Bypass spring-cloud-gcp-starter-secretmanager when default credential not exits

[lz000]

Our application has spring-cloud-gcp-starter-secretmanager in pom.xml. When running unit test in CI, since there is no GOOGLE_APPLICATION_CREDENTIALS environment variable defined, it crashes with the following error

Failed to instantiate [com.google.cloud.secretmanager.v1.SecretManagerServiceClient]: Factory method 'secretManagerClient' threw exception; nested exception is java.io.IOException: The Application Default Credentials are not available. They are available if running in Google Compute Engine. Otherwise, the environment variable GOOGLE_APPLICATION_CREDENTIALS must be defined pointing to a file defining the credentials. See https://developers.google.com/accounts/docs/application-default-credentials for more information.

Since we have a different application.properties file with the mocked values for unit tests, we don't need the secretmanager to provide values. Is it possible we either mute this error and do nothing or have a way to bypass secretmanager entirely through an environment variable

[dzou]

@lz000 -- Our Secret Manager uses Spring bootstrap, so you'll need to create a bootstrap.properties file for your unit tests, placed in the same location as application.properties, and then add the property:

# This will disable the Secret Manager autoconfig from starting.
spring.cloud.gcp.secretmanager.enabled=false

Let me know if this works for you.

[lz000]

@dzou Thanks, it seems to work. But want to confirm the behavior. with spring.cloud.gcp.secretmanager.enabled set to false, the Secret Manager still runs, but instead out throwing error, it throws a warning which does not stop the app. Is it the correct behavior ?

[dzou]

Gotcha I see. Could you share what the warning is?

[lz000]

The warning message is exactly same as the error

WARN 79 --- [           main] c.g.c.s.c.DefaultCredentialsProvider  No core credentials are set. Service-specific credentials (e.g., spring.cloud.gcp.pubsub.credentials.*) should be used if your app uses services that require credentials.
java.io.IOException: The Application Default Credentials are not available. They are available if running in Google Compute Engine. Otherwise, the environment variable GOOGLE_APPLICATION_CREDENTIALS must be defined pointing to a file defining the credentials. See https://developers.google.com/accounts/docs/application-default-credentials for more information.

[dzou]

Ahh I see. Yeah that warning is normal for integration tests in the case where the environment is the same but you haven't set up credentials. Just a reminder to add credentials if running in production.

You should be good.

[dzou]

One more note -- One of our teammates mentioned the warning might indicate you still have some bean in the application context still depending on credentials.

Do you have any other spring-cloud-gcp dependencies you are using? You will have to add that spring.cloud.gcp.xxxxx.enabled=false for those services as well in your integration test.

[lz000]

for spring-cloud-gcp this is the only one, but i have google-cloud-storage, nothing else relates to ggogle cloud

[dzou]

Hmm I see. Maybe it means our GcpContextAutoConfiguration is also kicking in.

Can you also add spring.cloud.gcp.core.enabled=false? See if that helps.

[lz000]

Yes this got rid of the warning

[dzou]

Glad this this works. Yes, for your integration tests (where you don't want authentication) you'll have to remember to disable the service if you don't want the autoconfiguration to load the beans.

You'll be able to find the .enabled settings for all our integrations in the ref doc.

Let me know if you have other questions.