Describe the bug
Any vault configuration in composite profile is ignored and instead default values are used.
Given following configuration for config-server:
spring:
profiles:
active: composite
cloud:
config:
server:
composite:
- type: vault
host: my-vault-server
port: 5555
When executing curl -H "X-Config-Token: token" localhost:8888/cook/default config-server should call vault at http://my-vault-server:5555 but instead it calls http://127.0.0.1:8200.
Sample log
2024-10-16T12:08:27.258+02:00 WARN 69385 --- [configserver] [nio-8888-exec-1] o.s.c.c.s.e.EnvironmentController : Error getting the Environment with name=cook profiles=default label=null includeOrigin=false
org.springframework.web.client.ResourceAccessException: I/O error on GET request for "http://127.0.0.1:8200/v1/secret/cook": Connect to http://127.0.0.1:8200 [/127.0.0.1] failed: Connection refused
at org.springframework.web.client.RestTemplate.createResourceAccessException(RestTemplate.java:926) ~[spring-web-6.2.0-20241016.082823-965.jar:6.2.0-SNAPSHOT]
at org.springframework.web.client.RestTemplate.doExecute(RestTemplate.java:906) ~[spring-web-6.2.0-20241016.082823-965.jar:6.2.0-SNAPSHOT]
at org.springframework.web.client.RestTemplate.execute(RestTemplate.java:801) ~[spring-web-6.2.0-20241016.082823-965.jar:6.2.0-SNAPSHOT]
at org.springframework.web.client.RestTemplate.exchange(RestTemplate.java:712) ~[spring-web-6.2.0-20241016.082823-965.jar:6.2.0-SNAPSHOT]
at org.springframework.vault.core.VaultKeyValueAccessor.lambda$doRead$1(VaultKeyValueAccessor.java:133) ~[spring-vault-core-3.1.2.jar:3.1.2]
at org.springframework.vault.core.VaultKeyValueAccessor.lambda$doRead$2(VaultKeyValueAccessor.java:166) ~[spring-vault-core-3.1.2.jar:3.1.2]
at org.springframework.vault.core.VaultTemplate.doWithSession(VaultTemplate.java:451) ~[spring-vault-core-3.1.2.jar:3.1.2]
at org.springframework.vault.core.VaultKeyValueAccessor.doRead(VaultKeyValueAccessor.java:163) ~[spring-vault-core-3.1.2.jar:3.1.2]
at org.springframework.vault.core.VaultKeyValueAccessor.doRead(VaultKeyValueAccessor.java:132) ~[spring-vault-core-3.1.2.jar:3.1.2]
at org.springframework.vault.core.VaultKeyValueAccessor.doRead(VaultKeyValueAccessor.java:107) ~[spring-vault-core-3.1.2.jar:3.1.2]
at org.springframework.vault.core.VaultKeyValue1Template.get(VaultKeyValue1Template.java:69) ~[spring-vault-core-3.1.2.jar:3.1.2]
at org.springframework.cloud.config.server.environment.vault.SpringVaultEnvironmentRepository.read(SpringVaultEnvironmentRepository.java:55) ~[classes/:na]
at org.springframework.cloud.config.server.environment.AbstractVaultEnvironmentRepository.findOne(AbstractVaultEnvironmentRepository.java:107) ~[classes/:na]
NOTE: the behaviour is correct when using vault profile, instead of composite.
spring:
profiles:
active: vault
cloud:
config:
server:
vault:
host: my-vault-server
port: 5555
Comment From: ryanjbaxter
I could have swore there was an issue around this already...but I can't seem to find it.
I seem to remember looking into something similar a while back and discovering that Vault wasn't supported by composite environment repositories (or some properties in the configuration were not supported). I can't seem to find the issue though.
Comment From: ryanjbaxter
Probably need to debug here to start https://github.com/spring-cloud/spring-cloud-config/blob/4841d800951a52aba4add1e856bdf7a6e7421291/spring-cloud-config-server/src/main/java/org/springframework/cloud/config/server/composite/CompositeEnvironmentBeanFactoryPostProcessor.java#L51
Let me know if you have time to take a look. If not I will put it on my list
Comment From: kvmw
@ryanjbaxter I'll take a look and try to find a fix.
Comment From: kvmw
@ryanjbaxter I think this issue can be closed. The PR has been merged and the fix is shipped with the latest release of Spring Cloud.