actions/vault-action
5
0
Fork 0
mirror of https://github.com/hashicorp/vault-action.git synced 2025-11-09 08:06:55 +00:00
Code Activity Actions

use starting slash as non-kv sentinel value

Browse source
This commit is contained in:
Richard Simpson 2020-02-05 14:44:53 -06:00
parent 87dad0d98f
commit f38072a263
No known key found for this signature in database
GPG key ID: 0CECAF50D013D1E2
1 changed files with 14 additions and 8 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

22
action.js
View file

@ -11,10 +11,9 @@ async function exportSecrets() {
let enginePath = core.getInput('path', { required: false }); let enginePath = core.getInput('path', { required: false });
let kvVersion = core.getInput('kv-version', { required: false }); let kvVersion = core.getInput('kv-version', { required: false });
let isKvEngine = parseBoolInput(core.getInput('isKvEngine', { required: false }));
const secretsInput = core.getInput('secrets', { required: true }); const secretsInput = core.getInput('secrets', { required: true });
const secrets = parseSecretsInput(secretsInput); const secretRequests = parseSecretsInput(secretsInput);
const vaultMethod = core.getInput('method', { required: false }) || 'token'; const vaultMethod = core.getInput('method', { required: false }) || 'token';
if (!AUTH_METHODS.includes(vaultMethod)) { if (!AUTH_METHODS.includes(vaultMethod)) {
@ -64,8 +63,8 @@ async function exportSecrets() {
} }
const responseCache = new Map(); const responseCache = new Map();
for (const secret of secrets) { for (const secretRequest of secretRequests) {
const { secretPath, outputName, secretSelector, isJSONPath } = secret; const { secretPath, outputName, secretSelector, isJSONPath } = secretRequest;
const requestOptions = { const requestOptions = {
headers: { headers: {
'X-Vault-Token': vaultToken 'X-Vault-Token': vaultToken
@ -76,9 +75,16 @@ async function exportSecrets() {
requestOptions.headers["X-Vault-Namespace"] = vaultNamespace; requestOptions.headers["X-Vault-Namespace"] = vaultNamespace;
} }
const requestPath = (kvVersion === 2) let requestPath = `${vaultUrl}/v1`;
? `${vaultUrl}/v1/${enginePath}/data/${secretPath}` const kvRequest = !secretPath.startsWith('/')
: `${vaultUrl}/v1/${enginePath}/${secretPath}`; if (!kvRequest) {
requestPath += secretPath;
} else {
requestPath += (kvVersion === 2)
? `/${enginePath}/data/${secretPath}`
: `/${enginePath}/${secretPath}`;
}
let body; let body;
if (responseCache.has(requestPath)) { if (responseCache.has(requestPath)) {
body = responseCache.get(requestPath); body = responseCache.get(requestPath);
@ -88,7 +94,7 @@ async function exportSecrets() {
responseCache.set(requestPath, body); responseCache.set(requestPath, body);
} }
let dataDepth = isJSONPath === true ? 0 : isKvEngine === false ? 1 : kvVersion; let dataDepth = isJSONPath === true ? 0 : kvRequest === false ? 1 : kvVersion;
const secretData = getResponseData(body, dataDepth); const secretData = getResponseData(body, dataDepth);
const value = selectData(secretData, secretSelector); const value = selectData(secretData, secretSelector);