframework/cloud/vault/config/VaultConfiguration.java +++ b/spring-cloud-vault-config/src/main/java/org/springframework/cloud/vault/config/VaultConfiguration.java @@ -24,6 +24,7 @@ import org.springframework.cloud.client.ServiceInstance; import org.springframework.cloud.vault.config.VaultProperties.Ssl; import org.springframework.http.client.ClientHttpRequestFactory; +import org.springframework.lang.Nullable; import org.springframework.scheduling.TaskScheduler; import org.springframework.scheduling.concurrent.ThreadPoolTaskScheduler; import org.springframework.util.StringUtils; @@ -182,7 +183,7 @@ SessionManager createSessionManager(ClientAuthentication clientAuthentication, } SecretLeaseContainer createSecretLeaseContainer(VaultOperations vaultOperations, - Supplier taskSchedulerSupplier, SessionManager sessionManager) { + Supplier taskSchedulerSupplier, @Nullable SessionManager sessionManager) { VaultProperties.ConfigLifecycle lifecycle = this.vaultProperties.getConfig().getLifecycle(); diff --git a/spring-cloud-vault-config/src/test/java/org/springframework/cloud/vault/config/VaultConfigDataLoaderIntegrationTests.java b/spring-cloud-vault-config/src/test/java/org/springframework/cloud/vault/config/VaultConfigDataLoaderIntegrationTests.java index 75f2596e3..94f1a65ab 100644 --- a/spring-cloud-vault-config/src/test/java/org/springframework/cloud/vault/config/VaultConfigDataLoaderIntegrationTests.java +++ b/spring-cloud-vault-config/src/test/java/org/springframework/cloud/vault/config/VaultConfigDataLoaderIntegrationTests.java @@ -63,6 +63,21 @@ public void shouldConsiderProfiles() { } } + @Test + public void shouldConsiderNoAuthentication() { + + SpringApplication application = new SpringApplication(Config.class); + application.setWebApplicationType(WebApplicationType.NONE); + + try (ConfigurableApplicationContext context = application.run("--spring.application.name=my-config-loader", + "--spring.config.import=vault:", "--spring.cloud.vault.authentication=NONE")) { + + // while the Vault startup leads to Status 403 Forbidden [secret/application], + // we expect that the application can still boot up. + assertThat(context).isNotNull(); + } + } + @Test public void vaultLocationEndingWithSlashShouldFail() {