Update to v2.7.1 (#472)

* Update to v2.7.1 * update changelog
2025-11-07 15:16:56 +00:00 · 2023-07-03 11:09:52 -05:00 · 2023-07-03 11:09:52 -05:00 · e926631bb2
commit e926631bb2
parent 5213b69445
2 changed files with 11 additions and 45 deletions
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@ -2,6 +2,12 @@

 * Add changes here

+## 2.7.1 (July 3, 2023)
+
+Bugs:
+
+* Revert [GH-466](https://github.com/hashicorp/vault-action/pull/466) which caused a regression in secrets stored as JSON strings [GH-471](https://github.com/hashicorp/vault-action/pull/471)
+
 ## 2.7.0 (June 21, 2023)

 Bugs:
--- a/dist/index.js
+++ b/dist/index.js
@ -18937,6 +18937,7 @@ module.exports = {

 const jsonata = __nccwpck_require__(4245);

+
 /**
 * @typedef {Object} SecretRequest
 * @property {string} path
@ -19003,20 +19004,12 @@ async function getSecrets(secretRequests, client) {

 /**
 * Uses a Jsonata selector retrieve a bit of data from the result
- * @param {object} data
- * @param {string} selector
+ * @param {object} data 
+ * @param {string} selector 
 */
 async function selectData(data, selector) {
    const ata = jsonata(selector);
-    let d = await ata.evaluate(data);
-    if (isJSON(d)) {
-        // If we already have JSON we will not "stringify" it yet so that we
-        // don't end up calling JSON.parse. This would break the secrets that
-        // are stored as JSON. See: https://github.com/hashicorp/vault-action/issues/194
-        result = d;
-    } else {
-        result = JSON.stringify(d);
-    }
+    let result = JSON.stringify(await ata.evaluate(data));
    // Compat for custom engines
    if (!result && ((ata.ast().type === "path" && ata.ast()['steps'].length === 1) || ata.ast().type === "string") && selector !== 'data' && 'data' in data) {
        result = JSON.stringify(await jsonata(`data.${selector}`).evaluate(data));
@ -19025,49 +19018,16 @@ async function selectData(data, selector) {
    }

    if (result.startsWith(`"`)) {
-        // we need to strip the beginning and ending quotes otherwise it will
-        // always successfully parse as JSON
-        result = result.substring(1, result.length - 1);
-        if (!isJSON(result)) {
-            // add the quotes back so we can parse it into a Javascript object
-            // to allow support for multi-line secrets. See https://github.com/hashicorp/vault-action/issues/160
-            result = `"${result}"`
-            result = JSON.parse(result);
-        }
-    } else if (isJSON(result)) {
-        // This is required to support secrets in JSON format.
-        // See https://github.com/hashicorp/vault-action/issues/194 and https://github.com/hashicorp/vault-action/pull/173
-        result = JSON.stringify(result);
-        result = result.substring(1, result.length - 1);
+        result = JSON.parse(result);
    }
    return result;
 }

-/**
- * isJSON returns true if str parses as a valid JSON string
- * @param {string} str
- */
-function isJSON(str) {
-    if (typeof str !== "string"){
-        return false;
-    }
-
-    try {
-        JSON.parse(str);
-    } catch (e) {
-        return false;
-    }
-
-    return true;
-}
-
 module.exports = {
    getSecrets,
    selectData
 }

-
-
 /***/ }),

 /***/ 9491: