Hashicorp Vault - underscore paths

vitalie · vitalie · commit 808e66557535 · 2023-08-21T11:48:47.000+03:00
diff --git a/lib/travis/build/addons.rb b/lib/travis/build/addons.rb
@@ -1,4 +1,4 @@
-require 'active_support/core_ext/string/inflections.rb'
+require 'active_support/core_ext/string/inflections'
 require 'travis/build/addons/apt'
 require 'travis/build/addons/apt_packages'
 require 'travis/build/addons/apt_retries'
diff --git a/lib/travis/build/appliances/vault_keys.rb b/lib/travis/build/appliances/vault_keys.rb
@@ -1,3 +1,4 @@
+require 'active_support/core_ext/object/blank'
 require 'travis/build/appliances/base'
 require 'travis/services/vault'
 
diff --git a/lib/travis/services/vault/keys/resolver.rb b/lib/travis/services/vault/keys/resolver.rb
@@ -1,3 +1,6 @@
+require 'active_support/core_ext/object/blank'
+require 'active_support/core_ext/string/inflections'
+
 module Travis
   module Vault
     class Keys
@@ -27,7 +30,7 @@ def call
                 env_name = key
                 env_name = [secret_name, env_name].join('_') if true # To-Do: Make the prepend customizable from .travis.yml
                 env_name = (path.split('/') << env_name).join('_') if false # To-Do: Make the prepend customizable from .travis.yml
-                export(env_name.upcase, %("#{value}"), echo: false, secure: true)
+                export(env_name.underscore.upcase, %("#{value}"), echo: false, secure: true)
                 vault_secrets << value
               end
             else
diff --git a/spec/build/services/vault/keys/resolver_spec.rb b/spec/build/services/vault/keys/resolver_spec.rb
@@ -39,7 +39,24 @@
           call
         end
       end
+    end
+
+    context 'when paths contain unusual chars' do
+      let(:paths) { %w[path/to/something/secret-thing] }
+
+      before do
+        Travis::Vault::Keys::KV2.stubs(:resolve).with(paths.first, vault).returns({ my_key: 'MySecretValue' })
+      end
+
+      context 'when path returns value from Vault' do
+        it do
+          sh.expects(:echo).never
+          sh.expects(:export).with('SECRET_THING_MY_KEY', %("MySecretValue"), echo: false, secure: true)
+          data.expects(:vault_secrets=).with(%w[MySecretValue])
 
+          call
+        end
+      end
     end
 
     context 'when path does not returns value from Vault' do

Original file line number	Diff line number	Diff line change
`@@ -1,4 +1,4 @@`
`1`		`-require 'active_support/core_ext/string/inflections.rb'`
	`1`	`+require 'active_support/core_ext/string/inflections'`
`2`	`2`	`require 'travis/build/addons/apt'`
`3`	`3`	`require 'travis/build/addons/apt_packages'`
`4`	`4`	`require 'travis/build/addons/apt_retries'`
Original file line number	Diff line number	Diff line change
`@@ -1,3 +1,4 @@`
	`1`	`+require 'active_support/core_ext/object/blank'`
`1`	`2`	`require 'travis/build/appliances/base'`
`2`	`3`	`require 'travis/services/vault'`
`3`	`4`