Open csterwa opened 4 years ago
should this be in spring cloud config?
Moved to Spring Cloud Config repo.
The best solution, IMO, is to have Vault's environment repository fail gracefully when there is no token. That addresses the health indicator problem, but also addresses other problems such as the requirement that all config clients be given a token, even if only some need secrets from Vault.
In short, if VaultEnvironmentRepository
were to return an empty set of secrets when there is no token, rather than failing with an IllegalArgumentException
, then it would address the concern with the health indicator, address an SCS-specific need for our dashboard, and allow multiple clients to consume properties from a Vault-backed config server, even if they don't have the Vault token (only those with a token will receive Vault secrets, though).
Problem
If a Vault token is not provided to the Config Server when accessing it's health actuator then the Vault backend health check will respond as failed.
Requested Solution
If a Vault token is not provided, the Config Server health check should not fail and may provide just the Vault server's health status API response instead.
https://www.vaultproject.io/api/system/health.html