actions/vault-action
5
0
Fork 0
mirror of https://github.com/hashicorp/vault-action.git synced 2025-11-07 15:16:56 +00:00
Code Activity Actions

Update to v2.4.1 (#317)

Browse source
This commit is contained in:
Tom Proctor 2022-04-28 16:20:56 +01:00 committed by GitHub
parent e025870ee9
commit abba4a3980
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
2 changed files with 97 additions and 48 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
CHANGELOG.md
View file

@ -1,5 +1,7 @@
## Unreleased ## Unreleased
## 2.4.1 (April 28th, 2022)
Improvements: Improvements:
* Make secrets parameter optional [GH-299](https://github.com/hashicorp/vault-action/pull/299) * Make secrets parameter optional [GH-299](https://github.com/hashicorp/vault-action/pull/299)
* auth/jwt: make "role" input optional [GH-291](https://github.com/hashicorp/vault-action/pull/291) * auth/jwt: make "role" input optional [GH-291](https://github.com/hashicorp/vault-action/pull/291)

143
dist/index.js vendored
View file

@ -1245,7 +1245,7 @@ async function retrieveToken(method, client) {
case 'jwt': { case 'jwt': {
/** @type {string} */ /** @type {string} */
let jwt; let jwt;
const role = core.getInput('role', { required: true }); const role = core.getInput('role', { required: false });
const privateKeyRaw = core.getInput('jwtPrivateKey', { required: false }); const privateKeyRaw = core.getInput('jwtPrivateKey', { required: false });
const privateKey = Buffer.from(privateKeyRaw, 'base64').toString(); const privateKey = Buffer.from(privateKeyRaw, 'base64').toString();
const keyPassword = core.getInput('jwtKeyPassword', { required: false }); const keyPassword = core.getInput('jwtKeyPassword', { required: false });
@ -3744,7 +3744,7 @@ const dateTime = (function () {
def.integerFormat.mandatoryDigits = def.width.min; def.integerFormat.mandatoryDigits = def.width.min;
} }
} }
if (def.component === 'Y') { if ('YMD'.indexOf(def.component) !== -1) {
// §9.8.4.4 // §9.8.4.4
def.n = -1; def.n = -1;
if (def.width && def.width.max !== undefined) { if (def.width && def.width.max !== undefined) {
@ -4115,6 +4115,7 @@ const dateTime = (function () {
return offsetHours * 60 + offsetMinutes; return offsetHours * 60 + offsetMinutes;
}; };
} else if (part.integerFormat) { } else if (part.integerFormat) {
part.integerFormat.n = part.n;
res = generateRegex(part.integerFormat); res = generateRegex(part.integerFormat);
} else { } else {
// must be a month or day name // must be a month or day name
@ -4159,6 +4160,17 @@ const dateTime = (function () {
} else { // type === 'integer' } else { // type === 'integer'
matcher.type = 'integer'; matcher.type = 'integer';
const isUpper = formatSpec.case === tcase.UPPER; const isUpper = formatSpec.case === tcase.UPPER;
let occurrences;
if(formatSpec.n && formatSpec.n > 0){
if(formatSpec.optionalDigits === 0){
occurrences = `{${formatSpec.n}}`;
} else {
occurrences = `{${formatSpec.n - formatSpec.optionalDigits},${formatSpec.n}}`;
}
} else {
occurrences = '+';
}
switch (formatSpec.primary) { switch (formatSpec.primary) {
case formats.LETTERS: case formats.LETTERS:
matcher.regex = isUpper ? '[A-Z]+' : '[a-z]+'; matcher.regex = isUpper ? '[A-Z]+' : '[a-z]+';
@ -4179,7 +4191,7 @@ const dateTime = (function () {
}; };
break; break;
case formats.DECIMAL: case formats.DECIMAL:
matcher.regex = '[0-9]+'; matcher.regex = `[0-9]${occurrences}`;
if (formatSpec.ordinal) { if (formatSpec.ordinal) {
// ordinals // ordinals
matcher.regex += '(?:th|st|nd|rd)'; matcher.regex += '(?:th|st|nd|rd)';
@ -5054,7 +5066,7 @@ const functions = (() => {
// Simply doing `new Buffer` at this point causes Browserify to pull // Simply doing `new Buffer` at this point causes Browserify to pull
// in the entire Buffer browser library, which is large and unnecessary. // in the entire Buffer browser library, which is large and unnecessary.
// Using `global.Buffer` defeats this. // Using `global.Buffer` defeats this.
return new global.Buffer(str, 'base64').toString('binary'); return new global.Buffer.from(str, 'base64').toString('binary'); // eslint-disable-line new-cap
}; };
return atob(str); return atob(str);
} }
@ -6763,7 +6775,8 @@ var jsonata = (function() {
} }
if(expr.keepSingletonArray) { if(expr.keepSingletonArray) {
if(!isSequence(resultSequence)) { // if the array is explicitly constructed in the expression and marked to promote singleton sequences to array
if(Array.isArray(resultSequence) && resultSequence.cons && !resultSequence.sequence) {
resultSequence = createSequence(resultSequence); resultSequence = createSequence(resultSequence);
} }
resultSequence.keepSingleton = true; resultSequence.keepSingleton = true;
@ -7001,9 +7014,21 @@ var jsonata = (function() {
function * evaluateBinary(expr, input, environment) { function * evaluateBinary(expr, input, environment) {
var result; var result;
var lhs = yield * evaluate(expr.lhs, input, environment); var lhs = yield * evaluate(expr.lhs, input, environment);
var rhs = yield * evaluate(expr.rhs, input, environment);
var op = expr.value; var op = expr.value;
//defer evaluation of RHS to allow short-circuiting
var evalrhs = function*(){return yield * evaluate(expr.rhs, input, environment);};
if (op === "and" || op === "or") {
try {
return yield * evaluateBooleanExpression(lhs, evalrhs, op);
} catch(err) {
err.position = expr.position;
err.token = op;
throw err;
}
}
var rhs = yield * evalrhs();
try { try {
switch (op) { switch (op) {
case '+': case '+':
@ -7026,10 +7051,6 @@ var jsonata = (function() {
case '&': case '&':
result = evaluateStringConcat(lhs, rhs); result = evaluateStringConcat(lhs, rhs);
break; break;
case 'and':
case 'or':
result = evaluateBooleanExpression(lhs, rhs, op);
break;
case '..': case '..':
result = evaluateRangeExpression(lhs, rhs); result = evaluateRangeExpression(lhs, rhs);
break; break;
@ -7132,6 +7153,9 @@ var jsonata = (function() {
*/ */
function evaluateWildcard(expr, input) { function evaluateWildcard(expr, input) {
var results = createSequence(); var results = createSequence();
if (Array.isArray(input) && input.outerWrapper && input.length > 0) {
input = input[0];
}
if (input !== null && typeof input === 'object') { if (input !== null && typeof input === 'object') {
Object.keys(input).forEach(function (key) { Object.keys(input).forEach(function (key) {
var value = input[key]; var value = input[key];
@ -7380,35 +7404,31 @@ var jsonata = (function() {
/** /**
* Evaluate boolean expression against input data * Evaluate boolean expression against input data
* @param {Object} lhs - LHS value * @param {Object} lhs - LHS value
* @param {Object} rhs - RHS value * @param {Function} evalrhs - function to evaluate RHS value
* @param {Object} op - opcode * @param {Object} op - opcode
* @returns {*} Result * @returns {*} Result
*/ */
function evaluateBooleanExpression(lhs, rhs, op) { function * evaluateBooleanExpression(lhs, evalrhs, op) {
var result; var result;
var lBool = fn.boolean(lhs); var lBool = boolize(lhs);
var rBool = fn.boolean(rhs);
if (typeof lBool === 'undefined') {
lBool = false;
}
if (typeof rBool === 'undefined') {
rBool = false;
}
switch (op) { switch (op) {
case 'and': case 'and':
result = lBool && rBool; result = lBool && boolize(yield * evalrhs());
break; break;
case 'or': case 'or':
result = lBool || rBool; result = lBool || boolize(yield * evalrhs());
break; break;
} }
return result; return result;
} }
function boolize(value) {
var booledValue = fn.boolean(value);
return typeof booledValue === 'undefined' ? false : booledValue;
}
/** /**
* Evaluate string concatenation against input data * Evaluate string concatenation against input data
* @param {Object} lhs - LHS value * @param {Object} lhs - LHS value
@ -7446,6 +7466,10 @@ var jsonata = (function() {
if (!Array.isArray(input)) { if (!Array.isArray(input)) {
input = createSequence(input); input = createSequence(input);
} }
// if the array is empty, add an undefined entry to enable literal JSON object to be generated
if (input.length === 0) {
input.push(undefined);
}
for(var itemIndex = 0; itemIndex < input.length; itemIndex++) { for(var itemIndex = 0; itemIndex < input.length; itemIndex++) {
var item = input[itemIndex]; var item = input[itemIndex];
@ -7454,7 +7478,7 @@ var jsonata = (function() {
var pair = expr.lhs[pairIndex]; var pair = expr.lhs[pairIndex];
var key = yield * evaluate(pair[0], reduce ? item['@'] : item, env); var key = yield * evaluate(pair[0], reduce ? item['@'] : item, env);
// key has to be a string // key has to be a string
if (typeof key !== 'string') { if (typeof key !== 'string' && key !== undefined) {
throw { throw {
code: "T1003", code: "T1003",
stack: (new Error()).stack, stack: (new Error()).stack,
@ -7462,24 +7486,27 @@ var jsonata = (function() {
value: key value: key
}; };
} }
var entry = {data: item, exprIndex: pairIndex};
if (groups.hasOwnProperty(key)) {
// a value already exists in this slot
if(groups[key].exprIndex !== pairIndex) {
// this key has been generated by another expression in this group
// when multiple key expressions evaluate to the same key, then error D1009 must be thrown
throw {
code: "D1009",
stack: (new Error()).stack,
position: expr.position,
value: key
};
}
// append it as an array if (key !== undefined) {
groups[key].data = fn.append(groups[key].data, item); var entry = {data: item, exprIndex: pairIndex};
} else { if (groups.hasOwnProperty(key)) {
groups[key] = entry; // a value already exists in this slot
if(groups[key].exprIndex !== pairIndex) {
// this key has been generated by another expression in this group
// when multiple key expressions evaluate to the same key, then error D1009 must be thrown
throw {
code: "D1009",
stack: (new Error()).stack,
position: expr.position,
value: key
};
}
// append it as an array
groups[key].data = fn.append(groups[key].data, item);
} else {
groups[key] = entry;
}
} }
} }
} }
@ -7632,7 +7659,7 @@ var jsonata = (function() {
* @returns {Function} Higher order function representing prepared regex * @returns {Function} Higher order function representing prepared regex
*/ */
function evaluateRegex(expr) { function evaluateRegex(expr) {
var re = new RegExp(expr.value); var re = new jsonata.RegexEngine(expr.value);
var closure = function(str, fromIndex) { var closure = function(str, fromIndex) {
var result; var result;
re.lastIndex = fromIndex || 0; re.lastIndex = fromIndex || 0;
@ -8585,7 +8612,9 @@ var jsonata = (function() {
/** /**
* JSONata * JSONata
* @param {Object} expr - JSONata expression * @param {Object} expr - JSONata expression
* @param {boolean} options - recover: attempt to recover on parse error * @param {Object} options
* @param {boolean} options.recover: attempt to recover on parse error
* @param {Function} options.RegexEngine: RegEx class constructor to use
* @returns {{evaluate: evaluate, assign: assign}} Evaluated expression * @returns {{evaluate: evaluate, assign: assign}} Evaluated expression
*/ */
function jsonata(expr, options) { function jsonata(expr, options) {
@ -8610,6 +8639,12 @@ var jsonata = (function() {
return timestamp.getTime(); return timestamp.getTime();
}, '<:n>')); }, '<:n>'));
if(options && options.RegexEngine) {
jsonata.RegexEngine = options.RegexEngine;
} else {
jsonata.RegexEngine = RegExp;
}
return { return {
evaluate: function (input, bindings, callback) { evaluate: function (input, bindings, callback) {
// throw if the expression compiled with syntax errors // throw if the expression compiled with syntax errors
@ -11230,9 +11265,17 @@ async function getSecrets(secretRequests, client) {
body = responseCache.get(requestPath); body = responseCache.get(requestPath);
cachedResponse = true; cachedResponse = true;
} else { } else {
const result = await client.get(requestPath); try {
body = result.body; const result = await client.get(requestPath);
responseCache.set(requestPath, body); body = result.body;
responseCache.set(requestPath, body);
} catch (error) {
const {response} = error;
if (response.statusCode === 404) {
throw Error(`Unable to retrieve result for "${path}" because it was not found: ${response.body.trim()}`)
}
throw error
}
} }
if (!selector.match(/.*[\.].*/)) { if (!selector.match(/.*[\.].*/)) {
selector = '"' + selector + '"' selector = '"' + selector + '"'
@ -15644,7 +15687,7 @@ async function exportSecrets() {
const exportEnv = core.getInput('exportEnv', { required: false }) != 'false'; const exportEnv = core.getInput('exportEnv', { required: false }) != 'false';
const exportToken = (core.getInput('exportToken', { required: false }) || 'false').toLowerCase() != 'false'; const exportToken = (core.getInput('exportToken', { required: false }) || 'false').toLowerCase() != 'false';
const secretsInput = core.getInput('secrets', { required: true }); const secretsInput = core.getInput('secrets', { required: false });
const secretRequests = parseSecretsInput(secretsInput); const secretRequests = parseSecretsInput(secretsInput);
const vaultMethod = (core.getInput('method', { required: false }) || 'token').toLowerCase(); const vaultMethod = (core.getInput('method', { required: false }) || 'token').toLowerCase();
@ -15733,6 +15776,10 @@ async function exportSecrets() {
* @param {string} secretsInput * @param {string} secretsInput
*/ */
function parseSecretsInput(secretsInput) { function parseSecretsInput(secretsInput) {
if (!secretsInput) {
return []
}
const secrets = secretsInput const secrets = secretsInput
.split(';') .split(';')
.filter(key => !!key) .filter(key => !!key)