actions/vault-action
5
0
Fork 0
mirror of https://github.com/hashicorp/vault-action.git synced 2025-11-07 15:16:56 +00:00
Code Activity Actions

fix wildcard handling when field contains dot

Browse source
This commit is contained in:
JM Faircloth 2024-04-12 09:31:30 -05:00
parent ee41aa2fcf
commit 323db5c634
3 changed files with 56 additions and 26 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

32
dist/index.js vendored
View file

@ -14326,7 +14326,7 @@ async function getSecrets(secretRequests, client, ignoreNotFound) {
body = JSON.parse(body); body = JSON.parse(body);
if (selector == WILDCARD) { if (selector == WILDCARD) {
let keys = body.data; let keys = body.data;
if (body.data["data"] != undefined) { if (body.data["data"] != undefined) {
keys = keys.data; keys = keys.data;
@ -14334,20 +14334,26 @@ async function getSecrets(secretRequests, client, ignoreNotFound) {
for (let key in keys) { for (let key in keys) {
let newRequest = Object.assign({},secretRequest); let newRequest = Object.assign({},secretRequest);
newRequest.selector = key; newRequest.selector = key;
if (secretRequest.selector === secretRequest.outputVarName) { if (secretRequest.selector === secretRequest.outputVarName) {
newRequest.outputVarName = key; newRequest.outputVarName = key;
newRequest.envVarName = key; newRequest.envVarName = key;
} } else {
else {
newRequest.outputVarName = secretRequest.outputVarName+key; newRequest.outputVarName = secretRequest.outputVarName+key;
newRequest.envVarName = secretRequest.envVarName+key; newRequest.envVarName = secretRequest.envVarName+key;
} }
newRequest.outputVarName = normalizeOutputKey(newRequest.outputVarName); newRequest.outputVarName = normalizeOutputKey(newRequest.outputVarName);
newRequest.envVarName = normalizeOutputKey(newRequest.envVarName,true); newRequest.envVarName = normalizeOutputKey(newRequest.envVarName,true);
// JSONata field references containing reserved tokens should
// be enclosed in backticks
// https://docs.jsonata.org/simple#examples
if (key.includes(".")) {
const backtick = '`';
key = backtick.concat(key, backtick);
}
selector = key; selector = key;
results = await selectAndAppendResults( results = await selectAndAppendResults(
@ -14361,13 +14367,13 @@ async function getSecrets(secretRequests, client, ignoreNotFound) {
} }
else { else {
results = await selectAndAppendResults( results = await selectAndAppendResults(
selector, selector,
body, body,
cachedResponse, cachedResponse,
secretRequest, secretRequest,
results results
); );
} }
} }
return results; return results;

18
integrationTests/basic/integration.test.js
View file

@ -32,6 +32,14 @@ describe('integration', () => {
}, },
}); });
await got(`${vaultUrl}/v1/secret/data/test-with-dot-char`, {
method: 'POST',
headers: {
'X-Vault-Token': vaultToken,
},
body: `{"data":{"secret.foo":"SUPERSECRET"}}`
});
await got(`${vaultUrl}/v1/secret/data/nested/test`, { await got(`${vaultUrl}/v1/secret/data/nested/test`, {
method: 'POST', method: 'POST',
headers: { headers: {
@ -194,6 +202,16 @@ describe('integration', () => {
expect(core.exportVariable).toBeCalledWith('OTHERSECRETDASH', 'OTHERSUPERSECRET'); expect(core.exportVariable).toBeCalledWith('OTHERSECRETDASH', 'OTHERSUPERSECRET');
}); });
it('get wildcard secrets with dot char', async () => {
mockInput(`secret/data/test-with-dot-char * ;`);
await exportSecrets();
expect(core.exportVariable).toBeCalledTimes(1);
expect(core.exportVariable).toBeCalledWith('SECRET__FOO', 'SUPERSECRET');
});
it('get wildcard secrets', async () => { it('get wildcard secrets', async () => {
mockInput(`secret/data/test * ;`); mockInput(`secret/data/test * ;`);

32
src/secrets.js
View file

@ -63,7 +63,7 @@ async function getSecrets(secretRequests, client, ignoreNotFound) {
body = JSON.parse(body); body = JSON.parse(body);
if (selector == WILDCARD) { if (selector == WILDCARD) {
let keys = body.data; let keys = body.data;
if (body.data["data"] != undefined) { if (body.data["data"] != undefined) {
keys = keys.data; keys = keys.data;
@ -71,20 +71,26 @@ async function getSecrets(secretRequests, client, ignoreNotFound) {
for (let key in keys) { for (let key in keys) {
let newRequest = Object.assign({},secretRequest); let newRequest = Object.assign({},secretRequest);
newRequest.selector = key; newRequest.selector = key;
if (secretRequest.selector === secretRequest.outputVarName) { if (secretRequest.selector === secretRequest.outputVarName) {
newRequest.outputVarName = key; newRequest.outputVarName = key;
newRequest.envVarName = key; newRequest.envVarName = key;
} } else {
else {
newRequest.outputVarName = secretRequest.outputVarName+key; newRequest.outputVarName = secretRequest.outputVarName+key;
newRequest.envVarName = secretRequest.envVarName+key; newRequest.envVarName = secretRequest.envVarName+key;
} }
newRequest.outputVarName = normalizeOutputKey(newRequest.outputVarName); newRequest.outputVarName = normalizeOutputKey(newRequest.outputVarName);
newRequest.envVarName = normalizeOutputKey(newRequest.envVarName,true); newRequest.envVarName = normalizeOutputKey(newRequest.envVarName,true);
// JSONata field references containing reserved tokens should
// be enclosed in backticks
// https://docs.jsonata.org/simple#examples
if (key.includes(".")) {
const backtick = '`';
key = backtick.concat(key, backtick);
}
selector = key; selector = key;
results = await selectAndAppendResults( results = await selectAndAppendResults(
@ -98,13 +104,13 @@ async function getSecrets(secretRequests, client, ignoreNotFound) {
} }
else { else {
results = await selectAndAppendResults( results = await selectAndAppendResults(
selector, selector,
body, body,
cachedResponse, cachedResponse,
secretRequest, secretRequest,
results results
); );
} }
} }
return results; return results;