Introduce @ConditonalOnExposedEndpoint to avoid auto-configuring endpoints that cannot be accessed

[bclozel]

Since #16090, the spring.jmx.enabled property has been set to false by default.

With that change, we should re-evaluate default enablement of Actuator endpoints since:

• by default only "info" and "health" are exposed over HTTP
• it doesn't make sense to consume resources to create those endpoints if they're not exposed in any way (JMX nor HTTP)

We could in this case avoid creating endpoints when possible; we should refine OnEnabledEndpointCondition and decide to enable a given endpoint with the following conditions (for example, with the "env" endpoint):

1. Enable/disable the endpoint if explicitly configured with "management.endpoint.env.enabled"
2. Enable/disable all endpoints if explicitly configured with "management.endpoints.enabled-by-default"
3. Enable the endpoint if it is enabled by default with @Endpoint(id = "env", enableByDefault = true) and it is exposed as an HTTP endpoint (see "management.endpoints.web.exposure.include") or JMX is enabled and this endpoint is exposed over JMX (see "spring.jmx.enabled" and "management.endpoints.jmx.exposure.include")
4. Otherwise, disable this endpoint

With this improvement, we don't need to change the defaults on @Endpoint annotations, as we still want to retain the difference between enablement and exposure; fr example, the "shutdown" endpoint is not enabled by default.

[wilkinsona]

I’m not sure about point 3. Exposure and enablement are two distinct concepts at the moment and I think that’s a good thing. Exposure builds on top of enablement – an endpoint has to be enabled for it to be possible for it to be exposed. If the enabled condition take exposure into account we’ll lose the distinction and it feels the wrong way round for enablement to be aware of exposure.

I wonder if we need a new condition for exposure? This could either consider both exposure and enablement or it could just consider exposure and we’d use it and the enabled condition in most (all?) cases.

[bclozel]

Good points @wilkinsona , I'll rework that with a OnExposedEndpointCondition. Mixing both concerns in a single condition would make things hard to test and reason about.

[bclozel]

The current implementation is completely separating enablement and exposure.
For now, @ConditionalOnEnabledEndpoint and @ConditionalOnExposedEndpoint are used together. It might make sense to revisit that in the next milestone and make @ConditionalOnExposedEndpoint call the other. Right now I'm wondering if it's still best to keep those separated as they are different concepts and there might be cases where we want to let developers reuse/extend existing infrastructure independently of what's happening with the endpoints.

[snicoll]

@bclozel should we move that comment to a new issue targeted to M2?