mirror of
https://github.com/hashicorp/vault-action.git
synced 2025-11-07 15:16:56 +00:00
chore: rebuild action
This commit is contained in:
Richard Simpson
parent
83d944ba1a
commit
9878eba70a
1 changed files with 36 additions and 25 deletions
61
dist/index.js
vendored
61
dist/index.js
vendored
|
|
@ -1557,12 +1557,13 @@ module.exports.iterator = (emitter, event, options) => {
|
||||||
/***/ 151:
|
/***/ 151:
|
||||||
/***/ (function(module, __unusedexports, __webpack_require__) {
|
/***/ (function(module, __unusedexports, __webpack_require__) {
|
||||||
|
|
||||||
|
// @ts-check
|
||||||
const core = __webpack_require__(470);
|
const core = __webpack_require__(470);
|
||||||
|
|
||||||
/***
|
/***
|
||||||
* Authentication with Vault and retrieve a vault token
|
* Authenticate with Vault and retrieve a Vault token that can be used for requests.
|
||||||
* @param {string} method
|
* @param {string} method
|
||||||
* @param {import('got')} client
|
* @param {import('got').Got} client
|
||||||
*/
|
*/
|
||||||
async function retrieveToken(method, client) {
|
async function retrieveToken(method, client) {
|
||||||
switch (method) {
|
switch (method) {
|
||||||
|
|
@ -1591,31 +1592,52 @@ async function retrieveToken(method, client) {
|
||||||
}
|
}
|
||||||
|
|
||||||
/***
|
/***
|
||||||
* Authentication with Vault and retrieve a vault token
|
* Call the appropriate login endpoint and parse out the token in the response.
|
||||||
* @param {import('got')} client
|
* @param {import('got').Got} client
|
||||||
* @param {string} method
|
* @param {string} method
|
||||||
* @param {any} payload
|
* @param {any} payload
|
||||||
*/
|
*/
|
||||||
async function getClientToken(client, method, payload) {
|
async function getClientToken(client, method, payload) {
|
||||||
/** @type {any} */
|
/** @type {'json'} */
|
||||||
|
const responseType = 'json';
|
||||||
var options = {
|
var options = {
|
||||||
json: payload,
|
json: payload,
|
||||||
responseType: 'json'
|
responseType,
|
||||||
};
|
};
|
||||||
|
|
||||||
core.debug(`Retrieving Vault Token from v1/auth/${method}/login endpoint`);
|
core.debug(`Retrieving Vault Token from v1/auth/${method}/login endpoint`);
|
||||||
|
|
||||||
|
/** @type {import('got').Response<VaultLoginResponse>} */
|
||||||
const response = await client.post(`v1/auth/${method}/login`, options);
|
const response = await client.post(`v1/auth/${method}/login`, options);
|
||||||
if (response && response.body && response.body.auth && response.body.auth.client_token) {
|
if (response && response.body && response.body.auth && response.body.auth.client_token) {
|
||||||
core.debug('✔ Vault Token successfully retrieved');
|
core.debug('✔ Vault Token successfully retrieved');
|
||||||
|
|
||||||
|
core.startGroup('Token Info');
|
||||||
|
core.debug(`Operating under policies: ${JSON.stringify(response.body.auth.policies)}`);
|
||||||
|
core.debug(`Token Metadata: ${JSON.stringify(response.body.auth.metadata)}`);
|
||||||
|
core.endGroup();
|
||||||
|
|
||||||
return response.body.auth.client_token;
|
return response.body.auth.client_token;
|
||||||
} else {
|
} else {
|
||||||
throw Error(`Unable to retrieve token from ${method}'s login endpoint.`);
|
throw Error(`Unable to retrieve token from ${method}'s login endpoint.`);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/***
|
||||||
|
* @typedef {Object} VaultLoginResponse
|
||||||
|
* @property {{
|
||||||
|
* client_token: string;
|
||||||
|
* accessor: string;
|
||||||
|
* policies: string[];
|
||||||
|
* metadata: unknown;
|
||||||
|
* lease_duration: number;
|
||||||
|
* renewable: boolean;
|
||||||
|
* }} auth
|
||||||
|
*/
|
||||||
|
|
||||||
module.exports = {
|
module.exports = {
|
||||||
retrieveToken
|
retrieveToken,
|
||||||
}
|
};
|
||||||
|
|
||||||
|
|
||||||
/***/ }),
|
/***/ }),
|
||||||
|
|
@ -5711,11 +5733,9 @@ module.exports = require("dns");
|
||||||
/***/ (function(module, __unusedexports, __webpack_require__) {
|
/***/ (function(module, __unusedexports, __webpack_require__) {
|
||||||
|
|
||||||
// @ts-check
|
// @ts-check
|
||||||
// @ts-ignore
|
|
||||||
const core = __webpack_require__(470);
|
const core = __webpack_require__(470);
|
||||||
// @ts-ignore
|
|
||||||
const command = __webpack_require__(431);
|
const command = __webpack_require__(431);
|
||||||
const got = __webpack_require__(77);
|
const got = __webpack_require__(77).default;
|
||||||
const { retrieveToken } = __webpack_require__(151);
|
const { retrieveToken } = __webpack_require__(151);
|
||||||
|
|
||||||
const AUTH_METHODS = ['approle', 'token', 'github'];
|
const AUTH_METHODS = ['approle', 'token', 'github'];
|
||||||
|
|
@ -5728,14 +5748,16 @@ async function exportSecrets() {
|
||||||
const exportEnv = core.getInput('exportEnv', { required: false }) != 'false';
|
const exportEnv = core.getInput('exportEnv', { required: false }) != 'false';
|
||||||
|
|
||||||
let enginePath = core.getInput('path', { required: false });
|
let enginePath = core.getInput('path', { required: false });
|
||||||
|
/** @type {number | string} */
|
||||||
let kvVersion = core.getInput('kv-version', { required: false });
|
let kvVersion = core.getInput('kv-version', { required: false });
|
||||||
|
|
||||||
const secretsInput = core.getInput('secrets', { required: true });
|
const secretsInput = core.getInput('secrets', { required: true });
|
||||||
const secretRequests = parseSecretsInput(secretsInput);
|
const secretRequests = parseSecretsInput(secretsInput);
|
||||||
|
|
||||||
const vaultMethod = (core.getInput('method', { required: false }) || 'token').toLowerCase();
|
const vaultMethod = (core.getInput('method', { required: false }) || 'token').toLowerCase();
|
||||||
if (!AUTH_METHODS.includes(vaultMethod)) {
|
const authPayload = core.getInput('authPayload', { required: false });
|
||||||
throw Error(`Sorry, the authentication method ${vaultMethod} is not currently supported.`);
|
if (!AUTH_METHODS.includes(vaultMethod) && !authPayload) {
|
||||||
|
throw Error(`Sorry, the provided authentication method ${vaultMethod} is not currently supported and no custom authPayload was provided.`);
|
||||||
}
|
}
|
||||||
|
|
||||||
const defaultOptions = {
|
const defaultOptions = {
|
||||||
|
|
@ -5752,7 +5774,7 @@ async function exportSecrets() {
|
||||||
}
|
}
|
||||||
|
|
||||||
const client = got.extend(defaultOptions);
|
const client = got.extend(defaultOptions);
|
||||||
const vaultToken = await retrieveToken(vaultMethod, /** @type {any} */ (client));
|
const vaultToken = await retrieveToken(vaultMethod, client);
|
||||||
|
|
||||||
if (!enginePath) {
|
if (!enginePath) {
|
||||||
enginePath = 'secret';
|
enginePath = 'secret';
|
||||||
|
|
@ -5921,17 +5943,6 @@ function normalizeOutputKey(dataKey) {
|
||||||
return dataKey.replace('/', '__').replace(/[^\w-]/, '').toUpperCase();
|
return dataKey.replace('/', '__').replace(/[^\w-]/, '').toUpperCase();
|
||||||
}
|
}
|
||||||
|
|
||||||
// @ts-ignore
|
|
||||||
/**
|
|
||||||
* @param {string} input
|
|
||||||
*/
|
|
||||||
function parseBoolInput(input) {
|
|
||||||
if (input === null || input === undefined || input.trim() === '') {
|
|
||||||
return null;
|
|
||||||
}
|
|
||||||
return Boolean(input);
|
|
||||||
}
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* @param {string} inputKey
|
* @param {string} inputKey
|
||||||
* @param {any} inputOptions
|
* @param {any} inputOptions
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue