Do not set staging label when fetching the secret values. (#2359)

* Do not set staging label when fetching the secret values. * Add `ignoreLabel` documentation. * Amend `ignoreLabel` documentation. --------- Co-authored-by: Ondrej Scecina <[email protected]>
spring-cloud · Nov 29, 2023 · 8a409cd · 8a409cd
1 parent e8fe9d4
commit 8a409cd
Show file tree

Hide file tree

Showing 4 changed files with 82 additions and 1 deletion.
diff --git a/docs/src/main/asciidoc/spring-cloud-config.adoc b/docs/src/main/asciidoc/spring-cloud-config.adoc
@@ -915,6 +915,21 @@ Note that if the default label is not set and a request does not define a label,
 
 Note that if the staging label contains a slash (`/`), then the label in the HTTP URL should instead be specified with the special string `({special-string})` (to avoid ambiguity with other URL paths) the same way <<_git_backend,Git backend's section>> describes it.
 
+Use `spring.cloud.config.server.aws-secretsmanager.ignore-label` property to ignore the `{label}` parameter of the HTTP resource as well as `spring.cloud.config.server.aws-secretsmanager.default-label` property. The repository will use secrets as if labelled version support is disabled.
+
+[source,yaml]
+----
+spring:
+  profiles:
+    active: aws-secretsmanager
+  cloud:
+    config:
+      server:
+        aws-secretsmanager:
+          region: us-east-1
+          ignore-label: true
+----
+
 ==== AWS Parameter Store
 
 When using AWS Parameter Store as a backend, you can share configuration with all applications by placing properties within the `/application` hierarchy.
@@ -1158,6 +1173,7 @@ AWS Secrets Manager API credentials are determined using link:https://docs.aws.a
 [NOTE]
 ====
 - When no application is specified `application` is the default, and when no profile is specified `default` is used.
+- Both `label` and `defaultLabel` properties are ignored, when `ignoreLabel` is set to `true`.
 ====
 
 ==== CredHub Backend

diff --git a/...ringframework/cloud/config/server/environment/AwsSecretsManagerEnvironmentProperties.java b/...ringframework/cloud/config/server/environment/AwsSecretsManagerEnvironmentProperties.java
@@ -54,6 +54,11 @@ public class AwsSecretsManagerEnvironmentProperties implements EnvironmentReposi
 	 */
 	private String defaultLabel;
 
+	/**
+	 * Do not set staging label when fetching the secret values.
+	 */
+	private boolean ignoreLabel;
+
 	/**
 	 * The order of the environment repository.
 	 */
@@ -105,6 +110,14 @@ public void setDefaultLabel(String defaultLabel) {
 		this.defaultLabel = defaultLabel;
 	}
 
+	public boolean isIgnoreLabel() {
+		return this.ignoreLabel;
+	}
+
+	public void setIgnoreLabel(boolean ignoreLabel) {
+		this.ignoreLabel = ignoreLabel;
+	}
+
 	public int getOrder() {
 		return order;
 	}

diff --git a/...ringframework/cloud/config/server/environment/AwsSecretsManagerEnvironmentRepository.java b/...ringframework/cloud/config/server/environment/AwsSecretsManagerEnvironmentRepository.java
@@ -73,6 +73,7 @@ public Environment findOne(String application, String profileList, String label)
 		final String defaultApplication = configServerProperties.getDefaultApplicationName();
 		final String defaultProfile = configServerProperties.getDefaultProfile();
 		final String defaultLabel = environmentProperties.getDefaultLabel();
+		final boolean ignoreLabel = environmentProperties.isIgnoreLabel();
 
 		if (ObjectUtils.isEmpty(application)) {
 			application = defaultApplication;
@@ -82,7 +83,10 @@ public Environment findOne(String application, String profileList, String label)
 			profileList = defaultProfile;
 		}
 
-		if (StringUtils.isEmpty(label)) {
+		if (ignoreLabel) {
+			label = null;
+		}
+		else if (StringUtils.isEmpty(label)) {
 			label = defaultLabel;
 		}
 

diff --git a/...ramework/cloud/config/server/environment/AwsSecretsManagerEnvironmentRepositoryTests.java b/...ramework/cloud/config/server/environment/AwsSecretsManagerEnvironmentRepositoryTests.java
@@ -88,6 +88,13 @@ public class AwsSecretsManagerEnvironmentRepositoryTests {
 	private final AwsSecretsManagerEnvironmentRepository labeledRepository = new AwsSecretsManagerEnvironmentRepository(
 			smClient, configServerProperties, labeledEnvironmentProperties);
 
+	private final AwsSecretsManagerEnvironmentProperties ignoreLabelEnvironmentProperties = new AwsSecretsManagerEnvironmentProperties() {{
+		setIgnoreLabel(true);
+	}};
+
+	private final AwsSecretsManagerEnvironmentRepository ignoreLabelRepository = new AwsSecretsManagerEnvironmentRepository(
+			smClient, configServerProperties, ignoreLabelEnvironmentProperties);
+
 	private final ObjectMapper objectMapper = new ObjectMapper().configure(SerializationFeature.INDENT_OUTPUT, true);
 
 	private final List<String> toBeRemoved = new ArrayList<>();
@@ -1827,6 +1834,47 @@ public void testFindOneWithExistingApplicationAndMultipleExistingProfileAndNoDef
 		assertThat(resultEnv).usingRecursiveComparison().withStrictTypeChecking().isEqualTo(expectedEnv);
 	}
 
+	@Test
+	public void testFindOneWithExistingApplicationAndExistingProfileAndExistingLabelWhenIgnoreLabelIsSet() {
+		String application = "foo";
+		String profile = "prod";
+		String label = "release";
+		String[] profiles = StringUtils.commaDelimitedListToStringArray(profile);
+
+		String fooProdPropertiesName = "aws:secrets:/secret/foo-prod/";
+		PropertySource fooProdProperties = new PropertySource(fooProdPropertiesName, getFooProdReleaseProperties());
+
+		String fooPropertiesName = "aws:secrets:/secret/foo/";
+		PropertySource fooProperties = new PropertySource(fooPropertiesName, getFooReleaseProperties());
+
+		String fooDefaultPropertiesName = "aws:secrets:/secret/foo-default/";
+		PropertySource fooDefaultProperties = new PropertySource(fooDefaultPropertiesName,
+			getFooDefaultReleaseProperties());
+
+		String applicationProdPropertiesName = "aws:secrets:/secret/application-prod/";
+		PropertySource applicationProdProperties = new PropertySource(applicationProdPropertiesName,
+			getApplicationProdReleaseProperties());
+
+		String applicationDefaultPropertiesName = "aws:secrets:/secret/application-default/";
+		PropertySource applicationDefaultProperties = new PropertySource(applicationDefaultPropertiesName,
+			getApplicationDefaultReleaseProperties());
+
+		String applicationPropertiesName = "aws:secrets:/secret/application/";
+		PropertySource applicationProperties = new PropertySource(applicationPropertiesName,
+			getApplicationReleaseProperties());
+
+		Environment expectedEnv = new Environment(application, profiles, null, null, null);
+		expectedEnv.addAll(Arrays.asList(
+			fooProdProperties, applicationProdProperties, fooDefaultProperties,
+			applicationDefaultProperties, fooProperties, applicationProperties));
+
+		putSecrets(expectedEnv);
+
+		Environment resultEnv = ignoreLabelRepository.findOne(application, profile, label);
+
+		assertThat(resultEnv).usingRecursiveComparison().withStrictTypeChecking().isEqualTo(expectedEnv);
+	}
+
 	@Test
 	public void testFindOneWithNullApplicationAndNullProfile() {
 		String application = null;