From 323db5c634a2b412a3d425cb930524fa8453ec28 Mon Sep 17 00:00:00 2001 From: JM Faircloth Date: Fri, 12 Apr 2024 09:31:30 -0500 Subject: [PATCH] fix wildcard handling when field contains dot --- dist/index.js | 32 +++++++++++++--------- integrationTests/basic/integration.test.js | 18 ++++++++++++ src/secrets.js | 32 +++++++++++++--------- 3 files changed, 56 insertions(+), 26 deletions(-) diff --git a/dist/index.js b/dist/index.js index f40a1d9..7c23d69 100644 --- a/dist/index.js +++ b/dist/index.js @@ -14326,7 +14326,7 @@ async function getSecrets(secretRequests, client, ignoreNotFound) { body = JSON.parse(body); - if (selector == WILDCARD) { + if (selector == WILDCARD) { let keys = body.data; if (body.data["data"] != undefined) { keys = keys.data; @@ -14334,20 +14334,26 @@ async function getSecrets(secretRequests, client, ignoreNotFound) { for (let key in keys) { let newRequest = Object.assign({},secretRequest); - newRequest.selector = key; - + newRequest.selector = key; + if (secretRequest.selector === secretRequest.outputVarName) { newRequest.outputVarName = key; - newRequest.envVarName = key; - } - else { + newRequest.envVarName = key; + } else { newRequest.outputVarName = secretRequest.outputVarName+key; - newRequest.envVarName = secretRequest.envVarName+key; + newRequest.envVarName = secretRequest.envVarName+key; } newRequest.outputVarName = normalizeOutputKey(newRequest.outputVarName); - newRequest.envVarName = normalizeOutputKey(newRequest.envVarName,true); + newRequest.envVarName = normalizeOutputKey(newRequest.envVarName,true); + // JSONata field references containing reserved tokens should + // be enclosed in backticks + // https://docs.jsonata.org/simple#examples + if (key.includes(".")) { + const backtick = '`'; + key = backtick.concat(key, backtick); + } selector = key; results = await selectAndAppendResults( @@ -14361,13 +14367,13 @@ async function getSecrets(secretRequests, client, ignoreNotFound) { } else { results = await selectAndAppendResults( - selector, - body, - cachedResponse, - secretRequest, + selector, + body, + cachedResponse, + secretRequest, results ); - } + } } return results; diff --git a/integrationTests/basic/integration.test.js b/integrationTests/basic/integration.test.js index 479ed87..3ef29cc 100644 --- a/integrationTests/basic/integration.test.js +++ b/integrationTests/basic/integration.test.js @@ -32,6 +32,14 @@ describe('integration', () => { }, }); + await got(`${vaultUrl}/v1/secret/data/test-with-dot-char`, { + method: 'POST', + headers: { + 'X-Vault-Token': vaultToken, + }, + body: `{"data":{"secret.foo":"SUPERSECRET"}}` + }); + await got(`${vaultUrl}/v1/secret/data/nested/test`, { method: 'POST', headers: { @@ -194,6 +202,16 @@ describe('integration', () => { expect(core.exportVariable).toBeCalledWith('OTHERSECRETDASH', 'OTHERSUPERSECRET'); }); + it('get wildcard secrets with dot char', async () => { + mockInput(`secret/data/test-with-dot-char * ;`); + + await exportSecrets(); + + expect(core.exportVariable).toBeCalledTimes(1); + + expect(core.exportVariable).toBeCalledWith('SECRET__FOO', 'SUPERSECRET'); + }); + it('get wildcard secrets', async () => { mockInput(`secret/data/test * ;`); diff --git a/src/secrets.js b/src/secrets.js index 9552a4b..6ccb88e 100644 --- a/src/secrets.js +++ b/src/secrets.js @@ -63,7 +63,7 @@ async function getSecrets(secretRequests, client, ignoreNotFound) { body = JSON.parse(body); - if (selector == WILDCARD) { + if (selector == WILDCARD) { let keys = body.data; if (body.data["data"] != undefined) { keys = keys.data; @@ -71,20 +71,26 @@ async function getSecrets(secretRequests, client, ignoreNotFound) { for (let key in keys) { let newRequest = Object.assign({},secretRequest); - newRequest.selector = key; - + newRequest.selector = key; + if (secretRequest.selector === secretRequest.outputVarName) { newRequest.outputVarName = key; - newRequest.envVarName = key; - } - else { + newRequest.envVarName = key; + } else { newRequest.outputVarName = secretRequest.outputVarName+key; - newRequest.envVarName = secretRequest.envVarName+key; + newRequest.envVarName = secretRequest.envVarName+key; } newRequest.outputVarName = normalizeOutputKey(newRequest.outputVarName); - newRequest.envVarName = normalizeOutputKey(newRequest.envVarName,true); + newRequest.envVarName = normalizeOutputKey(newRequest.envVarName,true); + // JSONata field references containing reserved tokens should + // be enclosed in backticks + // https://docs.jsonata.org/simple#examples + if (key.includes(".")) { + const backtick = '`'; + key = backtick.concat(key, backtick); + } selector = key; results = await selectAndAppendResults( @@ -98,13 +104,13 @@ async function getSecrets(secretRequests, client, ignoreNotFound) { } else { results = await selectAndAppendResults( - selector, - body, - cachedResponse, - secretRequest, + selector, + body, + cachedResponse, + secretRequest, results ); - } + } } return results;