Invalid configuration is not fatal

[mwisnicki]

Describe the bug If configuration is invalid (e.g. wrong SSL certs) then vault config prints exception and continues execution. Even when spring.config.import is not set to optional.

This is probably because in LeaseAwareVaultPropertySource ignoreSecretNotFound is always true.

Sample bug-vault-bad-config-nonfatal.zip

1. Use spring-cloud-starter-vault-config:3.1.2
2. Point config to invalid vault url
3. Make sure import is non-optional

spring:
  cloud:
    vault:
      uri: https://bad.site/
      authentication: token
      token: foo
  config:
    import: vault://foo/bar

Log

2023-03-28T13:22:06.206-04:00  INFO 23668 --- [           main] o.s.v.c.e.LeaseAwareVaultPropertySource  : Vault location [foo/bar] not resolvable: I/O error on GET request for "https://bad.site:443/v1/foo/bar": bad.site
2023-03-28T13:22:06.592-04:00  INFO 23668 --- [           main] o.s.cloud.context.scope.GenericScope     : BeanFactory id=13545f80-8375-3886-af6d-4191f093e243
2023-03-28T13:22:06.862-04:00  INFO 23668 --- [           main] e.b.BugVaultBadConfigNonfatalApplication : Started BugVaultBadConfigNonfatalApplication in 1.657 seconds (process running for 2.251)

[mwisnicki]

PS. I know about fail-fast but spring.config.import has concept of optional and non-optional imports and these should be honored IMHO.

[mp911de]

Have you tried setting spring.cloud.vault.fail-fast=true? This has been in place since the bootstrap context.

Generally, we could switch entirely on the built-in mechanism by throwing ConfigDataResourceNotFoundException.