actions/vault-action
5
0
Fork 0
mirror of https://github.com/hashicorp/vault-action.git synced 2025-11-09 08:06:55 +00:00
Code Activity Actions

test v2.6.0 json string multiline

Browse source
This commit is contained in:
JM Faircloth 2023-06-26 15:30:14 -05:00
parent bb61006b6d
commit c3094e1f80
5 changed files with 268 additions and 137 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

261
.github/workflows/build.yml vendored
View file

@ -144,148 +144,167 @@ jobs:
VAULT_HOST: localhost VAULT_HOST: localhost
VAULT_PORT: 8200 VAULT_PORT: 8200
- name: Test Vault Action (default KV V2) - name: Import Secrets
uses: ./ id: import-secrets
id: kv-secrets
with:
url: http://localhost:8200
token: testtoken
secrets: |
secret/data/test secret ;
secret/data/test secret | NAMED_SECRET ;
secret/data/nested/test otherSecret ;
- name: Test Vault Action (default KV V1)
uses: ./ uses: ./
with: with:
url: http://localhost:8200 url: http://localhost:8200
token: testtoken token: testtoken
secrets: | secrets: |
my-secret/test altSecret ; secret/data/test-json-string-multiline jsonStringMultiline;
my-secret/test altSecret | NAMED_ALTSECRET ;
my-secret/nested/test otherAltSecret ;
- name: Test Vault Action (cubbyhole) - name: Check Secrets
uses: ./ run: |
with: echo "${{ steps.import-secrets.outputs.jsonStringMultiline }}" > multiline.json
url: http://localhost:8200
token: testtoken
secrets: |
/cubbyhole/test foo ;
/cubbyhole/test zip | NAMED_CUBBYSECRET ;
- name: Verify Vault Action Outputs - name: Check json file format
run: npm run test:integration:e2e run: |
env: echo "multiline:"
OTHER_SECRET_OUTPUT: ${{ steps.kv-secrets.outputs.otherSecret }} cat multiline.json
jq -c . < multiline.json
- name: Test Vault Action Overwrites Env Vars In Subsequent Action (part 1/2) # - name: Test Vault Action (default KV V2)
uses: ./ # uses: ./
with: # id: kv-secrets
url: http://localhost:8200/ # with:
token: testtoken # url: http://localhost:8200
secrets: | # token: testtoken
secret/data/test secret | SUBSEQUENT_TEST_SECRET; # secrets: |
- name: Test Vault Action Overwrites Env Vars In Subsequent Action (part 2/2) # secret/data/test secret ;
uses: ./ # secret/data/test secret | NAMED_SECRET ;
with: # secret/data/nested/test otherSecret ;
url: http://localhost:8200/
token: testtoken
secrets: |
secret/data/subsequent-test secret | SUBSEQUENT_TEST_SECRET;
e2e-tls: # - name: Test Vault Action (default KV V1)
runs-on: ubuntu-latest # uses: ./
# with:
# url: http://localhost:8200
# token: testtoken
# secrets: |
# my-secret/test altSecret ;
# my-secret/test altSecret | NAMED_ALTSECRET ;
# my-secret/nested/test otherAltSecret ;
steps: # - name: Test Vault Action (cubbyhole)
- uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2 # uses: ./
with: # with:
ref: ${{ github.ref }} # url: http://localhost:8200
# token: testtoken
# secrets: |
# /cubbyhole/test foo ;
# /cubbyhole/test zip | NAMED_CUBBYSECRET ;
- name: Run docker-compose # - name: Verify Vault Action Outputs
run: docker-compose up -d vault-tls # run: npm run test:integration:e2e
# env:
# OTHER_SECRET_OUTPUT: ${{ steps.kv-secrets.outputs.otherSecret }}
- uses: actions/setup-node@64ed1c7eab4cce3362f8c340dee64e5eaeef8f7c # v3.6.0 # - name: Test Vault Action Overwrites Env Vars In Subsequent Action (part 1/2)
with: # uses: ./
node-version: '16.14.0' # with:
# url: http://localhost:8200/
# token: testtoken
# secrets: |
# secret/data/test secret | SUBSEQUENT_TEST_SECRET;
# - name: Test Vault Action Overwrites Env Vars In Subsequent Action (part 2/2)
# uses: ./
# with:
# url: http://localhost:8200/
# token: testtoken
# secrets: |
# secret/data/subsequent-test secret | SUBSEQUENT_TEST_SECRET;
- name: Setup NPM Cache # e2e-tls:
uses: actions/cache@88522ab9f39a2ea568f7027eddc7d8d8bc9d59c8 # v3.3.1 # runs-on: ubuntu-latest
with:
path: ~/.npm
key: ${{ runner.os }}-node-${{ hashFiles('**/package-lock.json') }}
restore-keys: |
${{ runner.os }}-node-
- name: NPM Install # steps:
run: npm ci # - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2
# with:
# ref: ${{ github.ref }}
- name: NPM Build # - name: Run docker-compose
run: npm run build # run: docker-compose up -d vault-tls
- name: Setup Vault # - uses: actions/setup-node@64ed1c7eab4cce3362f8c340dee64e5eaeef8f7c # v3.6.0
run: node ./integrationTests/e2e-tls/setup.js # with:
env: # node-version: '16.14.0'
VAULT_HOST: localhost
VAULT_PORT: 8200
VAULTCA: ${{ secrets.VAULTCA }}
VAULT_CLIENT_CERT: ${{ secrets.VAULT_CLIENT_CERT }}
VAULT_CLIENT_KEY: ${{ secrets.VAULT_CLIENT_KEY }}
- name: Test Vault Action (default KV V2) # - name: Setup NPM Cache
uses: ./ # uses: actions/cache@88522ab9f39a2ea568f7027eddc7d8d8bc9d59c8 # v3.3.1
id: kv-secrets # with:
with: # path: ~/.npm
url: https://localhost:8200 # key: ${{ runner.os }}-node-${{ hashFiles('**/package-lock.json') }}
token: ${{ env.VAULT_TOKEN }} # restore-keys: |
caCertificate: ${{ secrets.VAULTCA }} # ${{ runner.os }}-node-
clientCertificate: ${{ secrets.VAULT_CLIENT_CERT }}
clientKey: ${{ secrets.VAULT_CLIENT_KEY }}
secrets: |
secret/data/test secret ;
secret/data/test secret | NAMED_SECRET ;
secret/data/nested/test otherSecret ;
- name: Test Vault Action (tlsSkipVerify) # - name: NPM Install
uses: ./ # run: npm ci
with:
url: https://localhost:8200
token: ${{ env.VAULT_TOKEN }}
tlsSkipVerify: true
clientCertificate: ${{ secrets.VAULT_CLIENT_CERT }}
clientKey: ${{ secrets.VAULT_CLIENT_KEY }}
secrets: |
secret/data/tlsSkipVerify skip ;
- name: Test Vault Action (default KV V1) # - name: NPM Build
uses: ./ # run: npm run build
with:
url: https://localhost:8200
token: ${{ env.VAULT_TOKEN }}
caCertificate: ${{ secrets.VAULTCA }}
clientCertificate: ${{ secrets.VAULT_CLIENT_CERT }}
clientKey: ${{ secrets.VAULT_CLIENT_KEY }}
secrets: |
my-secret/test altSecret ;
my-secret/test altSecret | NAMED_ALTSECRET ;
my-secret/nested/test otherAltSecret ;
- name: Test Vault Action (cubbyhole) # - name: Setup Vault
uses: ./ # run: node ./integrationTests/e2e-tls/setup.js
with: # env:
url: https://localhost:8200 # VAULT_HOST: localhost
token: ${{ env.VAULT_TOKEN }} # VAULT_PORT: 8200
secrets: | # VAULTCA: ${{ secrets.VAULTCA }}
/cubbyhole/test foo ; # VAULT_CLIENT_CERT: ${{ secrets.VAULT_CLIENT_CERT }}
/cubbyhole/test zip | NAMED_CUBBYSECRET ; # VAULT_CLIENT_KEY: ${{ secrets.VAULT_CLIENT_KEY }}
caCertificate: ${{ secrets.VAULTCA }}
clientCertificate: ${{ secrets.VAULT_CLIENT_CERT }}
clientKey: ${{ secrets.VAULT_CLIENT_KEY }}
- name: Verify Vault Action Outputs # - name: Test Vault Action (default KV V2)
run: npm run test:integration:e2e-tls # uses: ./
env: # id: kv-secrets
OTHER_SECRET_OUTPUT: ${{ steps.kv-secrets.outputs.otherSecret }} # with:
# url: https://localhost:8200
# token: ${{ env.VAULT_TOKEN }}
# caCertificate: ${{ secrets.VAULTCA }}
# clientCertificate: ${{ secrets.VAULT_CLIENT_CERT }}
# clientKey: ${{ secrets.VAULT_CLIENT_KEY }}
# secrets: |
# secret/data/test secret ;
# secret/data/test secret | NAMED_SECRET ;
# secret/data/nested/test otherSecret ;
# - name: Test Vault Action (tlsSkipVerify)
# uses: ./
# with:
# url: https://localhost:8200
# token: ${{ env.VAULT_TOKEN }}
# tlsSkipVerify: true
# clientCertificate: ${{ secrets.VAULT_CLIENT_CERT }}
# clientKey: ${{ secrets.VAULT_CLIENT_KEY }}
# secrets: |
# secret/data/tlsSkipVerify skip ;
# - name: Test Vault Action (default KV V1)
# uses: ./
# with:
# url: https://localhost:8200
# token: ${{ env.VAULT_TOKEN }}
# caCertificate: ${{ secrets.VAULTCA }}
# clientCertificate: ${{ secrets.VAULT_CLIENT_CERT }}
# clientKey: ${{ secrets.VAULT_CLIENT_KEY }}
# secrets: |
# my-secret/test altSecret ;
# my-secret/test altSecret | NAMED_ALTSECRET ;
# my-secret/nested/test otherAltSecret ;
# - name: Test Vault Action (cubbyhole)
# uses: ./
# with:
# url: https://localhost:8200
# token: ${{ env.VAULT_TOKEN }}
# secrets: |
# /cubbyhole/test foo ;
# /cubbyhole/test zip | NAMED_CUBBYSECRET ;
# caCertificate: ${{ secrets.VAULTCA }}
# clientCertificate: ${{ secrets.VAULT_CLIENT_CERT }}
# clientKey: ${{ secrets.VAULT_CLIENT_KEY }}
# - name: Verify Vault Action Outputs
# run: npm run test:integration:e2e-tls
# env:
# OTHER_SECRET_OUTPUT: ${{ steps.kv-secrets.outputs.otherSecret }}
# Removing publish step for now. # Removing publish step for now.
# publish: # publish:

91
.github/workflows/local-test.yaml vendored
View file

@ -1,24 +1,89 @@
# This is a sample workflow to help test contributions # This is a sample workflow to help test contributions
# Change the branch name, url and token to fit with your own environment # Change the branch name, url and token to fit with your own environment
# Use 'on: push' instead of 'on: local-test' if you wish to run the test on github # To run this locally with act use:
# If running locally with act, run the workflow with 'act local-test' # act workflow_dispatch -j local-test
#
# If you have permissions, you can run this workflow via the GitHub UI.
# Otherwise, use 'on: push' instead of 'on: workflow_dispatch'.
# Don't forget to revert the file changes and invalidate any tokens that were committed before opening a pull-request # Don't forget to revert the file changes and invalidate any tokens that were
on: local-test # committed before opening a pull request.
on: workflow_dispatch
name: local-test name: local-test
jobs: jobs:
build: local-test:
name: local-test name: local-test
runs-on: ubuntu-latest runs-on: ubuntu-latest
steps: steps:
- name: Import Secrets - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2
uses: hashicorp/vault-action@YOUR_BRANCH_NAME
with: - uses: actions/setup-node@64ed1c7eab4cce3362f8c340dee64e5eaeef8f7c # v3.6.0
url: http://localhost:8200 with:
method: token node-version: '16.14.0'
token: testtoken
secrets: | - name: NPM Install
secret/data/test secret | SAMPLE_SECRET; run: npm ci
- name: NPM Build
run: npm run build
- name: Setup Vault
run: node ./integrationTests/e2e/setup.js
env:
VAULT_HOST: localhost
VAULT_PORT: 8200
- name: Import Secrets
id: import-secrets
# use the local changes
uses: ./
# run against a specific version of vault-action
# uses: hashicorp/vault-action@v2.6.0
# uses: hashicorp/vault-action@v2.1.1
with:
url: http://localhost:8200
method: token
token: testtoken
# secret/data/test-json-string jsonString;
# secret/data/test-json-big jsonBig;
# secret/data/test-json-string-big jsonStringBig;
secrets: |
secret/data/test-json-string jsonString;
secret/data/test-json-data jsonData;
secret/data/test-json-string-multiline jsonStringMultiline;
secret/data/singleline singleline;
- name: Check Secrets
# echo "${{ steps.import-secrets.outputs.jsonBig }}" > big.json
# echo "${{ steps.import-secrets.outputs.jsonStringBig }}" > stringbig.json
run: |
echo "${{ steps.import-secrets.outputs.jsonString }}" > secrets.json
echo "${{ steps.import-secrets.outputs.jsonData }}" > data.json
echo "${{ steps.import-secrets.outputs.jsonStringMultiline }}" > multiline.json
echo "${{ steps.import-secrets.outputs.singleline }}" > singleline.json
- name: Check json file format
# cat ~/Desktop/sa.json | vault kv put -mount=secret cat KEY=@/Users/jmf/Desktop/sa.json
run: |
# echo "secrets:"
# cat secrets.json
# jq -c . < secrets.json || true
# echo "data:"
# cat data.json
# jq -c . < data.json || true
echo "multiline:"
cat multiline.json
jq -c . < multiline.json || true
# echo "singleline:"
# cat singleline.json
# jq -c . < singleline.json || true
# - name: test parse
# run: |
# node ./scripts/parse.js "${{ steps.import-secrets.outputs.jsonStringMultiline }}"

44
integrationTests/e2e/setup.js
View file

@ -3,6 +3,14 @@ const got = require('got');
const vaultUrl = `${process.env.VAULT_HOST}:${process.env.VAULT_PORT}`; const vaultUrl = `${process.env.VAULT_HOST}:${process.env.VAULT_PORT}`;
const vaultToken = `${process.env.VAULT_TOKEN}` === undefined ? `${process.env.VAULT_TOKEN}` : "testtoken"; const vaultToken = `${process.env.VAULT_TOKEN}` === undefined ? `${process.env.VAULT_TOKEN}` : "testtoken";
const jsonStringMultiline = `
{
"x": 1,
"y": "q\nux"
}
`;
(async () => { (async () => {
try { try {
// Verify Connection // Verify Connection
@ -36,6 +44,42 @@ const vaultToken = `${process.env.VAULT_TOKEN}` === undefined ? `${process.env.V
} }
}); });
await got(`http://${vaultUrl}/v1/secret/data/test-json-string`, {
method: 'POST',
headers: {
'X-Vault-Token': vaultToken,
},
json: {
data: {
jsonString: '{"x":1,"y":"qux"}',
},
},
});
await got(`http://${vaultUrl}/v1/secret/data/test-json-data`, {
method: 'POST',
headers: {
'X-Vault-Token': vaultToken,
},
json: {
data: {
jsonData: {"x":1,"y":"qux"},
},
},
});
await got(`http://${vaultUrl}/v1/secret/data/test-json-string-multiline`, {
method: 'POST',
headers: {
'X-Vault-Token': vaultToken,
},
json: {
data: {
jsonStringMultiline,
},
},
});
await got(`http://${vaultUrl}/v1/sys/mounts/my-secret`, { await got(`http://${vaultUrl}/v1/sys/mounts/my-secret`, {
method: 'POST', method: 'POST',
headers: { headers: {

3
src/action.js
View file

@ -107,7 +107,8 @@ async function exportSecrets() {
for (const line of value.replace(/\r/g, '').split('\n')) { for (const line of value.replace(/\r/g, '').split('\n')) {
if (line.length > 0) { if (line.length > 0) {
core.setSecret(line); // core.setSecret(line);
core.setOutput(line);
} }
} }
if (exportEnv) { if (exportEnv) {

4
src/secrets.js
View file

@ -41,7 +41,9 @@ async function getSecrets(secretRequests, client) {
} catch (error) { } catch (error) {
const {response} = error; const {response} = error;
if (response?.statusCode === 404) { if (response?.statusCode === 404) {
throw Error(`Unable to retrieve result for "${path}" because it was not found: ${response.body.trim()}`) console.log(`Unable to retrieve result for "${path}" because it was not found: ${response.body.trim()}`)
// throw Error(`Unable to retrieve result for "${path}" because it was not found: ${response.body.trim()}`)
continue
} }
throw error throw error
} }