Support custom general purpose vault credentials without prefix. (#3779)

Co-authored-by: Anil Keshav <anil.keshav@sap.com>
2025-10-30 23:57:50 +02:00 · 2022-06-27 09:24:52 +02:00
parent 78cf40799e
commit 1cb1a203cb
2 changed files with 35 additions and 32 deletions
--- a/pkg/config/vault.go
+++ b/pkg/config/vault.go
@@ -272,7 +272,7 @@ func populateCredentialsAsEnvs(config *StepConfig, secret map[string]string, key
 	vaultCredentialEnvPrefix, ok := config.Config["vaultCredentialEnvPrefix"].(string)
 	isCredentialEnvPrefixDefault := false

-	if !ok || len(vaultCredentialEnvPrefix) == 0 {
+	if !ok {
 		vaultCredentialEnvPrefix = vaultCredentialEnvPrefixDefault
 		isCredentialEnvPrefixDefault = true
 	}
--- a/pkg/config/vault_test.go
+++ b/pkg/config/vault_test.go
@@ -255,41 +255,44 @@ func TestResolveVaultTestCredentials(t *testing.T) {
 		}
 	})

-	t.Run("Custom general purpose credential prefix along with fixed standard prefix", func(t *testing.T) {
-		t.Parallel()
-		// init
-		vaultMock := &mocks.VaultMock{}
-		envPrefix := "CUSTOM_MYCRED_"
-		standardEnvPrefix := "PIPER_VAULTCREDENTIAL_"
-		stepConfig := StepConfig{Config: map[string]interface{}{
-			"vaultPath":                "team1",
-			"vaultCredentialPath":      "appCredentials",
-			"vaultCredentialKeys":      []interface{}{"appUser", "appUserPw"},
-			"vaultCredentialEnvPrefix": envPrefix,
-		}}
+	// Test empty and non-empty custom general purpose credential prefix
+	envPrefixes := []string{"CUSTOM_MYCRED_", ""}
+	for _, envPrefix := range envPrefixes {
+		t.Run("Custom general purpose credential prefix along with fixed standard prefix", func(t *testing.T) {
+			t.Parallel()
+			// init
+			vaultMock := &mocks.VaultMock{}
+			standardEnvPrefix := "PIPER_VAULTCREDENTIAL_"
+			stepConfig := StepConfig{Config: map[string]interface{}{
+				"vaultPath":                "team1",
+				"vaultCredentialPath":      "appCredentials",
+				"vaultCredentialKeys":      []interface{}{"appUser", "appUserPw"},
+				"vaultCredentialEnvPrefix": envPrefix,
+			}}

-		defer os.Unsetenv("CUSTOM_MYCRED_APPUSER")
-		defer os.Unsetenv("CUSTOM_MYCRED_APPUSERPW")
-		defer os.Unsetenv("PIPER_VAULTCREDENTIAL_APPUSER")
-		defer os.Unsetenv("PIPER_VAULTCREDENTIAL_APPUSERPW")
+			defer os.Unsetenv(envPrefix + "APPUSER")
+			defer os.Unsetenv(envPrefix + "APPUSERPW")
+			defer os.Unsetenv("PIPER_VAULTCREDENTIAL_APPUSER")
+			defer os.Unsetenv("PIPER_VAULTCREDENTIAL_APPUSERPW")

-		// mock
-		vaultData := map[string]string{"appUser": "test-user", "appUserPw": "password1234"}
-		vaultMock.On("GetKvSecret", "team1/appCredentials").Return(vaultData, nil)
+			// mock
+			vaultData := map[string]string{"appUser": "test-user", "appUserPw": "password1234"}
+			vaultMock.On("GetKvSecret", "team1/appCredentials").Return(vaultData, nil)

-		// test
-		resolveVaultCredentials(&stepConfig, vaultMock)
+			// test
+			resolveVaultCredentials(&stepConfig, vaultMock)

-		// assert
-		for k, v := range vaultData {
-			env := envPrefix + strings.ToUpper(k)
-			assert.NotEmpty(t, os.Getenv(env))
-			assert.Equal(t, os.Getenv(env), v)
-			standardEnv := standardEnvPrefix + strings.ToUpper(k)
-			assert.NotEmpty(t, os.Getenv(standardEnv))
-			assert.Equal(t, os.Getenv(standardEnv), v)
-		}
-	})
+			// assert
+			for k, v := range vaultData {
+				env := envPrefix + strings.ToUpper(k)
+				assert.NotEmpty(t, os.Getenv(env))
+				assert.Equal(t, os.Getenv(env), v)
+				standardEnv := standardEnvPrefix + strings.ToUpper(k)
+				assert.NotEmpty(t, os.Getenv(standardEnv))
+				assert.Equal(t, os.Getenv(standardEnv), v)
+			}
+		})
+	}

 	t.Run("Custom test credential prefix", func(t *testing.T) {
 		t.Parallel()