diff --git a/packages/integration-sdk-runtime/src/execution/__tests__/config.test.ts b/packages/integration-sdk-runtime/src/execution/__tests__/config.test.ts index 03f0e14f..ce914ca7 100644 --- a/packages/integration-sdk-runtime/src/execution/__tests__/config.test.ts +++ b/packages/integration-sdk-runtime/src/execution/__tests__/config.test.ts @@ -20,6 +20,8 @@ afterEach(() => { delete process.env.STRING_VARIABLE; delete process.env.BOOLEAN_VARIABLE; delete process.env.STRING_ARRAY_VARIABLE; + delete process.env.CA_CERTIFICATE; + delete process.env.DISABLE_TLS_VERIFICATION; vol.reset(); }); @@ -108,6 +110,51 @@ test('throws error if expected environment boolean field does not match "true" o ); }); +test('loads CA_CERTIFICATE and DISABLE_TLS_VERIFICATION even when not declared in instanceConfigFields', () => { + process.env.CA_CERTIFICATE = + '-----BEGIN CERTIFICATE-----\nMIIB\n-----END CERTIFICATE-----'; + process.env.DISABLE_TLS_VERIFICATION = 'true'; + + const config = loadConfigFromEnvironmentVariables({}); + + expect(config).toEqual({ + caCertificate: + '-----BEGIN CERTIFICATE-----\nMIIB\n-----END CERTIFICATE-----', + disableTlsVerification: true, + }); +}); + +test('treats CA_CERTIFICATE and DISABLE_TLS_VERIFICATION as optional when env is not set', () => { + const instanceConfigFields: IntegrationInstanceConfigFieldMap< + Record<'stringVariable', IntegrationInstanceConfigField> + > = { + stringVariable: { + type: 'string', + }, + }; + + const config = loadConfigFromEnvironmentVariables(instanceConfigFields); + + expect(config).toEqual({ + stringVariable: 'string', + }); +}); + +test('respects integration-declared caCertificate / disableTlsVerification over implicit defaults', () => { + process.env.CA_CERTIFICATE = 'cert-value'; + const instanceConfigFields: IntegrationInstanceConfigFieldMap< + Record<'caCertificate', IntegrationInstanceConfigField> + > = { + caCertificate: { + type: 'string', + }, + }; + + const config = loadConfigFromEnvironmentVariables(instanceConfigFields); + + expect(config).toEqual({ caCertificate: 'cert-value' }); +}); + test('loads environment variables from .env', () => { vol.fromJSON({ [path.join(process.cwd(), '.env')]: 'MY_ENV_VAR=mochi', diff --git a/packages/integration-sdk-runtime/src/execution/config.ts b/packages/integration-sdk-runtime/src/execution/config.ts index 713a5171..6636e16b 100644 --- a/packages/integration-sdk-runtime/src/execution/config.ts +++ b/packages/integration-sdk-runtime/src/execution/config.ts @@ -11,6 +11,21 @@ import { const dotenvExpand = require('dotenv-expand'); +/** + * Global "agent configurations" that are exposed to every integration whose + * `integrationPlatformFeatures.supportsAgentConfigurations` is enabled. They + * are intentionally NOT required to be declared in `instanceConfigFields` so + * that integrations can opt in without per-integration schema changes. + * + * The values are consumed by `BaseAPIClient.getDefaultAgent()` in + * `@jupiterone/integration-sdk-http-client` and by the equivalent helper in + * `@private/http-client` inside the integrations monorepo. + */ +const IMPLICIT_AGENT_CONFIG_FIELDS: IntegrationInstanceConfigFieldMap = { + caCertificate: { type: 'string', optional: true }, + disableTlsVerification: { type: 'boolean', optional: true }, +}; + /** * Reads integration configuration from environment variables */ @@ -20,7 +35,14 @@ export function loadConfigFromEnvironmentVariables< // pull in environment variables from .env file if available dotenvExpand(dotenv.config()); - return Object.entries(configMap) + // Merge implicit agent-configuration fields without overriding any + // declarations the integration may have already made for the same key. + const mergedConfigMap = { + ...IMPLICIT_AGENT_CONFIG_FIELDS, + ...configMap, + } as IntegrationInstanceConfigFieldMap; + + return Object.entries(mergedConfigMap) .map(([field, config]): [string, string | object | boolean | undefined] => { const environmentVariableName = snakeCase(field).toUpperCase(); diff --git a/packages/integration-sdk-runtime/src/execution/instance.ts b/packages/integration-sdk-runtime/src/execution/instance.ts index 8818e4fa..4f94dd3d 100644 --- a/packages/integration-sdk-runtime/src/execution/instance.ts +++ b/packages/integration-sdk-runtime/src/execution/instance.ts @@ -52,9 +52,13 @@ export function createIntegrationInstanceForLocalExecution( process.env.INTEGRATION_INSTANCE_ACCOUNT_ID || process.env.JUPITERONE_LOCAL_INTEGRATION_INSTANCE_ACCOUNT_ID || LOCAL_INTEGRATION_INSTANCE.accountId, - config: config.instanceConfigFields - ? loadConfigFromEnvironmentVariables(config.instanceConfigFields) - : {}, + // Always call `loadConfigFromEnvironmentVariables` so that the implicit + // agent-configuration fields (caCertificate / disableTlsVerification) are + // picked up from the environment even when an integration does not declare + // any `instanceConfigFields` of its own. + config: loadConfigFromEnvironmentVariables( + config.instanceConfigFields ?? {}, + ), disabledSources: parseDisabledIngestionSourcesFromEnv(), }; }