Consider endpoints.sensitive when endpoints.health.sensitive is not set

Closes gh-7476

Author: wilkinsona

spring-boot-actuator/src/main/java/org/springframework/boot/actuate/endpoint/mvc/HealthMvcEndpoint.java

@@ -59,7 +59,9 @@ public class HealthMvcEndpoint extends AbstractEndpointMvcAdapter<HealthEndpoint
 
 	private Map<String, HttpStatus> statusMapping = new HashMap<String, HttpStatus>();
 
-	private RelaxedPropertyResolver propertyResolver;
+	private RelaxedPropertyResolver healthPropertyResolver;
+
+	private RelaxedPropertyResolver endpointPropertyResolver;
 
 	private RelaxedPropertyResolver roleResolver;
 
@@ -84,8 +86,10 @@ private void setupDefaultStatusMapping() {
 
 	@Override
 	public void setEnvironment(Environment environment) {
-		this.propertyResolver = new RelaxedPropertyResolver(environment,
+		this.healthPropertyResolver = new RelaxedPropertyResolver(environment,
 				"endpoints.health.");
+		this.endpointPropertyResolver = new RelaxedPropertyResolver(environment,
+				"endpoints.");
 		this.roleResolver = new RelaxedPropertyResolver(environment,
 				"management.security.");
 	}
@@ -209,7 +213,12 @@ private boolean isSpringSecurityAuthentication(Principal principal) {
 	}
 
 	private boolean isUnrestricted() {
-		Boolean sensitive = this.propertyResolver.getProperty("sensitive", Boolean.class);
+		Boolean sensitive = this.healthPropertyResolver.getProperty("sensitive",
+				Boolean.class);
+		if (sensitive == null) {
+			sensitive = this.endpointPropertyResolver.getProperty("sensitive",
+					Boolean.class);
+		}
 		return !this.secure && !Boolean.TRUE.equals(sensitive);
 	}
 

spring-boot-actuator/src/test/java/org/springframework/boot/actuate/endpoint/mvc/HealthMvcEndpointTests.java

@@ -24,6 +24,7 @@
 import org.springframework.boot.actuate.endpoint.HealthEndpoint;
 import org.springframework.boot.actuate.health.Health;
 import org.springframework.boot.actuate.health.Status;
+import org.springframework.boot.test.util.EnvironmentTestUtils;
 import org.springframework.core.env.MapPropertySource;
 import org.springframework.core.env.PropertySource;
 import org.springframework.http.HttpStatus;
@@ -264,4 +265,45 @@ public void newValueIsReturnedOnceTtlExpires() throws InterruptedException {
 		assertThat(health.getStatus() == Status.DOWN).isTrue();
 	}
 
+	@Test
+	public void detailIsHiddenWhenAllEndpointsAreSensitive() {
+		EnvironmentTestUtils.addEnvironment(this.environment, "endpoints.sensitive:true");
+		this.mvc = new HealthMvcEndpoint(this.endpoint, false);
+		this.mvc.setEnvironment(this.environment);
+		given(this.endpoint.invoke())
+				.willReturn(new Health.Builder().up().withDetail("foo", "bar").build());
+		Object result = this.mvc.invoke(null);
+		assertThat(result instanceof Health).isTrue();
+		assertThat(((Health) result).getStatus() == Status.UP).isTrue();
+		assertThat(((Health) result).getDetails().get("foo")).isNull();
+	}
+
+	@Test
+	public void detailIsHiddenWhenHealthEndpointIsSensitive() {
+		EnvironmentTestUtils.addEnvironment(this.environment,
+				"endpoints.health.sensitive:true");
+		this.mvc = new HealthMvcEndpoint(this.endpoint, false);
+		this.mvc.setEnvironment(this.environment);
+		given(this.endpoint.invoke())
+				.willReturn(new Health.Builder().up().withDetail("foo", "bar").build());
+		Object result = this.mvc.invoke(null);
+		assertThat(result instanceof Health).isTrue();
+		assertThat(((Health) result).getStatus() == Status.UP).isTrue();
+		assertThat(((Health) result).getDetails().get("foo")).isNull();
+	}
+
+	@Test
+	public void detailIsHiddenWhenOnlyHealthEndpointIsSensitive() {
+		EnvironmentTestUtils.addEnvironment(this.environment,
+				"endpoints.health.sensitive:true", "endpoints.sensitive:false");
+		this.mvc = new HealthMvcEndpoint(this.endpoint, false);
+		this.mvc.setEnvironment(this.environment);
+		given(this.endpoint.invoke())
+				.willReturn(new Health.Builder().up().withDetail("foo", "bar").build());
+		Object result = this.mvc.invoke(null);
+		assertThat(result instanceof Health).isTrue();
+		assertThat(((Health) result).getStatus() == Status.UP).isTrue();
+		assertThat(((Health) result).getDetails().get("foo")).isNull();
+	}
+
 }