From d0981f8a834c4590042cf29a550acae21df3eedf Mon Sep 17 00:00:00 2001
From: Chad Wilson <chadw@thoughtworks.com>
Date: Sun, 7 Jan 2024 00:27:46 +0800
Subject: [PATCH] Treat blank CA Cert data as null

The Kubernetes Client appears to treat these differently. If using a null cert it appears it willm either fall back to trusting all certs or (more likely) using an auto-configured cert it finds within the pod from the service account auto mount files.

Currently there are weird inconsistencies as after you edit the config or restart the server it can set an empty string which starts causing validation failures talking to the API.
---
 .../kubernetes/models/SecretConfig.java       |  2 +-
 .../kubernetes/models/SecretConfigTest.java   | 22 +++++++++++++++++++
 2 files changed, 23 insertions(+), 1 deletion(-)
 create mode 100644 src/test/java/cd/go/contrib/secrets/kubernetes/models/SecretConfigTest.java

diff --git a/src/main/java/cd/go/contrib/secrets/kubernetes/models/SecretConfig.java b/src/main/java/cd/go/contrib/secrets/kubernetes/models/SecretConfig.java
index 1af5860..707d7fa 100644
--- a/src/main/java/cd/go/contrib/secrets/kubernetes/models/SecretConfig.java
+++ b/src/main/java/cd/go/contrib/secrets/kubernetes/models/SecretConfig.java
@@ -61,7 +61,7 @@ public String getSecurityToken() {
     }
 
     public String getClusterCACertData() {
-        return clusterCACertData;
+        return clusterCACertData != null && clusterCACertData.isBlank() ? null : clusterCACertData;
     }
 
     public String getNamespace() {
diff --git a/src/test/java/cd/go/contrib/secrets/kubernetes/models/SecretConfigTest.java b/src/test/java/cd/go/contrib/secrets/kubernetes/models/SecretConfigTest.java
new file mode 100644
index 0000000..a6114b6
--- /dev/null
+++ b/src/test/java/cd/go/contrib/secrets/kubernetes/models/SecretConfigTest.java
@@ -0,0 +1,22 @@
+package cd.go.contrib.secrets.kubernetes.models;
+
+import cd.go.plugin.base.GsonTransformer;
+import org.junit.jupiter.api.Test;
+
+import java.util.HashMap;
+import java.util.Map;
+
+import static org.assertj.core.api.Assertions.assertThat;
+
+class SecretConfigTest {
+
+    @Test
+    public void shouldConsiderBlankCertAsNull() {
+        final Map<String, Object> settings = new HashMap<>();
+        settings.put("kubernetes_cluster_ca_cert", "   ");
+
+        SecretConfig config = GsonTransformer.fromJson(GsonTransformer.toJson(settings), SecretConfig.class);
+
+        assertThat(config.getClusterCACertData()).isNull();
+    }
+}
\ No newline at end of file