Spring Cloud Discovery Disabled When Using Vault (SL018)

Verifies Spring Cloud Discovery is disabled if the service is using Vault.

Description

Checks all POMs for a 'spring-cloud-starter-vault-config' dependency to see if the service is using Vault. If it is, checks all application.properties for 'spring.cloud.vault.enabled' set to false, and checks all overrides*.env if set by and environment variable. If 'spring.cloud.vault.enabled' is not present or set to true, reports INFO to disable spring cloud discovery.

Rationale

To reduce log noise when the service uses Vault without disabling Spring Cloud Discovery.

Findings

INFO
- Spring Cloud Vault dependency spring-cloud-starter-vault-config in POM
- spring.cloud.vault.enabled=true in application.properties
- spring.cloud.vault.enabled=${<ENV_VAR>} in application.properties and <ENV_VAR> set to true or undefined
- spring.cloud.vault.enabled=${<ENV_VAR>:true} in application.properties and <ENV_VAR> set to true or undefined
- spring.cloud.vault.enabled=${<ENV_VAR>:false} in application.properties and <ENV_VAR> set to true

Noncompliant

Vault enabled without disabling discovery

# Explicitly set to true
spring.cloud.vault.enabled=true

# If VAULT_ENABLED=true or ENV_VAR is not set
spring.cloud.vault.enabled=${ENV_VAR}
spring.cloud.vault.enabled=${ENV_VAR:true}

# If ENV_VAR=true
spring.cloud.vault.enabled=${ENV_VAR:false}

Compliant

Vault enabled with discovery disabled

# Explicitly set to true
spring.cloud.vault.enabled=false

# If ENV_VAR=false
spring.cloud.vault.enabled=${ENV_VAR}

# If ENV_VAR=false or ENV_VAR is not set
spring.cloud.vault.enabled=${ENV_VAR:false}

# If ENV_VAR=false
spring.cloud.vault.enabled=${ENV_VAR:true}

Configuration

This rule has no configuration.