Skip to content

Commit

Permalink
Merge branch 'main' into nicoleta/NET-9235/migrate-off-macOS
Browse files Browse the repository at this point in the history
  • Loading branch information
@NicoletaPopoviciu
NicoletaPopoviciu committed Jul 10, 2024
2 parents 9d2d610 + d77ed64 commit 4068100
Show file tree
Hide file tree
Showing 3 changed files with 60 additions and 12 deletions.
10 changes: 5 additions & 5 deletions .github/workflows/build.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -59,7 +59,7 @@ jobs:
version: ${{ needs.get-product-version.outputs.product-version }}
product: ${{ env.PKG_NAME }}
repositoryOwner: "hashicorp"
- uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3
- uses: actions/upload-artifact@0b2256b8c012f0828dc542b3febcab082c67f72b # v4.3.4
with:
name: metadata.json
path: ${{ steps.generate-metadata-file.outputs.filepath }}
Expand Down Expand Up @@ -104,7 +104,7 @@ jobs:
go build -o dist/ -ldflags "-s -w -X $(go list -m)/version.GitCommit=$(git rev-parse --short HEAD)" .
zip -r -j out/${{ env.PKG_NAME }}_${{ needs.get-product-version.outputs.product-version }}_${{ matrix.goos }}_${{ matrix.goarch }}.zip dist/
- uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3
- uses: actions/upload-artifact@0b2256b8c012f0828dc542b3febcab082c67f72b # v4.3.4
with:
name: ${{ env.PKG_NAME }}_${{ needs.get-product-version.outputs.product-version }}_${{ matrix.goos }}_${{ matrix.goarch }}.zip
path: out/${{ env.PKG_NAME }}_${{ needs.get-product-version.outputs.product-version }}_${{ matrix.goos }}_${{ matrix.goarch }}.zip
Expand Down Expand Up @@ -147,7 +147,7 @@ jobs:
go build -o dist/ -ldflags "-s -w -X $(go list -m)/version.GitCommit=$(git rev-parse --short HEAD)" .
zip -r -j out/${{ env.PKG_NAME }}_${{ needs.get-product-version.outputs.product-version }}_${{ matrix.goos }}_${{ matrix.goarch }}.zip dist/
- uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3
- uses: actions/upload-artifact@0b2256b8c012f0828dc542b3febcab082c67f72b # v4.3.4
with:
name: ${{ env.PKG_NAME }}_${{ needs.get-product-version.outputs.product-version }}_${{ matrix.goos }}_${{ matrix.goarch }}.zip
path: out/${{ env.PKG_NAME }}_${{ needs.get-product-version.outputs.product-version }}_${{ matrix.goos }}_${{ matrix.goarch }}.zip
Expand Down Expand Up @@ -182,13 +182,13 @@ jobs:
echo "RPM_PACKAGE=$(basename out/*.rpm)" >> $GITHUB_ENV
echo "DEB_PACKAGE=$(basename out/*.deb)" >> $GITHUB_ENV
- uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3
- uses: actions/upload-artifact@0b2256b8c012f0828dc542b3febcab082c67f72b # v4.3.4
if: ${{ matrix.goos == 'linux' }}
with:
name: ${{ env.RPM_PACKAGE }}
path: out/${{ env.RPM_PACKAGE }}

- uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3
- uses: actions/upload-artifact@0b2256b8c012f0828dc542b3febcab082c67f72b # v4.3.4
if: ${{ matrix.goos == 'linux' }}
with:
name: ${{ env.DEB_PACKAGE }}
Expand Down
57 changes: 52 additions & 5 deletions dependency/vault_pki.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -21,11 +21,40 @@ import (
var _ Dependency = (*VaultPKIQuery)(nil)

// Return type containing PEMs as strings
type PemEncoded struct{ Cert, Key, CA string }
type PemEncoded struct {
Cert, Key, CA string
CAChain []string
}

func (a PemEncoded) Equals(b PemEncoded) bool {
if a.CA != b.CA || a.Cert != b.Cert || a.Key != b.Key {
return false
}

if len(a.CAChain) != len(b.CAChain) {
return false
}

for i, v := range a.CAChain {
if v != b.CAChain[i] {
return false
}
}
return true
}

func (a PemEncoded) CaChainContains(item string) bool {
for _, v := range a.CAChain {
if v == item {
return true
}
}
return false
}

// a wrapper to mimic v2 secrets Data wrapper
func (p PemEncoded) Data() PemEncoded {
return p
func (a PemEncoded) Data() PemEncoded {
return a
}

// VaultPKIQuery is the dependency to Vault for a secret
Expand Down Expand Up @@ -152,10 +181,12 @@ func pemsCert(encoded []byte) (PemEncoded, *x509.Certificate, error) {
var cert *x509.Certificate
var encPems PemEncoded
var aPem []byte

for {
aPem, encoded = nextPem(encoded)
// scan, find and parse PEM blocks
block, _ = pem.Decode(aPem)

switch {
case block == nil: // end of scan, no more PEMs found
return encPems, cert, nil
Expand All @@ -170,7 +201,13 @@ func pemsCert(encoded []byte) (PemEncoded, *x509.Certificate, error) {
case err != nil:
return PemEncoded{}, nil, err
case maybeCert.IsCA:
encPems.CA = string(pem.EncodeToMemory(block))
if encPems.CA == "" {
// set the first CA found to CA to be backward compatible
encPems.CA = string(pem.EncodeToMemory(block))
}
if !encPems.CaChainContains(string(pem.EncodeToMemory(block))) {
encPems.CAChain = append(encPems.CAChain, string(pem.EncodeToMemory(block)))
}
default: // the certificate
cert = maybeCert
encPems.Cert = string(pem.EncodeToMemory(block))
Expand Down Expand Up @@ -205,10 +242,20 @@ func (d *VaultPKIQuery) fetchPEMs(clients *ClientSet) ([]byte, error) {
}
printVaultWarnings(d, vaultSecret.Warnings)
pems := bytes.Buffer{}
for _, v := range vaultSecret.Data {

for k, v := range vaultSecret.Data {
switch v := v.(type) {
case string:
pems.WriteString(v + "\n")
case []interface{}:
if k == "ca_chain" {
for _, item := range v {
switch item := item.(type) {
case string:
pems.WriteString(item + "\n")
}
}
}
}
}

Expand Down
5 changes: 3 additions & 2 deletions dependency/vault_pki_test.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -238,7 +238,8 @@ func Test_VaultPKI_refetch(t *testing.T) {
t.Fatalf("expected a pems but found: %s", pems2)
}
// using cached copy, so should be a match
if pems1 != pems2 {

if !pems1.Equals(pems2) {
t.Errorf("pemss don't match and should.")
}

Expand All @@ -261,7 +262,7 @@ func Test_VaultPKI_refetch(t *testing.T) {
t.Fatalf("expected a pems but found: %s", pems2)
}

if pems2 == pems3 {
if pems2.Equals(pems3) {
t.Errorf("pemss match and shouldn't.")
}
}
Expand Down

0 comments on commit 4068100

Please sign in to comment.