actions/vault-action
5
0
Fork 0
mirror of https://github.com/hashicorp/vault-action.git synced 2025-11-09 16:16:55 +00:00
Code Activity Actions

cache response and fixup data depth logic

Browse source
This commit is contained in:
Richard Simpson 2020-02-05 14:38:32 -06:00
parent 913f76cc85
commit 87dad0d98f
No known key found for this signature in database
GPG key ID: 0CECAF50D013D1E2
2 changed files with 27 additions and 33 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

57
action.js
View file

@ -11,7 +11,7 @@ async function exportSecrets() {
let enginePath = core.getInput('path', { required: false }); let enginePath = core.getInput('path', { required: false });
let kvVersion = core.getInput('kv-version', { required: false }); let kvVersion = core.getInput('kv-version', { required: false });
const useKv = core.getInput('useKv', { required: false }); let isKvEngine = parseBoolInput(core.getInput('isKvEngine', { required: false }));
const secretsInput = core.getInput('secrets', { required: true }); const secretsInput = core.getInput('secrets', { required: true });
const secrets = parseSecretsInput(secretsInput); const secrets = parseSecretsInput(secretsInput);
@ -55,11 +55,7 @@ async function exportSecrets() {
} }
if (!kvVersion) { if (!kvVersion) {
if (useKv !== false) {
kvVersion = 2; kvVersion = 2;
} else {
kvVersion = -1;
}
} }
kvVersion = +kvVersion; kvVersion = +kvVersion;
@ -67,11 +63,9 @@ async function exportSecrets() {
throw Error(`You must provide a valid K/V version (${VALID_KV_VERSION.slice(1).join(', ')}). Input: "${kvVersion}"`); throw Error(`You must provide a valid K/V version (${VALID_KV_VERSION.slice(1).join(', ')}). Input: "${kvVersion}"`);
} }
kvVersion = parseInt(kvVersion);
const responseCache = new Map(); const responseCache = new Map();
for (const secret of secrets) { for (const secret of secrets) {
const { secretPath, outputName, secretSelector } = secret; const { secretPath, outputName, secretSelector, isJSONPath } = secret;
const requestOptions = { const requestOptions = {
headers: { headers: {
'X-Vault-Token': vaultToken 'X-Vault-Token': vaultToken
@ -85,14 +79,18 @@ async function exportSecrets() {
const requestPath = (kvVersion === 2) const requestPath = (kvVersion === 2)
? `${vaultUrl}/v1/${enginePath}/data/${secretPath}` ? `${vaultUrl}/v1/${enginePath}/data/${secretPath}`
: `${vaultUrl}/v1/${enginePath}/${secretPath}`; : `${vaultUrl}/v1/${enginePath}/${secretPath}`;
let result; let body;
if (responseCache.has(requestPath)) { if (responseCache.has(requestPath)) {
result = responseCache.get(requestPath); body = responseCache.get(requestPath);
} else { } else {
result = await got(requestPath, requestOptions); const result = await got(requestPath, requestOptions);
body = result.body;
responseCache.set(requestPath, body);
} }
const secretData = getResponseData(result.body, kvVersion); let dataDepth = isJSONPath === true ? 0 : isKvEngine === false ? 1 : kvVersion;
const secretData = getResponseData(body, dataDepth);
const value = selectData(secretData, secretSelector); const value = selectData(secretData, secretSelector);
command.issue('add-mask', value); command.issue('add-mask', value);
core.exportVariable(outputName, `${value}`); core.exportVariable(outputName, `${value}`);
@ -146,7 +144,8 @@ function parseSecretsInput(secretsInput) {
output.push({ output.push({
secretPath, secretPath,
outputName, outputName,
secretSelector secretSelector,
isJSONPath: secretSelector.startsWith('$')
}); });
} }
return output; return output;
@ -157,25 +156,12 @@ function parseSecretsInput(secretsInput) {
* @param {string} responseBody * @param {string} responseBody
* @param {number} kvVersion * @param {number} kvVersion
*/ */
function getResponseData(responseBody, kvVersion) { function getResponseData(responseBody, dataLevel) {
const parsedResponse = JSON.parse(responseBody); let secretData = JSON.parse(responseBody);
let secretData;
switch(kvVersion) { for (let i = 0; i < dataLevel; i++) {
case 1: { secretData = secretData['data'];
secretData = parsedResponse.data;
} break;
case 2: {
const vaultKeyData = parsedResponse.data;
secretData = vaultKeyData.data;
} break;
default: {
secretData = parsedResponse;
} break;
} }
return secretData; return secretData;
} }
@ -184,8 +170,8 @@ function getResponseData(responseBody, kvVersion) {
* @param {Object} data * @param {Object} data
* @param {string} selector * @param {string} selector
*/ */
function selectData(data, selector) { function selectData(data, selector, isJSONPath) {
if (!selector.startsWith('$')) { if (!isJSONPath) {
return data[selector]; return data[selector];
} }
@ -200,6 +186,13 @@ function normalizeOutputKey(dataKey) {
return dataKey.replace('/', '__').replace(/[^\w-]/, '').toUpperCase(); return dataKey.replace('/', '__').replace(/[^\w-]/, '').toUpperCase();
} }
function parseBoolInput(input) {
if (input === null || input === undefined || input.trim() === '') {
return null;
}
return Boolean(input);
}
module.exports = { module.exports = {
exportSecrets, exportSecrets,
parseSecretsInput, parseSecretsInput,

1
action.test.js
View file

@ -19,6 +19,7 @@ describe('parseSecretsInput', () => {
secretPath: 'test', secretPath: 'test',
secretSelector: 'key', secretSelector: 'key',
outputName: 'KEY', outputName: 'KEY',
isJSONPath: false
}); });
}); });