Refine support for optional Vault config locations.

We now propagate the optional config location flag to the config data infrastructure. Also, the check whether Vault is enabled is moved from the resolver into the loader returning null if Vault support is enabled. This allows Spring Boot to skip optional config data locations.

Closes gh-571

Author: mp911de

docs/src/main/asciidoc/config-data.adoc

@@ -38,6 +38,18 @@ spring.config.import: vault://first/context/path, vault://other/path, vault://
 ----
 ====
 
+[[vault.configdata.location.optional]]
+=== Conditionally enable/disable Vault Configuration
+
+In some cases, it can be required to launch an application without Vault. You can express whether a Vault config location should be optional or mandatory (default) through the location string:
+
+* `optional:vault://` (default location)
+* `optional:vault:///<context-path>` (contextual location)
+
+Optional locations are skipped during application startup if Vault support was disabled through `spring.cloud.vault.enabled=false`.
+
+NOTE: Vault context paths that cannot be found (HTTP Status 404) are skipped regardless of whether the config location is marked optional. <<vault.config.fail-fast>> allows failing on start if a Vault context path cannot be found because of HTTP Status 404.
+
 [[vault.configdata.customization]]
 === Infrastructure Customization
 

spring-cloud-vault-config/src/main/java/org/springframework/cloud/vault/config/VaultConfigDataLoader.java

@@ -16,7 +16,6 @@
 
 package org.springframework.cloud.vault.config;
 
-import java.io.IOException;
 import java.lang.reflect.Field;
 import java.lang.reflect.Modifier;
 import java.util.Arrays;
@@ -93,6 +92,8 @@
  */
 public class VaultConfigDataLoader implements ConfigDataLoader<VaultConfigLocation> {
 
+	private final static ConfigData SKIP_LOCATION = null;
+
 	private final static boolean FLUX_AVAILABLE = ClassUtils.isPresent("reactor.core.publisher.Flux",
 			VaultConfigDataLoader.class.getClassLoader());
 
@@ -110,11 +111,15 @@ public VaultConfigDataLoader(DeferredLogFactory logFactory) {
 
 	@Override
 	public ConfigData load(ConfigDataLoaderContext context, VaultConfigLocation location)
-			throws IOException, ConfigDataLocationNotFoundException {
+			throws ConfigDataLocationNotFoundException {
 
 		ConfigurableBootstrapContext bootstrap = context.getBootstrapContext();
 		VaultProperties vaultProperties = bootstrap.get(VaultProperties.class);
 
+		if (!vaultProperties.isEnabled()) {
+			return SKIP_LOCATION;
+		}
+
 		if (vaultProperties.getSession().getLifecycle().isEnabled()
 				|| vaultProperties.getConfig().getLifecycle().isEnabled()) {
 			registerVaultTaskScheduler(bootstrap);

spring-cloud-vault-config/src/main/java/org/springframework/cloud/vault/config/VaultConfigDataLocationResolver.java

@@ -81,10 +81,7 @@ public class VaultConfigDataLocationResolver implements ConfigDataLocationResolv
 
 	@Override
 	public boolean isResolvable(ConfigDataLocationResolverContext context, ConfigDataLocation location) {
-		boolean vaultEnabled = context.getBinder().bind(VaultProperties.PREFIX + ".enabled", Boolean.class)
-				.orElse(true);
-
-		return location.getValue().startsWith(VaultConfigLocation.VAULT_PREFIX) && vaultEnabled;
+		return location.getValue().startsWith(VaultConfigLocation.VAULT_PREFIX);
 	}
 
 	@Override

spring-cloud-vault-config/src/main/java/org/springframework/cloud/vault/config/VaultConfigLocation.java

@@ -42,6 +42,8 @@ public class VaultConfigLocation extends ConfigDataResource {
 
 	public VaultConfigLocation(String contextPath, boolean optional) {
 
+		super(optional);
+
 		Assert.hasText(contextPath, "Context path must not be empty");
 
 		this.secretBackendMetadata = KeyValueSecretBackendMetadata.create(contextPath);

spring-cloud-vault-config/src/test/java/org/springframework/cloud/vault/config/VaultConfigDataLoaderIntegrationTests.java

@@ -18,7 +18,6 @@
 
 import java.util.Collections;
 
-import org.junit.After;
 import org.junit.Before;
 import org.junit.Test;
 
@@ -33,14 +32,12 @@
 import static org.assertj.core.api.Assertions.assertThat;
 
 /**
- * Unit tests for {@link VaultConfigDataLoader}.
+ * Integration tests for {@link VaultConfigDataLoader}.
  *
  * @author Mark Paluch
  */
 public class VaultConfigDataLoaderIntegrationTests extends IntegrationTestSupport {
 
-	private ConfigurableApplicationContext context;
-
 	@Before
 	public void before() {
 
@@ -49,24 +46,32 @@ public void before() {
 
 		this.vaultRule.prepare().getVaultOperations().write("secret/my-config-loader/cloud",
 				Collections.singletonMap("default-key", "cloud"));
+	}
+
+	@Test
+	public void shouldConsiderProfiles() {
 
 		SpringApplication application = new SpringApplication(Config.class);
 		application.setWebApplicationType(WebApplicationType.NONE);
 		application.setAdditionalProfiles("cloud");
 
-		this.context = application.run("--spring.application.name=my-config-loader", "--spring.config.import=vault:",
-				"--spring.cloud.vault.token=" + Settings.token().getToken());
+		try (ConfigurableApplicationContext context = application.run("--spring.application.name=my-config-loader",
+				"--spring.config.import=vault:", "--spring.cloud.vault.token=" + Settings.token().getToken())) {
+
+			assertThat(context.getEnvironment().getProperty("default-key")).isEqualTo("cloud");
+		}
 	}
 
 	@Test
-	public void shouldConsiderProfiles() {
-		assertThat(this.context.getEnvironment().getProperty("default-key")).isEqualTo("cloud");
-	}
+	public void shouldConsiderDisabledVault() {
+
+		SpringApplication application = new SpringApplication(Config.class);
+		application.setWebApplicationType(WebApplicationType.NONE);
+
+		try (ConfigurableApplicationContext context = application.run("--spring.application.name=my-config-loader",
+				"--spring.config.import=optional:vault:", "--spring.cloud.vault.enabled=false")) {
 
-	@After
-	public void after() {
-		if (this.context != null) {
-			this.context.close();
+			assertThat(context.getEnvironment().getProperty("default-key")).isNull();
 		}
 	}
 

spring-cloud-vault-config/src/test/java/org/springframework/cloud/vault/config/VaultConfigDataLoaderUnitTests.java

@@ -0,0 +1,51 @@
+/*
+ * Copyright 2020-2021 the original author or authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.springframework.cloud.vault.config;
+
+import org.junit.Test;
+
+import org.springframework.boot.DefaultBootstrapContext;
+import org.springframework.boot.context.config.ConfigData;
+import org.springframework.boot.logging.DeferredLogs;
+import org.springframework.cloud.vault.util.IntegrationTestSupport;
+
+import static org.assertj.core.api.Assertions.assertThat;
+
+/**
+ * Unit tests for {@link VaultConfigDataLoader}.
+ *
+ * @author Mark Paluch
+ */
+public class VaultConfigDataLoaderUnitTests extends IntegrationTestSupport {
+
+	@Test
+	public void shouldConsiderDisabledVault() {
+
+		VaultConfigDataLoader loader = new VaultConfigDataLoader(new DeferredLogs());
+		DefaultBootstrapContext context = new DefaultBootstrapContext();
+
+		VaultProperties properties = new VaultProperties();
+		properties.setEnabled(false);
+
+		context.register(VaultProperties.class, it -> properties);
+
+		ConfigData vaultDisabled = loader.load(() -> context, new VaultConfigLocation("foo", true));
+
+		assertThat(vaultDisabled).isNull();
+	}
+
+}