actions/vault-action
5
0
Fork 0
mirror of https://github.com/hashicorp/vault-action.git synced 2025-11-09 16:16:55 +00:00
Code Activity Actions

add proxy support using hpagent

Browse source
This commit is contained in:
Clark Laughlin 2022-08-25 13:40:07 -05:00
parent 7d98524254
commit 753f5857ae
4 changed files with 187 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

150
dist/index.js vendored
View file

@ -14552,6 +14552,134 @@ module.exports = header => {
}; };
/***/ }),
/***/ 737:
/***/ (function(module, __unusedexports, __webpack_require__) {
"use strict";
const https = __webpack_require__(211)
const http = __webpack_require__(605)
const { URL } = __webpack_require__(835)
class HttpProxyAgent extends http.Agent {
constructor (options) {
const { proxy, ...opts } = options
super(opts)
this.proxy = typeof proxy === 'string'
? new URL(proxy)
: proxy
}
createConnection (options, callback) {
const requestOptions = {
method: 'CONNECT',
host: this.proxy.hostname,
port: this.proxy.port,
path: `${options.host}:${options.port}`,
setHost: false,
headers: { connection: this.keepAlive ? 'keep-alive' : 'close', host: `${options.host}:${options.port}` },
agent: false,
timeout: options.timeout || 0
}
if (this.proxy.username || this.proxy.password) {
const base64 = Buffer.from(`${decodeURIComponent(this.proxy.username || '')}:${decodeURIComponent(this.proxy.password || '')}`).toString('base64')
requestOptions.headers['proxy-authorization'] = `Basic ${base64}`
}
if (this.proxy.protocol === 'https:') {
requestOptions.servername = this.proxy.hostname
}
const request = (this.proxy.protocol === 'http:' ? http : https).request(requestOptions)
request.once('connect', (response, socket, head) => {
request.removeAllListeners()
socket.removeAllListeners()
if (response.statusCode === 200) {
callback(null, socket)
} else {
callback(new Error(`Bad response: ${response.statusCode}`), null)
}
})
request.once('timeout', () => {
request.destroy(new Error('Proxy timeout'))
})
request.once('error', err => {
request.removeAllListeners()
callback(err, null)
})
request.end()
}
}
class HttpsProxyAgent extends https.Agent {
constructor (options) {
const { proxy, ...opts } = options
super(opts)
this.proxy = typeof proxy === 'string'
? new URL(proxy)
: proxy
}
createConnection (options, callback) {
const requestOptions = {
method: 'CONNECT',
host: this.proxy.hostname,
port: this.proxy.port,
path: `${options.host}:${options.port}`,
setHost: false,
headers: { connection: this.keepAlive ? 'keep-alive' : 'close', host: `${options.host}:${options.port}` },
agent: false,
timeout: options.timeout || 0
}
if (this.proxy.username || this.proxy.password) {
const base64 = Buffer.from(`${decodeURIComponent(this.proxy.username || '')}:${decodeURIComponent(this.proxy.password || '')}`).toString('base64')
requestOptions.headers['proxy-authorization'] = `Basic ${base64}`
}
// Necessary for the TLS check with the proxy to succeed.
if (this.proxy.protocol === 'https:') {
requestOptions.servername = this.proxy.hostname
}
const request = (this.proxy.protocol === 'http:' ? http : https).request(requestOptions)
request.once('connect', (response, socket, head) => {
request.removeAllListeners()
socket.removeAllListeners()
if (response.statusCode === 200) {
const secureSocket = super.createConnection({ ...options, socket })
callback(null, secureSocket)
} else {
callback(new Error(`Bad response: ${response.statusCode}`), null)
}
})
request.once('timeout', () => {
request.destroy(new Error('Proxy timeout'))
})
request.once('error', err => {
request.removeAllListeners()
callback(err, null)
})
request.end()
}
}
module.exports = {
HttpProxyAgent,
HttpsProxyAgent
}
/***/ }), /***/ }),
/***/ 738: /***/ 738:
@ -16438,6 +16566,7 @@ exports.default = createRejection;
const core = __webpack_require__(470); const core = __webpack_require__(470);
const command = __webpack_require__(431); const command = __webpack_require__(431);
const got = __webpack_require__(77).default; const got = __webpack_require__(77).default;
const { HttpProxyAgent, HttpsProxyAgent } = __webpack_require__(737);
const jsonata = __webpack_require__(350); const jsonata = __webpack_require__(350);
const { auth: { retrieveToken }, secrets: { getSecrets } } = __webpack_require__(676); const { auth: { retrieveToken }, secrets: { getSecrets } } = __webpack_require__(676);
@ -16463,6 +16592,7 @@ async function exportSecrets() {
prefixUrl: vaultUrl, prefixUrl: vaultUrl,
headers: {}, headers: {},
https: {}, https: {},
agent: {},
retry: { retry: {
statusCodes: [ statusCodes: [
...got.defaults.options.retry.statusCodes, ...got.defaults.options.retry.statusCodes,
@ -16473,6 +16603,26 @@ async function exportSecrets() {
} }
} }
if (process.env['http_proxy'] || process.env['HTTP_PROXY']) {
defaultOptions.agent.http = new HttpProxyAgent({
keepAlive: true,
keepAliveMsecs: 1000,
maxSockets: 256,
maxFreeSockets: 256,
proxy: process.env['http_proxy'] || process.env['HTTP_PROXY']
})
}
if (process.env['https_proxy'] || process.env['HTTPS_PROXY']) {
defaultOptions.agent.https = new HttpsProxyAgent({
keepAlive: true,
keepAliveMsecs: 1000,
maxSockets: 256,
maxFreeSockets: 256,
proxy: process.env['https_proxy'] || process.env['HTTPS_PROXY']
})
}
const tlsSkipVerify = (core.getInput('tlsSkipVerify', { required: false }) || 'false').toLowerCase() != 'false'; const tlsSkipVerify = (core.getInput('tlsSkipVerify', { required: false }) || 'false').toLowerCase() != 'false';
if (tlsSkipVerify === true) { if (tlsSkipVerify === true) {
defaultOptions.https.rejectUnauthorized = false; defaultOptions.https.rejectUnauthorized = false;

14
package-lock.json generated
View file

@ -10,6 +10,7 @@
"license": "MIT", "license": "MIT",
"dependencies": { "dependencies": {
"got": "^11.8.5", "got": "^11.8.5",
"hpagent": "^1.0.0",
"jsonata": "^1.8.6", "jsonata": "^1.8.6",
"jsrsasign": "^10.5.25" "jsrsasign": "^10.5.25"
}, },
@ -3602,6 +3603,14 @@
"integrity": "sha512-mxIDAb9Lsm6DoOJ7xH+5+X4y1LU/4Hi50L9C5sIswK3JzULS4bwk1FvjdBgvYR4bzT4tuUQiC15FE2f5HbLvYw==", "integrity": "sha512-mxIDAb9Lsm6DoOJ7xH+5+X4y1LU/4Hi50L9C5sIswK3JzULS4bwk1FvjdBgvYR4bzT4tuUQiC15FE2f5HbLvYw==",
"dev": true "dev": true
}, },
"node_modules/hpagent": {
"version": "1.0.0",
"resolved": "https://registry.npmjs.org/hpagent/-/hpagent-1.0.0.tgz",
"integrity": "sha512-SCleE2Uc1bM752ymxg8QXYGW0TWtAV4ZW3TqH1aOnyi6T6YW2xadCcclm5qeVjvMvfQ2RKNtZxO7uVb9CTPt1A==",
"engines": {
"node": ">=14"
}
},
"node_modules/html-escaper": { "node_modules/html-escaper": {
"version": "2.0.2", "version": "2.0.2",
"resolved": "https://registry.npmjs.org/html-escaper/-/html-escaper-2.0.2.tgz", "resolved": "https://registry.npmjs.org/html-escaper/-/html-escaper-2.0.2.tgz",
@ -13458,6 +13467,11 @@
"integrity": "sha512-mxIDAb9Lsm6DoOJ7xH+5+X4y1LU/4Hi50L9C5sIswK3JzULS4bwk1FvjdBgvYR4bzT4tuUQiC15FE2f5HbLvYw==", "integrity": "sha512-mxIDAb9Lsm6DoOJ7xH+5+X4y1LU/4Hi50L9C5sIswK3JzULS4bwk1FvjdBgvYR4bzT4tuUQiC15FE2f5HbLvYw==",
"dev": true "dev": true
}, },
"hpagent": {
"version": "1.0.0",
"resolved": "https://registry.npmjs.org/hpagent/-/hpagent-1.0.0.tgz",
"integrity": "sha512-SCleE2Uc1bM752ymxg8QXYGW0TWtAV4ZW3TqH1aOnyi6T6YW2xadCcclm5qeVjvMvfQ2RKNtZxO7uVb9CTPt1A=="
},
"html-escaper": { "html-escaper": {
"version": "2.0.2", "version": "2.0.2",
"resolved": "https://registry.npmjs.org/html-escaper/-/html-escaper-2.0.2.tgz", "resolved": "https://registry.npmjs.org/html-escaper/-/html-escaper-2.0.2.tgz",

1
package.json
View file

@ -45,6 +45,7 @@
"homepage": "https://github.com/hashicorp/vault-action#readme", "homepage": "https://github.com/hashicorp/vault-action#readme",
"dependencies": { "dependencies": {
"got": "^11.8.5", "got": "^11.8.5",
"hpagent": "^1.0.0",
"jsonata": "^1.8.6", "jsonata": "^1.8.6",
"jsrsasign": "^10.5.25" "jsrsasign": "^10.5.25"
}, },

22
src/action.js
View file

@ -2,6 +2,7 @@
const core = require('@actions/core'); const core = require('@actions/core');
const command = require('@actions/core/lib/command'); const command = require('@actions/core/lib/command');
const got = require('got').default; const got = require('got').default;
const { HttpProxyAgent, HttpsProxyAgent } = require('hpagent');
const jsonata = require('jsonata'); const jsonata = require('jsonata');
const { auth: { retrieveToken }, secrets: { getSecrets } } = require('./index'); const { auth: { retrieveToken }, secrets: { getSecrets } } = require('./index');
@ -27,6 +28,7 @@ async function exportSecrets() {
prefixUrl: vaultUrl, prefixUrl: vaultUrl,
headers: {}, headers: {},
https: {}, https: {},
agent: {},
retry: { retry: {
statusCodes: [ statusCodes: [
...got.defaults.options.retry.statusCodes, ...got.defaults.options.retry.statusCodes,
@ -37,6 +39,26 @@ async function exportSecrets() {
} }
} }
if (process.env['http_proxy'] || process.env['HTTP_PROXY']) {
defaultOptions.agent.http = new HttpProxyAgent({
keepAlive: true,
keepAliveMsecs: 1000,
maxSockets: 256,
maxFreeSockets: 256,
proxy: process.env['http_proxy'] || process.env['HTTP_PROXY']
})
}
if (process.env['https_proxy'] || process.env['HTTPS_PROXY']) {
defaultOptions.agent.https = new HttpsProxyAgent({
keepAlive: true,
keepAliveMsecs: 1000,
maxSockets: 256,
maxFreeSockets: 256,
proxy: process.env['https_proxy'] || process.env['HTTPS_PROXY']
})
}
const tlsSkipVerify = (core.getInput('tlsSkipVerify', { required: false }) || 'false').toLowerCase() != 'false'; const tlsSkipVerify = (core.getInput('tlsSkipVerify', { required: false }) || 'false').toLowerCase() != 'false';
if (tlsSkipVerify === true) { if (tlsSkipVerify === true) {
defaultOptions.https.rejectUnauthorized = false; defaultOptions.https.rejectUnauthorized = false;