spring-cloud-vault icon indicating copy to clipboard operation
spring-cloud-vault copied to clipboard
verified publisher icon spring-cloud

Overriding configuration in profile specific files does not seem to work

Open rohithkk opened this issue 2 years ago • 3 comments

I'm trying to integrate my Spring Boot app with Vault for loading secrets. The app runs on PCF environment so the main configuration file (application.properties) is configured appropriately. For local development, the vault authentication is done via a regular token. So I have created application-local.properties file with appropriate configuration for local development. Then I set the "Active Profiles" value to "local" under the run/debug configuration.

Problem is that when I try to start the app in IDEA, I get the following error. So it's clear that the vault related properties mentioned in application-local.properties are not being picked up during startup.


23:32:40.289 [main] ERROR org.springframework.boot.SpringApplication - Application run failed
java.lang.IllegalArgumentException: Illegal character in path at index 1: ${VAULT_ADDR}
    at java.base/java.net.URI.create(URI.java:906)
    at org.springframework.cloud.vault.config.VaultConfiguration.createVaultEndpoint(VaultConfiguration.java:121)
    at org.springframework.cloud.vault.config.VaultConfigDataLoader$ImperativeInfrastructure.<init>(VaultConfigDataLoader.java:445)
    at org.springframework.cloud.vault.config.VaultConfigDataLoader.registerImperativeInfrastructure(VaultConfigDataLoader.java:177)

Here is the complete pom and main application.properties and application-local.properties files.

I have generated the deployment artifact using command mvn clean install and then tried to run the app using java -jar demo-0.0.0.1-snapshot.jar -Dspring.profiles.active=local.

Since I'm passing the profile, I was expecting that configuration from the application-local.properties file will be picked up but from the stacktrace it seems like the main configuration file is being read.

pom.xml 
<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
	xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 https://maven.apache.org/xsd/maven-4.0.0.xsd">
	<modelVersion>4.0.0</modelVersion>
	<parent>
		<groupId>org.springframework.boot</groupId>
		<artifactId>spring-boot-starter-parent</artifactId>
		<version>2.7.14</version>
		<relativePath/> <!-- lookup parent from repository -->
	</parent>
	<groupId>com.example</groupId>
	<artifactId>demo</artifactId>
	<version>0.0.1-SNAPSHOT</version>
	<name>demo</name>
	<description>Demo project for Spring Boot</description>
	<properties>
		<java.version>17</java.version>
		<spring-cloud.version>2021.0.8</spring-cloud.version>
	</properties>
	<dependencies>
		<dependency>
			<groupId>org.springframework.boot</groupId>
			<artifactId>spring-boot-starter-webflux</artifactId>
		</dependency>
		<dependency>
			<groupId>org.springframework.cloud</groupId>
			<artifactId>spring-cloud-starter-vault-config</artifactId>
		</dependency>

		<dependency>
			<groupId>org.springframework.boot</groupId>
			<artifactId>spring-boot-starter-test</artifactId>
			<scope>test</scope>
		</dependency>
		<dependency>
			<groupId>io.projectreactor</groupId>
			<artifactId>reactor-test</artifactId>
			<scope>test</scope>
		</dependency>
	</dependencies>
	<dependencyManagement>
		<dependencies>
			<dependency>
				<groupId>org.springframework.cloud</groupId>
				<artifactId>spring-cloud-dependencies</artifactId>
				<version>${spring-cloud.version}</version>
				<type>pom</type>
				<scope>import</scope>
			</dependency>
		</dependencies>
	</dependencyManagement>

	<build>
		<plugins>
			<plugin>
				<groupId>org.springframework.boot</groupId>
				<artifactId>spring-boot-maven-plugin</artifactId>
			</plugin>
		</plugins>
	</build>

</project>
application-local.properties 
spring.application.name=sbvaultapp
spring.main.allow-bean-definition-overriding=true
spring.main.web-application-type= reactive
spring.main.lazy-initialization= false
spring.profiles.group.dev=cloud
spring.profiles.group.qa=cloud
spring.profiles.group.uat=cloud
spring.profiles.group.prod=cloud
spring.config.import=optional:vault://
spring.cloud.vault.enabled=true
spring.cloud.vault.reactive.enabled=true
spring.cloud.vault.authentication= PCF
spring.cloud.vault.uri= ${VAULT_ADDR}
spring.cloud.vault.namespace= ${VAULT_NAMESPACE}
spring.cloud.vault.pcf.role= ${VAULT_CF_ROLE}
spring.cloud.vault.pcf.pcf-path= ${VAULT_CF_PATH}
spring.cloud.vault.kv.enabled= true
spring.cloud.vault.kv.backend= kv
spring.cloud.vault.kv.default-context=${spring.application.name}
application-local.properties 
spring.application.name=sbvaultapp
spring.main.allow-bean-definition-overriding=true
spring.main.web-application-type= reactive
spring.main.lazy-initialization= false
spring.profiles.group.dev=cloud
spring.profiles.group.qa=cloud
spring.profiles.group.uat=cloud
spring.profiles.group.prod=cloud
spring.config.import=optional:vault://
spring.cloud.vault.enabled=true
spring.cloud.vault.reactive.enabled=true
spring.cloud.vault.authentication= token
spring.cloud.vault.token='Xxxxxxxxx'
spring.cloud.vault.uri= 'https://vault.myvault.org:8200'
spring.cloud.vault.namespace= 'apps'
spring.cloud.vault.scheme=https
spring.cloud.vault.kv.enabled= true
spring.cloud.vault.kv.backend= kv
spring.cloud.vault.kv.default-context=${spring.application.name}
spring.cloud.vault.kv.profiles=dev

rohithkk avatar Aug 07 '23 23:08 rohithkk

Profile selection is subject to Spring Boot. Spring Cloud Vault uses Boot's ConfigData API and the failures in bootstrapping the Vault Client are a consequence of the provided configuration.

You're mentioning application-local.properties twice. With a application.properties and a application-local.properties along with -Dspring.profiles.active=local, I can successfully select the desired profile.

If you would like us to spend some more time helping you to diagnose the problem, please provide a minimal yet complete sample that reproduces the problem. You can share it with us by pushing it to a separate repository on GitHub or by zipping it up and attaching it to this issue.

mp911de avatar Aug 08 '23 09:08 mp911de

Hi there, I've noticed that I'm having the same issue, ie. i run my app with the flag -Dspring.profiles.active=staging but the app still reads the config from the default application.properties. I'm attaching a demo project on which the issue is present demo.zip

rmvc-mirza avatar Feb 08 '24 10:02 rmvc-mirza

I had the same issue. Setting the spring.config.activate.on-profile property solved the problem.

So try to add spring.config.activate.on-profile=default to your application.properties and spring.config.activate.on-profile=local to your application-local.properties.

thuhlig avatar Jun 29 '24 22:06 thuhlig