actions/vault-action
5
0
Fork 0
mirror of https://github.com/hashicorp/vault-action.git synced 2025-11-14 18:13:45 +00:00
Code Activity Actions

fix: update privateKeyRaw condition

Browse source
This commit is contained in:
Alex Kulikovskikh 2021-09-23 20:25:07 -04:00
parent 29c85b7b54
commit eb516ccb40
2 changed files with 12 additions and 10 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

11
dist/index.js vendored
View file

@ -999,16 +999,17 @@ async function retrieveToken(method, client) {
return await getClientToken(client, method, path, { token: githubToken }); return await getClientToken(client, method, path, { token: githubToken });
} }
case 'jwt': { case 'jwt': {
const role = core.getInput('role', { required: true });
const privateKeyRaw = core.getInput('jwtPrivateKey', { required: false });
const privateKey = Buffer.from(privateKeyRaw, 'base64').toString();
const keyPassword = core.getInput('jwtKeyPassword', { required: false });
const tokenTtl = core.getInput('jwtTtl', { required: false }) || '3600'; // 1 hour
/** @type {string} */ /** @type {string} */
let jwt; let jwt;
const actionsIDTokenRequestToken = process.env['ACTIONS_ID_TOKEN_REQUEST_TOKEN']; const actionsIDTokenRequestToken = process.env['ACTIONS_ID_TOKEN_REQUEST_TOKEN'];
const actionsIDTokenRequestURL = process.env['ACTIONS_ID_TOKEN_REQUEST_URL']; const actionsIDTokenRequestURL = process.env['ACTIONS_ID_TOKEN_REQUEST_URL'];
const role = core.getInput('role', { required: true });
const privateKeyRaw = core.getInput('jwtPrivateKey', { required: (!(actionsIDTokenRequestToken && actionsIDTokenRequestURL)) });
const privateKey = Buffer.from(privateKeyRaw, 'base64').toString();
const keyPassword = core.getInput('jwtKeyPassword', { required: false });
const tokenTtl = core.getInput('jwtTtl', { required: false }) || '3600'; // 1 hour
if (!privateKeyRaw && actionsIDTokenRequestToken && actionsIDTokenRequestURL) { if (!privateKeyRaw && actionsIDTokenRequestToken && actionsIDTokenRequestURL) {
jwt = await getJwt(actionsIDTokenRequestToken, `${actionsIDTokenRequestURL}&audience=sigstore`); jwt = await getJwt(actionsIDTokenRequestToken, `${actionsIDTokenRequestURL}&audience=sigstore`);
} else { } else {

11
src/auth.js
View file

@ -24,16 +24,17 @@ async function retrieveToken(method, client) {
return await getClientToken(client, method, path, { token: githubToken }); return await getClientToken(client, method, path, { token: githubToken });
} }
case 'jwt': { case 'jwt': {
const role = core.getInput('role', { required: true });
const privateKeyRaw = core.getInput('jwtPrivateKey', { required: false });
const privateKey = Buffer.from(privateKeyRaw, 'base64').toString();
const keyPassword = core.getInput('jwtKeyPassword', { required: false });
const tokenTtl = core.getInput('jwtTtl', { required: false }) || '3600'; // 1 hour
/** @type {string} */ /** @type {string} */
let jwt; let jwt;
const actionsIDTokenRequestToken = process.env['ACTIONS_ID_TOKEN_REQUEST_TOKEN']; const actionsIDTokenRequestToken = process.env['ACTIONS_ID_TOKEN_REQUEST_TOKEN'];
const actionsIDTokenRequestURL = process.env['ACTIONS_ID_TOKEN_REQUEST_URL']; const actionsIDTokenRequestURL = process.env['ACTIONS_ID_TOKEN_REQUEST_URL'];
const role = core.getInput('role', { required: true });
const privateKeyRaw = core.getInput('jwtPrivateKey', { required: (!(actionsIDTokenRequestToken && actionsIDTokenRequestURL)) });
const privateKey = Buffer.from(privateKeyRaw, 'base64').toString();
const keyPassword = core.getInput('jwtKeyPassword', { required: false });
const tokenTtl = core.getInput('jwtTtl', { required: false }) || '3600'; // 1 hour
if (!privateKeyRaw && actionsIDTokenRequestToken && actionsIDTokenRequestURL) { if (!privateKeyRaw && actionsIDTokenRequestToken && actionsIDTokenRequestURL) {
jwt = await getJwt(actionsIDTokenRequestToken, `${actionsIDTokenRequestURL}&audience=sigstore`); jwt = await getJwt(actionsIDTokenRequestToken, `${actionsIDTokenRequestURL}&audience=sigstore`);
} else { } else {