From 4a7436f9109acca420fe1e1fcf6e04deaa35f363 Mon Sep 17 00:00:00 2001
From: vitalie <vitalie@travis-ci.org>
Date: Mon, 21 Aug 2023 11:39:12 +0300
Subject: [PATCH] Hashicorp Vault - underscore paths

---
 lib/travis/build/addons.rb                      |  2 +-
 lib/travis/build/appliances/vault_keys.rb       |  1 +
 lib/travis/services/vault/keys/resolver.rb      |  5 ++++-
 spec/build/services/vault/keys/resolver_spec.rb | 17 +++++++++++++++++
 4 files changed, 23 insertions(+), 2 deletions(-)

diff --git a/lib/travis/build/addons.rb b/lib/travis/build/addons.rb
index 26db9b7ab6..c300e5b3b9 100644
--- a/lib/travis/build/addons.rb
+++ b/lib/travis/build/addons.rb
@@ -1,4 +1,4 @@
-require 'active_support/core_ext/string/inflections.rb'
+require 'active_support/core_ext/string/inflections'
 require 'travis/build/addons/apt'
 require 'travis/build/addons/apt_packages'
 require 'travis/build/addons/apt_retries'
diff --git a/lib/travis/build/appliances/vault_keys.rb b/lib/travis/build/appliances/vault_keys.rb
index 4f7f6b7eef..047b88e710 100644
--- a/lib/travis/build/appliances/vault_keys.rb
+++ b/lib/travis/build/appliances/vault_keys.rb
@@ -1,3 +1,4 @@
+require 'active_support/core_ext/object/blank'
 require 'travis/build/appliances/base'
 require 'travis/services/vault'
 
diff --git a/lib/travis/services/vault/keys/resolver.rb b/lib/travis/services/vault/keys/resolver.rb
index bb0c82e1a0..e0d91e5679 100644
--- a/lib/travis/services/vault/keys/resolver.rb
+++ b/lib/travis/services/vault/keys/resolver.rb
@@ -1,3 +1,6 @@
+require 'active_support/core_ext/object/blank'
+require 'active_support/core_ext/string/inflections'
+
 module Travis
   module Vault
     class Keys
@@ -27,7 +30,7 @@ def call
                 env_name = key
                 env_name = [secret_name, env_name].join('_') if true # To-Do: Make the prepend customizable from .travis.yml
                 env_name = (path.split('/') << env_name).join('_') if false # To-Do: Make the prepend customizable from .travis.yml
-                export(env_name.upcase, %("#{value}"), echo: false, secure: true)
+                export(env_name.underscore.upcase, %("#{value}"), echo: false, secure: true)
                 vault_secrets << value
               end
             else
diff --git a/spec/build/services/vault/keys/resolver_spec.rb b/spec/build/services/vault/keys/resolver_spec.rb
index ad0489ad24..400466f14d 100644
--- a/spec/build/services/vault/keys/resolver_spec.rb
+++ b/spec/build/services/vault/keys/resolver_spec.rb
@@ -39,7 +39,24 @@
           call
         end
       end
+    end
+
+    context 'when paths contain unusual chars' do
+      let(:paths) { %w[path/to/something/secret-thing] }
+
+      before do
+        Travis::Vault::Keys::KV2.stubs(:resolve).with(paths.first, vault).returns({ my_key: 'MySecretValue' })
+      end
+
+      context 'when path returns value from Vault' do
+        it do
+          sh.expects(:echo).never
+          sh.expects(:export).with('SECRET_THING_MY_KEY', %("MySecretValue"), echo: false, secure: true)
+          data.expects(:vault_secrets=).with(%w[MySecretValue])
 
+          call
+        end
+      end
     end
 
     context 'when path does not returns value from Vault' do