fix wildcard handling when field contains dot

2025-11-07 15:16:56 +00:00 · 2024-04-12 09:31:30 -05:00 · 2024-04-12 09:31:30 -05:00 · 52aa205c7a
commit 52aa205c7a
parent 66531b2752
3 changed files with 56 additions and 26 deletions
--- a/dist/index.js
+++ b/dist/index.js
@ -19012,8 +19012,7 @@ async function getSecrets(secretRequests, client, ignoreNotFound) {
                if (secretRequest.selector === secretRequest.outputVarName) {
                    newRequest.outputVarName = key;
                    newRequest.envVarName = key;
-                }
-                else {
+                } else {
                    newRequest.outputVarName = secretRequest.outputVarName+key;
                    newRequest.envVarName = secretRequest.envVarName+key;
                }
@ -19021,6 +19020,13 @@ async function getSecrets(secretRequests, client, ignoreNotFound) {
                newRequest.outputVarName = normalizeOutputKey(newRequest.outputVarName);
                newRequest.envVarName = normalizeOutputKey(newRequest.envVarName,true);

+                // JSONata field references containing reserved tokens should
+                // be enclosed in backticks
+                // https://docs.jsonata.org/simple#examples
+                if (key.includes(".")) {
+                    const backtick = '`';
+                    key = backtick.concat(key, backtick);
+                }
                selector = key;

                results = await selectAndAppendResults(
--- a/integrationTests/basic/integration.test.js
+++ b/integrationTests/basic/integration.test.js
@ -31,6 +31,14 @@ describe('integration', () => {
            },
        });

+        await got(`${vaultUrl}/v1/secret/data/test-with-dot-char`, {
+            method: 'POST',
+            headers: {
+                'X-Vault-Token': vaultToken,
+            },
+            body: `{"data":{"secret.foo":"SUPERSECRET"}}`
+        });
+
        await got(`${vaultUrl}/v1/secret/data/nested/test`, {
            method: 'POST',
            headers: {
@ -193,6 +201,16 @@ describe('integration', () => {
        expect(core.exportVariable).toBeCalledWith('OTHERSECRETDASH', 'OTHERSUPERSECRET');
    });

+    it('get wildcard secrets with dot char', async () => {
+        mockInput(`secret/data/test-with-dot-char * ;`);
+
+        await exportSecrets();
+
+        expect(core.exportVariable).toBeCalledTimes(1);
+
+        expect(core.exportVariable).toBeCalledWith('SECRET__FOO', 'SUPERSECRET');
+    });
+
    it('get wildcard secrets', async () => {
        mockInput(`secret/data/test * ;`);

--- a/src/secrets.js
+++ b/src/secrets.js
@ -72,8 +72,7 @@ async function getSecrets(secretRequests, client, ignoreNotFound) {
                if (secretRequest.selector === secretRequest.outputVarName) {
                    newRequest.outputVarName = key;
                    newRequest.envVarName = key;
-                }
-                else {
+                } else {
                    newRequest.outputVarName = secretRequest.outputVarName+key;
                    newRequest.envVarName = secretRequest.envVarName+key;
                }
@ -81,6 +80,13 @@ async function getSecrets(secretRequests, client, ignoreNotFound) {
                newRequest.outputVarName = normalizeOutputKey(newRequest.outputVarName);
                newRequest.envVarName = normalizeOutputKey(newRequest.envVarName,true);

+                // JSONata field references containing reserved tokens should
+                // be enclosed in backticks
+                // https://docs.jsonata.org/simple#examples
+                if (key.includes(".")) {
+                    const backtick = '`';
+                    key = backtick.concat(key, backtick);
+                }
                selector = key;

                results = await selectAndAppendResults(