From 90b1fb477d0b0a558ecd619a4d5b6a2b53390dae Mon Sep 17 00:00:00 2001
From: "Luis (LT) Carbonell" <lt.carbonell@hashicorp.com>
Date: Tue, 17 Jan 2023 10:10:05 -0600
Subject: [PATCH] Add test case, and other updates

---
 action.yml         |  4 ++--
 src/action.js      |  7 ++++---
 src/action.test.js | 19 +++++++++++++++++++
 3 files changed, 25 insertions(+), 5 deletions(-)

diff --git a/action.yml b/action.yml
index 7b4ed8a..073f579 100644
--- a/action.yml
+++ b/action.yml
@@ -76,8 +76,8 @@ inputs:
     description: 'Time in seconds, after which token expires'
     required: false
     default: 3600
-  secretEncoding:
-    description: 'Encoding of the secret value. Can be "base64", "hex", "utf8".'
+  secretEncodingType:
+    description: 'The encoding type of the secret to decode. If not specified, the secret will not be decoded. Supported values: base64, hex, utf8'
     required: false
 runs:
   using: 'node16'
diff --git a/src/action.js b/src/action.js
index 9bb229d..b898005 100644
--- a/src/action.js
+++ b/src/action.js
@@ -6,6 +6,7 @@ const jsonata = require('jsonata');
 const { auth: { retrieveToken }, secrets: { getSecrets } } = require('./index');
 
 const AUTH_METHODS = ['approle', 'token', 'github', 'jwt', 'kubernetes'];
+const ENCODING_TYPES = ['base64', 'hex', 'utf8'];
 
 async function exportSecrets() {
     const vaultUrl = core.getInput('url', { required: true });
@@ -17,7 +18,7 @@ async function exportSecrets() {
     const secretsInput = core.getInput('secrets', { required: false });
     const secretRequests = parseSecretsInput(secretsInput);
 
-    const secretEncoding = core.getInput('secretEncoding', { required: false });
+    const secretEncodingType = core.getInput('secretEncodingType', { required: false });
 
     const vaultMethod = (core.getInput('method', { required: false }) || 'token').toLowerCase();
     const authPayload = core.getInput('authPayload', { required: false });
@@ -96,8 +97,8 @@ async function exportSecrets() {
         }
 
         // if a secret is encoded, decode it
-        if (secretEncoding) {
-            value = Buffer.from(value, secretEncoding).toString();
+        if (ENCODING_TYPES.includes(secretEncodingType)) {
+            value = Buffer.from(value, secretEncodingType).toString();
         }
 
         for (const line of value.replace(/\r/g, '').split('\n')) {
diff --git a/src/action.test.js b/src/action.test.js
index 79cb655..45899bd 100644
--- a/src/action.test.js
+++ b/src/action.test.js
@@ -184,6 +184,12 @@ describe('exportSecrets', () => {
             .mockReturnValueOnce(doExport);
     }
 
+    function mockEncodeType(doEncode) {
+        when(core.getInput)
+            .calledWith('secretEncodingType', expect.anything())
+            .mockReturnValueOnce(doEncode);
+    }
+
     it('simple secret retrieval', async () => {
         mockInput('test key');
         mockVaultData({
@@ -196,6 +202,19 @@ describe('exportSecrets', () => {
         expect(core.setOutput).toBeCalledWith('key', '1');
     });
 
+    it('encoded secret retrieval', async () => {
+        mockInput('test key');
+        mockVaultData({
+            key: 'MQ=='
+        });
+        mockEncodeType('base64');
+
+        await exportSecrets();
+
+        expect(core.exportVariable).toBeCalledWith('KEY', '1');
+        expect(core.setOutput).toBeCalledWith('key', '1');
+    });
+
     it('intl secret retrieval', async () => {
         mockInput('测试 测试');
         mockVaultData({