search

spring-projects / spring-boot

Spring Boot helps you to create Spring-powered, production-grade applications and services with absolute minimum fuss.
https://spring.io/projects/spring-boot
Apache License 2.0
75.41k stars 40.75k forks source link

Management endpoint access and enabled properties are ignored unless the endpoint ID is an exact match #43302

Closed francisco-bru closed 2 days ago

francisco-bru commented 3 days ago

I'm migrating to 3.4.0 version and I apreciate that management.endpoints.enable-by-default and management.endpoint.id.enabled are deprecated as it says in the release notes.

In these release notes it appears that there are 3 values for the new access properties: none, read-only and unrestricted. However, in the release documentation, the ‘disabled’ is indicated, but disabled is not a valid value:

Caused by: java.lang.IllegalArgumentException: No enum constant org.springframework.boot.actuate.endpoint.Access.disabled

In my application I have an endpoint running with the following configuration:

management.endpoints.enabled-by-default=false
management.endpoint.foo.enabled=true

However when migrating to version 3.4 this endpoint is no longer exposed. I thought that being deprecated properties and not deleted, I should not make changes yet. Anyway I have made the following changes:

management.endpoints.access.default=none
management.endpoint.foo.access=unrestricted

and the enpoint is still not exposed. I have only been able to expose it with the following configuration:

management.endpoints.access.default=unrestricted

But, this is not the correct behaivor.

wilkinsona commented 3 days ago

However, in the release documentation, the ‘disabled’ is indicated, but disabled is not a valid value

Sorry, that's a mistake in the docs. It should be none rather than disabled. We'll correct it.

I can't reproduce the runtime behavior that you have described. For example, these properties work for me:

management.endpoints.web.exposure.include=*
management.endpoints.enabled-by-default=false
management.endpoint.foo.enabled=true

The foo endpoint is the only endpoint that's available.

These properties also work for me:

management.endpoints.web.exposure.include=*
management.endpoints.access.default=none
management.endpoint.foo.access=unrestricted

I've tested both with @ConditionalOnAvailableEndpoint and without and the behavior's the same.

If you would like us to spend some more time investigating, please spend some time providing a complete yet minimal sample that reproduces the problem. You can share it with us by pushing it to a separate repository on GitHub or by zipping it up and attaching it to this issue.

francisco-bru commented 3 days ago

I seem to have found the problem. The bug occurs depending on the endpoint identifier.

That is, if the endpoint identifier was: ‘fooVar’, in the previous version 3.3.6, the following properties were accepted as valid:

management.endpoint.foo-var.enabled=true
management.endpoint.fooVar.enabled=true

However, in version 3.4, only this property is valid:

management.endpoint.fooVar.enabled=true

demo.zip

Another behaviour changed is that in previous version when you have @RestContollerEndpoint (Deprecated):

management.endpoints.enabled-by-default=false
# foo endpoint enabled property not set
# management.endpoint.foo.enabled=true

The endpoint is exposed However, in version 3.4, the endpoint is not exposed.

I think that in this case, 3.4 fixes the previous behaviour.

wilkinsona commented 2 days ago

Thanks for the sample. I've now reproduced the problem.

I think that in this case, 3.4 fixes the previous behaviour.

We agree. This was raised in https://github.com/spring-projects/spring-boot/issues/42987 which led to an update to the release notes being made to describe the change.