actions/vault-action
5
0
Fork 0
mirror of https://github.com/hashicorp/vault-action.git synced 2025-11-07 07:06:56 +00:00
Code Activity Actions

Update to v2.7.0 (#468)

Browse source
This commit is contained in:
Robert 2023-06-21 14:23:47 -05:00 committed by GitHub
parent b9f4d16071
commit 357cb9c034
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
2 changed files with 49 additions and 5 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
CHANGELOG.md
View file

@ -1,5 +1,9 @@
## Unreleased ## Unreleased
* Add changes here
## 2.7.0 (June 21, 2023)
Bugs: Bugs:
* Fix a regression that broke support for secrets in JSON format [GH-466](https://github.com/hashicorp/vault-action/pull/466) * Fix a regression that broke support for secrets in JSON format [GH-466](https://github.com/hashicorp/vault-action/pull/466)

46
dist/index.js vendored
View file

@ -18937,7 +18937,6 @@ module.exports = {
const jsonata = __nccwpck_require__(4245); const jsonata = __nccwpck_require__(4245);
/** /**
* @typedef {Object} SecretRequest * @typedef {Object} SecretRequest
* @property {string} path * @property {string} path
@ -19009,7 +19008,15 @@ async function getSecrets(secretRequests, client) {
*/ */
async function selectData(data, selector) { async function selectData(data, selector) {
const ata = jsonata(selector); const ata = jsonata(selector);
let result = JSON.stringify(await ata.evaluate(data)); let d = await ata.evaluate(data);
if (isJSON(d)) {
// If we already have JSON we will not "stringify" it yet so that we
// don't end up calling JSON.parse. This would break the secrets that
// are stored as JSON. See: https://github.com/hashicorp/vault-action/issues/194
result = d;
} else {
result = JSON.stringify(d);
}
// Compat for custom engines // Compat for custom engines
if (!result && ((ata.ast().type === "path" && ata.ast()['steps'].length === 1) || ata.ast().type === "string") && selector !== 'data' && 'data' in data) { if (!result && ((ata.ast().type === "path" && ata.ast()['steps'].length === 1) || ata.ast().type === "string") && selector !== 'data' && 'data' in data) {
result = JSON.stringify(await jsonata(`data.${selector}`).evaluate(data)); result = JSON.stringify(await jsonata(`data.${selector}`).evaluate(data));
@ -19018,16 +19025,49 @@ async function selectData(data, selector) {
} }
if (result.startsWith(`"`)) { if (result.startsWith(`"`)) {
result = JSON.parse(result); // we need to strip the beginning and ending quotes otherwise it will
// always successfully parse as JSON
result = result.substring(1, result.length - 1);
if (!isJSON(result)) {
// add the quotes back so we can parse it into a Javascript object
// to allow support for multi-line secrets. See https://github.com/hashicorp/vault-action/issues/160
result = `"${result}"`
result = JSON.parse(result);
}
} else if (isJSON(result)) {
// This is required to support secrets in JSON format.
// See https://github.com/hashicorp/vault-action/issues/194 and https://github.com/hashicorp/vault-action/pull/173
result = JSON.stringify(result);
result = result.substring(1, result.length - 1);
} }
return result; return result;
} }
/**
* isJSON returns true if str parses as a valid JSON string
* @param {string} str
*/
function isJSON(str) {
if (typeof str !== "string"){
return false;
}
try {
JSON.parse(str);
} catch (e) {
return false;
}
return true;
}
module.exports = { module.exports = {
getSecrets, getSecrets,
selectData selectData
} }
/***/ }), /***/ }),
/***/ 9491: /***/ 9491: