java - Spring Cloud Vault 从错误的配置文件中获取属性

Question

在我的 Spring Boot 项目中，我定义了 4 个配置文件 ide、dev、test 和 prod。当我使用 IntelliJ 和配置文件 ide 运行该项目时，一切正常，并且从 Vault 中的 ide 配置文件检索属性。但是在开发服务器中部署期间，当我使用参数 -Dspring.profiles.active=dev 选择 dev 配置文件时，将选择开发配置文件，但 ide 正在检索配置文件属性

CustomVaultConfigurer.java

@Configuration
public class CustomVaultConfigurer  implements VaultConfigurer
{
    @Override
    public void addSecretBackends(SecretBackendConfigurer configurer)
    {
                configurer.add("secret/app/pres/ide");
        configurer.add("secret/app/pres/dev");
        configurer.add("secret/app/pres/test");
        configurer.add("secret/app/pres/prod");

        configurer.registerDefaultGenericSecretBackends(false);
        configurer.registerDefaultDiscoveredSecretBackends(true);
    }
}

错误日志:

2020-05-27 19:28:25.663  INFO 1 --- [           main] gov.cancer.ccr.oit.pres.PresApplication  : The following profiles are active: dev
2020-05-27 19:28:28.495  INFO 1 --- [           main] .s.d.r.c.RepositoryConfigurationDelegate : Bootstrapping Spring Data JPA repositories in DEFERRED mode.
2020-05-27 19:28:29.710  INFO 1 --- [           main] .s.d.r.c.RepositoryConfigurationDelegate : Finished Spring Data repository scanning in 1203ms. Found 55 JPA repository interfaces.
2020-05-27 19:28:30.142  INFO 1 --- [           main] o.s.cloud.context.scope.GenericScope     : BeanFactory id=87545ee5-101d-3ebb-a79a-d12f99f15e9c
2020-05-27 19:28:31.002  INFO 1 --- [           main] trationDelegate$BeanPostProcessorChecker : Bean 'org.springframework.security.access.expression.method.DefaultMethodSecurityExpressionHandler@70c53dbe' of type [org.springframework.security.access.expression.method.DefaultMethodSecurityExpressionHandler] is not eligible for getting processed by all BeanPostProcessors (for example: not eligible for auto-proxying)
2020-05-27 19:28:31.011  INFO 1 --- [           main] trationDelegate$BeanPostProcessorChecker : Bean 'methodSecurityConfig' of type [gov.cancer.ccr.oit.pres.security.MethodSecurityConfig$$EnhancerBySpringCGLIB$$8721baa3] is not eligible for getting processed by all BeanPostProcessors (for example: not eligible for auto-proxying)
2020-05-27 19:28:31.033  INFO 1 --- [           main] trationDelegate$BeanPostProcessorChecker : Bean 'methodSecurityMetadataSource' of type [org.springframework.security.access.method.DelegatingMethodSecurityMetadataSource] is not eligible for getting processed by all BeanPostProcessors (for example: not eligible for auto-proxying)
2020-05-27 19:28:31.608  INFO 1 --- [           main] o.s.b.w.embedded.tomcat.TomcatWebServer  : Tomcat initialized with port(s): 8080 (http)
2020-05-27 19:28:31.635  INFO 1 --- [           main] o.apache.catalina.core.StandardService   : Starting service [Tomcat]
2020-05-27 19:28:31.636  INFO 1 --- [           main] org.apache.catalina.core.StandardEngine  : Starting Servlet engine: [Apache Tomcat/9.0.35]
2020-05-27 19:28:31.778  INFO 1 --- [           main] o.a.c.c.C.[Tomcat].[localhost].[/]       : Initializing Spring embedded WebApplicationContext
2020-05-27 19:28:31.778  INFO 1 --- [           main] o.s.web.context.ContextLoader            : Root WebApplicationContext: initialization completed in 6069 ms
2020-05-27 19:28:32.616  INFO 1 --- [           main] o.s.s.concurrent.ThreadPoolTaskExecutor  : Initializing ExecutorService 'applicationTaskExecutor'
2020-05-27 19:28:32.909  INFO 1 --- [           main] com.zaxxer.hikari.HikariDataSource       : HikariPool-1 - Starting...
2020-05-27 19:29:03.630 ERROR 1 --- [           main] com.zaxxer.hikari.pool.HikariPool        : HikariPool-1 - Exception during pool initialization.

com.microsoft.sqlserver.jdbc.SQLServerException: The TCP/IP connection to the host localhost, port 1433 has failed. Error: "Connection refused (Connection refused). Verify the connection properties. Make sure that an instance of SQL Server is running on the host and accepting TCP/IP connections at the port. Make sure that TCP connections to the port are not blocked by a firewall.".

但是当我将 ide 配置文件放在列表的末尾(如下所示)时，它就可以工作

configurer.add("secret/app/pres/dev");
configurer.add("secret/app/pres/test");
configurer.add("secret/app/pres/prod");
configurer.add("secret/app/pres/ide");

Answer 1

好的。我这边的愚蠢部分。根据标记 comment当您将 configurer.add(…) 与 configurer.registerDefaultGenericSecretBackends(false) 结合使用时，Spring Cloud Vault 不会查看 spring.profiles.active 根本不使用，而是使用您的 VaultConfigurer 指定的内容。

更新后的VaultConfigurer如下所示，并且从

检索 Activity 配置文件

VaultConfigurer.java

@Configuration
public class CustomVaultConfigurer  implements VaultConfigurer
{
    @Autowired
    private Environment environment;

    @Override
    public void addSecretBackends(SecretBackendConfigurer configurer)
    {
        //Get active profile from environment, if none exist select DEV profile
        if(environment.getActiveProfiles().length > 0)
            configurer.add("secret/app/pres/"+environment.getActiveProfiles()[0]);
        else
            configurer.add("secret/app/pres/dev");

        configurer.registerDefaultGenericSecretBackends(false);
        configurer.registerDefaultDiscoveredSecretBackends(true);
    }
}