From 133471acb8b66b7c59e02567a6a7a5832599855a Mon Sep 17 00:00:00 2001
From: Richard Simpson <richardsimpson@outlook.com>
Date: Sat, 4 Apr 2020 13:17:53 -0500
Subject: [PATCH] do some cleanup and some type fixes

---
 package.json  |  4 ++--
 src/action.js | 18 +++---------------
 src/auth.js   | 38 ++++++++++++++++++++++++++++++--------
 tsconfig.json | 12 ++++++++++++
 4 files changed, 47 insertions(+), 25 deletions(-)
 create mode 100644 tsconfig.json

diff --git a/package.json b/package.json
index 4a575bd..c9de6e2 100644
--- a/package.json
+++ b/package.json
@@ -38,8 +38,8 @@
     },
     "homepage": "https://github.com/RichiCoder1/vault-action#readme",
     "dependencies": {
-        "@actions/core": "^1.2.2",
-        "got": "^10.2.2"
+        "got": "^10.2.2",
+        "@actions/core": "^1.2.3"
     },
     "devDependencies": {
         "@types/got": "^9.6.9",
diff --git a/src/action.js b/src/action.js
index e25ef22..25e966d 100644
--- a/src/action.js
+++ b/src/action.js
@@ -1,9 +1,7 @@
 // @ts-check
-// @ts-ignore
 const core = require('@actions/core');
-// @ts-ignore
 const command = require('@actions/core/lib/command');
-const got = require('got');
+const got = require('got').default;
 const { retrieveToken } = require('./auth');
 
 const AUTH_METHODS = ['approle', 'token', 'github'];
@@ -16,6 +14,7 @@ async function exportSecrets() {
     const exportEnv = core.getInput('exportEnv', { required: false }) != 'false';
 
     let enginePath = core.getInput('path', { required: false });
+    /** @type {number | string} */
     let kvVersion = core.getInput('kv-version', { required: false });
 
     const secretsInput = core.getInput('secrets', { required: true });
@@ -40,7 +39,7 @@ async function exportSecrets() {
     }
 
     const client = got.extend(defaultOptions);
-    const vaultToken = await retrieveToken(vaultMethod, /** @type {any} */ (client));
+    const vaultToken = await retrieveToken(vaultMethod, client);
 
     if (!enginePath) {
         enginePath = 'secret';
@@ -209,17 +208,6 @@ function normalizeOutputKey(dataKey) {
     return dataKey.replace('/', '__').replace(/[^\w-]/, '').toUpperCase();
 }
 
-// @ts-ignore
-/**
- * @param {string} input
- */
-function parseBoolInput(input) {
-    if (input === null || input === undefined || input.trim() === '') {
-        return null;
-    }
-    return Boolean(input);
-}
-
 /**
  * @param {string} inputKey
  * @param {any} inputOptions
diff --git a/src/auth.js b/src/auth.js
index c6dabe4..484fd48 100644
--- a/src/auth.js
+++ b/src/auth.js
@@ -1,9 +1,10 @@
+// @ts-check
 const core = require('@actions/core');
 
 /***
- * Authentication with Vault and retrieve a vault token
+ * Authenticate with Vault and retrieve a Vault token that can be used for requests.
  * @param {string} method
- * @param {import('got')} client
+ * @param {import('got').Got} client
  */
 async function retrieveToken(method, client) {
     switch (method) {
@@ -32,28 +33,49 @@ async function retrieveToken(method, client) {
 }
 
 /***
- * Authentication with Vault and retrieve a vault token
- * @param {import('got')} client
+ * Call the appropriate login endpoint and parse out the token in the response.
+ * @param {import('got').Got} client
  * @param {string} method
  * @param {any} payload
  */
 async function getClientToken(client, method, payload) {
-    /** @type {any} */
+    /** @type {'json'} */
+    const responseType = 'json';
     var options = {
         json: payload,
-        responseType: 'json'
+        responseType,
     };
 
     core.debug(`Retrieving Vault Token from v1/auth/${method}/login endpoint`);
+
+    /** @type {import('got').Response<VaultLoginResponse>} */
     const response = await client.post(`v1/auth/${method}/login`, options);
     if (response && response.body && response.body.auth && response.body.auth.client_token) {
         core.debug('✔ Vault Token successfully retrieved');
+
+        core.startGroup('Token Info');
+        core.debug(`Operating under policies: ${JSON.stringify(response.body.auth.policies)}`);
+        core.debug(`Token Metadata: ${JSON.stringify(response.body.auth.metadata)}`);
+        core.endGroup();
+
         return response.body.auth.client_token;
     } else {
         throw Error(`Unable to retrieve token from ${method}'s login endpoint.`);
     }
 }
 
+/***
+ * @typedef {Object} VaultLoginResponse
+ * @property {{
+ *  client_token: string;
+ *  accessor: string;
+ *  policies: string[];
+ *  metadata: unknown;
+ *  lease_duration: number;
+ *  renewable: boolean;
+ * }} auth
+ */
+
 module.exports = {
-    retrieveToken
-}
+    retrieveToken,
+};
diff --git a/tsconfig.json b/tsconfig.json
new file mode 100644
index 0000000..91e905b
--- /dev/null
+++ b/tsconfig.json
@@ -0,0 +1,12 @@
+{
+    "compilerOptions": {
+        "module": "commonjs",
+        "target": "es2019",
+        "moduleResolution": "node",
+        "allowJs": true,
+        "noEmit": true
+    },
+    "exclude": [
+        "node_modules"
+    ]
+}
\ No newline at end of file