fix wildcard handling when field contains dot

dist/index.js

@@ -14326,7 +14326,7 @@ async function getSecrets(secretRequests, client, ignoreNotFound) {
 
         body = JSON.parse(body);
 
-        if (selector == WILDCARD) {                     
+        if (selector == WILDCARD) {
             let keys = body.data;
             if (body.data["data"] != undefined) {
                 keys = keys.data;
@@ -14334,20 +14334,26 @@ async function getSecrets(secretRequests, client, ignoreNotFound) {
 
             for (let key in keys) {
                 let newRequest = Object.assign({},secretRequest);
-                newRequest.selector = key;                  
-                
+                newRequest.selector = key;
+
                 if (secretRequest.selector === secretRequest.outputVarName) {
                     newRequest.outputVarName = key;
-                    newRequest.envVarName = key;        		
-                }
-                else {
+                    newRequest.envVarName = key;
+                } else {
                     newRequest.outputVarName = secretRequest.outputVarName+key;
-                    newRequest.envVarName = secretRequest.envVarName+key;        		
+                    newRequest.envVarName = secretRequest.envVarName+key;
                 }
 
                 newRequest.outputVarName = normalizeOutputKey(newRequest.outputVarName);
-                newRequest.envVarName = normalizeOutputKey(newRequest.envVarName,true);   
+                newRequest.envVarName = normalizeOutputKey(newRequest.envVarName,true);
 
+                // JSONata field references containing reserved tokens should
+                // be enclosed in backticks
+                // https://docs.jsonata.org/simple#examples
+                if (key.includes(".")) {
+                    const backtick = '`';
+                    key = backtick.concat(key, backtick);
+                }
                 selector = key;
 
                 results = await selectAndAppendResults(
@@ -14361,13 +14367,13 @@ async function getSecrets(secretRequests, client, ignoreNotFound) {
         }
         else {
           results = await selectAndAppendResults(
-            selector, 
-            body, 
-            cachedResponse, 
-            secretRequest, 
+            selector,
+            body,
+            cachedResponse,
+            secretRequest,
             results
           );
-        }   
+        }
     }
 
     return results;

integrationTests/basic/integration.test.js

@@ -32,6 +32,14 @@ describe('integration', () => {
             },
         });
 
+        await got(`${vaultUrl}/v1/secret/data/test-with-dot-char`, {
+            method: 'POST',
+            headers: {
+                'X-Vault-Token': vaultToken,
+            },
+            body: `{"data":{"secret.foo":"SUPERSECRET"}}`
+        });
+
         await got(`${vaultUrl}/v1/secret/data/nested/test`, {
             method: 'POST',
             headers: {
@@ -194,6 +202,16 @@ describe('integration', () => {
         expect(core.exportVariable).toBeCalledWith('OTHERSECRETDASH', 'OTHERSUPERSECRET');
     });
 
+    it('get wildcard secrets with dot char', async () => {
+        mockInput(`secret/data/test-with-dot-char * ;`);
+
+        await exportSecrets();
+
+        expect(core.exportVariable).toBeCalledTimes(1);
+
+        expect(core.exportVariable).toBeCalledWith('SECRET__FOO', 'SUPERSECRET');
+    });
+
     it('get wildcard secrets', async () => {
         mockInput(`secret/data/test * ;`);
 

src/secrets.js

@@ -63,7 +63,7 @@ async function getSecrets(secretRequests, client, ignoreNotFound) {
 
         body = JSON.parse(body);
 
-        if (selector == WILDCARD) {                     
+        if (selector == WILDCARD) {
             let keys = body.data;
             if (body.data["data"] != undefined) {
                 keys = keys.data;
@@ -71,20 +71,26 @@ async function getSecrets(secretRequests, client, ignoreNotFound) {
 
             for (let key in keys) {
                 let newRequest = Object.assign({},secretRequest);
-                newRequest.selector = key;                  
-                
+                newRequest.selector = key;
+
                 if (secretRequest.selector === secretRequest.outputVarName) {
                     newRequest.outputVarName = key;
-                    newRequest.envVarName = key;        		
-                }
-                else {
+                    newRequest.envVarName = key;
+                } else {
                     newRequest.outputVarName = secretRequest.outputVarName+key;
-                    newRequest.envVarName = secretRequest.envVarName+key;        		
+                    newRequest.envVarName = secretRequest.envVarName+key;
                 }
 
                 newRequest.outputVarName = normalizeOutputKey(newRequest.outputVarName);
-                newRequest.envVarName = normalizeOutputKey(newRequest.envVarName,true);   
+                newRequest.envVarName = normalizeOutputKey(newRequest.envVarName,true);
 
+                // JSONata field references containing reserved tokens should
+                // be enclosed in backticks
+                // https://docs.jsonata.org/simple#examples
+                if (key.includes(".")) {
+                    const backtick = '`';
+                    key = backtick.concat(key, backtick);
+                }
                 selector = key;
 
                 results = await selectAndAppendResults(
@@ -98,13 +104,13 @@ async function getSecrets(secretRequests, client, ignoreNotFound) {
         }
         else {
           results = await selectAndAppendResults(
-            selector, 
-            body, 
-            cachedResponse, 
-            secretRequest, 
+            selector,
+            body,
+            cachedResponse,
+            secretRequest,
             results
           );
-        }   
+        }
     }
 
     return results;