print vault error message on authentication failure (#409)

Co-authored-by: Austin Gebauer <34121980+austingebauer@users.noreply.github.com>
2025-11-07 07:06:56 +00:00 · 2023-01-23 15:52:40 -08:00 · 2023-01-23 15:52:40 -08:00 · 7318a98db7
commit 7318a98db7
parent b08bc4993d
4 changed files with 9288 additions and 9261 deletions
--- a/dist/index.js
+++ b/dist/index.js
--- a/package-lock.json
+++ b/package-lock.json
@ -17,7 +17,7 @@
                "@actions/core": "^1.10.0",
                "@types/got": "^9.6.11",
                "@types/jest": "^29.2.2",
-                "@zeit/ncc": "^0.22.3",
+                "@vercel/ncc": "^0.36.0",
                "jest": "^29.3.1",
                "jest-when": "^3.5.2",
                "mock-http-server": "^1.4.5",
@ -1867,11 +1867,10 @@
            "integrity": "sha512-iO9ZQHkZxHn4mSakYV0vFHAVDyEOIJQrV2uZ06HxEPcx+mt8swXoZHIbaaJ2crJYFfErySgktuTZ3BeLz+XmFA==",
            "dev": true
        },
-        "node_modules/@zeit/ncc": {
-            "version": "0.22.3",
-            "resolved": "https://registry.npmjs.org/@zeit/ncc/-/ncc-0.22.3.tgz",
-            "integrity": "sha512-jnCLpLXWuw/PAiJiVbLjA8WBC0IJQbFeUwF4I9M+23MvIxTxk5pD4Q8byQBSPmHQjz5aBoA7AKAElQxMpjrCLQ==",
-            "deprecated": "@zeit/ncc is no longer maintained. Please use @vercel/ncc instead.",
+        "node_modules/@vercel/ncc": {
+            "version": "0.36.0",
+            "resolved": "https://registry.npmjs.org/@vercel/ncc/-/ncc-0.36.0.tgz",
+            "integrity": "sha512-/ZTUJ/ZkRt694k7KJNimgmHjtQcRuVwsST2Z6XfYveQIuBbHR+EqkTc1jfgPkQmMyk/vtpxo3nVxe8CNuau86A==",
            "dev": true,
            "bin": {
                "ncc": "dist/ncc/cli.js"
@ -12220,10 +12219,10 @@
            "integrity": "sha512-iO9ZQHkZxHn4mSakYV0vFHAVDyEOIJQrV2uZ06HxEPcx+mt8swXoZHIbaaJ2crJYFfErySgktuTZ3BeLz+XmFA==",
            "dev": true
        },
-        "@zeit/ncc": {
-            "version": "0.22.3",
-            "resolved": "https://registry.npmjs.org/@zeit/ncc/-/ncc-0.22.3.tgz",
-            "integrity": "sha512-jnCLpLXWuw/PAiJiVbLjA8WBC0IJQbFeUwF4I9M+23MvIxTxk5pD4Q8byQBSPmHQjz5aBoA7AKAElQxMpjrCLQ==",
+        "@vercel/ncc": {
+            "version": "0.36.0",
+            "resolved": "https://registry.npmjs.org/@vercel/ncc/-/ncc-0.36.0.tgz",
+            "integrity": "sha512-/ZTUJ/ZkRt694k7KJNimgmHjtQcRuVwsST2Z6XfYveQIuBbHR+EqkTc1jfgPkQmMyk/vtpxo3nVxe8CNuau86A==",
            "dev": true
        },
        "agent-base": {
--- a/package.json
+++ b/package.json
@ -55,7 +55,7 @@
        "@actions/core": "^1.10.0",
        "@types/got": "^9.6.11",
        "@types/jest": "^29.2.2",
-        "@zeit/ncc": "^0.22.3",
+        "@vercel/ncc": "^0.36.0",
        "jest": "^29.3.1",
        "jest-when": "^3.5.2",
        "mock-http-server": "^1.4.5",
--- a/src/auth.js
+++ b/src/auth.js
@ -2,6 +2,7 @@
 const core = require('@actions/core');
 const rsasign = require('jsrsasign');
 const fs = require('fs');
+const { default: got } = require('got');

 const defaultKubernetesTokenPath = '/var/run/secrets/kubernetes.io/serviceaccount/token'
 /***
@ -109,7 +110,16 @@ async function getClientToken(client, method, path, payload) {
    core.debug(`Retrieving Vault Token from v1/auth/${path}/login endpoint`);

    /** @type {import('got').Response<VaultLoginResponse>} */
-    const response = await client.post(`v1/auth/${path}/login`, options);
+    let response;
+    try {
+        response = await client.post(`v1/auth/${path}/login`, options);
+    } catch (err) {
+        if (err instanceof got.HTTPError) {
+            throw Error(`failed to retrieve vault token. code: ${err.code}, message: ${err.message}, vaultResponse: ${JSON.stringify(err.response.body)}`)
+        } else {
+            throw err
+        }
+    }
    if (response && response.body && response.body.auth && response.body.auth.client_token) {
        core.debug('✔ Vault Token successfully retrieved');