actions/vault-action
5
0
Fork 0
mirror of https://github.com/hashicorp/vault-action.git synced 2025-11-09 16:16:55 +00:00
Code Activity Actions

Merge branch 'main' into main

Browse source
This commit is contained in:
Kevin Schoonover 2023-01-23 12:58:24 -08:00 committed by GitHub
commit 8d558013a2
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
5 changed files with 1275 additions and 1096 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
action.yml
View file

@ -76,6 +76,9 @@ inputs:
description: 'Time in seconds, after which token expires'
required: false
default: 3600
secretEncodingType:
description: 'The encoding type of the secret to decode. If not specified, the secret will not be decoded. Supported values: base64, hex, utf8'
required: false
runs:
using: 'node16'
main: 'dist/index.js'

2324
package-lock.json generated
View file

File diff suppressed because it is too large Load diff

6
package.json
View file

@ -46,7 +46,7 @@
"dependencies": {
"got": "^11.8.5",
"jsonata": "^1.8.6",
"jsrsasign": "^10.5.27"
"jsrsasign": "^10.6.1"
},
"peerDependencies": {
"@actions/core": ">=1 <2"
@ -54,9 +54,9 @@
"devDependencies": {
"@actions/core": "^1.10.0",
"@types/got": "^9.6.11",
"@types/jest": "^28.1.3",
"@types/jest": "^29.2.2",
"@vercel/ncc": "^0.36.0",
"jest": "^28.1.1",
"jest": "^29.3.1",
"jest-when": "^3.5.2",
"mock-http-server": "^1.4.5",
"semantic-release": "^19.0.5"

17
src/action.js
View file

@ -6,6 +6,7 @@ const jsonata = require('jsonata');
const { auth: { retrieveToken }, secrets: { getSecrets } } = require('./index');
const AUTH_METHODS = ['approle', 'token', 'github', 'jwt', 'kubernetes'];
const ENCODING_TYPES = ['base64', 'hex', 'utf8'];
async function exportSecrets() {
const vaultUrl = core.getInput('url', { required: true });
@ -17,6 +18,8 @@ async function exportSecrets() {
const secretsInput = core.getInput('secrets', { required: false });
const secretRequests = parseSecretsInput(secretsInput);
const secretEncodingType = core.getInput('secretEncodingType', { required: false });
const vaultMethod = (core.getInput('method', { required: false }) || 'token').toLowerCase();
const authPayload = core.getInput('authPayload', { required: false });
if (!AUTH_METHODS.includes(vaultMethod) && !authPayload) {
@ -81,11 +84,23 @@ async function exportSecrets() {
const results = await getSecrets(requests, client);
for (const result of results) {
const { value, request, cachedResponse } = result;
// Output the result
var value = result.value;
const request = result.request;
const cachedResponse = result.cachedResponse;
if (cachedResponse) {
core.debug(' using cached response');
}
// if a secret is encoded, decode it
if (ENCODING_TYPES.includes(secretEncodingType)) {
value = Buffer.from(value, secretEncodingType).toString();
}
for (const line of value.replace(/\r/g, '').split('\n')) {
if (line.length > 0) {
command.issue('add-mask', line);

19
src/action.test.js
View file

@ -184,6 +184,12 @@ describe('exportSecrets', () => {
.mockReturnValueOnce(doExport);
}
function mockEncodeType(doEncode) {
when(core.getInput)
.calledWith('secretEncodingType', expect.anything())
.mockReturnValueOnce(doEncode);
}
it('simple secret retrieval', async () => {
mockInput('test key');
mockVaultData({
@ -196,6 +202,19 @@ describe('exportSecrets', () => {
expect(core.setOutput).toBeCalledWith('key', '1');
});
it('encoded secret retrieval', async () => {
mockInput('test key');
mockVaultData({
key: 'MQ=='
});
mockEncodeType('base64');
await exportSecrets();
expect(core.exportVariable).toBeCalledWith('KEY', '1');
expect(core.setOutput).toBeCalledWith('key', '1');
});
it('intl secret retrieval', async () => {
mockInput('测试 测试');
mockVaultData({