actions/vault-action
5
0
Fork 0
mirror of https://github.com/hashicorp/vault-action.git synced 2025-11-09 08:06:55 +00:00
Code Activity Actions

test v2.6.0 json string multiline

Browse source
This commit is contained in:
JM Faircloth 2023-06-26 15:30:14 -05:00
parent bb61006b6d
commit c3094e1f80
5 changed files with 268 additions and 137 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

261
.github/workflows/build.yml vendored
View file

@ -144,148 +144,167 @@ jobs:
VAULT_HOST: localhost
VAULT_PORT: 8200
- name: Test Vault Action (default KV V2)
uses: ./
id: kv-secrets
with:
url: http://localhost:8200
token: testtoken
secrets: |
secret/data/test secret ;
secret/data/test secret | NAMED_SECRET ;
secret/data/nested/test otherSecret ;
- name: Test Vault Action (default KV V1)
- name: Import Secrets
id: import-secrets
uses: ./
with:
url: http://localhost:8200
token: testtoken
secrets: |
my-secret/test altSecret ;
my-secret/test altSecret | NAMED_ALTSECRET ;
my-secret/nested/test otherAltSecret ;
secret/data/test-json-string-multiline jsonStringMultiline;
- name: Test Vault Action (cubbyhole)
uses: ./
with:
url: http://localhost:8200
token: testtoken
secrets: |
/cubbyhole/test foo ;
/cubbyhole/test zip | NAMED_CUBBYSECRET ;
- name: Check Secrets
run: |
echo "${{ steps.import-secrets.outputs.jsonStringMultiline }}" > multiline.json
- name: Verify Vault Action Outputs
run: npm run test:integration:e2e
env:
OTHER_SECRET_OUTPUT: ${{ steps.kv-secrets.outputs.otherSecret }}
- name: Check json file format
run: |
echo "multiline:"
cat multiline.json
jq -c . < multiline.json
- name: Test Vault Action Overwrites Env Vars In Subsequent Action (part 1/2)
uses: ./
with:
url: http://localhost:8200/
token: testtoken
secrets: |
secret/data/test secret | SUBSEQUENT_TEST_SECRET;
- name: Test Vault Action Overwrites Env Vars In Subsequent Action (part 2/2)
uses: ./
with:
url: http://localhost:8200/
token: testtoken
secrets: |
secret/data/subsequent-test secret | SUBSEQUENT_TEST_SECRET;
# - name: Test Vault Action (default KV V2)
# uses: ./
# id: kv-secrets
# with:
# url: http://localhost:8200
# token: testtoken
# secrets: |
# secret/data/test secret ;
# secret/data/test secret | NAMED_SECRET ;
# secret/data/nested/test otherSecret ;
e2e-tls:
runs-on: ubuntu-latest
# - name: Test Vault Action (default KV V1)
# uses: ./
# with:
# url: http://localhost:8200
# token: testtoken
# secrets: |
# my-secret/test altSecret ;
# my-secret/test altSecret | NAMED_ALTSECRET ;
# my-secret/nested/test otherAltSecret ;
steps:
- uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2
with:
ref: ${{ github.ref }}
# - name: Test Vault Action (cubbyhole)
# uses: ./
# with:
# url: http://localhost:8200
# token: testtoken
# secrets: |
# /cubbyhole/test foo ;
# /cubbyhole/test zip | NAMED_CUBBYSECRET ;
- name: Run docker-compose
run: docker-compose up -d vault-tls
# - name: Verify Vault Action Outputs
# run: npm run test:integration:e2e
# env:
# OTHER_SECRET_OUTPUT: ${{ steps.kv-secrets.outputs.otherSecret }}
- uses: actions/setup-node@64ed1c7eab4cce3362f8c340dee64e5eaeef8f7c # v3.6.0
with:
node-version: '16.14.0'
# - name: Test Vault Action Overwrites Env Vars In Subsequent Action (part 1/2)
# uses: ./
# with:
# url: http://localhost:8200/
# token: testtoken
# secrets: |
# secret/data/test secret | SUBSEQUENT_TEST_SECRET;
# - name: Test Vault Action Overwrites Env Vars In Subsequent Action (part 2/2)
# uses: ./
# with:
# url: http://localhost:8200/
# token: testtoken
# secrets: |
# secret/data/subsequent-test secret | SUBSEQUENT_TEST_SECRET;
- name: Setup NPM Cache
uses: actions/cache@88522ab9f39a2ea568f7027eddc7d8d8bc9d59c8 # v3.3.1
with:
path: ~/.npm
key: ${{ runner.os }}-node-${{ hashFiles('**/package-lock.json') }}
restore-keys: |
${{ runner.os }}-node-
# e2e-tls:
# runs-on: ubuntu-latest
- name: NPM Install
run: npm ci
# steps:
# - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2
# with:
# ref: ${{ github.ref }}
- name: NPM Build
run: npm run build
# - name: Run docker-compose
# run: docker-compose up -d vault-tls
- name: Setup Vault
run: node ./integrationTests/e2e-tls/setup.js
env:
VAULT_HOST: localhost
VAULT_PORT: 8200
VAULTCA: ${{ secrets.VAULTCA }}
VAULT_CLIENT_CERT: ${{ secrets.VAULT_CLIENT_CERT }}
VAULT_CLIENT_KEY: ${{ secrets.VAULT_CLIENT_KEY }}
# - uses: actions/setup-node@64ed1c7eab4cce3362f8c340dee64e5eaeef8f7c # v3.6.0
# with:
# node-version: '16.14.0'
- name: Test Vault Action (default KV V2)
uses: ./
id: kv-secrets
with:
url: https://localhost:8200
token: ${{ env.VAULT_TOKEN }}
caCertificate: ${{ secrets.VAULTCA }}
clientCertificate: ${{ secrets.VAULT_CLIENT_CERT }}
clientKey: ${{ secrets.VAULT_CLIENT_KEY }}
secrets: |
secret/data/test secret ;
secret/data/test secret | NAMED_SECRET ;
secret/data/nested/test otherSecret ;
# - name: Setup NPM Cache
# uses: actions/cache@88522ab9f39a2ea568f7027eddc7d8d8bc9d59c8 # v3.3.1
# with:
# path: ~/.npm
# key: ${{ runner.os }}-node-${{ hashFiles('**/package-lock.json') }}
# restore-keys: |
# ${{ runner.os }}-node-
- name: Test Vault Action (tlsSkipVerify)
uses: ./
with:
url: https://localhost:8200
token: ${{ env.VAULT_TOKEN }}
tlsSkipVerify: true
clientCertificate: ${{ secrets.VAULT_CLIENT_CERT }}
clientKey: ${{ secrets.VAULT_CLIENT_KEY }}
secrets: |
secret/data/tlsSkipVerify skip ;
# - name: NPM Install
# run: npm ci
- name: Test Vault Action (default KV V1)
uses: ./
with:
url: https://localhost:8200
token: ${{ env.VAULT_TOKEN }}
caCertificate: ${{ secrets.VAULTCA }}
clientCertificate: ${{ secrets.VAULT_CLIENT_CERT }}
clientKey: ${{ secrets.VAULT_CLIENT_KEY }}
secrets: |
my-secret/test altSecret ;
my-secret/test altSecret | NAMED_ALTSECRET ;
my-secret/nested/test otherAltSecret ;
# - name: NPM Build
# run: npm run build
- name: Test Vault Action (cubbyhole)
uses: ./
with:
url: https://localhost:8200
token: ${{ env.VAULT_TOKEN }}
secrets: |
/cubbyhole/test foo ;
/cubbyhole/test zip | NAMED_CUBBYSECRET ;
caCertificate: ${{ secrets.VAULTCA }}
clientCertificate: ${{ secrets.VAULT_CLIENT_CERT }}
clientKey: ${{ secrets.VAULT_CLIENT_KEY }}
# - name: Setup Vault
# run: node ./integrationTests/e2e-tls/setup.js
# env:
# VAULT_HOST: localhost
# VAULT_PORT: 8200
# VAULTCA: ${{ secrets.VAULTCA }}
# VAULT_CLIENT_CERT: ${{ secrets.VAULT_CLIENT_CERT }}
# VAULT_CLIENT_KEY: ${{ secrets.VAULT_CLIENT_KEY }}
- name: Verify Vault Action Outputs
run: npm run test:integration:e2e-tls
env:
OTHER_SECRET_OUTPUT: ${{ steps.kv-secrets.outputs.otherSecret }}
# - name: Test Vault Action (default KV V2)
# uses: ./
# id: kv-secrets
# with:
# url: https://localhost:8200
# token: ${{ env.VAULT_TOKEN }}
# caCertificate: ${{ secrets.VAULTCA }}
# clientCertificate: ${{ secrets.VAULT_CLIENT_CERT }}
# clientKey: ${{ secrets.VAULT_CLIENT_KEY }}
# secrets: |
# secret/data/test secret ;
# secret/data/test secret | NAMED_SECRET ;
# secret/data/nested/test otherSecret ;
# - name: Test Vault Action (tlsSkipVerify)
# uses: ./
# with:
# url: https://localhost:8200
# token: ${{ env.VAULT_TOKEN }}
# tlsSkipVerify: true
# clientCertificate: ${{ secrets.VAULT_CLIENT_CERT }}
# clientKey: ${{ secrets.VAULT_CLIENT_KEY }}
# secrets: |
# secret/data/tlsSkipVerify skip ;
# - name: Test Vault Action (default KV V1)
# uses: ./
# with:
# url: https://localhost:8200
# token: ${{ env.VAULT_TOKEN }}
# caCertificate: ${{ secrets.VAULTCA }}
# clientCertificate: ${{ secrets.VAULT_CLIENT_CERT }}
# clientKey: ${{ secrets.VAULT_CLIENT_KEY }}
# secrets: |
# my-secret/test altSecret ;
# my-secret/test altSecret | NAMED_ALTSECRET ;
# my-secret/nested/test otherAltSecret ;
# - name: Test Vault Action (cubbyhole)
# uses: ./
# with:
# url: https://localhost:8200
# token: ${{ env.VAULT_TOKEN }}
# secrets: |
# /cubbyhole/test foo ;
# /cubbyhole/test zip | NAMED_CUBBYSECRET ;
# caCertificate: ${{ secrets.VAULTCA }}
# clientCertificate: ${{ secrets.VAULT_CLIENT_CERT }}
# clientKey: ${{ secrets.VAULT_CLIENT_KEY }}
# - name: Verify Vault Action Outputs
# run: npm run test:integration:e2e-tls
# env:
# OTHER_SECRET_OUTPUT: ${{ steps.kv-secrets.outputs.otherSecret }}
# Removing publish step for now.
# publish:

79
.github/workflows/local-test.yaml vendored
View file

@ -1,24 +1,89 @@
# This is a sample workflow to help test contributions
# Change the branch name, url and token to fit with your own environment
# Use 'on: push' instead of 'on: local-test' if you wish to run the test on github
# If running locally with act, run the workflow with 'act local-test'
# To run this locally with act use:
# act workflow_dispatch -j local-test
#
# If you have permissions, you can run this workflow via the GitHub UI.
# Otherwise, use 'on: push' instead of 'on: workflow_dispatch'.
# Don't forget to revert the file changes and invalidate any tokens that were committed before opening a pull-request
on: local-test
# Don't forget to revert the file changes and invalidate any tokens that were
# committed before opening a pull request.
on: workflow_dispatch
name: local-test
jobs:
build:
local-test:
name: local-test
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2
- uses: actions/setup-node@64ed1c7eab4cce3362f8c340dee64e5eaeef8f7c # v3.6.0
with:
node-version: '16.14.0'
- name: NPM Install
run: npm ci
- name: NPM Build
run: npm run build
- name: Setup Vault
run: node ./integrationTests/e2e/setup.js
env:
VAULT_HOST: localhost
VAULT_PORT: 8200
- name: Import Secrets
uses: hashicorp/vault-action@YOUR_BRANCH_NAME
id: import-secrets
# use the local changes
uses: ./
# run against a specific version of vault-action
# uses: hashicorp/vault-action@v2.6.0
# uses: hashicorp/vault-action@v2.1.1
with:
url: http://localhost:8200
method: token
token: testtoken
# secret/data/test-json-string jsonString;
# secret/data/test-json-big jsonBig;
# secret/data/test-json-string-big jsonStringBig;
secrets: |
secret/data/test secret | SAMPLE_SECRET;
secret/data/test-json-string jsonString;
secret/data/test-json-data jsonData;
secret/data/test-json-string-multiline jsonStringMultiline;
secret/data/singleline singleline;
- name: Check Secrets
# echo "${{ steps.import-secrets.outputs.jsonBig }}" > big.json
# echo "${{ steps.import-secrets.outputs.jsonStringBig }}" > stringbig.json
run: |
echo "${{ steps.import-secrets.outputs.jsonString }}" > secrets.json
echo "${{ steps.import-secrets.outputs.jsonData }}" > data.json
echo "${{ steps.import-secrets.outputs.jsonStringMultiline }}" > multiline.json
echo "${{ steps.import-secrets.outputs.singleline }}" > singleline.json
- name: Check json file format
# cat ~/Desktop/sa.json | vault kv put -mount=secret cat KEY=@/Users/jmf/Desktop/sa.json
run: |
# echo "secrets:"
# cat secrets.json
# jq -c . < secrets.json || true
# echo "data:"
# cat data.json
# jq -c . < data.json || true
echo "multiline:"
cat multiline.json
jq -c . < multiline.json || true
# echo "singleline:"
# cat singleline.json
# jq -c . < singleline.json || true
# - name: test parse
# run: |
# node ./scripts/parse.js "${{ steps.import-secrets.outputs.jsonStringMultiline }}"

44
integrationTests/e2e/setup.js
View file

@ -3,6 +3,14 @@ const got = require('got');
const vaultUrl = `${process.env.VAULT_HOST}:${process.env.VAULT_PORT}`;
const vaultToken = `${process.env.VAULT_TOKEN}` === undefined ? `${process.env.VAULT_TOKEN}` : "testtoken";
const jsonStringMultiline = `
{
"x": 1,
"y": "q\nux"
}
`;
(async () => {
try {
// Verify Connection
@ -36,6 +44,42 @@ const vaultToken = `${process.env.VAULT_TOKEN}` === undefined ? `${process.env.V
}
});
await got(`http://${vaultUrl}/v1/secret/data/test-json-string`, {
method: 'POST',
headers: {
'X-Vault-Token': vaultToken,
},
json: {
data: {
jsonString: '{"x":1,"y":"qux"}',
},
},
});
await got(`http://${vaultUrl}/v1/secret/data/test-json-data`, {
method: 'POST',
headers: {
'X-Vault-Token': vaultToken,
},
json: {
data: {
jsonData: {"x":1,"y":"qux"},
},
},
});
await got(`http://${vaultUrl}/v1/secret/data/test-json-string-multiline`, {
method: 'POST',
headers: {
'X-Vault-Token': vaultToken,
},
json: {
data: {
jsonStringMultiline,
},
},
});
await got(`http://${vaultUrl}/v1/sys/mounts/my-secret`, {
method: 'POST',
headers: {

3
src/action.js
View file

@ -107,7 +107,8 @@ async function exportSecrets() {
for (const line of value.replace(/\r/g, '').split('\n')) {
if (line.length > 0) {
core.setSecret(line);
// core.setSecret(line);
core.setOutput(line);
}
}
if (exportEnv) {

4
src/secrets.js
View file

@ -41,7 +41,9 @@ async function getSecrets(secretRequests, client) {
} catch (error) {
const {response} = error;
if (response?.statusCode === 404) {
throw Error(`Unable to retrieve result for "${path}" because it was not found: ${response.body.trim()}`)
console.log(`Unable to retrieve result for "${path}" because it was not found: ${response.body.trim()}`)
// throw Error(`Unable to retrieve result for "${path}" because it was not found: ${response.body.trim()}`)
continue
}
throw error
}