From 48894325ef9aaedc6695b05dbadbaf358d70c493 Mon Sep 17 00:00:00 2001 From: Richard Simpson Date: Tue, 4 Feb 2020 09:39:17 -0600 Subject: [PATCH] chore: update index.js --- dist/index.js | 60 +++++++++++++++++++++++++++++++++++++++++++-------- 1 file changed, 51 insertions(+), 9 deletions(-) diff --git a/dist/index.js b/dist/index.js index 74c01d6..d822679 100644 --- a/dist/index.js +++ b/dist/index.js @@ -4070,6 +4070,9 @@ async function exportSecrets() { const vaultUrl = core.getInput('url', { required: true }); const vaultNamespace = core.getInput('namespace', { required: false }); + let enginePath = core.getInput('path', { required: false }); + let kvVersion = core.getInput('kv-version', { required: false }); + const secretsInput = core.getInput('secrets', { required: true }); const secrets = parseSecretsInput(secretsInput); @@ -4084,10 +4087,10 @@ async function exportSecrets() { const vaultRoleId = core.getInput('roleId', { required: true }); const vaultSecretId = core.getInput('secretId', { required: true }); core.debug('Try to retrieve Vault Token from approle'); - var options = { - headers: {}, - json: { role_id: vaultRoleId, secret_id: vaultSecretId }, - responseType: 'json' + var options = { + headers: {}, + json: { role_id: vaultRoleId, secret_id: vaultSecretId }, + responseType: 'json' }; if (vaultNamespace != null) { @@ -4107,6 +4110,20 @@ async function exportSecrets() { break; } + if (!enginePath) { + enginePath = 'secret'; + } + + if (!kvVersion) { + kvVersion = '2'; + } + + if (kvVersion !== '1' && kvVersion !== '2') { + throw Error(`You must provide a valid K/V version (1 or 2). Input: "${kvVersion}"`); + } + + kvVersion = parseInt(kvVersion); + for (const secret of secrets) { const { secretPath, outputName, secretKey } = secret; const requestOptions = { @@ -4119,12 +4136,13 @@ async function exportSecrets() { requestOptions.headers["X-Vault-Namespace"] = vaultNamespace; } - const result = await got(`${vaultUrl}/v1/secret/data/${secretPath}`, requestOptions); + const requestPath = (kvVersion === 1) + ? `${vaultUrl}/v1/${enginePath}/${secretPath}` + : `${vaultUrl}/v1/${enginePath}/data/${secretPath}`; + const result = await got(requestPath, requestOptions); - const parsedResponse = JSON.parse(result.body); - const vaultKeyData = parsedResponse.data; - const versionData = vaultKeyData.data; - const value = versionData[secretKey]; + const secretData = parseResponse(result.body, kvVersion); + const value = secretData[secretKey]; command.issue('add-mask', value); core.exportVariable(outputName, `${value}`); core.debug(`✔ ${secretPath} => ${outputName}`); @@ -4183,6 +4201,29 @@ function parseSecretsInput(secretsInput) { return output; } +/** + * Parses a JSON response and returns the secret data + * @param {string} responseBody + * @param {number} kvVersion + */ +function parseResponse(responseBody, kvVersion) { + const parsedResponse = JSON.parse(responseBody); + let secretData; + + switch(kvVersion) { + case 1: { + secretData = parsedResponse.data; + } break; + + case 2: { + const vaultKeyData = parsedResponse.data; + secretData = vaultKeyData.data; + } break; + } + + return secretData; +} + /** * Replaces any forward-slash characters to * @param {string} dataKey @@ -4194,6 +4235,7 @@ function normalizeOutputKey(dataKey) { module.exports = { exportSecrets, parseSecretsInput, + parseResponse, normalizeOutputKey };