13
0
Fork 0
mirror of https://github.com/hashicorp/vault-action.git synced 2026-07-01 15:09:33 +00:00

Fix optional PKI ca_chain handling

This commit is contained in:
kiwigitops 2026-06-12 17:49:29 -04:00
parent 892a26828f
commit f09e06dd3b
3 changed files with 101 additions and 5 deletions

10
dist/index.js vendored
View file

@ -19069,7 +19069,7 @@ const outputMap = {
cert: { key: 'certificate', tx: (v) => v },
key: { key: 'private_key', tx: (v) => v },
ca: { key: 'issuing_ca', tx: (v) => v },
ca_chain: { key: 'ca_chain', tx: (v) => v.join('\n') },
ca_chain: { key: 'ca_chain', tx: (v) => v.join('\n'), optional: true },
};
/**
@ -19118,7 +19118,12 @@ async function getCertificates(pkiRequests, client) {
core.info(`✔ Successfully generated certificate (serial number ${body.data.serial_number})`);
Object.entries(outputMap).forEach(([key, value]) => {
const val = value.tx(body.data[value.key]);
const rawValue = body.data[value.key];
if (value.optional && rawValue == null) {
return;
}
const val = value.tx(rawValue);
results.push({
request: {
...pkiRequest,
@ -19138,6 +19143,7 @@ module.exports = {
getCertificates,
};
/***/ }),
/***/ 8452:

View file

@ -11,7 +11,7 @@ const outputMap = {
cert: { key: 'certificate', tx: (v) => v },
key: { key: 'private_key', tx: (v) => v },
ca: { key: 'issuing_ca', tx: (v) => v },
ca_chain: { key: 'ca_chain', tx: (v) => v.join('\n') },
ca_chain: { key: 'ca_chain', tx: (v) => v.join('\n'), optional: true },
};
/**
@ -60,7 +60,12 @@ async function getCertificates(pkiRequests, client) {
core.info(`✔ Successfully generated certificate (serial number ${body.data.serial_number})`);
Object.entries(outputMap).forEach(([key, value]) => {
const val = value.tx(body.data[value.key]);
const rawValue = body.data[value.key];
if (value.optional && rawValue == null) {
return;
}
const val = value.tx(rawValue);
results.push({
request: {
...pkiRequest,
@ -78,4 +83,4 @@ async function getCertificates(pkiRequests, client) {
module.exports = {
getCertificates,
};
};

85
src/pki.test.js Normal file
View file

@ -0,0 +1,85 @@
/**
* Copyright IBM Corp. 2019, 2026
* SPDX-License-Identifier: MIT
*/
jest.mock('@actions/core');
const { getCertificates } = require('./pki');
describe('getCertificates', () => {
const pkiRequest = {
path: 'pki/issue/Test',
parameters: { common_name: 'test', ttl: '1h' },
envVarName: 'TEST',
outputVarName: 'test',
};
it('omits ca_chain output when Vault does not return one', async () => {
const client = {
post: jest.fn().mockResolvedValue({
body: JSON.stringify({
data: {
certificate: 'cert',
private_key: 'key',
issuing_ca: 'ca',
serial_number: '01:02',
},
}),
}),
};
const results = await getCertificates([pkiRequest], client);
expect(results).toEqual([
expect.objectContaining({
request: expect.objectContaining({
envVarName: 'TEST_CERT',
outputVarName: 'test_cert',
}),
value: 'cert',
}),
expect.objectContaining({
request: expect.objectContaining({
envVarName: 'TEST_KEY',
outputVarName: 'test_key',
}),
value: 'key',
}),
expect.objectContaining({
request: expect.objectContaining({
envVarName: 'TEST_CA',
outputVarName: 'test_ca',
}),
value: 'ca',
}),
]);
});
it('joins ca_chain output when Vault returns one', async () => {
const client = {
post: jest.fn().mockResolvedValue({
body: JSON.stringify({
data: {
certificate: 'cert',
private_key: 'key',
issuing_ca: 'ca',
ca_chain: ['root', 'intermediate'],
serial_number: '01:02',
},
}),
}),
};
const results = await getCertificates([pkiRequest], client);
expect(results).toHaveLength(4);
expect(results[3]).toEqual(expect.objectContaining({
request: expect.objectContaining({
envVarName: 'TEST_CA_CHAIN',
outputVarName: 'test_ca_chain',
}),
value: 'root\nintermediate',
}));
});
});