From d0ca0aa00d8d1a273eede484a5ad7735a6b80ddb Mon Sep 17 00:00:00 2001
From: Mark Paluch <mark.paluch@broadcom.com>
Date: Fri, 8 Mar 2024 11:38:27 +0100
Subject: [PATCH] Do not require SessionManager when configuring
 `SecretLeaseContainer` using bootstrap config.

Closes gh-722
---
 ...tBootstrapPropertySourceConfiguration.java |  7 +--
 .../VaultBootstrapConfigurationTests.java     |  2 +-
 ...strapPropertySourceConfigurationTests.java | 48 ++++++++++++++-----
 3 files changed, 42 insertions(+), 15 deletions(-)

diff --git a/spring-cloud-vault-config/src/main/java/org/springframework/cloud/vault/config/VaultBootstrapPropertySourceConfiguration.java b/spring-cloud-vault-config/src/main/java/org/springframework/cloud/vault/config/VaultBootstrapPropertySourceConfiguration.java
index 0617a4329..ef985dc5f 100644
--- a/spring-cloud-vault-config/src/main/java/org/springframework/cloud/vault/config/VaultBootstrapPropertySourceConfiguration.java
+++ b/spring-cloud-vault-config/src/main/java/org/springframework/cloud/vault/config/VaultBootstrapPropertySourceConfiguration.java
@@ -22,6 +22,7 @@
 
 import org.springframework.beans.factory.InitializingBean;
 import org.springframework.beans.factory.ObjectFactory;
+import org.springframework.beans.factory.ObjectProvider;
 import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean;
 import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
 import org.springframework.boot.context.properties.EnableConfigurationProperties;
@@ -132,7 +133,7 @@ public PropertySourceLocator vaultPropertySourceLocator(VaultOperations operatio
 	 * @param vaultOperations the {@link VaultOperations}.
 	 * @param taskSchedulerWrapper the {@link TaskSchedulerWrapper}.
 	 * @param sessionManager the {@link SessionManager} to listen for authentication
-	 * events.
+	 * events. Bean can be absent.
 	 * @return the {@link SecretLeaseContainer} for Vault secret lease management.
 	 * @see SessionManager
 	 * @see LifecycleAwareSessionManager
@@ -141,9 +142,9 @@ public PropertySourceLocator vaultPropertySourceLocator(VaultOperations operatio
 	@Lazy
 	@ConditionalOnMissingBean
 	public SecretLeaseContainer secretLeaseContainer(VaultOperations vaultOperations,
-			TaskSchedulerWrapper taskSchedulerWrapper, SessionManager sessionManager) {
+			TaskSchedulerWrapper taskSchedulerWrapper, ObjectProvider<SessionManager> sessionManager) {
 		return this.configuration.createSecretLeaseContainer(vaultOperations, taskSchedulerWrapper::getTaskScheduler,
-				sessionManager);
+				sessionManager.getIfAvailable());
 	}
 
 }
diff --git a/spring-cloud-vault-config/src/test/java/org/springframework/cloud/vault/config/VaultBootstrapConfigurationTests.java b/spring-cloud-vault-config/src/test/java/org/springframework/cloud/vault/config/VaultBootstrapConfigurationTests.java
index 989fc7521..855379e19 100644
--- a/spring-cloud-vault-config/src/test/java/org/springframework/cloud/vault/config/VaultBootstrapConfigurationTests.java
+++ b/spring-cloud-vault-config/src/test/java/org/springframework/cloud/vault/config/VaultBootstrapConfigurationTests.java
@@ -45,7 +45,7 @@ public class VaultBootstrapConfigurationTests {
 	@Test
 	public void shouldConfigureWithoutAuthentication() {
 
-		this.contextRunner.withPropertyValues("spring.cloud.vault.kv.enabled=false",
+		this.contextRunner.withPropertyValues("spring.cloud.vault.kv.enabled=true",
 				"spring.cloud.vault.authentication=NONE", "spring.cloud.bootstrap.enabled=true").run(context -> {
 
 					assertThat(context).doesNotHaveBean(SessionManager.class);
diff --git a/spring-cloud-vault-config/src/test/java/org/springframework/cloud/vault/config/VaultBootstrapPropertySourceConfigurationTests.java b/spring-cloud-vault-config/src/test/java/org/springframework/cloud/vault/config/VaultBootstrapPropertySourceConfigurationTests.java
index 091cd1bda..c482fb8d3 100644
--- a/spring-cloud-vault-config/src/test/java/org/springframework/cloud/vault/config/VaultBootstrapPropertySourceConfigurationTests.java
+++ b/spring-cloud-vault-config/src/test/java/org/springframework/cloud/vault/config/VaultBootstrapPropertySourceConfigurationTests.java
@@ -26,11 +26,13 @@
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.scheduling.concurrent.ThreadPoolTaskScheduler;
+import org.springframework.vault.authentication.SessionManager;
 import org.springframework.vault.core.VaultOperations;
 import org.springframework.vault.core.lease.LeaseEndpoints;
 import org.springframework.vault.core.lease.SecretLeaseContainer;
 import org.springframework.vault.support.LeaseStrategy;
 
+import static org.assertj.core.api.Assertions.assertThat;
 import static org.mockito.Mockito.mock;
 import static org.mockito.Mockito.verify;
 
@@ -48,7 +50,10 @@ public class VaultBootstrapPropertySourceConfigurationTests {
 	@Test
 	public void shouldConfigureExpiryTimeoutsAndStrategy() {
 
-		this.contextRunner.withUserConfiguration(MockConfiguration.class).withAllowBeanDefinitionOverriding(true)
+		this.contextRunner
+				.withUserConfiguration(MockSecretLeaseContainerConfiguration.class,
+						MockVaultOperationsConfiguration.class)
+				.withAllowBeanDefinitionOverriding(true)
 				.withPropertyValues("spring.cloud.vault.kv.enabled=false",
 						"spring.cloud.vault.config.lifecycle.expiry-threshold=5m",
 						"spring.cloud.vault.config.lifecycle.min-renewal=6m",
@@ -65,9 +70,39 @@ public void shouldConfigureExpiryTimeoutsAndStrategy() {
 				});
 	}
 
+	@Test
+	public void shouldConfigureWithoutAuthentication() {
+
+		this.contextRunner.withUserConfiguration(MockVaultOperationsConfiguration.class)
+				.withAllowBeanDefinitionOverriding(true)
+				.withPropertyValues("spring.cloud.vault.kv.enabled=true",
+						"spring.cloud.vault.config.lifecycle.enabled=true", "spring.cloud.vault.authentication=NONE",
+						"spring.cloud.bootstrap.enabled=true")
+				.run(context -> {
+
+					assertThat(context).doesNotHaveBean(SessionManager.class);
+					assertThat(context).hasSingleBean(SecretLeaseContainer.class);
+				});
+	}
+
 	@EnableConfigurationProperties(VaultProperties.class)
 	@Configuration(proxyBeanMethods = false)
-	private static class MockConfiguration {
+	private static class MockSecretLeaseContainerConfiguration {
+
+		@Bean
+		SecretLeaseContainer secretLeaseContainer(VaultProperties properties) {
+
+			SecretLeaseContainer mock = mock(SecretLeaseContainer.class);
+			VaultConfiguration.customizeContainer(properties.getConfig().getLifecycle(), mock);
+
+			return mock;
+		}
+
+	}
+
+	@EnableConfigurationProperties(VaultProperties.class)
+	@Configuration(proxyBeanMethods = false)
+	private static class MockVaultOperationsConfiguration {
 
 		@Bean
 		VaultOperations vaultOperations() {
@@ -79,15 +114,6 @@ VaultBootstrapConfiguration.TaskSchedulerWrapper taskSchedulerWrapper() {
 			return new VaultBootstrapConfiguration.TaskSchedulerWrapper(mock(ThreadPoolTaskScheduler.class));
 		}
 
-		@Bean
-		SecretLeaseContainer secretLeaseContainer(VaultProperties properties) {
-
-			SecretLeaseContainer mock = mock(SecretLeaseContainer.class);
-			VaultConfiguration.customizeContainer(properties.getConfig().getLifecycle(), mock);
-
-			return mock;
-		}
-
 	}
 
 }