mirror of
https://github.com/hashicorp/vault-action.git
synced 2025-11-10 08:36:55 +00:00
update dist
This commit is contained in:
Richard Simpson
parent
97d4d0c3f5
commit
4ffa9f079b
1 changed files with 63 additions and 32 deletions
97
dist/index.js
vendored
97
dist/index.js
vendored
|
|
@ -4066,6 +4066,8 @@ const command = __webpack_require__(431);
|
||||||
const got = __webpack_require__(77);
|
const got = __webpack_require__(77);
|
||||||
|
|
||||||
const AUTH_METHODS = ['approle', 'token'];
|
const AUTH_METHODS = ['approle', 'token'];
|
||||||
|
const VALID_KV_VERSION = [-1, 1, 2];
|
||||||
|
|
||||||
async function exportSecrets() {
|
async function exportSecrets() {
|
||||||
const vaultUrl = core.getInput('url', { required: true });
|
const vaultUrl = core.getInput('url', { required: true });
|
||||||
const vaultNamespace = core.getInput('namespace', { required: false });
|
const vaultNamespace = core.getInput('namespace', { required: false });
|
||||||
|
|
@ -4074,7 +4076,7 @@ async function exportSecrets() {
|
||||||
let kvVersion = core.getInput('kv-version', { required: false });
|
let kvVersion = core.getInput('kv-version', { required: false });
|
||||||
|
|
||||||
const secretsInput = core.getInput('secrets', { required: true });
|
const secretsInput = core.getInput('secrets', { required: true });
|
||||||
const secrets = parseSecretsInput(secretsInput);
|
const secretRequests = parseSecretsInput(secretsInput);
|
||||||
|
|
||||||
const vaultMethod = core.getInput('method', { required: false }) || 'token';
|
const vaultMethod = core.getInput('method', { required: false }) || 'token';
|
||||||
if (!AUTH_METHODS.includes(vaultMethod)) {
|
if (!AUTH_METHODS.includes(vaultMethod)) {
|
||||||
|
|
@ -4115,17 +4117,17 @@ async function exportSecrets() {
|
||||||
}
|
}
|
||||||
|
|
||||||
if (!kvVersion) {
|
if (!kvVersion) {
|
||||||
kvVersion = '2';
|
kvVersion = 2;
|
||||||
|
}
|
||||||
|
kvVersion = +kvVersion;
|
||||||
|
|
||||||
|
if (Number.isNaN(kvVersion) || !VALID_KV_VERSION.includes(kvVersion)) {
|
||||||
|
throw Error(`You must provide a valid K/V version (${VALID_KV_VERSION.slice(1).join(', ')}). Input: "${kvVersion}"`);
|
||||||
}
|
}
|
||||||
|
|
||||||
if (kvVersion !== '1' && kvVersion !== '2') {
|
const responseCache = new Map();
|
||||||
throw Error(`You must provide a valid K/V version (1 or 2). Input: "${kvVersion}"`);
|
for (const secretRequest of secretRequests) {
|
||||||
}
|
const { secretPath, outputName, secretSelector, isJSONPath } = secretRequest;
|
||||||
|
|
||||||
kvVersion = parseInt(kvVersion);
|
|
||||||
|
|
||||||
for (const secret of secrets) {
|
|
||||||
const { secretPath, outputName, secretKey } = secret;
|
|
||||||
const requestOptions = {
|
const requestOptions = {
|
||||||
headers: {
|
headers: {
|
||||||
'X-Vault-Token': vaultToken
|
'X-Vault-Token': vaultToken
|
||||||
|
|
@ -4136,13 +4138,30 @@ async function exportSecrets() {
|
||||||
requestOptions.headers["X-Vault-Namespace"] = vaultNamespace;
|
requestOptions.headers["X-Vault-Namespace"] = vaultNamespace;
|
||||||
}
|
}
|
||||||
|
|
||||||
const requestPath = (kvVersion === 1)
|
let requestPath = `${vaultUrl}/v1`;
|
||||||
? `${vaultUrl}/v1/${enginePath}/${secretPath}`
|
const kvRequest = !secretPath.startsWith('/')
|
||||||
: `${vaultUrl}/v1/${enginePath}/data/${secretPath}`;
|
if (!kvRequest) {
|
||||||
const result = await got(requestPath, requestOptions);
|
requestPath += secretPath;
|
||||||
|
} else {
|
||||||
|
requestPath += (kvVersion === 2)
|
||||||
|
? `/${enginePath}/data/${secretPath}`
|
||||||
|
: `/${enginePath}/${secretPath}`;
|
||||||
|
}
|
||||||
|
|
||||||
const secretData = parseResponse(result.body, kvVersion);
|
let body;
|
||||||
const value = secretData[secretKey];
|
if (responseCache.has(requestPath)) {
|
||||||
|
body = responseCache.get(requestPath);
|
||||||
|
core.debug('ℹ using cached response');
|
||||||
|
} else {
|
||||||
|
const result = await got(requestPath, requestOptions);
|
||||||
|
body = result.body;
|
||||||
|
responseCache.set(requestPath, body);
|
||||||
|
}
|
||||||
|
|
||||||
|
let dataDepth = isJSONPath === true ? 0 : kvRequest === false ? 1 : kvVersion;
|
||||||
|
|
||||||
|
const secretData = getResponseData(body, dataDepth);
|
||||||
|
const value = selectData(secretData, secretSelector);
|
||||||
command.issue('add-mask', value);
|
command.issue('add-mask', value);
|
||||||
core.exportVariable(outputName, `${value}`);
|
core.exportVariable(outputName, `${value}`);
|
||||||
core.debug(`✔ ${secretPath} => ${outputName}`);
|
core.debug(`✔ ${secretPath} => ${outputName}`);
|
||||||
|
|
@ -4185,17 +4204,18 @@ function parseSecretsInput(secretsInput) {
|
||||||
throw Error(`You must provide a valid path and key. Input: "${secret}"`)
|
throw Error(`You must provide a valid path and key. Input: "${secret}"`)
|
||||||
}
|
}
|
||||||
|
|
||||||
const [secretPath, secretKey] = pathParts;
|
const [secretPath, secretSelector] = pathParts;
|
||||||
|
|
||||||
// If we're not using a mapped name, normalize the key path into a variable name.
|
// If we're not using a mapped name, normalize the key path into a variable name.
|
||||||
if (!outputName) {
|
if (!outputName) {
|
||||||
outputName = normalizeOutputKey(secretKey);
|
outputName = normalizeOutputKey(secretSelector);
|
||||||
}
|
}
|
||||||
|
|
||||||
output.push({
|
output.push({
|
||||||
secretPath,
|
secretPath,
|
||||||
outputName,
|
outputName,
|
||||||
secretKey
|
secretSelector,
|
||||||
|
isJSONPath: secretSelector.startsWith('$')
|
||||||
});
|
});
|
||||||
}
|
}
|
||||||
return output;
|
return output;
|
||||||
|
|
@ -4206,22 +4226,26 @@ function parseSecretsInput(secretsInput) {
|
||||||
* @param {string} responseBody
|
* @param {string} responseBody
|
||||||
* @param {number} kvVersion
|
* @param {number} kvVersion
|
||||||
*/
|
*/
|
||||||
function parseResponse(responseBody, kvVersion) {
|
function getResponseData(responseBody, dataLevel) {
|
||||||
const parsedResponse = JSON.parse(responseBody);
|
let secretData = JSON.parse(responseBody);
|
||||||
let secretData;
|
|
||||||
|
|
||||||
switch(kvVersion) {
|
for (let i = 0; i < dataLevel; i++) {
|
||||||
case 1: {
|
secretData = secretData['data'];
|
||||||
secretData = parsedResponse.data;
|
}
|
||||||
} break;
|
return secretData;
|
||||||
|
|
||||||
case 2: {
|
|
||||||
const vaultKeyData = parsedResponse.data;
|
|
||||||
secretData = vaultKeyData.data;
|
|
||||||
} break;
|
|
||||||
}
|
}
|
||||||
|
|
||||||
return secretData;
|
/**
|
||||||
|
* Parses a JSON response and returns the secret data
|
||||||
|
* @param {Object} data
|
||||||
|
* @param {string} selector
|
||||||
|
*/
|
||||||
|
function selectData(data, selector, isJSONPath) {
|
||||||
|
if (!isJSONPath) {
|
||||||
|
return data[selector];
|
||||||
|
}
|
||||||
|
|
||||||
|
// TODO: JSONPath
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
|
@ -4232,10 +4256,17 @@ function normalizeOutputKey(dataKey) {
|
||||||
return dataKey.replace('/', '__').replace(/[^\w-]/, '').toUpperCase();
|
return dataKey.replace('/', '__').replace(/[^\w-]/, '').toUpperCase();
|
||||||
}
|
}
|
||||||
|
|
||||||
|
function parseBoolInput(input) {
|
||||||
|
if (input === null || input === undefined || input.trim() === '') {
|
||||||
|
return null;
|
||||||
|
}
|
||||||
|
return Boolean(input);
|
||||||
|
}
|
||||||
|
|
||||||
module.exports = {
|
module.exports = {
|
||||||
exportSecrets,
|
exportSecrets,
|
||||||
parseSecretsInput,
|
parseSecretsInput,
|
||||||
parseResponse,
|
parseResponse: getResponseData,
|
||||||
normalizeOutputKey
|
normalizeOutputKey
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue