actions/vault-action
5
0
Fork 0
mirror of https://github.com/hashicorp/vault-action.git synced 2025-11-09 16:16:55 +00:00
Code Activity Actions

add * wildcard for fetch all secrets

Browse source
This commit is contained in:
matryxxx02 2021-08-26 11:45:07 +02:00
parent b8c90c7243
commit c2dbbf64ea
6 changed files with 34673 additions and 15025 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
action.yml
View file

@ -1,4 +1,4 @@
name: 'Vault Secrets' name: 'Vault enhanced'
description: 'A Github Action that allows you to consume HashiCorp Vault™ secrets as secure environment variables' description: 'A Github Action that allows you to consume HashiCorp Vault™ secrets as secure environment variables'
inputs: inputs:
url: url:

49
dist/index.js vendored
View file

@ -10893,6 +10893,9 @@ async function getSecrets(secretRequests, client) {
body = result.body; body = result.body;
responseCache.set(requestPath, body); responseCache.set(requestPath, body);
} }
let value;
if(selector !== "*"){
if (!selector.match(/.*[\.].*/)) { if (!selector.match(/.*[\.].*/)) {
selector = '"' + selector + '"' selector = '"' + selector + '"'
} }
@ -10901,8 +10904,11 @@ async function getSecrets(secretRequests, client) {
if (body.data["data"] != undefined) { if (body.data["data"] != undefined) {
selector = "data." + selector selector = "data." + selector
} }
value = selectData(body, selector);
} else {
value = body.data["data"];
}
const value = selectData(body, selector);
results.push({ results.push({
request: secretRequest, request: secretRequest,
value, value,
@ -14594,6 +14600,14 @@ const { auth: { retrieveToken }, secrets: { getSecrets } } = __webpack_require__
const AUTH_METHODS = ['approle', 'token', 'github', 'jwt', 'kubernetes']; const AUTH_METHODS = ['approle', 'token', 'github', 'jwt', 'kubernetes'];
function addMask(value) {
for (const line of value.replace(/\r/g, '').split('\n')) {
if (line.length > 0) {
command.issue('add-mask', line);
}
}
}
async function exportSecrets() { async function exportSecrets() {
const vaultUrl = core.getInput('url', { required: true }); const vaultUrl = core.getInput('url', { required: true });
const vaultNamespace = core.getInput('namespace', { required: false }); const vaultNamespace = core.getInput('namespace', { required: false });
@ -14665,16 +14679,19 @@ async function exportSecrets() {
if (cachedResponse) { if (cachedResponse) {
core.debug(' using cached response'); core.debug(' using cached response');
} }
for (const line of value.replace(/\r/g, '').split('\n')) {
if (line.length > 0) {
command.issue('add-mask', line); if (exportEnv && typeof value === "object") {
Object.entries(value).forEach(([envKey, envValue]) => {
addMask(envValue);
core.exportVariable(envKey, envValue);
});
} else if (exportEnv) {
addMask(value)
core.exportVariable(request.envVarName, value);
} }
} //core.setOutput(request.outputVarName, `${value}`);
if (exportEnv) { //core.debug(`✔ ${request.path} => outputs.${request.outputVarName}${exportEnv ? ` | env.${request.envVarName}` : ''}`);
core.exportVariable(request.envVarName, `${value}`);
}
core.setOutput(request.outputVarName, `${value}`);
core.debug(`${request.path} => outputs.${request.outputVarName}${exportEnv ? ` | env.${request.envVarName}` : ''}`);
} }
}; };
@ -14723,11 +14740,19 @@ function parseSecretsInput(secretsInput) {
const [path, selectorQuoted] = pathParts; const [path, selectorQuoted] = pathParts;
if (selectorQuoted === "*") {
output.push({
path,
envVarName: "",
outputVarName: "",
selector: "*"
});
} else {
/** @type {any} */ /** @type {any} */
const selectorAst = jsonata(selectorQuoted).ast(); const selectorAst = jsonata(selectorQuoted).ast();
const selector = selectorQuoted.replace(new RegExp('"', 'g'), ''); const selector = selectorQuoted.replace(new RegExp('"', 'g'), '');
if ((selectorAst.type !== "path" || selectorAst.steps[0].stages) && selectorAst.type !== "string" && !outputVarName) { if ((selectorAst.type !== "path" || selectorAst.steps[0].stages) && selectorAst.type !== "wildcard" && selectorAst.type !== "string" && !outputVarName) {
throw Error(`You must provide a name for the output key when using json selectors. Input: "${secret}"`); throw Error(`You must provide a name for the output key when using json selectors. Input: "${secret}"`);
} }
@ -14743,6 +14768,8 @@ function parseSecretsInput(secretsInput) {
outputVarName, outputVarName,
selector selector
}); });
}
} }
return output; return output;
} }

19745
package-lock.json generated
View file

File diff suppressed because it is too large Load diff

41
src/action.js
View file

@ -7,6 +7,14 @@ const { auth: { retrieveToken }, secrets: { getSecrets } } = require('./index');
const AUTH_METHODS = ['approle', 'token', 'github', 'jwt', 'kubernetes']; const AUTH_METHODS = ['approle', 'token', 'github', 'jwt', 'kubernetes'];
function addMask(value) {
for (const line of value.replace(/\r/g, '').split('\n')) {
if (line.length > 0) {
command.issue('add-mask', line);
}
}
}
async function exportSecrets() { async function exportSecrets() {
const vaultUrl = core.getInput('url', { required: true }); const vaultUrl = core.getInput('url', { required: true });
const vaultNamespace = core.getInput('namespace', { required: false }); const vaultNamespace = core.getInput('namespace', { required: false });
@ -78,16 +86,19 @@ async function exportSecrets() {
if (cachedResponse) { if (cachedResponse) {
core.debug(' using cached response'); core.debug(' using cached response');
} }
for (const line of value.replace(/\r/g, '').split('\n')) {
if (line.length > 0) {
command.issue('add-mask', line); if (exportEnv && typeof value === "object") {
Object.entries(value).forEach(([envKey, envValue]) => {
addMask(envValue);
core.exportVariable(envKey, envValue);
});
} else if (exportEnv) {
addMask(value)
core.exportVariable(request.envVarName, value);
} }
} //core.setOutput(request.outputVarName, `${value}`);
if (exportEnv) { //core.debug(`✔ ${request.path} => outputs.${request.outputVarName}${exportEnv ? ` | env.${request.envVarName}` : ''}`);
core.exportVariable(request.envVarName, `${value}`);
}
core.setOutput(request.outputVarName, `${value}`);
core.debug(`${request.path} => outputs.${request.outputVarName}${exportEnv ? ` | env.${request.envVarName}` : ''}`);
} }
}; };
@ -136,11 +147,19 @@ function parseSecretsInput(secretsInput) {
const [path, selectorQuoted] = pathParts; const [path, selectorQuoted] = pathParts;
if (selectorQuoted === "*") {
output.push({
path,
envVarName: "",
outputVarName: "",
selector: "*"
});
} else {
/** @type {any} */ /** @type {any} */
const selectorAst = jsonata(selectorQuoted).ast(); const selectorAst = jsonata(selectorQuoted).ast();
const selector = selectorQuoted.replace(new RegExp('"', 'g'), ''); const selector = selectorQuoted.replace(new RegExp('"', 'g'), '');
if ((selectorAst.type !== "path" || selectorAst.steps[0].stages) && selectorAst.type !== "string" && !outputVarName) { if ((selectorAst.type !== "path" || selectorAst.steps[0].stages) && selectorAst.type !== "wildcard" && selectorAst.type !== "string" && !outputVarName) {
throw Error(`You must provide a name for the output key when using json selectors. Input: "${secret}"`); throw Error(`You must provide a name for the output key when using json selectors. Input: "${secret}"`);
} }
@ -156,6 +175,8 @@ function parseSecretsInput(secretsInput) {
outputVarName, outputVarName,
selector selector
}); });
}
} }
return output; return output;
} }

11
src/action.test.js
View file

@ -25,6 +25,17 @@ describe('parseSecretsInput', () => {
}); });
}); });
it('parses all secrets', () => {
const output = parseSecretsInput('test *');
console.log(output);
expect(output).toContainEqual({
path: 'test',
selector: '*',
outputVarName: '',
envVarName: ''
});
});
it('parses mapped secret', () => { it('parses mapped secret', () => {
const output = parseSecretsInput('test key|testName'); const output = parseSecretsInput('test key|testName');
expect(output).toHaveLength(1); expect(output).toHaveLength(1);

8
src/secrets.js
View file

@ -38,6 +38,9 @@ async function getSecrets(secretRequests, client) {
body = result.body; body = result.body;
responseCache.set(requestPath, body); responseCache.set(requestPath, body);
} }
let value;
if(selector !== "*"){
if (!selector.match(/.*[\.].*/)) { if (!selector.match(/.*[\.].*/)) {
selector = '"' + selector + '"' selector = '"' + selector + '"'
} }
@ -46,8 +49,11 @@ async function getSecrets(secretRequests, client) {
if (body.data["data"] != undefined) { if (body.data["data"] != undefined) {
selector = "data." + selector selector = "data." + selector
} }
value = selectData(body, selector);
} else {
value = body.data["data"];
}
const value = selectData(body, selector);
results.push({ results.push({
request: secretRequest, request: secretRequest,
value, value,