Skip to content

Commit

Permalink
Hashicorp Vault - underscore paths
Browse files Browse the repository at this point in the history
  • Loading branch information
vitalie committed Aug 21, 2023
1 parent 235ae87 commit 808e665
Show file tree
Hide file tree
Showing 4 changed files with 23 additions and 2 deletions.
2 changes: 1 addition & 1 deletion lib/travis/build/addons.rb
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
require 'active_support/core_ext/string/inflections.rb'
require 'active_support/core_ext/string/inflections'
require 'travis/build/addons/apt'
require 'travis/build/addons/apt_packages'
require 'travis/build/addons/apt_retries'
Expand Down
1 change: 1 addition & 0 deletions lib/travis/build/appliances/vault_keys.rb
Original file line number Diff line number Diff line change
@@ -1,3 +1,4 @@
require 'active_support/core_ext/object/blank'
require 'travis/build/appliances/base'
require 'travis/services/vault'

Expand Down
5 changes: 4 additions & 1 deletion lib/travis/services/vault/keys/resolver.rb
Original file line number Diff line number Diff line change
@@ -1,3 +1,6 @@
require 'active_support/core_ext/object/blank'
require 'active_support/core_ext/string/inflections'

module Travis
module Vault
class Keys
Expand Down Expand Up @@ -27,7 +30,7 @@ def call
env_name = key
env_name = [secret_name, env_name].join('_') if true # To-Do: Make the prepend customizable from .travis.yml
env_name = (path.split('/') << env_name).join('_') if false # To-Do: Make the prepend customizable from .travis.yml
export(env_name.upcase, %("#{value}"), echo: false, secure: true)
export(env_name.underscore.upcase, %("#{value}"), echo: false, secure: true)
vault_secrets << value
end
else
Expand Down
17 changes: 17 additions & 0 deletions spec/build/services/vault/keys/resolver_spec.rb
Original file line number Diff line number Diff line change
Expand Up @@ -39,7 +39,24 @@
call
end
end
end

context 'when paths contain unusual chars' do
let(:paths) { %w[path/to/something/secret-thing] }

before do
Travis::Vault::Keys::KV2.stubs(:resolve).with(paths.first, vault).returns({ my_key: 'MySecretValue' })
end

context 'when path returns value from Vault' do
it do
sh.expects(:echo).never
sh.expects(:export).with('SECRET_THING_MY_KEY', %("MySecretValue"), echo: false, secure: true)
data.expects(:vault_secrets=).with(%w[MySecretValue])

call
end
end
end

context 'when path does not returns value from Vault' do
Expand Down

0 comments on commit 808e665

Please sign in to comment.