Search code examples
javaspringspring-bootspring-vault

How do you use Spring Retry with Spring Vault Configuration with VaultPropertySource?


I want spring-vault configuration marked with VaultPropertySource to be able to retry the requests to the vault if they fail. What should i mark as retryable ? I'm using Spring-Retry and i was looking over http://www.baeldung.com/spring-retry .

There is no visible method to mark as retryable. Should I change the implementation of the vaultTemplate and mark the vaultOperations as retryable ?

ProvisioningSecrets.java

    @Configuration
    @VaultPropertySource(
            value="secret/provisioning",
            propertyNamePrefix = "provisioning.",
            renewal = Renewal.RENEW
            )
    @EnableRetry
    @Lazy
    @Profile("!test")
    public class ProvisioningSecrets {
        private static final Logger logger = LoggerFactory.getLogger(ProvisioningSecrets.class);

        @Autowired
        public void setPassword(@Value("${provisioning.password}") final String password) throws Exception {
            logger.info("We successfully set the provisioning db password.");
            EnvVars.changeSetting(Setting.PROVISIONING_PASS, password);
        }

        @Autowired
        public void setHost(@Value("${provisioning.host}") final String host) throws Exception {
            logger.info("We successfully set the provisioning db host.");
            EnvVars.changeSetting(Setting.PROVISIONING_HOST, host);
        }

        @Autowired
        public void setPort(@Value("${provisioning.port}") final int port) throws Exception {
            logger.info("We successfully set the provisioning db port.");
            EnvVars.changeSetting(Setting.PROVISIONING_PORT, Integer.toString(port));
        }

        @Autowired
        public void setUsername(@Value("${provisioning.username}") final String username) throws Exception {
            logger.info("We successfully set the provisioning db username.");
            EnvVars.changeSetting(Setting.PROVISIONING_USER, username);
        }

        @Autowired
        public void setDbName(@Value("${provisioning.name}") final String name) throws Exception {
            logger.info("We successfully set the provisioning db name.");
            EnvVars.changeSetting(Setting.PROVISIONING_DB_NAME, name);
        }
    }

VaultConfiguration.java

@Configuration
@Profile("!test")
public class VaultConfiguration extends AbstractVaultConfiguration {

    private static final Logger logger = LoggerFactory.getLogger(VaultConfiguration.class);

    private URI vaultHost;

    private String vaultToken;

    /**
     * Configure the Client Authentication.
     *
     * @return A configured ClientAuthentication Object.
     * @see ClientAuthentication
     */
    @Override
    public ClientAuthentication clientAuthentication() {
        // testing out environment variable value injection
        logger.debug("Vault Token configuration done.");
        return new TokenAuthentication(vaultToken);
    }

    @Override
    @Bean
    @DependsOn("vaultToken")
    public SessionManager sessionManager() {
        return super.sessionManager();
    }

    @Override
    public SslConfiguration sslConfiguration() {
        logger.info("Configuring Vault SSL with NONE.");
        return SslConfiguration.NONE;
    }

    /**
     * Specify an endpoint for connecting to Vault.
     *
     * @return A configured VaultEndpoint.
     * @see VaultEndpoint
     */
    @Override
    public VaultEndpoint vaultEndpoint() {
        logger.debug("Vault Host:" + vaultHost.toString());

        if (vaultHost.toString().isEmpty()) {
            logger.info("Creating default Vault Endpoint.");
            return new VaultEndpoint();
        }

        logger.info("Creating Vault Endpoint based on address: " + vaultHost.toString());
        final VaultEndpoint endpoint = VaultEndpoint.from(vaultHost);
        logger.info("Created Vault Endpoint: " + endpoint.toString());

        return endpoint;
    }

    @Bean("vaultHost")
    public URI vaultHost(@Value("${spring.vault.host}") final URI vaultHost) {
        this.vaultHost = vaultHost;
        return vaultHost;
    }

    @Override
    @Bean
    @DependsOn("vaultHost")
    public VaultTemplate vaultTemplate() {
        return super.vaultTemplate();
    }

    @Bean("vaultToken")
    public String vaultToken(@Value("${spring.vault.token}") final String vaultToken) {
        this.vaultToken = vaultToken;
        return vaultToken;
    }
}

Solution

  • How about creating a custom VaultTemplate bean class using RetryTemplate?

    public class RetryableVaultTemplate extends VaultTemplate {
    
        private final RetryTemplate retryTemplate;
    
        public RetryableVaultTemplate(VaultEndpointProvider endpointProvider,
                ClientHttpRequestFactory clientHttpRequestFactory,
                SessionManager sessionManager, RetryTemplate retryTemplate) {
            super(endpointProvider, clientHttpRequestFactory, sessionManager);
            this.retryTemplate = retryTemplate;
        }
    
        @Override
        public VaultResponse read(final String path) {
    
            return retryTemplate
                    .execute(new RetryCallback<VaultResponse, RuntimeException>() {
                        @Override
                        public VaultResponse doWithRetry(RetryContext context) {
                            System.out.println("doWithRetry");
                            return RetryableVaultTemplate.super.read(path);
                        }
                    });
        }
    
        @Override
        public <T> VaultResponseSupport<T> read(final String path, final Class<T> responseType) {
    
            return retryTemplate
                    .execute(new RetryCallback<VaultResponseSupport<T>, RuntimeException>() {
                        @Override
                        public VaultResponseSupport<T> doWithRetry(RetryContext context) {
                            return RetryableVaultTemplate.super.read(path, responseType);
                        }
                    });
        }
    }
    

    Make sure to register this bean class as vaultTemplate bean instead of VaultTemplate.