Skip to content

feat(runtime): always expose caCertificate and disableTlsVerification… #1203

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
gastonyelmini wants to merge 1 commit into
base: main
Choose a base branch
from
+77 −4
Open

feat(runtime): always expose caCertificate and disableTlsVerification… #1203

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
47 changes: 47 additions & 0 deletions packages/integration-sdk-runtime/src/execution/__tests__/config.test.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -20,6 +20,8 @@ afterEach(() => {
delete process.env.STRING_VARIABLE;
delete process.env.BOOLEAN_VARIABLE;
delete process.env.STRING_ARRAY_VARIABLE;
delete process.env.CA_CERTIFICATE;
delete process.env.DISABLE_TLS_VERIFICATION;

vol.reset();
});
Expand Down Expand Up @@ -108,6 +110,51 @@ test('throws error if expected environment boolean field does not match "true" o
);
});

test('loads CA_CERTIFICATE and DISABLE_TLS_VERIFICATION even when not declared in instanceConfigFields', () => {
process.env.CA_CERTIFICATE =
'-----BEGIN CERTIFICATE-----\nMIIB\n-----END CERTIFICATE-----';
process.env.DISABLE_TLS_VERIFICATION = 'true';

const config = loadConfigFromEnvironmentVariables({});

expect(config).toEqual({
caCertificate:
'-----BEGIN CERTIFICATE-----\nMIIB\n-----END CERTIFICATE-----',
disableTlsVerification: true,
});
});

test('treats CA_CERTIFICATE and DISABLE_TLS_VERIFICATION as optional when env is not set', () => {
const instanceConfigFields: IntegrationInstanceConfigFieldMap<
Record<'stringVariable', IntegrationInstanceConfigField>
> = {
stringVariable: {
type: 'string',
},
};

const config = loadConfigFromEnvironmentVariables(instanceConfigFields);

expect(config).toEqual({
stringVariable: 'string',
});
});

test('respects integration-declared caCertificate / disableTlsVerification over implicit defaults', () => {
process.env.CA_CERTIFICATE = 'cert-value';
const instanceConfigFields: IntegrationInstanceConfigFieldMap<
Record<'caCertificate', IntegrationInstanceConfigField>
> = {
caCertificate: {
type: 'string',
},
};

const config = loadConfigFromEnvironmentVariables(instanceConfigFields);

expect(config).toEqual({ caCertificate: 'cert-value' });
});

test('loads environment variables from .env', () => {
vol.fromJSON({
[path.join(process.cwd(), '.env')]: 'MY_ENV_VAR=mochi',
Expand Down
24 changes: 23 additions & 1 deletion packages/integration-sdk-runtime/src/execution/config.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -11,6 +11,21 @@ import {

const dotenvExpand = require('dotenv-expand');

/**
* Global "agent configurations" that are exposed to every integration whose
* `integrationPlatformFeatures.supportsAgentConfigurations` is enabled. They
* are intentionally NOT required to be declared in `instanceConfigFields` so
* that integrations can opt in without per-integration schema changes.
*
* The values are consumed by `BaseAPIClient.getDefaultAgent()` in
* `@jupiterone/integration-sdk-http-client` and by the equivalent helper in
* `@private/http-client` inside the integrations monorepo.
*/
const IMPLICIT_AGENT_CONFIG_FIELDS: IntegrationInstanceConfigFieldMap = {
caCertificate: { type: 'string', optional: true },
disableTlsVerification: { type: 'boolean', optional: true },
};

/**
* Reads integration configuration from environment variables
*/
Expand All @@ -20,7 +35,14 @@ export function loadConfigFromEnvironmentVariables<
// pull in environment variables from .env file if available
dotenvExpand(dotenv.config());

return Object.entries(configMap)
// Merge implicit agent-configuration fields without overriding any
// declarations the integration may have already made for the same key.
const mergedConfigMap = {
...IMPLICIT_AGENT_CONFIG_FIELDS,
...configMap,
} as IntegrationInstanceConfigFieldMap<TConfig>;

return Object.entries(mergedConfigMap)
.map(([field, config]): [string, string | object | boolean | undefined] => {
const environmentVariableName = snakeCase(field).toUpperCase();

Expand Down
10 changes: 7 additions & 3 deletions packages/integration-sdk-runtime/src/execution/instance.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -52,9 +52,13 @@ export function createIntegrationInstanceForLocalExecution(
process.env.INTEGRATION_INSTANCE_ACCOUNT_ID ||
process.env.JUPITERONE_LOCAL_INTEGRATION_INSTANCE_ACCOUNT_ID ||
LOCAL_INTEGRATION_INSTANCE.accountId,
config: config.instanceConfigFields
? loadConfigFromEnvironmentVariables(config.instanceConfigFields)
: {},
// Always call `loadConfigFromEnvironmentVariables` so that the implicit
// agent-configuration fields (caCertificate / disableTlsVerification) are
// picked up from the environment even when an integration does not declare
// any `instanceConfigFields` of its own.
config: loadConfigFromEnvironmentVariables(
config.instanceConfigFields ?? {},
),
disabledSources: parseDisabledIngestionSourcesFromEnv(),
};
}
Loading