[BUG] Breaking changes in azure-spring-boot-starter-keyvault-secrets' configuration

[ghost]

Describe the bug
azure-spring-boot-starter-keyvault-secrets has breaking (and wrongly documented) configuration properties.

Exception or Stack Trace
Calling this with a key vault which contains disabled secret is a good example that shows that :

  java.lang.IllegalStateException: Failed to load ApplicationContext

  Caused by: java.lang.IllegalStateException: Failed to configure KeyVault property source

  Caused by: com.azure.core.exception.ResourceModifiedException: Status code 403, "{"error":{"code":"Forbidden","message":"Operation get is not allowed on a disabled secret.","innererror":{"code":"SecretDisabled"}}}"

To Reproduce
Steps to reproduce the behavior:

• Create a property.yaml(!) file:

  azure:
    keyvault:
      allow:
        telemetry: false
      enabled: true
      uri: https://${KEYVAULT_NAME}.vault.azure.net/
      client-id: ${AZURE_CLIENT_ID}
      client-key: ${KEYVAULT_CLIENT_SECRET:not-a-secret}
      tenant-id: ${AZURE_TENANT}
      secret:
        keys: test1

• Create enabled secret test1 and disabled secret test2.
• Capture HTTP traffic intended for https://dc.services.visualstudio.com/v2/track
• Run a spring boot app which simply fethes these properties

*Setup

• OS: Linux
• IDE : IntelliJ
• azure-spring-boot-starter-keyvault-secrets 2.3.3

Expected behavior
Similar behaviour as in 2.2.X (as documented):

azure.keyvault.secret.keys is a property to indicate that if application using specific secret keys, if this property is set, application will only load the keys in the property and won't load all the keys from keyvault

[...]

If you don't want to participate, just simply disable it by setting below configuration in application.properties.

azure.keyvault.allow.telemetry=false

→ Only test1 is fetched. No telemetry is sent.

Additional context

• Reference to 2.2.X property definition: https://github.com/microsoft/azure-spring-boot/blob/2.2.x/azure-spring-boot/src/main/java/com/microsoft/azure/keyvault/spring/Constants.java#L21: AZURE_KEYVAULT_SECRET_KEYS = "azure.keyvault.secret.keys"
• Reference to 2.3.X+ property definition: https://github.com/Azure/azure-sdk-for-java/blob/master/sdk/spring/azure-spring-boot/src/main/java/com/microsoft/azure/keyvault/spring/KeyVaultProperties.java#L146: SECRET_KEYS("secret-keys"),

Information Checklist
Kindly make sure that you have added all the following information above and checkoff the required fields otherwise we will treat the issuer as an incomplete report

• Bug Description Added
• Repro Steps Added
• Setup information Added

[chenrujun]

Hi, @frank-fischer-by .

Thank you for reaching out.

IMU, secret-keys is more reasonable than secret.keys. Same to allow-telemetry.
Sorry for the breaking change.

And sorry for the non-updated document.
I have created a PR to fix the document;

[ghost]

Hi @chenrujun,
thanks for the update.

I'm fine either way - I just wondered about the inconsistency.
Now that I know what the correct values are I can just change the configuration 🙂.

Thanks for responding and acting so quickly 👍.

Regrading your PR: I think calling out the breaking change in the Changelog might help other people avoid it.

[chenrujun]

Hi, @frank-fischer-by .

I think calling out the breaking change in the Changelog might help other people avoid it.

It make sense. Thank you very much for your suggestion. 🙇