Cannot read properties off Secrets Manager when marked for deletion

[ojecborec]

AwsSecretsManagerEnvironmentRepository reads secrets as

GetSecretValueRequest.builder().secretId(path).versionStage(label).build()

When secret does not exist it throws ResourceNotFoundException which is handled by catch block. However when secret is marked for deletion it throws InvalidRequestException which is not handled and the whole request to Config Sever fails.

HTTP/1.1 500

{
  "timestamp": "2023-11-06T08:12:00.040+00:00",
  "status": 500,
  "error": "Internal Server Error",
  "message": "You can't perform this operation on the secret because it was marked for deletion. (Service: SecretsManager, Status Code: 400, Request ID: ...)",
  "path": "..."
}

[ryanjbaxter]

So we just need to add InvalidRequestException to this catch block?

spring-cloud-config/spring-cloud-config-server/src/main/java/org/springframework/cloud/config/server/environment/AwsSecretsManagerEnvironmentRepository.java

Lines 158 to 161 in 2215998

	catch (ResourceNotFoundException | IOException e) {
	log.debug(String.format(
	"Skip adding propertySource. Unable to load secrets from AWS Secrets Manager for secretId=%s",
	path), e);

Interested in submitting a RP with a test?

[ojecborec]

I'd love to but I cannot compile this project. The README.adoc file says that ./mvnw install should work but all I'm getting is

[ERROR] Errors:
[ERROR]   AwsS3IntegrationTests » ExceptionInInitializer
[ERROR]   AwsParameterStoreEnvironmentRepositoryTests » ExceptionInInitializer
[ERROR]   AwsS3EnvironmentRepositoryTests » ExceptionInInitializer
[ERROR]   AwsSecretsManagerEnvironmentRepositoryTests » ExceptionInInitializer
[ERROR]   RedisEnvironmentRepositoryIntegrationTests » IllegalState Previous attempts to...

2023-11-08T09:23:31.675+01:00 DEBUG 169438 --- [-auto-38-exec-1] o.s.c.c.s.e.SvnKitEnvironmentRepository  : Checking out file:////.../spring-cloud-config/spring-cloud-config-server/target/repos/svn-config-repo to: /tmp/config-repo-12403763819772435982
2023-11-08T09:23:32.104+01:00  INFO 169438 --- [-auto-38-exec-1] o.s.c.c.s.e.NativeEnvironmentRepository  : Adding property source: Config resource 'file [/tmp/config-repo-12403763819772435982/trunk/application.yml]' via location 'file:/tmp/config-repo-12403763819772435982/trunk/'
2023-11-08T09:23:32.113+01:00 DEBUG 169438 --- [-auto-38-exec-2] o.s.c.c.s.e.SvnKitEnvironmentRepository  : Repo already checked out - updating instead.
2023-11-08T09:23:32.120+01:00 DEBUG 169438 --- [-auto-38-exec-2] o.s.c.c.s.e.SvnKitEnvironmentRepository  : Could not update remote for trunk (current local=/tmp/config-repo-12403763819772435982), remote: file:////.../spring-cloud-config/spring-cloud-config-server/target/repos/svn-config-repo)

org.tmatesoft.svn.core.SVNException: svn: E180001: Unable to open repository 'file:///.../spring-cloud-config/spring-cloud-config-server/target/repos/svn-config-repo'
svn: E180001: Unable to connect to a repository at URL 'file:///.../spring-cloud-config/spring-cloud-config-server/target/repos/svn-config-repo'
svn: E180001: Unable to open repository 'file:///.../spring-cloud-config/spring-cloud-config-server/target/repos/svn-config-repo'

[ojecborec]

I've managed to run tests inside IntelliJ Idea at least. However I'm getting 403 when trying to push my local branch.

14:32:59.071: [spring-cloud-config] git ... origin refs/heads/marked-for-deletion:refs/heads/marked-for-deletion --set-upstream
remote: Permission to spring-cloud/spring-cloud-config.git denied to ojecborec.
fatal: unable to access 'https://github.com/spring-cloud/spring-cloud-config.git/': The requested URL returned error: 403

[ryanjbaxter]

You should be pushing to your own fork and then submitting a PR from that fork

[ojecborec]

PR for 4.0.x branch submitted #2350. Is it going to be automatically synchronized with the main branch once approved or do I have to create one for the main branch (Spring Cloud Config 4.1) as well?

[ryanjbaxter]

Yup I merged it forward, thanks!