add missing key `bound_cidrs` in pathCertRead Response (#6080)

builtin/credential/cert/backend_test.go

@@ -3,6 +3,7 @@ package cert
 import (
 	"context"
 	"crypto/rand"
+	"github.com/hashicorp/go-sockaddr"
 	"net/http"
 
 	"golang.org/x/net/http2"
@@ -1200,6 +1201,7 @@ func TestBackend_validCIDR(t *testing.T) {
 	}
 
 	name := "web"
+	boundCIDRs := []string{"127.0.0.1", "128.252.0.0/16"}
 
 	addCertReq := &logical.Request{
 		Operation: logical.UpdateOperation,
@@ -1211,7 +1213,7 @@ func TestBackend_validCIDR(t *testing.T) {
 			"allowed_names":       "",
 			"required_extensions": "",
 			"lease":               1000,
-			"bound_cidrs":         []string{"127.0.0.1/32", "128.252.0.0/16"},
+			"bound_cidrs":         boundCIDRs,
 		},
 		Storage:    storage,
 		Connection: &logical.Connection{ConnState: &connState},
@@ -1222,6 +1224,21 @@ func TestBackend_validCIDR(t *testing.T) {
 		t.Fatal(err)
 	}
 
+	readCertReq := &logical.Request{
+		Operation: logical.ReadOperation,
+		Path:      "certs/" + name,
+		Storage:    storage,
+		Connection: &logical.Connection{ConnState: &connState},
+	}
+
+	readResult, err := b.HandleRequest(context.Background(), readCertReq)
+	cidrsResult := readResult.Data["bound_cidrs"].([]*sockaddr.SockAddrMarshaler)
+
+	if cidrsResult[0].String() != boundCIDRs[0] ||
+		cidrsResult[1].String() != boundCIDRs[1] {
+			t.Fatalf("bound_cidrs couldn't be set correctly, EXPECTED: %v, ACTUAL: %v", boundCIDRs, cidrsResult)
+	}
+
 	loginReq := &logical.Request{
 		Operation:       logical.UpdateOperation,
 		Path:            "login",

builtin/credential/cert/path_certs.go

@@ -198,6 +198,7 @@ func (b *backend) pathCertRead(ctx context.Context, req *logical.Request, d *fra
 			"allowed_uri_sans":             cert.AllowedURISANs,
 			"allowed_organizational_units": cert.AllowedOrganizationalUnits,
 			"required_extensions":          cert.RequiredExtensions,
+			"bound_cidrs": 					cert.BoundCIDRs,
 		},
 	}, nil
 }