mirror of
https://github.com/hashicorp/vault-action.git
synced 2025-11-09 08:06:55 +00:00
add * wildcard for fetch all secrets
This commit is contained in:
matryxxx02
parent
b8c90c7243
commit
c2dbbf64ea
6 changed files with 34673 additions and 15025 deletions
|
|
@ -1,4 +1,4 @@
|
|||
name: 'Vault Secrets'
|
||||
name: 'Vault enhanced'
|
||||
description: 'A Github Action that allows you to consume HashiCorp Vault™ secrets as secure environment variables'
|
||||
inputs:
|
||||
url:
|
||||
|
|
|
|||
95
dist/index.js
vendored
95
dist/index.js
vendored
|
|
@ -10893,16 +10893,22 @@ async function getSecrets(secretRequests, client) {
|
|||
body = result.body;
|
||||
responseCache.set(requestPath, body);
|
||||
}
|
||||
if (!selector.match(/.*[\.].*/)) {
|
||||
selector = '"' + selector + '"'
|
||||
}
|
||||
selector = "data." + selector
|
||||
body = JSON.parse(body)
|
||||
if (body.data["data"] != undefined) {
|
||||
|
||||
let value;
|
||||
if(selector !== "*"){
|
||||
if (!selector.match(/.*[\.].*/)) {
|
||||
selector = '"' + selector + '"'
|
||||
}
|
||||
selector = "data." + selector
|
||||
body = JSON.parse(body)
|
||||
if (body.data["data"] != undefined) {
|
||||
selector = "data." + selector
|
||||
}
|
||||
value = selectData(body, selector);
|
||||
} else {
|
||||
value = body.data["data"];
|
||||
}
|
||||
|
||||
const value = selectData(body, selector);
|
||||
results.push({
|
||||
request: secretRequest,
|
||||
value,
|
||||
|
|
@ -14594,6 +14600,14 @@ const { auth: { retrieveToken }, secrets: { getSecrets } } = __webpack_require__
|
|||
|
||||
const AUTH_METHODS = ['approle', 'token', 'github', 'jwt', 'kubernetes'];
|
||||
|
||||
function addMask(value) {
|
||||
for (const line of value.replace(/\r/g, '').split('\n')) {
|
||||
if (line.length > 0) {
|
||||
command.issue('add-mask', line);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
async function exportSecrets() {
|
||||
const vaultUrl = core.getInput('url', { required: true });
|
||||
const vaultNamespace = core.getInput('namespace', { required: false });
|
||||
|
|
@ -14665,16 +14679,19 @@ async function exportSecrets() {
|
|||
if (cachedResponse) {
|
||||
core.debug('ℹ using cached response');
|
||||
}
|
||||
for (const line of value.replace(/\r/g, '').split('\n')) {
|
||||
if (line.length > 0) {
|
||||
command.issue('add-mask', line);
|
||||
}
|
||||
|
||||
|
||||
if (exportEnv && typeof value === "object") {
|
||||
Object.entries(value).forEach(([envKey, envValue]) => {
|
||||
addMask(envValue);
|
||||
core.exportVariable(envKey, envValue);
|
||||
});
|
||||
} else if (exportEnv) {
|
||||
addMask(value)
|
||||
core.exportVariable(request.envVarName, value);
|
||||
}
|
||||
if (exportEnv) {
|
||||
core.exportVariable(request.envVarName, `${value}`);
|
||||
}
|
||||
core.setOutput(request.outputVarName, `${value}`);
|
||||
core.debug(`✔ ${request.path} => outputs.${request.outputVarName}${exportEnv ? ` | env.${request.envVarName}` : ''}`);
|
||||
//core.setOutput(request.outputVarName, `${value}`);
|
||||
//core.debug(`✔ ${request.path} => outputs.${request.outputVarName}${exportEnv ? ` | env.${request.envVarName}` : ''}`);
|
||||
}
|
||||
};
|
||||
|
||||
|
|
@ -14723,26 +14740,36 @@ function parseSecretsInput(secretsInput) {
|
|||
|
||||
const [path, selectorQuoted] = pathParts;
|
||||
|
||||
/** @type {any} */
|
||||
const selectorAst = jsonata(selectorQuoted).ast();
|
||||
const selector = selectorQuoted.replace(new RegExp('"', 'g'), '');
|
||||
if (selectorQuoted === "*") {
|
||||
output.push({
|
||||
path,
|
||||
envVarName: "",
|
||||
outputVarName: "",
|
||||
selector: "*"
|
||||
});
|
||||
} else {
|
||||
/** @type {any} */
|
||||
const selectorAst = jsonata(selectorQuoted).ast();
|
||||
const selector = selectorQuoted.replace(new RegExp('"', 'g'), '');
|
||||
|
||||
if ((selectorAst.type !== "path" || selectorAst.steps[0].stages) && selectorAst.type !== "wildcard" && selectorAst.type !== "string" && !outputVarName) {
|
||||
throw Error(`You must provide a name for the output key when using json selectors. Input: "${secret}"`);
|
||||
}
|
||||
|
||||
let envVarName = outputVarName;
|
||||
if (!outputVarName) {
|
||||
outputVarName = normalizeOutputKey(selector);
|
||||
envVarName = normalizeOutputKey(selector, true);
|
||||
}
|
||||
|
||||
output.push({
|
||||
path,
|
||||
envVarName,
|
||||
outputVarName,
|
||||
selector
|
||||
});
|
||||
|
||||
if ((selectorAst.type !== "path" || selectorAst.steps[0].stages) && selectorAst.type !== "string" && !outputVarName) {
|
||||
throw Error(`You must provide a name for the output key when using json selectors. Input: "${secret}"`);
|
||||
}
|
||||
|
||||
let envVarName = outputVarName;
|
||||
if (!outputVarName) {
|
||||
outputVarName = normalizeOutputKey(selector);
|
||||
envVarName = normalizeOutputKey(selector, true);
|
||||
}
|
||||
|
||||
output.push({
|
||||
path,
|
||||
envVarName,
|
||||
outputVarName,
|
||||
selector
|
||||
});
|
||||
}
|
||||
return output;
|
||||
}
|
||||
|
|
|
|||
49495
package-lock.json
generated
49495
package-lock.json
generated
File diff suppressed because it is too large
Load diff
|
|
@ -7,6 +7,14 @@ const { auth: { retrieveToken }, secrets: { getSecrets } } = require('./index');
|
|||
|
||||
const AUTH_METHODS = ['approle', 'token', 'github', 'jwt', 'kubernetes'];
|
||||
|
||||
function addMask(value) {
|
||||
for (const line of value.replace(/\r/g, '').split('\n')) {
|
||||
if (line.length > 0) {
|
||||
command.issue('add-mask', line);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
async function exportSecrets() {
|
||||
const vaultUrl = core.getInput('url', { required: true });
|
||||
const vaultNamespace = core.getInput('namespace', { required: false });
|
||||
|
|
@ -78,16 +86,19 @@ async function exportSecrets() {
|
|||
if (cachedResponse) {
|
||||
core.debug('ℹ using cached response');
|
||||
}
|
||||
for (const line of value.replace(/\r/g, '').split('\n')) {
|
||||
if (line.length > 0) {
|
||||
command.issue('add-mask', line);
|
||||
}
|
||||
|
||||
|
||||
if (exportEnv && typeof value === "object") {
|
||||
Object.entries(value).forEach(([envKey, envValue]) => {
|
||||
addMask(envValue);
|
||||
core.exportVariable(envKey, envValue);
|
||||
});
|
||||
} else if (exportEnv) {
|
||||
addMask(value)
|
||||
core.exportVariable(request.envVarName, value);
|
||||
}
|
||||
if (exportEnv) {
|
||||
core.exportVariable(request.envVarName, `${value}`);
|
||||
}
|
||||
core.setOutput(request.outputVarName, `${value}`);
|
||||
core.debug(`✔ ${request.path} => outputs.${request.outputVarName}${exportEnv ? ` | env.${request.envVarName}` : ''}`);
|
||||
//core.setOutput(request.outputVarName, `${value}`);
|
||||
//core.debug(`✔ ${request.path} => outputs.${request.outputVarName}${exportEnv ? ` | env.${request.envVarName}` : ''}`);
|
||||
}
|
||||
};
|
||||
|
||||
|
|
@ -136,26 +147,36 @@ function parseSecretsInput(secretsInput) {
|
|||
|
||||
const [path, selectorQuoted] = pathParts;
|
||||
|
||||
/** @type {any} */
|
||||
const selectorAst = jsonata(selectorQuoted).ast();
|
||||
const selector = selectorQuoted.replace(new RegExp('"', 'g'), '');
|
||||
if (selectorQuoted === "*") {
|
||||
output.push({
|
||||
path,
|
||||
envVarName: "",
|
||||
outputVarName: "",
|
||||
selector: "*"
|
||||
});
|
||||
} else {
|
||||
/** @type {any} */
|
||||
const selectorAst = jsonata(selectorQuoted).ast();
|
||||
const selector = selectorQuoted.replace(new RegExp('"', 'g'), '');
|
||||
|
||||
if ((selectorAst.type !== "path" || selectorAst.steps[0].stages) && selectorAst.type !== "wildcard" && selectorAst.type !== "string" && !outputVarName) {
|
||||
throw Error(`You must provide a name for the output key when using json selectors. Input: "${secret}"`);
|
||||
}
|
||||
|
||||
let envVarName = outputVarName;
|
||||
if (!outputVarName) {
|
||||
outputVarName = normalizeOutputKey(selector);
|
||||
envVarName = normalizeOutputKey(selector, true);
|
||||
}
|
||||
|
||||
output.push({
|
||||
path,
|
||||
envVarName,
|
||||
outputVarName,
|
||||
selector
|
||||
});
|
||||
|
||||
if ((selectorAst.type !== "path" || selectorAst.steps[0].stages) && selectorAst.type !== "string" && !outputVarName) {
|
||||
throw Error(`You must provide a name for the output key when using json selectors. Input: "${secret}"`);
|
||||
}
|
||||
|
||||
let envVarName = outputVarName;
|
||||
if (!outputVarName) {
|
||||
outputVarName = normalizeOutputKey(selector);
|
||||
envVarName = normalizeOutputKey(selector, true);
|
||||
}
|
||||
|
||||
output.push({
|
||||
path,
|
||||
envVarName,
|
||||
outputVarName,
|
||||
selector
|
||||
});
|
||||
}
|
||||
return output;
|
||||
}
|
||||
|
|
|
|||
|
|
@ -25,6 +25,17 @@ describe('parseSecretsInput', () => {
|
|||
});
|
||||
});
|
||||
|
||||
it('parses all secrets', () => {
|
||||
const output = parseSecretsInput('test *');
|
||||
console.log(output);
|
||||
expect(output).toContainEqual({
|
||||
path: 'test',
|
||||
selector: '*',
|
||||
outputVarName: '',
|
||||
envVarName: ''
|
||||
});
|
||||
});
|
||||
|
||||
it('parses mapped secret', () => {
|
||||
const output = parseSecretsInput('test key|testName');
|
||||
expect(output).toHaveLength(1);
|
||||
|
|
|
|||
|
|
@ -38,16 +38,22 @@ async function getSecrets(secretRequests, client) {
|
|||
body = result.body;
|
||||
responseCache.set(requestPath, body);
|
||||
}
|
||||
if (!selector.match(/.*[\.].*/)) {
|
||||
selector = '"' + selector + '"'
|
||||
}
|
||||
selector = "data." + selector
|
||||
body = JSON.parse(body)
|
||||
if (body.data["data"] != undefined) {
|
||||
|
||||
let value;
|
||||
if(selector !== "*"){
|
||||
if (!selector.match(/.*[\.].*/)) {
|
||||
selector = '"' + selector + '"'
|
||||
}
|
||||
selector = "data." + selector
|
||||
body = JSON.parse(body)
|
||||
if (body.data["data"] != undefined) {
|
||||
selector = "data." + selector
|
||||
}
|
||||
value = selectData(body, selector);
|
||||
} else {
|
||||
value = body.data["data"];
|
||||
}
|
||||
|
||||
const value = selectData(body, selector);
|
||||
results.push({
|
||||
request: secretRequest,
|
||||
value,
|
||||
|
|
|
|||
Loading…
Reference in a new issue