actions/vault-action
5
0
Fork 0
mirror of https://github.com/hashicorp/vault-action.git synced 2025-11-08 23:56:55 +00:00
Code Activity Actions

chore: update index.js

Browse source
This commit is contained in:
Richard Simpson 2020-02-04 09:39:17 -06:00
parent 83a0917c47
commit 48894325ef
No known key found for this signature in database
GPG key ID: 0CECAF50D013D1E2
1 changed files with 51 additions and 9 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

60
dist/index.js vendored
View file

@ -4070,6 +4070,9 @@ async function exportSecrets() {
const vaultUrl = core.getInput('url', { required: true });
const vaultNamespace = core.getInput('namespace', { required: false });
let enginePath = core.getInput('path', { required: false });
let kvVersion = core.getInput('kv-version', { required: false });
const secretsInput = core.getInput('secrets', { required: true });
const secrets = parseSecretsInput(secretsInput);
@ -4084,10 +4087,10 @@ async function exportSecrets() {
const vaultRoleId = core.getInput('roleId', { required: true });
const vaultSecretId = core.getInput('secretId', { required: true });
core.debug('Try to retrieve Vault Token from approle');
var options = {
headers: {},
json: { role_id: vaultRoleId, secret_id: vaultSecretId },
responseType: 'json'
var options = {
headers: {},
json: { role_id: vaultRoleId, secret_id: vaultSecretId },
responseType: 'json'
};
if (vaultNamespace != null) {
@ -4107,6 +4110,20 @@ async function exportSecrets() {
break;
}
if (!enginePath) {
enginePath = 'secret';
}
if (!kvVersion) {
kvVersion = '2';
}
if (kvVersion !== '1' && kvVersion !== '2') {
throw Error(`You must provide a valid K/V version (1 or 2). Input: "${kvVersion}"`);
}
kvVersion = parseInt(kvVersion);
for (const secret of secrets) {
const { secretPath, outputName, secretKey } = secret;
const requestOptions = {
@ -4119,12 +4136,13 @@ async function exportSecrets() {
requestOptions.headers["X-Vault-Namespace"] = vaultNamespace;
}
const result = await got(`${vaultUrl}/v1/secret/data/${secretPath}`, requestOptions);
const requestPath = (kvVersion === 1)
? `${vaultUrl}/v1/${enginePath}/${secretPath}`
: `${vaultUrl}/v1/${enginePath}/data/${secretPath}`;
const result = await got(requestPath, requestOptions);
const parsedResponse = JSON.parse(result.body);
const vaultKeyData = parsedResponse.data;
const versionData = vaultKeyData.data;
const value = versionData[secretKey];
const secretData = parseResponse(result.body, kvVersion);
const value = secretData[secretKey];
command.issue('add-mask', value);
core.exportVariable(outputName, `${value}`);
core.debug(`${secretPath} => ${outputName}`);
@ -4183,6 +4201,29 @@ function parseSecretsInput(secretsInput) {
return output;
}
/**
* Parses a JSON response and returns the secret data
* @param {string} responseBody
* @param {number} kvVersion
*/
function parseResponse(responseBody, kvVersion) {
const parsedResponse = JSON.parse(responseBody);
let secretData;
switch(kvVersion) {
case 1: {
secretData = parsedResponse.data;
} break;
case 2: {
const vaultKeyData = parsedResponse.data;
secretData = vaultKeyData.data;
} break;
}
return secretData;
}
/**
* Replaces any forward-slash characters to
* @param {string} dataKey
@ -4194,6 +4235,7 @@ function normalizeOutputKey(dataKey) {
module.exports = {
exportSecrets,
parseSecretsInput,
parseResponse,
normalizeOutputKey
};