Consider absent secretId in AppRole authentication steps.

We now skip secretId retrieval when using AppRole authentication steps to avoid Unknown SecretId configuration errors.

Also, renamed AbsentSecretId.INSTANCE to ABSENT_SECRET_ID to cause more meaningful messages when used in toString.

Closes gh-656

Author: mp911de

spring-vault-core/src/main/java/org/springframework/vault/authentication/AppRoleAuthentication.java

@@ -43,10 +43,8 @@
 import org.springframework.web.client.RestClientException;
 import org.springframework.web.client.RestOperations;
 
-import static org.springframework.vault.authentication.AuthenticationSteps.HttpRequestBuilder.get;
-import static org.springframework.vault.authentication.AuthenticationSteps.HttpRequestBuilder.method;
-import static org.springframework.vault.authentication.AuthenticationSteps.HttpRequestBuilder.post;
-import static org.springframework.vault.authentication.AuthenticationUtil.getLoginPath;
+import static org.springframework.vault.authentication.AuthenticationSteps.HttpRequestBuilder.*;
+import static org.springframework.vault.authentication.AuthenticationUtil.*;
 
 /**
  * AppRole implementation of {@link ClientAuthentication}. RoleId and SecretId (optional)
@@ -107,6 +105,11 @@ private static Node<Map<String, String>> getAuthenticationSteps(AppRoleAuthentic
 			SecretId secretId) {
 
 		Node<String> roleIdSteps = getRoleIdSteps(options, roleId);
+
+		if (!hasSecretId(options.getSecretId())) {
+			return roleIdSteps.map(it -> getAppRoleLoginBody(it, null));
+		}
+
 		Node<String> secretIdSteps = getSecretIdSteps(options, secretId);
 
 		return roleIdSteps.zipWith(secretIdSteps).map(it -> getAppRoleLoginBody(it.getLeft(), it.getRight()));
@@ -293,7 +296,7 @@ private static HttpHeaders createHttpHeaders(VaultToken token) {
 	}
 
 	private static HttpEntity<String> createHttpEntity(VaultToken token) {
-		return new HttpEntity<String>(null, createHttpHeaders(token));
+		return new HttpEntity<>(null, createHttpHeaders(token));
 	}
 
 	private Map<String, String> getAppRoleLoginBody(RoleId roleId, SecretId secretId) {
@@ -302,13 +305,17 @@ private Map<String, String> getAppRoleLoginBody(RoleId roleId, SecretId secretId
 
 		login.put("role_id", getRoleId(roleId));
 
-		if (!ClassUtils.isAssignableValue(AbsentSecretId.class, secretId)) {
+		if (hasSecretId(secretId)) {
 			login.put("secret_id", getSecretId(secretId));
 		}
 
 		return login;
 	}
 
+	private static boolean hasSecretId(SecretId secretId) {
+		return !ClassUtils.isAssignableValue(AbsentSecretId.class, secretId);
+	}
+
 	private static Map<String, String> getAppRoleLoginBody(String roleId, @Nullable String secretId) {
 
 		Map<String, String> login = new HashMap<>();

spring-vault-core/src/main/java/org/springframework/vault/authentication/AppRoleAuthenticationOptions.java

@@ -448,7 +448,7 @@ static SecretId provided(String secretId) {
 		 * @return a {@link SecretId} that represents an absent secretId
 		 */
 		static SecretId absent() {
-			return AbsentSecretId.INSTANCE;
+			return AbsentSecretId.ABSENT_SECRET_ID;
 		}
 
 	}

spring-vault-core/src/main/java/org/springframework/vault/authentication/AppRoleTokens.java

@@ -32,7 +32,7 @@ class AppRoleTokens {
 	 */
 	enum AbsentSecretId implements SecretId {
 
-		INSTANCE;
+		ABSENT_SECRET_ID;
 
 	}
 

spring-vault-core/src/test/java/org/springframework/vault/authentication/AppRoleAuthenticationStepsIntegrationTests.java

@@ -38,6 +38,19 @@
  */
 class AppRoleAuthenticationStepsIntegrationTests extends AppRoleAuthenticationIntegrationTestBase {
 
+	@Test
+	void shouldAuthenticateWithRoleIdOnly() {
+
+		String roleId = getRoleId("no-secret-id");
+		AppRoleAuthenticationOptions options = AppRoleAuthenticationOptions.builder().roleId(RoleId.provided(roleId))
+				.build();
+
+		AuthenticationStepsExecutor executor = new AuthenticationStepsExecutor(
+				AppRoleAuthentication.createAuthenticationSteps(options), prepare().getRestTemplate());
+
+		assertThat(executor.login()).isNotNull();
+	}
+
 	@Test
 	void authenticationStepsShouldAuthenticateWithWrappedSecretId() {