Hello,
I would like to understand why I cannot make Spring Cloud Config Server serve properties from a Vault Backend. I'm using these:
- Java 17
- Maven 3.8.1
- Springboot: 2.6.3
- Spring Cloud Dependencies: 2021.0.1
I'm following the current official Spring Cloud Config documentation: https://docs.spring.io/spring-cloud-config/docs/current/reference/html/#vault-backend
In particular, I'm trying to run exactly the same setup as in the second YML snippet of Composite Environment Repositories:
If you want to pull configuration data only from repositories that are each of distinct types, you can enable the corresponding profiles, rather than the composite profile
My goal is to make Config Server serve properties both from a Git backend and a Vault backend, as in the documentation linked above.
This is all the Java code I have:
import org.springframework.boot.SpringApplication;
import org.springframework.boot.autoconfigure.SpringBootApplication;
import org.springframework.cloud.config.server.EnableConfigServer;
@EnableConfigServer
@SpringBootApplication
public class ConfigServerPocServer {
public static void main(String[] args) {
SpringApplication.run(ConfigServerPocServer.class, args);
}
}
First attempt: Only Git backend
This works OK.
Second attempt: Both Git and Vault backends
Only Git properties are served. Vault backend is ignored. Changing the vault host or port to incorrect values has identical result, rather that raising an error because it couldn't connect to the Vault backend. I would like to understand why the Vault backend is ignored.
application.yml file:
server:
port: 8888
spring:
profiles:
active: git, vault
cloud:
config:
server:
git:
uri: <***>
search-paths:
- config/**
username: <***>
password: <***>
order: 2
vault:
host: 127.0.0.1
port: 8200
token: roottoken
order: 1
I launch a "dev" Vault server locally and set some properties like this:
vault server -dev -dev-root-token-id=roottoken
export VAULT_ADDR='http://127.0.0.1:8200'
vault kv put secret/application poc.message=PocFromVaultForAll
vault kv put secret/application,local poc.message=PocFromVaultForAll_Local
Third attempt: Only Vault backend
The Config Server application fails to start, as it expects a git backend.
In this attempt I delete the git properties above and set spring.profiles.active to vault only.
application.yml file:
server:
port: 8888
spring:
profiles:
active: vault
cloud:
config:
server:
vault:
host: 127.0.0.1
port: 8200
token: roottoken
Despite I ultimately want a Git backend together with Vault, I also would like to understand why Config Server expects a Git backend, when neither the git active profile nor any git properties are set.
Both problems in attempts 2 and 3 seem to be related: Config Server expects a Git backend, whether or not I include git in the active profiles, and ignores the vault active profile. What am I missing to enable/disable backends?
This is the output:
2022-02-19 13:53:37.801 INFO 9414 --- [ main] c.m.c.ConfigServerPocServer : Starting ConfigServerPocServer using Java 17 on PLAM004210120.local with PID 9414 (/Users/rafael.sousaherves/Dev/workspace/mayabank/poc/config-server-poc/server/target/classes started by rafael.sousaherves in /Users/rafael.sousaherves/Dev/workspace/mayabank/poc/config-server-poc)
2022-02-19 13:53:37.803 INFO 9414 --- [ main] c.m.c.ConfigServerPocServer : The following profiles are active: local
2022-02-19 13:53:38.559 INFO 9414 --- [ main] o.s.cloud.context.scope.GenericScope : BeanFactory id=746a9a6a-da82-3818-a1ff-13797b56ee3a
2022-02-19 13:53:38.815 INFO 9414 --- [ main] o.s.b.w.embedded.tomcat.TomcatWebServer : Tomcat initialized with port(s): 8888 (http)
2022-02-19 13:53:38.823 INFO 9414 --- [ main] o.apache.catalina.core.StandardService : Starting service [Tomcat]
2022-02-19 13:53:38.827 INFO 9414 --- [ main] org.apache.catalina.core.StandardEngine : Starting Servlet engine: [Apache Tomcat/9.0.56]
2022-02-19 13:53:38.894 INFO 9414 --- [ main] o.a.c.c.C.[Tomcat].[localhost].[/] : Initializing Spring embedded WebApplicationContext
2022-02-19 13:53:38.894 INFO 9414 --- [ main] w.s.c.ServletWebServerApplicationContext : Root WebApplicationContext: initialization completed in 1049 ms
2022-02-19 13:53:39.317 WARN 9414 --- [ main] ConfigServletWebServerApplicationContext : Exception encountered during context initialization - cancelling refresh attempt: org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'defaultEnvironmentRepository' defined in class path resource [org/springframework/cloud/config/server/config/DefaultRepositoryConfiguration.class]: Invocation of init method failed; nested exception is java.lang.IllegalStateException: You need to configure a uri for the git repository.
2022-02-19 13:53:39.321 INFO 9414 --- [ main] o.apache.catalina.core.StandardService : Stopping service [Tomcat]
2022-02-19 13:53:39.332 INFO 9414 --- [ main] ConditionEvaluationReportLoggingListener :
Error starting ApplicationContext. To display the conditions report re-run your application with 'debug' enabled.
2022-02-19 13:53:39.351 ERROR 9414 --- [ main] o.s.b.d.LoggingFailureAnalysisReporter :
***************************
APPLICATION FAILED TO START
***************************
Description:
Invalid config server configuration.
Action:
If you are using the git profile, you need to set a Git URI in your configuration. If you have set spring.cloud.config.server.bootstrap=true, you need to use a composite configuration.
Process finished with exit code 1
I've been searching for a solution to this problem without success. Any help would be very appreciated. Cheers.
Comment From: rsherves
These are the pom files.
Root project:
<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 https://maven.apache.org/xsd/maven-4.0.0.xsd">
<modelVersion>4.0.0</modelVersion>
<parent>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-parent</artifactId>
<version>2.6.3</version>
<relativePath/> <!-- lookup parent from repository -->
</parent>
<groupId>com.example</groupId>
<artifactId>config-server-poc</artifactId>
<version>0.0.1-SNAPSHOT</version>
<name>config-server-poc</name>
<description>Spring Cloud Config Server POC</description>
<packaging>pom</packaging>
<modules>
<module>server</module>
<module>client</module>
</modules>
<properties>
<java.version>17</java.version>
<spring-cloud.version>2021.0.1</spring-cloud.version>
</properties>
</project>
Server module
<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
<parent>
<artifactId>config-server-poc</artifactId>
<groupId>com.example</groupId>
<version>0.0.1-SNAPSHOT</version>
</parent>
<modelVersion>4.0.0</modelVersion>
<artifactId>server</artifactId>
<properties>
<maven.compiler.source>17</maven.compiler.source>
<maven.compiler.target>17</maven.compiler.target>
</properties>
<build>
<plugins>
<plugin>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-maven-plugin</artifactId>
</plugin>
</plugins>
</build>
<dependencies>
<dependency>
<groupId>org.springframework.cloud</groupId>
<artifactId>spring-cloud-config-server</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-test</artifactId>
<scope>test</scope>
</dependency>
</dependencies>
<dependencyManagement>
<dependencies>
<dependency>
<groupId>org.springframework.cloud</groupId>
<artifactId>spring-cloud-dependencies</artifactId>
<version>${spring-cloud.version}</version>
<type>pom</type>
<scope>import</scope>
</dependency>
</dependencies>
</dependencyManagement>
</project>
Comment From: rsherves
Closing issue.
I turned out that my OS environment variable SPRING_PROFILES_ACTIVE was overridding the values in the application.yml file. Therefore, in the absence of any active profile recognize as backend by Config Server, a git backend was enabled by default, and Vault backend ignored.
Comment From: dashtomar
Hi @rsherves,
I am having the same issue and still stuck with that and not able to enable both vault and git. Can you help me out in that.