Skip secret rotation for non-renewable leases with zero TTL

We now skip secret rotation for secrets that have a zero TTL, typically kv1/kv2 secrets that don't have a TTL configured to avoid excessive Vault calls.

Closes gh-601.
See also spring-cloud/spring-cloud-vault#391

Author: mp911de

spring-vault-core/src/main/java/org/springframework/vault/core/lease/SecretLeaseContainer.java

@@ -897,7 +897,7 @@ private boolean isLeaseRenewable(@Nullable Lease lease, RequestedSecret requeste
 				return true;
 			}
 
-			if (!lease.hasLeaseId() && requestedSecret.getMode() == Mode.ROTATE) {
+			if (!lease.hasLeaseId() && !lease.getLeaseDuration().isZero() && requestedSecret.getMode() == Mode.ROTATE) {
 				return true;
 			}
 
@@ -915,7 +915,8 @@ private boolean isLeaseRotateOnly(Lease lease, RequestedSecret requestedSecret)
 				return false;
 			}
 
-			return lease.hasLeaseId() && !lease.isRenewable() && requestedSecret.getMode() == Mode.ROTATE;
+			return lease.hasLeaseId() && !lease.getLeaseDuration().isZero() && !lease.isRenewable()
+					&& requestedSecret.getMode() == Mode.ROTATE;
 		}
 
 	}

spring-vault-core/src/test/java/org/springframework/vault/core/lease/RotatingGenericSecretsIntegrationTestConfiguration.java

@@ -32,14 +32,15 @@
  * @author Steven Swor
  */
 @Configuration
+@VaultPropertySource(propertyNamePrefix = "generic.rotating.", value = "versioned/rotating",
+		renewal = VaultPropertySource.Renewal.ROTATE)
 public class RotatingGenericSecretsIntegrationTestConfiguration {
 
 	/**
 	 * Utility class which will give our tests a reference to the
 	 * {@link LeaseAwareVaultPropertySource} which holds our secrets.
 	 */
-	@VaultPropertySource(propertyNamePrefix = "generic.rotating.", value = "secret/rotating",
-			renewal = VaultPropertySource.Renewal.ROTATE)
+
 	public static class PropertySourceHolder implements InitializingBean {
 
 		@Autowired
@@ -60,7 +61,7 @@ public void afterPropertiesSet() throws Exception {
 			Map<String, LeaseAwareVaultPropertySource> leaseAwareVaultPropertySources = this.appContext
 					.getBeansOfType(LeaseAwareVaultPropertySource.class);
 			for (LeaseAwareVaultPropertySource candidate : leaseAwareVaultPropertySources.values()) {
-				if (candidate.getRequestedSecret().getPath().equals("secret/rotating")) {
+				if (candidate.getRequestedSecret().getPath().equals("versioned/rotating")) {
 					this.propertySource = candidate;
 					break;
 				}

spring-vault-core/src/test/java/org/springframework/vault/core/lease/RotatingGenericSecretsIntegrationTests.java

@@ -0,0 +1,66 @@
+/*
+ * Copyright 2020 the original author or authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.springframework.vault.core.lease;
+
+import java.util.Collections;
+
+import org.junit.jupiter.api.BeforeAll;
+import org.junit.jupiter.api.Test;
+import org.junit.jupiter.api.extension.ExtendWith;
+
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.test.context.junit.jupiter.SpringExtension;
+import org.springframework.test.context.junit.jupiter.SpringJUnitConfig;
+import org.springframework.vault.core.VaultIntegrationTestConfiguration;
+import org.springframework.vault.core.VaultKeyValueOperations;
+import org.springframework.vault.core.VaultKeyValueOperationsSupport;
+import org.springframework.vault.util.IntegrationTestSupport;
+import org.springframework.vault.util.PrepareVault;
+import org.springframework.vault.util.VaultInitializer;
+
+import static org.assertj.core.api.Assertions.*;
+
+/**
+ * Integration tests for rotating generic secrets.
+ *
+ * @author Mark Paluch
+ */
+@ExtendWith(SpringExtension.class)
+@SpringJUnitConfig(
+		classes = { VaultIntegrationTestConfiguration.class, RotatingGenericSecretsIntegrationTestConfiguration.class })
+public class RotatingGenericSecretsIntegrationTests extends IntegrationTestSupport {
+
+	@BeforeAll
+	static void beforeAll() {
+
+		VaultInitializer initializer = new VaultInitializer();
+
+		initializer.initialize();
+		PrepareVault prepare = initializer.prepare();
+
+		VaultKeyValueOperations versioned = prepare.getVaultOperations().opsForKeyValue("versioned",
+				VaultKeyValueOperationsSupport.KeyValueBackend.KV_2);
+
+		versioned.put("rotating", Collections.singletonMap("key", "value"));
+	}
+
+	@Test
+	void name(@Autowired RotatingGenericSecretsIntegrationTestConfiguration.PropertySourceHolder holder) {
+
+		assertThat(holder.propertySource.getProperty("generic.rotating.key")).isEqualTo("value");
+	}
+
+}