actions/vault-action
5
0
Fork 0
mirror of https://github.com/hashicorp/vault-action.git synced 2025-11-14 18:13:45 +00:00
Code Activity Actions

Add test for exportToken

Browse source 
Fix key with dash
This commit is contained in:
BERTRAND ZANCO 2020-09-23 17:36:38 +02:00
parent 2ca42fb8f9
commit f2fb2d1d64
5 changed files with 67 additions and 24 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

19
dist/index.js vendored
View file

@ -10688,7 +10688,9 @@ async function getSecrets(secretRequests, client) {
body = result.body; body = result.body;
responseCache.set(requestPath, body); responseCache.set(requestPath, body);
} }
if (!selector.match(/.*[\.].*/)) {
selector = '"' + selector + '"'
}
selector = "data." + selector selector = "data." + selector
body = JSON.parse(body) body = JSON.parse(body)
if (body.data["data"] != undefined) { if (body.data["data"] != undefined) {
@ -10714,7 +10716,7 @@ function selectData(data, selector) {
const ata = jsonata(selector); const ata = jsonata(selector);
let result = JSON.stringify(ata.evaluate(data)); let result = JSON.stringify(ata.evaluate(data));
// Compat for custom engines // Compat for custom engines
if (!result && ata.ast().type === "path" && ata.ast()['steps'].length === 1 && selector !== 'data' && 'data' in data) { if (!result && ((ata.ast().type === "path" && ata.ast()['steps'].length === 1) || ata.ast().type === "string") && selector !== 'data' && 'data' in data) {
result = JSON.stringify(jsonata(`data.${selector}`).evaluate(data)); result = JSON.stringify(jsonata(`data.${selector}`).evaluate(data));
} else if (!result) { } else if (!result) {
throw Error(`Unable to retrieve result for ${selector}. No match data was found. Double check your Key or Selector.`); throw Error(`Unable to retrieve result for ${selector}. No match data was found. Double check your Key or Selector.`);
@ -14022,7 +14024,7 @@ async function exportSecrets() {
const vaultNamespace = core.getInput('namespace', { required: false }); const vaultNamespace = core.getInput('namespace', { required: false });
const extraHeaders = parseHeadersInput('extraHeaders', { required: false }); const extraHeaders = parseHeadersInput('extraHeaders', { required: false });
const exportEnv = core.getInput('exportEnv', { required: false }) != 'false'; const exportEnv = core.getInput('exportEnv', { required: false }) != 'false';
const exportToken = core.getInput('exportToken', { required: false }) == 'false'; const exportToken = (core.getInput('exportToken', { required: false }) || 'false').toLowerCase() != 'false';
const secretsInput = core.getInput('secrets', { required: true }); const secretsInput = core.getInput('secrets', { required: true });
const secretRequests = parseSecretsInput(secretsInput); const secretRequests = parseSecretsInput(secretsInput);
@ -14071,7 +14073,7 @@ async function exportSecrets() {
defaultOptions.headers['X-Vault-Token'] = vaultToken; defaultOptions.headers['X-Vault-Token'] = vaultToken;
const client = got.extend(defaultOptions); const client = got.extend(defaultOptions);
if (exportToken) { if (exportToken === true) {
command.issue('add-mask', vaultToken); command.issue('add-mask', vaultToken);
core.exportVariable('VAULT_TOKEN', `${vaultToken}`); core.exportVariable('VAULT_TOKEN', `${vaultToken}`);
} }
@ -14140,12 +14142,13 @@ function parseSecretsInput(secretsInput) {
throw Error(`You must provide a valid path and key. Input: "${secret}"`); throw Error(`You must provide a valid path and key. Input: "${secret}"`);
} }
const [path, selector] = pathParts; const [path, selectorQuoted] = pathParts;
/** @type {any} */ /** @type {any} */
const selectorAst = jsonata(selector).ast(); const selectorAst = jsonata(selectorQuoted).ast();
const selector = selectorQuoted.replace(new RegExp('"', 'g'), '');
if ((selectorAst.type !== "path" || selectorAst.steps[0].stages) && !outputVarName) { if ((selectorAst.type !== "path" || selectorAst.steps[0].stages) && selectorAst.type !== "string" && !outputVarName) {
throw Error(`You must provide a name for the output key when using json selectors. Input: "${secret}"`); throw Error(`You must provide a name for the output key when using json selectors. Input: "${secret}"`);
} }
@ -14172,7 +14175,7 @@ function parseSecretsInput(secretsInput) {
*/ */
function normalizeOutputKey(dataKey, isEnvVar = false) { function normalizeOutputKey(dataKey, isEnvVar = false) {
let outputKey = dataKey let outputKey = dataKey
.replace('.', '__').replace(/[^\p{L}\p{N}_-]/gu, ''); .replace('.', '__').replace(new RegExp('-', 'g'), '').replace(/[^\p{L}\p{N}_-]/gu, '');
if (isEnvVar) { if (isEnvVar) {
outputKey = outputKey.toUpperCase(); outputKey = outputKey.toUpperCase();
} }

16
integrationTests/basic/integration.test.js
View file

@ -37,7 +37,7 @@ describe('integration', () => {
}, },
json: { json: {
data: { data: {
otherSecret: 'OTHERSUPERSECRET', "other-Secret-dash": 'OTHERSUPERSECRET',
}, },
} }
}); });
@ -100,7 +100,7 @@ describe('integration', () => {
'X-Vault-Token': 'testtoken', 'X-Vault-Token': 'testtoken',
}, },
json: { json: {
otherSecret: 'OTHERCUSTOMSECRET', "other-Secret-dash": 'OTHERCUSTOMSECRET',
}, },
}); });
}); });
@ -140,18 +140,18 @@ describe('integration', () => {
}); });
it('get nested secret', async () => { it('get nested secret', async () => {
mockInput('secret/data/nested/test otherSecret'); mockInput(`secret/data/nested/test "other-Secret-dash"`);
await exportSecrets(); await exportSecrets();
expect(core.exportVariable).toBeCalledWith('OTHERSECRET', 'OTHERSUPERSECRET'); expect(core.exportVariable).toBeCalledWith('OTHERSECRETDASH', 'OTHERSUPERSECRET');
}); });
it('get multiple secrets', async () => { it('get multiple secrets', async () => {
mockInput(` mockInput(`
secret/data/test secret ; secret/data/test secret ;
secret/data/test secret | NAMED_SECRET ; secret/data/test secret | NAMED_SECRET ;
secret/data/nested/test otherSecret ;`); secret/data/nested/test "other-Secret-dash" ;`);
await exportSecrets(); await exportSecrets();
@ -159,7 +159,7 @@ describe('integration', () => {
expect(core.exportVariable).toBeCalledWith('SECRET', 'SUPERSECRET'); expect(core.exportVariable).toBeCalledWith('SECRET', 'SUPERSECRET');
expect(core.exportVariable).toBeCalledWith('NAMED_SECRET', 'SUPERSECRET'); expect(core.exportVariable).toBeCalledWith('NAMED_SECRET', 'SUPERSECRET');
expect(core.exportVariable).toBeCalledWith('OTHERSECRET', 'OTHERSUPERSECRET'); expect(core.exportVariable).toBeCalledWith('OTHERSECRETDASH', 'OTHERSUPERSECRET');
}); });
it('leading slash kvv2', async () => { it('leading slash kvv2', async () => {
@ -179,11 +179,11 @@ describe('integration', () => {
}); });
it('get nested secret from K/V v1', async () => { it('get nested secret from K/V v1', async () => {
mockInput('secret-kv1/nested/test otherSecret'); mockInput('secret-kv1/nested/test "other-Secret-dash"');
await exportSecrets(); await exportSecrets();
expect(core.exportVariable).toBeCalledWith('OTHERSECRET', 'OTHERCUSTOMSECRET'); expect(core.exportVariable).toBeCalledWith('OTHERSECRETDASH', 'OTHERCUSTOMSECRET');
}); });
it('leading slash kvv1', async () => { it('leading slash kvv1', async () => {

13
src/action.js
View file

@ -12,7 +12,7 @@ async function exportSecrets() {
const vaultNamespace = core.getInput('namespace', { required: false }); const vaultNamespace = core.getInput('namespace', { required: false });
const extraHeaders = parseHeadersInput('extraHeaders', { required: false }); const extraHeaders = parseHeadersInput('extraHeaders', { required: false });
const exportEnv = core.getInput('exportEnv', { required: false }) != 'false'; const exportEnv = core.getInput('exportEnv', { required: false }) != 'false';
const exportToken = core.getInput('exportToken', { required: false }) == 'false'; const exportToken = (core.getInput('exportToken', { required: false }) || 'false').toLowerCase() != 'false';
const secretsInput = core.getInput('secrets', { required: true }); const secretsInput = core.getInput('secrets', { required: true });
const secretRequests = parseSecretsInput(secretsInput); const secretRequests = parseSecretsInput(secretsInput);
@ -61,7 +61,7 @@ async function exportSecrets() {
defaultOptions.headers['X-Vault-Token'] = vaultToken; defaultOptions.headers['X-Vault-Token'] = vaultToken;
const client = got.extend(defaultOptions); const client = got.extend(defaultOptions);
if (exportToken) { if (exportToken === true) {
command.issue('add-mask', vaultToken); command.issue('add-mask', vaultToken);
core.exportVariable('VAULT_TOKEN', `${vaultToken}`); core.exportVariable('VAULT_TOKEN', `${vaultToken}`);
} }
@ -130,12 +130,13 @@ function parseSecretsInput(secretsInput) {
throw Error(`You must provide a valid path and key. Input: "${secret}"`); throw Error(`You must provide a valid path and key. Input: "${secret}"`);
} }
const [path, selector] = pathParts; const [path, selectorQuoted] = pathParts;
/** @type {any} */ /** @type {any} */
const selectorAst = jsonata(selector).ast(); const selectorAst = jsonata(selectorQuoted).ast();
const selector = selectorQuoted.replace(new RegExp('"', 'g'), '');
if ((selectorAst.type !== "path" || selectorAst.steps[0].stages) && !outputVarName) { if ((selectorAst.type !== "path" || selectorAst.steps[0].stages) && selectorAst.type !== "string" && !outputVarName) {
throw Error(`You must provide a name for the output key when using json selectors. Input: "${secret}"`); throw Error(`You must provide a name for the output key when using json selectors. Input: "${secret}"`);
} }
@ -162,7 +163,7 @@ function parseSecretsInput(secretsInput) {
*/ */
function normalizeOutputKey(dataKey, isEnvVar = false) { function normalizeOutputKey(dataKey, isEnvVar = false) {
let outputKey = dataKey let outputKey = dataKey
.replace('.', '__').replace(/[^\p{L}\p{N}_-]/gu, ''); .replace('.', '__').replace(new RegExp('-', 'g'), '').replace(/[^\p{L}\p{N}_-]/gu, '');
if (isEnvVar) { if (isEnvVar) {
outputKey = outputKey.toUpperCase(); outputKey = outputKey.toUpperCase();
} }

37
src/action.test.js
View file

@ -178,6 +178,12 @@ describe('exportSecrets', () => {
} }
} }
function mockExportToken(doExport) {
when(core.getInput)
.calledWith('exportToken')
.mockReturnValueOnce(doExport);
}
it('simple secret retrieval', async () => { it('simple secret retrieval', async () => {
mockInput('test key'); mockInput('test key');
mockVaultData({ mockVaultData({
@ -257,4 +263,35 @@ describe('exportSecrets', () => {
expect(core.exportVariable).toBeCalledWith('KEY__VALUE', '1'); expect(core.exportVariable).toBeCalledWith('KEY__VALUE', '1');
expect(core.setOutput).toBeCalledWith('key__value', '1'); expect(core.setOutput).toBeCalledWith('key__value', '1');
}); });
it('export Vault token', async () => {
mockInput('test key');
mockVaultData({
key: 1
});
mockExportToken("true")
await exportSecrets();
expect(core.exportVariable).toBeCalledTimes(2);
expect(core.exportVariable).toBeCalledWith('VAULT_TOKEN', 'EXAMPLE');
expect(core.exportVariable).toBeCalledWith('KEY', '1');
expect(core.setOutput).toBeCalledWith('key', '1');
});
it('not export Vault token', async () => {
mockInput('test key');
mockVaultData({
key: 1
});
mockExportToken("false")
await exportSecrets();
expect(core.exportVariable).toBeCalledTimes(1);
expect(core.exportVariable).toBeCalledWith('KEY', '1');
expect(core.setOutput).toBeCalledWith('key', '1');
});
}); });

6
src/secrets.js
View file

@ -38,7 +38,9 @@ async function getSecrets(secretRequests, client) {
body = result.body; body = result.body;
responseCache.set(requestPath, body); responseCache.set(requestPath, body);
} }
if (!selector.match(/.*[\.].*/)) {
selector = '"' + selector + '"'
}
selector = "data." + selector selector = "data." + selector
body = JSON.parse(body) body = JSON.parse(body)
if (body.data["data"] != undefined) { if (body.data["data"] != undefined) {
@ -64,7 +66,7 @@ function selectData(data, selector) {
const ata = jsonata(selector); const ata = jsonata(selector);
let result = JSON.stringify(ata.evaluate(data)); let result = JSON.stringify(ata.evaluate(data));
// Compat for custom engines // Compat for custom engines
if (!result && ata.ast().type === "path" && ata.ast()['steps'].length === 1 && selector !== 'data' && 'data' in data) { if (!result && ((ata.ast().type === "path" && ata.ast()['steps'].length === 1) || ata.ast().type === "string") && selector !== 'data' && 'data' in data) {
result = JSON.stringify(jsonata(`data.${selector}`).evaluate(data)); result = JSON.stringify(jsonata(`data.${selector}`).evaluate(data));
} else if (!result) { } else if (!result) {
throw Error(`Unable to retrieve result for ${selector}. No match data was found. Double check your Key or Selector.`); throw Error(`Unable to retrieve result for ${selector}. No match data was found. Double check your Key or Selector.`);