mirror of
https://github.com/hashicorp/vault-action.git
synced 2025-11-07 15:16:56 +00:00
Update to v2.0.2 (#133)
This commit is contained in:
Jason O'Donnell
GitHub
parent
124e6eecdb
commit
5b42d37bab
1 changed files with 146 additions and 46 deletions
192
dist/index.js
vendored
192
dist/index.js
vendored
|
|
@ -723,6 +723,32 @@ __exportStar(__webpack_require__(323), exports);
|
|||
__exportStar(__webpack_require__(577), exports);
|
||||
|
||||
|
||||
/***/ }),
|
||||
|
||||
/***/ 82:
|
||||
/***/ (function(__unusedmodule, exports) {
|
||||
|
||||
"use strict";
|
||||
|
||||
// We use any as a valid input type
|
||||
/* eslint-disable @typescript-eslint/no-explicit-any */
|
||||
Object.defineProperty(exports, "__esModule", { value: true });
|
||||
/**
|
||||
* Sanitizes an input into a string so it can be passed into issueCommand safely
|
||||
* @param input input to sanitize into a string
|
||||
*/
|
||||
function toCommandValue(input) {
|
||||
if (input === null || input === undefined) {
|
||||
return '';
|
||||
}
|
||||
else if (typeof input === 'string' || input instanceof String) {
|
||||
return input;
|
||||
}
|
||||
return JSON.stringify(input);
|
||||
}
|
||||
exports.toCommandValue = toCommandValue;
|
||||
//# sourceMappingURL=utils.js.map
|
||||
|
||||
/***/ }),
|
||||
|
||||
/***/ 87:
|
||||
|
|
@ -812,6 +838,42 @@ class Response extends Readable {
|
|||
module.exports = Response;
|
||||
|
||||
|
||||
/***/ }),
|
||||
|
||||
/***/ 102:
|
||||
/***/ (function(__unusedmodule, exports, __webpack_require__) {
|
||||
|
||||
"use strict";
|
||||
|
||||
// For internal use, subject to change.
|
||||
var __importStar = (this && this.__importStar) || function (mod) {
|
||||
if (mod && mod.__esModule) return mod;
|
||||
var result = {};
|
||||
if (mod != null) for (var k in mod) if (Object.hasOwnProperty.call(mod, k)) result[k] = mod[k];
|
||||
result["default"] = mod;
|
||||
return result;
|
||||
};
|
||||
Object.defineProperty(exports, "__esModule", { value: true });
|
||||
// We use any as a valid input type
|
||||
/* eslint-disable @typescript-eslint/no-explicit-any */
|
||||
const fs = __importStar(__webpack_require__(747));
|
||||
const os = __importStar(__webpack_require__(87));
|
||||
const utils_1 = __webpack_require__(82);
|
||||
function issueCommand(command, message) {
|
||||
const filePath = process.env[`GITHUB_${command}`];
|
||||
if (!filePath) {
|
||||
throw new Error(`Unable to find environment variable for file command ${command}`);
|
||||
}
|
||||
if (!fs.existsSync(filePath)) {
|
||||
throw new Error(`Missing file at path: ${filePath}`);
|
||||
}
|
||||
fs.appendFileSync(filePath, `${utils_1.toCommandValue(message)}${os.EOL}`, {
|
||||
encoding: 'utf8'
|
||||
});
|
||||
}
|
||||
exports.issueCommand = issueCommand;
|
||||
//# sourceMappingURL=file-command.js.map
|
||||
|
||||
/***/ }),
|
||||
|
||||
/***/ 121:
|
||||
|
|
@ -831,7 +893,7 @@ const parseBody = (response, responseType, parseJson, encoding) => {
|
|||
return rawBody.length === 0 ? '' : parseJson(rawBody.toString());
|
||||
}
|
||||
if (responseType === 'buffer') {
|
||||
return Buffer.from(rawBody);
|
||||
return rawBody;
|
||||
}
|
||||
throw new types_1.ParseError({
|
||||
message: `Unknown body type '${responseType}'`,
|
||||
|
|
@ -10435,6 +10497,7 @@ var __importStar = (this && this.__importStar) || function (mod) {
|
|||
};
|
||||
Object.defineProperty(exports, "__esModule", { value: true });
|
||||
const os = __importStar(__webpack_require__(87));
|
||||
const utils_1 = __webpack_require__(82);
|
||||
/**
|
||||
* Commands
|
||||
*
|
||||
|
|
@ -10488,28 +10551,14 @@ class Command {
|
|||
return cmdStr;
|
||||
}
|
||||
}
|
||||
/**
|
||||
* Sanitizes an input into a string so it can be passed into issueCommand safely
|
||||
* @param input input to sanitize into a string
|
||||
*/
|
||||
function toCommandValue(input) {
|
||||
if (input === null || input === undefined) {
|
||||
return '';
|
||||
}
|
||||
else if (typeof input === 'string' || input instanceof String) {
|
||||
return input;
|
||||
}
|
||||
return JSON.stringify(input);
|
||||
}
|
||||
exports.toCommandValue = toCommandValue;
|
||||
function escapeData(s) {
|
||||
return toCommandValue(s)
|
||||
return utils_1.toCommandValue(s)
|
||||
.replace(/%/g, '%25')
|
||||
.replace(/\r/g, '%0D')
|
||||
.replace(/\n/g, '%0A');
|
||||
}
|
||||
function escapeProperty(s) {
|
||||
return toCommandValue(s)
|
||||
return utils_1.toCommandValue(s)
|
||||
.replace(/%/g, '%25')
|
||||
.replace(/\r/g, '%0D')
|
||||
.replace(/\n/g, '%0A')
|
||||
|
|
@ -10688,7 +10737,9 @@ async function getSecrets(secretRequests, client) {
|
|||
body = result.body;
|
||||
responseCache.set(requestPath, body);
|
||||
}
|
||||
|
||||
if (!selector.match(/.*[\.].*/)) {
|
||||
selector = '"' + selector + '"'
|
||||
}
|
||||
selector = "data." + selector
|
||||
body = JSON.parse(body)
|
||||
if (body.data["data"] != undefined) {
|
||||
|
|
@ -10714,7 +10765,7 @@ function selectData(data, selector) {
|
|||
const ata = jsonata(selector);
|
||||
let result = JSON.stringify(ata.evaluate(data));
|
||||
// Compat for custom engines
|
||||
if (!result && ata.ast().type === "path" && ata.ast()['steps'].length === 1 && selector !== 'data' && 'data' in data) {
|
||||
if (!result && ((ata.ast().type === "path" && ata.ast()['steps'].length === 1) || ata.ast().type === "string") && selector !== 'data' && 'data' in data) {
|
||||
result = JSON.stringify(jsonata(`data.${selector}`).evaluate(data));
|
||||
} else if (!result) {
|
||||
throw Error(`Unable to retrieve result for ${selector}. No match data was found. Double check your Key or Selector.`);
|
||||
|
|
@ -10756,6 +10807,8 @@ var __importStar = (this && this.__importStar) || function (mod) {
|
|||
};
|
||||
Object.defineProperty(exports, "__esModule", { value: true });
|
||||
const command_1 = __webpack_require__(431);
|
||||
const file_command_1 = __webpack_require__(102);
|
||||
const utils_1 = __webpack_require__(82);
|
||||
const os = __importStar(__webpack_require__(87));
|
||||
const path = __importStar(__webpack_require__(622));
|
||||
/**
|
||||
|
|
@ -10782,9 +10835,17 @@ var ExitCode;
|
|||
*/
|
||||
// eslint-disable-next-line @typescript-eslint/no-explicit-any
|
||||
function exportVariable(name, val) {
|
||||
const convertedVal = command_1.toCommandValue(val);
|
||||
const convertedVal = utils_1.toCommandValue(val);
|
||||
process.env[name] = convertedVal;
|
||||
command_1.issueCommand('set-env', { name }, convertedVal);
|
||||
const filePath = process.env['GITHUB_ENV'] || '';
|
||||
if (filePath) {
|
||||
const delimiter = '_GitHubActionsFileCommandDelimeter_';
|
||||
const commandValue = `${name}<<${delimiter}${os.EOL}${convertedVal}${os.EOL}${delimiter}`;
|
||||
file_command_1.issueCommand('ENV', commandValue);
|
||||
}
|
||||
else {
|
||||
command_1.issueCommand('set-env', { name }, convertedVal);
|
||||
}
|
||||
}
|
||||
exports.exportVariable = exportVariable;
|
||||
/**
|
||||
|
|
@ -10800,7 +10861,13 @@ exports.setSecret = setSecret;
|
|||
* @param inputPath
|
||||
*/
|
||||
function addPath(inputPath) {
|
||||
command_1.issueCommand('add-path', {}, inputPath);
|
||||
const filePath = process.env['GITHUB_PATH'] || '';
|
||||
if (filePath) {
|
||||
file_command_1.issueCommand('PATH', inputPath);
|
||||
}
|
||||
else {
|
||||
command_1.issueCommand('add-path', {}, inputPath);
|
||||
}
|
||||
process.env['PATH'] = `${inputPath}${path.delimiter}${process.env['PATH']}`;
|
||||
}
|
||||
exports.addPath = addPath;
|
||||
|
|
@ -14022,6 +14089,7 @@ async function exportSecrets() {
|
|||
const vaultNamespace = core.getInput('namespace', { required: false });
|
||||
const extraHeaders = parseHeadersInput('extraHeaders', { required: false });
|
||||
const exportEnv = core.getInput('exportEnv', { required: false }) != 'false';
|
||||
const exportToken = (core.getInput('exportToken', { required: false }) || 'false').toLowerCase() != 'false';
|
||||
|
||||
const secretsInput = core.getInput('secrets', { required: true });
|
||||
const secretRequests = parseSecretsInput(secretsInput);
|
||||
|
|
@ -14070,6 +14138,11 @@ async function exportSecrets() {
|
|||
defaultOptions.headers['X-Vault-Token'] = vaultToken;
|
||||
const client = got.extend(defaultOptions);
|
||||
|
||||
if (exportToken === true) {
|
||||
command.issue('add-mask', vaultToken);
|
||||
core.exportVariable('VAULT_TOKEN', `${vaultToken}`);
|
||||
}
|
||||
|
||||
const requests = secretRequests.map(request => {
|
||||
const { path, selector } = request;
|
||||
return request;
|
||||
|
|
@ -14134,12 +14207,13 @@ function parseSecretsInput(secretsInput) {
|
|||
throw Error(`You must provide a valid path and key. Input: "${secret}"`);
|
||||
}
|
||||
|
||||
const [path, selector] = pathParts;
|
||||
const [path, selectorQuoted] = pathParts;
|
||||
|
||||
/** @type {any} */
|
||||
const selectorAst = jsonata(selector).ast();
|
||||
const selectorAst = jsonata(selectorQuoted).ast();
|
||||
const selector = selectorQuoted.replace(new RegExp('"', 'g'), '');
|
||||
|
||||
if ((selectorAst.type !== "path" || selectorAst.steps[0].stages) && !outputVarName) {
|
||||
if ((selectorAst.type !== "path" || selectorAst.steps[0].stages) && selectorAst.type !== "string" && !outputVarName) {
|
||||
throw Error(`You must provide a name for the output key when using json selectors. Input: "${secret}"`);
|
||||
}
|
||||
|
||||
|
|
@ -14166,7 +14240,7 @@ function parseSecretsInput(secretsInput) {
|
|||
*/
|
||||
function normalizeOutputKey(dataKey, isEnvVar = false) {
|
||||
let outputKey = dataKey
|
||||
.replace('.', '__').replace(/[^\p{L}\p{N}_-]/gu, '');
|
||||
.replace('.', '__').replace(new RegExp('-', 'g'), '').replace(/[^\p{L}\p{N}_-]/gu, '');
|
||||
if (isEnvVar) {
|
||||
outputKey = outputKey.toUpperCase();
|
||||
}
|
||||
|
|
@ -14509,18 +14583,28 @@ class Request extends stream_1.Duplex {
|
|||
if (json || body || form) {
|
||||
this._lockWrite();
|
||||
}
|
||||
(async (nonNormalizedOptions) => {
|
||||
if (exports.kIsNormalizedAlready in options) {
|
||||
this.options = options;
|
||||
}
|
||||
else {
|
||||
try {
|
||||
// @ts-expect-error Common TypeScript bug saying that `this.constructor` is not accessible
|
||||
this.options = this.constructor.normalizeArguments(url, options, defaults);
|
||||
}
|
||||
catch (error) {
|
||||
// TODO: Move this to `_destroy()`
|
||||
if (is_1.default.nodeStream(options.body)) {
|
||||
options.body.destroy();
|
||||
}
|
||||
this.destroy(error);
|
||||
return;
|
||||
}
|
||||
}
|
||||
(async () => {
|
||||
var _a;
|
||||
try {
|
||||
if (nonNormalizedOptions.body instanceof fs_1.ReadStream) {
|
||||
await waitForOpenFile(nonNormalizedOptions.body);
|
||||
}
|
||||
if (exports.kIsNormalizedAlready in nonNormalizedOptions) {
|
||||
this.options = nonNormalizedOptions;
|
||||
}
|
||||
else {
|
||||
// @ts-expect-error Common TypeScript bug saying that `this.constructor` is not accessible
|
||||
this.options = this.constructor.normalizeArguments(url, nonNormalizedOptions, defaults);
|
||||
if (this.options.body instanceof fs_1.ReadStream) {
|
||||
await waitForOpenFile(this.options.body);
|
||||
}
|
||||
const { url: normalizedURL } = this.options;
|
||||
if (!normalizedURL) {
|
||||
|
|
@ -14552,7 +14636,7 @@ class Request extends stream_1.Duplex {
|
|||
this.destroy(error);
|
||||
}
|
||||
}
|
||||
})(options);
|
||||
})();
|
||||
}
|
||||
static normalizeArguments(url, options, defaults) {
|
||||
var _a, _b, _c, _d, _e;
|
||||
|
|
@ -14608,6 +14692,7 @@ class Request extends stream_1.Duplex {
|
|||
is_1.assert.any([is_1.default.string, is_1.default.object, is_1.default.array, is_1.default.undefined], options.https.key);
|
||||
is_1.assert.any([is_1.default.string, is_1.default.object, is_1.default.array, is_1.default.undefined], options.https.certificate);
|
||||
is_1.assert.any([is_1.default.string, is_1.default.undefined], options.https.passphrase);
|
||||
is_1.assert.any([is_1.default.string, is_1.default.buffer, is_1.default.array, is_1.default.undefined], options.https.pfx);
|
||||
}
|
||||
is_1.assert.any([is_1.default.object, is_1.default.undefined], options.cacheOptions);
|
||||
// `options.method`
|
||||
|
|
@ -14686,6 +14771,9 @@ class Request extends stream_1.Duplex {
|
|||
options.url = options_to_url_1.default(options.prefixUrl, options);
|
||||
}
|
||||
if (options.url) {
|
||||
if ('port' in options) {
|
||||
delete options.port;
|
||||
}
|
||||
// Make it possible to change `options.prefixUrl`
|
||||
let { prefixUrl } = options;
|
||||
Object.defineProperty(options, 'prefixUrl', {
|
||||
|
|
@ -14863,6 +14951,9 @@ class Request extends stream_1.Duplex {
|
|||
if ('passphrase' in options) {
|
||||
deprecation_warning_1.default('"options.passphrase" was never documented, please use "options.https.passphrase"');
|
||||
}
|
||||
if ('pfx' in options) {
|
||||
deprecation_warning_1.default('"options.pfx" was never documented, please use "options.https.pfx"');
|
||||
}
|
||||
// Other options
|
||||
if ('followRedirects' in options) {
|
||||
throw new TypeError('The `followRedirects` option does not exist. Use `followRedirect` instead.');
|
||||
|
|
@ -15040,6 +15131,8 @@ class Request extends stream_1.Duplex {
|
|||
if ('form' in options) {
|
||||
delete options.form;
|
||||
}
|
||||
this[kBody] = undefined;
|
||||
delete options.headers['content-length'];
|
||||
}
|
||||
if (this.redirects.length >= options.maxRedirects) {
|
||||
this._beforeError(new MaxRedirectsError(this));
|
||||
|
|
@ -15064,16 +15157,14 @@ class Request extends stream_1.Duplex {
|
|||
delete options.headers.authorization;
|
||||
}
|
||||
if (options.username || options.password) {
|
||||
// TODO: Fix this ignore.
|
||||
// @ts-expect-error
|
||||
delete options.username;
|
||||
// @ts-expect-error
|
||||
delete options.password;
|
||||
}
|
||||
if ('port' in options) {
|
||||
delete options.port;
|
||||
options.username = '';
|
||||
options.password = '';
|
||||
}
|
||||
}
|
||||
else {
|
||||
redirectUrl.username = options.username;
|
||||
redirectUrl.password = options.password;
|
||||
}
|
||||
this.redirects.push(redirectString);
|
||||
options.url = redirectUrl;
|
||||
for (const hook of options.hooks.beforeRedirect) {
|
||||
|
|
@ -15240,6 +15331,9 @@ class Request extends stream_1.Duplex {
|
|||
break;
|
||||
}
|
||||
}
|
||||
if (options.body && this[kBody] !== options.body) {
|
||||
this[kBody] = options.body;
|
||||
}
|
||||
const { agent, request, timeout, url } = options;
|
||||
if (options.dnsCache && !('lookup' in options)) {
|
||||
options.lookup = options.dnsCache.lookup;
|
||||
|
|
@ -15312,6 +15406,9 @@ class Request extends stream_1.Duplex {
|
|||
if (options.https.passphrase) {
|
||||
requestOptions.passphrase = options.https.passphrase;
|
||||
}
|
||||
if (options.https.pfx) {
|
||||
requestOptions.pfx = options.https.pfx;
|
||||
}
|
||||
}
|
||||
try {
|
||||
let requestOrResponse = await fn(url, requestOptions);
|
||||
|
|
@ -15343,6 +15440,9 @@ class Request extends stream_1.Duplex {
|
|||
if (options.https.passphrase) {
|
||||
delete requestOptions.passphrase;
|
||||
}
|
||||
if (options.https.pfx) {
|
||||
delete requestOptions.pfx;
|
||||
}
|
||||
}
|
||||
if (isClientRequest(requestOrResponse)) {
|
||||
this._onRequest(requestOrResponse);
|
||||
|
|
@ -15994,4 +16094,4 @@ module.exports.MaxBufferError = MaxBufferError;
|
|||
|
||||
/***/ })
|
||||
|
||||
/******/ });
|
||||
/******/ });
|
||||
Loading…
Reference in a new issue