Fix X509 secret generation for v4.x Autoscaler Kit

[Bug Fixes] * The upstream cf-app-autoscaler does not specify alternative names for the certificate, so we need to use the common name as the only alternative name. * Fixes issue when generating a self-signed certificate, the CA certificate was not being returned.
genesis-community · Sep 7, 2024 · f1d5e6f · f1d5e6f
1 parent 89976ab
commit f1d5e6f
Show file tree

Hide file tree

Showing 2 changed files with 10 additions and 3 deletions.
diff --git a/lib/Genesis/Env/Secrets/Parser/FromManifest.pm b/lib/Genesis/Env/Secrets/Parser/FromManifest.pm
@@ -113,15 +113,19 @@ sub _parse_certificate {
 
 	my @names = @{$opts{options}{alternative_names}//[]};
 
-	# Special Case v2.0.x CF Kit
-	if ($self->env->kit->id =~ /^cf\/2.0/) {
+	# Special Case v2.0.x CF Kit and v4.x Autoscaler Kit
+	if ($self->env->kit->id =~ /^cf\/2\.0\./) {
 		if ($path eq 'nats_server_cert') {
 			@names = (
 				"nats.service.cf.internal",
 				"*.nats.service.cf.internal"
 			)
 		}
 
+		my $subject_cn = $opts{options}{common_name};
+		push @names, $subject_cn
+			if (!scalar(@names) && $subject_cn);
+	} elsif ($self->env->kit->id =~ /^cf-app-autoscaler\/4\./) {
 		my $subject_cn = $opts{options}{common_name};
 		push @names, $subject_cn
 			if (!scalar(@names) && $subject_cn);

diff --git a/lib/Genesis/Secret/X509.pm b/lib/Genesis/Secret/X509.pm
@@ -99,8 +99,11 @@ sub vault_operator {
 	} elsif ($key eq 'private_key' || $key eq 'key') {
 		$path .= ':key';
 	} elsif ($key eq 'ca') {
+		if ($self->get('self_signed')) {
+			return $self->vault_operator('certificate')
+		}
 		my $ca_path = $self->get('signed_by');
-		if ($ca_path =~ /^\//) {
+		if ($ca_path && $ca_path =~ /^\//) {
 			$path = "$ca_path:certificate"
 		} else {
 			return $self->ca->vault_operator('certificate')