actions/vault-action
5
0
Fork 0
mirror of https://github.com/hashicorp/vault-action.git synced 2025-11-07 07:06:56 +00:00
Code Activity Actions

fix wildcard handling when field contains dot (#542)

Browse source 
* fix wildcard handling when field contains dot

* changelog
This commit is contained in:
John-Michael Faircloth 2024-04-15 16:42:20 -05:00 committed by GitHub
parent 66531b2752
commit 47dbc643a8
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
4 changed files with 60 additions and 26 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
CHANGELOG.md
View file

@ -1,5 +1,9 @@
## Unreleased ## Unreleased
Improvements:
* fix wildcard handling when field contains dot [GH-542](https://github.com/hashicorp/vault-action/pull/542)
Features: Features:
* `secretId` is no longer required for approle to support advanced use cases like machine login when `bind_secret_id` is false. [GH-522](https://github.com/hashicorp/vault-action/pull/522) * `secretId` is no longer required for approle to support advanced use cases like machine login when `bind_secret_id` is false. [GH-522](https://github.com/hashicorp/vault-action/pull/522)

32
dist/index.js vendored
View file

@ -18999,7 +18999,7 @@ async function getSecrets(secretRequests, client, ignoreNotFound) {
body = JSON.parse(body); body = JSON.parse(body);
if (selector == WILDCARD) { if (selector == WILDCARD) {
let keys = body.data; let keys = body.data;
if (body.data["data"] != undefined) { if (body.data["data"] != undefined) {
keys = keys.data; keys = keys.data;
@ -19007,20 +19007,26 @@ async function getSecrets(secretRequests, client, ignoreNotFound) {
for (let key in keys) { for (let key in keys) {
let newRequest = Object.assign({},secretRequest); let newRequest = Object.assign({},secretRequest);
newRequest.selector = key; newRequest.selector = key;
if (secretRequest.selector === secretRequest.outputVarName) { if (secretRequest.selector === secretRequest.outputVarName) {
newRequest.outputVarName = key; newRequest.outputVarName = key;
newRequest.envVarName = key; newRequest.envVarName = key;
} } else {
else {
newRequest.outputVarName = secretRequest.outputVarName+key; newRequest.outputVarName = secretRequest.outputVarName+key;
newRequest.envVarName = secretRequest.envVarName+key; newRequest.envVarName = secretRequest.envVarName+key;
} }
newRequest.outputVarName = normalizeOutputKey(newRequest.outputVarName); newRequest.outputVarName = normalizeOutputKey(newRequest.outputVarName);
newRequest.envVarName = normalizeOutputKey(newRequest.envVarName,true); newRequest.envVarName = normalizeOutputKey(newRequest.envVarName,true);
// JSONata field references containing reserved tokens should
// be enclosed in backticks
// https://docs.jsonata.org/simple#examples
if (key.includes(".")) {
const backtick = '`';
key = backtick.concat(key, backtick);
}
selector = key; selector = key;
results = await selectAndAppendResults( results = await selectAndAppendResults(
@ -19034,13 +19040,13 @@ async function getSecrets(secretRequests, client, ignoreNotFound) {
} }
else { else {
results = await selectAndAppendResults( results = await selectAndAppendResults(
selector, selector,
body, body,
cachedResponse, cachedResponse,
secretRequest, secretRequest,
results results
); );
} }
} }
return results; return results;

18
integrationTests/basic/integration.test.js
View file

@ -31,6 +31,14 @@ describe('integration', () => {
}, },
}); });
await got(`${vaultUrl}/v1/secret/data/test-with-dot-char`, {
method: 'POST',
headers: {
'X-Vault-Token': vaultToken,
},
body: `{"data":{"secret.foo":"SUPERSECRET"}}`
});
await got(`${vaultUrl}/v1/secret/data/nested/test`, { await got(`${vaultUrl}/v1/secret/data/nested/test`, {
method: 'POST', method: 'POST',
headers: { headers: {
@ -193,6 +201,16 @@ describe('integration', () => {
expect(core.exportVariable).toBeCalledWith('OTHERSECRETDASH', 'OTHERSUPERSECRET'); expect(core.exportVariable).toBeCalledWith('OTHERSECRETDASH', 'OTHERSUPERSECRET');
}); });
it('get wildcard secrets with dot char', async () => {
mockInput(`secret/data/test-with-dot-char * ;`);
await exportSecrets();
expect(core.exportVariable).toBeCalledTimes(1);
expect(core.exportVariable).toBeCalledWith('SECRET__FOO', 'SUPERSECRET');
});
it('get wildcard secrets', async () => { it('get wildcard secrets', async () => {
mockInput(`secret/data/test * ;`); mockInput(`secret/data/test * ;`);

32
src/secrets.js
View file

@ -59,7 +59,7 @@ async function getSecrets(secretRequests, client, ignoreNotFound) {
body = JSON.parse(body); body = JSON.parse(body);
if (selector == WILDCARD) { if (selector == WILDCARD) {
let keys = body.data; let keys = body.data;
if (body.data["data"] != undefined) { if (body.data["data"] != undefined) {
keys = keys.data; keys = keys.data;
@ -67,20 +67,26 @@ async function getSecrets(secretRequests, client, ignoreNotFound) {
for (let key in keys) { for (let key in keys) {
let newRequest = Object.assign({},secretRequest); let newRequest = Object.assign({},secretRequest);
newRequest.selector = key; newRequest.selector = key;
if (secretRequest.selector === secretRequest.outputVarName) { if (secretRequest.selector === secretRequest.outputVarName) {
newRequest.outputVarName = key; newRequest.outputVarName = key;
newRequest.envVarName = key; newRequest.envVarName = key;
} } else {
else {
newRequest.outputVarName = secretRequest.outputVarName+key; newRequest.outputVarName = secretRequest.outputVarName+key;
newRequest.envVarName = secretRequest.envVarName+key; newRequest.envVarName = secretRequest.envVarName+key;
} }
newRequest.outputVarName = normalizeOutputKey(newRequest.outputVarName); newRequest.outputVarName = normalizeOutputKey(newRequest.outputVarName);
newRequest.envVarName = normalizeOutputKey(newRequest.envVarName,true); newRequest.envVarName = normalizeOutputKey(newRequest.envVarName,true);
// JSONata field references containing reserved tokens should
// be enclosed in backticks
// https://docs.jsonata.org/simple#examples
if (key.includes(".")) {
const backtick = '`';
key = backtick.concat(key, backtick);
}
selector = key; selector = key;
results = await selectAndAppendResults( results = await selectAndAppendResults(
@ -94,13 +100,13 @@ async function getSecrets(secretRequests, client, ignoreNotFound) {
} }
else { else {
results = await selectAndAppendResults( results = await selectAndAppendResults(
selector, selector,
body, body,
cachedResponse, cachedResponse,
secretRequest, secretRequest,
results results
); );
} }
} }
return results; return results;