actions/vault-action
5
0
Fork 0
mirror of https://github.com/hashicorp/vault-action.git synced 2025-11-07 07:06:56 +00:00
Code Activity Actions

Fix bug with tlsSkipVerify and add test coverage

Browse source
This commit is contained in:
Jason O'Donnell 2020-08-07 14:57:44 -04:00
parent 6cf013b5c0
commit e5ef6c9c11
5 changed files with 32 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

13
.github/workflows/build.yml vendored
View file

@ -221,6 +221,17 @@ jobs:
test secret | NAMED_SECRET ; test secret | NAMED_SECRET ;
nested/test otherSecret ; nested/test otherSecret ;
- name: Test Vault Action (tlsSkipVerify)
uses: ./
with:
url: https://localhost:8200
token: ${{ env.VAULT_TOKEN }}
tlsSkipVerify: true
clientCertificate: ${{ secrets.VAULT_CLIENT_CERT }}
clientKey: ${{ secrets.VAULT_CLIENT_KEY }}
secrets: |
tlsSkipVerify skip ;
- name: Test Vault Action (default KV V1) - name: Test Vault Action (default KV V1)
uses: ./ uses: ./
with: with:
@ -255,7 +266,7 @@ jobs:
# Removing publish step for now. # Removing publish step for now.
# publish: # publish:
# if: github.event_name == 'push' && contains(github.ref, 'master')
# runs-on: ubuntu-latest # runs-on: ubuntu-latest
# needs: [build, integration, e2e] # needs: [build, integration, e2e]
# steps: # steps:

2
dist/index.js vendored
View file

@ -14128,7 +14128,7 @@ async function exportSecrets() {
const tlsSkipVerify = (core.getInput('tlsSkipVerify', { required: false }) || 'false').toLowerCase() != 'false'; const tlsSkipVerify = (core.getInput('tlsSkipVerify', { required: false }) || 'false').toLowerCase() != 'false';
if (tlsSkipVerify === true) { if (tlsSkipVerify === true) {
defaultOptions.https.rejectUnauthorized = true; defaultOptions.https.rejectUnauthorized = false;
} }
const caCertificateRaw = core.getInput('caCertificate', { required: false }); const caCertificateRaw = core.getInput('caCertificate', { required: false });

1
integrationTests/e2e-tls/e2e-tls.test.js
View file

@ -9,5 +9,6 @@ describe('e2e-tls', () => {
expect(process.env.OTHERALTSECRET).toBe("OTHERCUSTOMSECRET"); expect(process.env.OTHERALTSECRET).toBe("OTHERCUSTOMSECRET");
expect(process.env.FOO).toBe("bar"); expect(process.env.FOO).toBe("bar");
expect(process.env.NAMED_CUBBYSECRET).toBe("zap"); expect(process.env.NAMED_CUBBYSECRET).toBe("zap");
expect(process.env.SKIP).toBe("true");
}); });
}); });

17
integrationTests/e2e-tls/setup.js
View file

@ -113,6 +113,23 @@ const clientKeyRaw = `${process.env.VAULT_CLIENT_KEY}`;
} }
}); });
await got(`https://${vaultUrl}/v1/secret/data/tlsSkipVerify`, {
method: 'POST',
headers: {
'X-Vault-Token': rootToken,
},
https: {
certificateAuthority: caCertificate,
certificate: clientCertificate,
key: clientKey,
},
json: {
data: {
skip: 'true',
},
}
});
await got(`https://${vaultUrl}/v1/sys/mounts/my-secret`, { await got(`https://${vaultUrl}/v1/sys/mounts/my-secret`, {
method: 'POST', method: 'POST',
headers: { headers: {

2
src/action.js
View file

@ -35,7 +35,7 @@ async function exportSecrets() {
const tlsSkipVerify = (core.getInput('tlsSkipVerify', { required: false }) || 'false').toLowerCase() != 'false'; const tlsSkipVerify = (core.getInput('tlsSkipVerify', { required: false }) || 'false').toLowerCase() != 'false';
if (tlsSkipVerify === true) { if (tlsSkipVerify === true) {
defaultOptions.https.rejectUnauthorized = true; defaultOptions.https.rejectUnauthorized = false;
} }
const caCertificateRaw = core.getInput('caCertificate', { required: false }); const caCertificateRaw = core.getInput('caCertificate', { required: false });