Guard Config Data registration against absent SessionManager.

If the session manager is absent, we no not attemp to look it up. That is the case if no authentication is configured. Closes gh-705
spring-cloud · Oct 23, 2023 · a4b792e · a4b792e
1 parent 26c2152
commit a4b792e
Show file tree

Hide file tree

Showing 3 changed files with 19 additions and 2 deletions.
diff --git a/...lt-config/src/main/java/org/springframework/cloud/vault/config/VaultConfigDataLoader.java b/...lt-config/src/main/java/org/springframework/cloud/vault/config/VaultConfigDataLoader.java
@@ -252,7 +252,8 @@ private void registerSecretLeaseContainer(ConfigurableBootstrapContext bootstrap
 			VaultConfiguration vaultConfiguration) {
 		registerIfAbsent(bootstrap, "secretLeaseContainer", SecretLeaseContainer.class, ctx -> {
 
-			SessionManager sessionManager = ctx.get(SessionManager.class);
+			SessionManager sessionManager = ctx.isRegistered(SessionManager.class) ? ctx.get(SessionManager.class)
+					: null;
 			SecretLeaseContainer container = vaultConfiguration.createSecretLeaseContainer(ctx.get(VaultTemplate.class),
 					() -> ctx.get(TaskSchedulerWrapper.class).getTaskScheduler(), sessionManager);
 

diff --git a/...vault-config/src/main/java/org/springframework/cloud/vault/config/VaultConfiguration.java b/...vault-config/src/main/java/org/springframework/cloud/vault/config/VaultConfiguration.java
@@ -24,6 +24,7 @@
 import org.springframework.cloud.client.ServiceInstance;
 import org.springframework.cloud.vault.config.VaultProperties.Ssl;
 import org.springframework.http.client.ClientHttpRequestFactory;
+import org.springframework.lang.Nullable;
 import org.springframework.scheduling.TaskScheduler;
 import org.springframework.scheduling.concurrent.ThreadPoolTaskScheduler;
 import org.springframework.util.StringUtils;
@@ -182,7 +183,7 @@ SessionManager createSessionManager(ClientAuthentication clientAuthentication,
 	}
 
 	SecretLeaseContainer createSecretLeaseContainer(VaultOperations vaultOperations,
-			Supplier<TaskScheduler> taskSchedulerSupplier, SessionManager sessionManager) {
+			Supplier<TaskScheduler> taskSchedulerSupplier, @Nullable SessionManager sessionManager) {
 
 		VaultProperties.ConfigLifecycle lifecycle = this.vaultProperties.getConfig().getLifecycle();
 

diff --git a/...st/java/org/springframework/cloud/vault/config/VaultConfigDataLoaderIntegrationTests.java b/...st/java/org/springframework/cloud/vault/config/VaultConfigDataLoaderIntegrationTests.java
@@ -63,6 +63,21 @@ public void shouldConsiderProfiles() {
 		}
 	}
 
+	@Test
+	public void shouldConsiderNoAuthentication() {
+
+		SpringApplication application = new SpringApplication(Config.class);
+		application.setWebApplicationType(WebApplicationType.NONE);
+
+		try (ConfigurableApplicationContext context = application.run("--spring.application.name=my-config-loader",
+				"--spring.config.import=vault:", "--spring.cloud.vault.authentication=NONE")) {
+
+			// while the Vault startup leads to Status 403 Forbidden [secret/application],
+			// we expect that the application can still boot up.
+			assertThat(context).isNotNull();
+		}
+	}
+
 	@Test
 	public void vaultLocationEndingWithSlashShouldFail() {