[Bug] Creating a new version of a certificate does not set flag certificate_authority properly

[moritzfalke]

What version of the credhub server you are using?
2.9.0

What version of the credhub cli you are using?
2.9.0

If you were attempting to accomplish a task, what was it you were attempting to do?
I was attempting to replace/update a CA certificate with one coming from an external PKI. In order to do so, I used the endpoint POST api/v1/certificates/<ca_id>/versions to create a new version of the certificate.

What did you expect to happen?
When using the previously mentioned endpoint I expect that the new CA certificate is imported with the flags transitional as well as certificate_authority set to true.

What was the actual behavior?
When using this endpoint, the transitional flag is set properly, however the certificate_authority flag is always set to false and cannot be changed.

Steps to reproduce:

1. generate a CA /my-ca
2. use the api/v1//certificate endpoint to GET /my-ca and see that certificate_authority: true
3. use api/v1/certificate endpoint to create a new version of /my-ca with some CA data, and receive a response where certificate_authority: false
4. use the api/v1/certificate endpoint to GET /my-ca and see that certificate_authority: false

This issue was already discussed in slack with more information that can be found there: https://cloudfoundry.slack.com/archives/C3EN0BFC0/p1622027604005700

Please confirm where necessary:

• I have included a log output
• My log includes an error message
• I have included steps for reproduction

If you are a PCF customer with an Operation Manager (PCF Ops Manager) please direct your questions to support (https://support.pivotal.io/)

[cf-gitbot]

We have created an issue in Pivotal Tracker to manage this:

https://www.pivotaltracker.com/story/show/178534707

The labels on this github issue will be updated when the story is started.

[swalchemist]

FYI, we do still have this sitting on a large backlog of stories to work on.