From f09e06dd3b18c035bc88c46c01b6be673083c959 Mon Sep 17 00:00:00 2001 From: kiwigitops Date: Fri, 12 Jun 2026 17:49:29 -0400 Subject: [PATCH] Fix optional PKI ca_chain handling --- dist/index.js | 10 ++++-- src/pki.js | 11 +++++-- src/pki.test.js | 85 +++++++++++++++++++++++++++++++++++++++++++++++++ 3 files changed, 101 insertions(+), 5 deletions(-) create mode 100644 src/pki.test.js diff --git a/dist/index.js b/dist/index.js index 6b7b632..8a41469 100644 --- a/dist/index.js +++ b/dist/index.js @@ -19069,7 +19069,7 @@ const outputMap = { cert: { key: 'certificate', tx: (v) => v }, key: { key: 'private_key', tx: (v) => v }, ca: { key: 'issuing_ca', tx: (v) => v }, - ca_chain: { key: 'ca_chain', tx: (v) => v.join('\n') }, + ca_chain: { key: 'ca_chain', tx: (v) => v.join('\n'), optional: true }, }; /** @@ -19118,7 +19118,12 @@ async function getCertificates(pkiRequests, client) { core.info(`✔ Successfully generated certificate (serial number ${body.data.serial_number})`); Object.entries(outputMap).forEach(([key, value]) => { - const val = value.tx(body.data[value.key]); + const rawValue = body.data[value.key]; + if (value.optional && rawValue == null) { + return; + } + + const val = value.tx(rawValue); results.push({ request: { ...pkiRequest, @@ -19138,6 +19143,7 @@ module.exports = { getCertificates, }; + /***/ }), /***/ 8452: diff --git a/src/pki.js b/src/pki.js index fdf3bf7..792912f 100644 --- a/src/pki.js +++ b/src/pki.js @@ -11,7 +11,7 @@ const outputMap = { cert: { key: 'certificate', tx: (v) => v }, key: { key: 'private_key', tx: (v) => v }, ca: { key: 'issuing_ca', tx: (v) => v }, - ca_chain: { key: 'ca_chain', tx: (v) => v.join('\n') }, + ca_chain: { key: 'ca_chain', tx: (v) => v.join('\n'), optional: true }, }; /** @@ -60,7 +60,12 @@ async function getCertificates(pkiRequests, client) { core.info(`✔ Successfully generated certificate (serial number ${body.data.serial_number})`); Object.entries(outputMap).forEach(([key, value]) => { - const val = value.tx(body.data[value.key]); + const rawValue = body.data[value.key]; + if (value.optional && rawValue == null) { + return; + } + + const val = value.tx(rawValue); results.push({ request: { ...pkiRequest, @@ -78,4 +83,4 @@ async function getCertificates(pkiRequests, client) { module.exports = { getCertificates, -}; \ No newline at end of file +}; diff --git a/src/pki.test.js b/src/pki.test.js new file mode 100644 index 0000000..884696a --- /dev/null +++ b/src/pki.test.js @@ -0,0 +1,85 @@ +/** + * Copyright IBM Corp. 2019, 2026 + * SPDX-License-Identifier: MIT + */ + +jest.mock('@actions/core'); + +const { getCertificates } = require('./pki'); + +describe('getCertificates', () => { + const pkiRequest = { + path: 'pki/issue/Test', + parameters: { common_name: 'test', ttl: '1h' }, + envVarName: 'TEST', + outputVarName: 'test', + }; + + it('omits ca_chain output when Vault does not return one', async () => { + const client = { + post: jest.fn().mockResolvedValue({ + body: JSON.stringify({ + data: { + certificate: 'cert', + private_key: 'key', + issuing_ca: 'ca', + serial_number: '01:02', + }, + }), + }), + }; + + const results = await getCertificates([pkiRequest], client); + + expect(results).toEqual([ + expect.objectContaining({ + request: expect.objectContaining({ + envVarName: 'TEST_CERT', + outputVarName: 'test_cert', + }), + value: 'cert', + }), + expect.objectContaining({ + request: expect.objectContaining({ + envVarName: 'TEST_KEY', + outputVarName: 'test_key', + }), + value: 'key', + }), + expect.objectContaining({ + request: expect.objectContaining({ + envVarName: 'TEST_CA', + outputVarName: 'test_ca', + }), + value: 'ca', + }), + ]); + }); + + it('joins ca_chain output when Vault returns one', async () => { + const client = { + post: jest.fn().mockResolvedValue({ + body: JSON.stringify({ + data: { + certificate: 'cert', + private_key: 'key', + issuing_ca: 'ca', + ca_chain: ['root', 'intermediate'], + serial_number: '01:02', + }, + }), + }), + }; + + const results = await getCertificates([pkiRequest], client); + + expect(results).toHaveLength(4); + expect(results[3]).toEqual(expect.objectContaining({ + request: expect.objectContaining({ + envVarName: 'TEST_CA_CHAIN', + outputVarName: 'test_ca_chain', + }), + value: 'root\nintermediate', + })); + }); +});