Don't load disabled secret

Author: AndreuCodina

pydantic_settings/sources/providers/azure.py

@@ -46,7 +46,7 @@ def __init__(
         self._loaded_secrets = {}
         self._secret_client = secret_client
         self._secret_names: list[str] = [
-            secret.name for secret in self._secret_client.list_properties_of_secrets() if secret.name
+            secret.name for secret in self._secret_client.list_properties_of_secrets() if secret.name and secret.enabled
         ]
 
     def __getitem__(self, key: str) -> str | None:

tests/test_source_azure_key_vault.py

@@ -3,6 +3,7 @@
 """
 
 import pytest
+from azure.keyvault.secrets import SecretClient
 from pydantic import BaseModel, Field
 from pytest_mock import MockerFixture
 
@@ -23,9 +24,6 @@
     azure_key_vault = False
 
 
-MODULE = 'pydantic_settings.sources.providers.azure'
-
-
 @pytest.mark.skipif(not azure_key_vault, reason='pydantic-settings[azure-key-vault] is not installed')
 class TestAzureKeyVaultSettingsSource:
     """Test AzureKeyVaultSettingsSource."""
@@ -36,7 +34,10 @@ def test___init__(self, mocker: MockerFixture) -> None:
         class AzureKeyVaultSettings(BaseSettings):
             """AzureKeyVault settings."""
 
-        mocker.patch(f'{MODULE}.SecretClient.list_properties_of_secrets', return_value=[])
+        mocker.patch(
+            f'{AzureKeyVaultSettingsSource.__module__}.{SecretClient.list_properties_of_secrets.__qualname__}',
+            return_value=[],
+        )
 
         AzureKeyVaultSettingsSource(
             AzureKeyVaultSettings, 'https://my-resource.vault.azure.net/', DefaultAzureCredential()
@@ -55,11 +56,17 @@ class AzureKeyVaultSettings(BaseSettings):
             sql_server_user: str = Field(..., alias='SqlServerUser')
             sql_server: SqlServer = Field(..., alias='SqlServer')
 
-        expected_secrets = [type('', (), {'name': 'SqlServerUser'}), type('', (), {'name': 'SqlServer--Password'})]
+        expected_secrets = [
+            type('', (), {'name': 'SqlServerUser', 'enabled': True}),
+            type('', (), {'name': 'SqlServer--Password', 'enabled': True}),
+        ]
         expected_secret_value = 'SecretValue'
-        mocker.patch(f'{MODULE}.SecretClient.list_properties_of_secrets', return_value=expected_secrets)
         mocker.patch(
-            f'{MODULE}.SecretClient.get_secret',
+            f'{AzureKeyVaultSettingsSource.__module__}.{SecretClient.list_properties_of_secrets.__qualname__}',
+            return_value=expected_secrets,
+        )
+        mocker.patch(
+            f'{AzureKeyVaultSettingsSource.__module__}.{SecretClient.get_secret.__qualname__}',
             side_effect=self._raise_resource_not_found_when_getting_parent_secret_name,
         )
         obj = AzureKeyVaultSettingsSource(
@@ -99,11 +106,17 @@ def settings_customise_sources(
                     ),
                 )
 
-        expected_secrets = [type('', (), {'name': 'SqlServerUser'}), type('', (), {'name': 'SqlServer--Password'})]
+        expected_secrets = [
+            type('', (), {'name': 'SqlServerUser', 'enabled': True}),
+            type('', (), {'name': 'SqlServer--Password', 'enabled': True}),
+        ]
         expected_secret_value = 'SecretValue'
-        mocker.patch(f'{MODULE}.SecretClient.list_properties_of_secrets', return_value=expected_secrets)
         mocker.patch(
-            f'{MODULE}.SecretClient.get_secret',
+            f'{AzureKeyVaultSettingsSource.__module__}.{SecretClient.list_properties_of_secrets.__qualname__}',
+            return_value=expected_secrets,
+        )
+        mocker.patch(
+            f'{AzureKeyVaultSettingsSource.__module__}.{SecretClient.get_secret.__qualname__}',
             side_effect=self._raise_resource_not_found_when_getting_parent_secret_name,
         )