actions/vault-action
5
0
Fork 0
mirror of https://github.com/hashicorp/vault-action.git synced 2025-11-14 18:13:45 +00:00
Code Activity Actions

do some cleanup and some type fixes

Browse source
This commit is contained in:
Richard Simpson 2020-04-04 13:17:53 -05:00
parent a3d9453865
commit 133471acb8
4 changed files with 47 additions and 25 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
package.json
View file

@ -38,8 +38,8 @@
}, },
"homepage": "https://github.com/RichiCoder1/vault-action#readme", "homepage": "https://github.com/RichiCoder1/vault-action#readme",
"dependencies": { "dependencies": {
"@actions/core": "^1.2.2", "got": "^10.2.2",
"got": "^10.2.2" "@actions/core": "^1.2.3"
}, },
"devDependencies": { "devDependencies": {
"@types/got": "^9.6.9", "@types/got": "^9.6.9",

18
src/action.js
View file

@ -1,9 +1,7 @@
// @ts-check // @ts-check
// @ts-ignore
const core = require('@actions/core'); const core = require('@actions/core');
// @ts-ignore
const command = require('@actions/core/lib/command'); const command = require('@actions/core/lib/command');
const got = require('got'); const got = require('got').default;
const { retrieveToken } = require('./auth'); const { retrieveToken } = require('./auth');
const AUTH_METHODS = ['approle', 'token', 'github']; const AUTH_METHODS = ['approle', 'token', 'github'];
@ -16,6 +14,7 @@ async function exportSecrets() {
const exportEnv = core.getInput('exportEnv', { required: false }) != 'false'; const exportEnv = core.getInput('exportEnv', { required: false }) != 'false';
let enginePath = core.getInput('path', { required: false }); let enginePath = core.getInput('path', { required: false });
/** @type {number | string} */
let kvVersion = core.getInput('kv-version', { required: false }); let kvVersion = core.getInput('kv-version', { required: false });
const secretsInput = core.getInput('secrets', { required: true }); const secretsInput = core.getInput('secrets', { required: true });
@ -40,7 +39,7 @@ async function exportSecrets() {
} }
const client = got.extend(defaultOptions); const client = got.extend(defaultOptions);
const vaultToken = await retrieveToken(vaultMethod, /** @type {any} */ (client)); const vaultToken = await retrieveToken(vaultMethod, client);
if (!enginePath) { if (!enginePath) {
enginePath = 'secret'; enginePath = 'secret';
@ -209,17 +208,6 @@ function normalizeOutputKey(dataKey) {
return dataKey.replace('/', '__').replace(/[^\w-]/, '').toUpperCase(); return dataKey.replace('/', '__').replace(/[^\w-]/, '').toUpperCase();
} }
// @ts-ignore
/**
* @param {string} input
*/
function parseBoolInput(input) {
if (input === null || input === undefined || input.trim() === '') {
return null;
}
return Boolean(input);
}
/** /**
* @param {string} inputKey * @param {string} inputKey
* @param {any} inputOptions * @param {any} inputOptions

38
src/auth.js
View file

@ -1,9 +1,10 @@
// @ts-check
const core = require('@actions/core'); const core = require('@actions/core');
/*** /***
* Authentication with Vault and retrieve a vault token * Authenticate with Vault and retrieve a Vault token that can be used for requests.
* @param {string} method * @param {string} method
* @param {import('got')} client * @param {import('got').Got} client
*/ */
async function retrieveToken(method, client) { async function retrieveToken(method, client) {
switch (method) { switch (method) {
@ -32,28 +33,49 @@ async function retrieveToken(method, client) {
} }
/*** /***
* Authentication with Vault and retrieve a vault token * Call the appropriate login endpoint and parse out the token in the response.
* @param {import('got')} client * @param {import('got').Got} client
* @param {string} method * @param {string} method
* @param {any} payload * @param {any} payload
*/ */
async function getClientToken(client, method, payload) { async function getClientToken(client, method, payload) {
/** @type {any} */ /** @type {'json'} */
const responseType = 'json';
var options = { var options = {
json: payload, json: payload,
responseType: 'json' responseType,
}; };
core.debug(`Retrieving Vault Token from v1/auth/${method}/login endpoint`); core.debug(`Retrieving Vault Token from v1/auth/${method}/login endpoint`);
/** @type {import('got').Response<VaultLoginResponse>} */
const response = await client.post(`v1/auth/${method}/login`, options); const response = await client.post(`v1/auth/${method}/login`, options);
if (response && response.body && response.body.auth && response.body.auth.client_token) { if (response && response.body && response.body.auth && response.body.auth.client_token) {
core.debug('✔ Vault Token successfully retrieved'); core.debug('✔ Vault Token successfully retrieved');
core.startGroup('Token Info');
core.debug(`Operating under policies: ${JSON.stringify(response.body.auth.policies)}`);
core.debug(`Token Metadata: ${JSON.stringify(response.body.auth.metadata)}`);
core.endGroup();
return response.body.auth.client_token; return response.body.auth.client_token;
} else { } else {
throw Error(`Unable to retrieve token from ${method}'s login endpoint.`); throw Error(`Unable to retrieve token from ${method}'s login endpoint.`);
} }
} }
/***
* @typedef {Object} VaultLoginResponse
* @property {{
* client_token: string;
* accessor: string;
* policies: string[];
* metadata: unknown;
* lease_duration: number;
* renewable: boolean;
* }} auth
*/
module.exports = { module.exports = {
retrieveToken retrieveToken,
} };

12
tsconfig.json Normal file
View file

@ -0,0 +1,12 @@
{
"compilerOptions": {
"module": "commonjs",
"target": "es2019",
"moduleResolution": "node",
"allowJs": true,
"noEmit": true
},
"exclude": [
"node_modules"
]
}