actions/vault-action
5
0
Fork 0
mirror of https://github.com/hashicorp/vault-action.git synced 2025-11-07 15:16:56 +00:00
Code Activity Actions
272 commits 7 branches 48 tags 5.7 MiB
Commit graph

34 commits

Author SHA1 Message Date
JM Faircloth
ba90f2d74c test remove if check 2023-07-05 15:27:34 -05:00
JM Faircloth
32afcc7f20 remove unused var assignment 2023-07-05 14:33:14 -05:00
JM Faircloth
4ef647191c final cleanup 2023-07-05 12:58:41 -05:00
JM Faircloth
a2cae737a3 add debug 2023-07-05 12:43:02 -05:00
JM Faircloth
788264dddd add more tests 2023-07-05 12:25:38 -05:00
JM Faircloth
a24b038252 fix secrets stored in JSON format 2023-07-03 15:57:28 -05:00
John-Michael Faircloth
5213b69445
Revert "fix secrets stored in json format (#466)" (#471) 
* Revert "fix secrets stored in json format (#466)"

This reverts commit b9f4d16071.

* fix build: use new Verified Publisher image hashicorp/vault
 2023-07-03 10:31:51 -05:00
John-Michael Faircloth
b9f4d16071
fix secrets stored in json format (#466) 
* fix secrets in json format

* fix actionlint

* add more comments and docs

* revert build.yml test

* add test for json

* fix selector

* fix e2e test

* fix e2e test 2

* remove test

* remove isNaN check

* update changelog
 2023-06-21 11:55:50 -05:00
TomNorth
cd5a8995f3
Scoped token access (#441) 
* feat: Always allow scoped access to vault token through outputs
* Make optional instead of always, in case of untrusted steps
---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: Thomas <thomas.north@dazn.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-05-19 14:11:33 -04:00
Max Wagner
1f5b7d55d8
Set output for the error message (#446) 
* Set output for the error message

In the event vault-action throws an error, the error message is
sent to the workflow log when with core.setFailed, but that output
is not accessible to other steps in the workflow.

This change sets an output for the error message, called errorMessage,
than can be read by other steps within the workflow and parsed.

* Add hashicorp/vault-action#446 to improvements in CHANGELOG
 2023-05-19 09:21:14 -04:00
Sai Pranav
1d767e3957
Add userpass auth and ldap auth support (#440) 
* fix(auth): added approle test in basic integration

* feat(auth): adding userpass and and ldap auth

* chore(changelog): added support for userpass and ldap auth
 2023-03-31 17:58:12 -05:00
Mike Dahl
256bfb9e6a
handle undefined response in getSecrets error handler (#431) 2023-03-02 14:39:28 -05:00
dependabot[bot]
74bc2a617b
chore(deps): bump jsonata from 1.8.6 to 2.0.2 (#426) 
* chore(deps): bump jsonata from 1.8.6 to 2.0.2

Bumps [jsonata](https://github.com/jsonata-js/jsonata) from 1.8.6 to 2.0.2.
- [Release notes](https://github.com/jsonata-js/jsonata/releases)
- [Changelog](https://github.com/jsonata-js/jsonata/blob/master/CHANGELOG.md)
- [Commits](https://github.com/jsonata-js/jsonata/compare/v1.8.6...v2.0.2)

---
updated-dependencies:
- dependency-name: jsonata
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>

* * waiting for result of evaluate to account for jsonata v2 changes

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: maxcoulombe <max.coulombe@hashicorp.com>
 2023-02-28 08:29:18 -05:00
Kevin Schoonover
7318a98db7
print vault error message on authentication failure (#409) 
Co-authored-by: Austin Gebauer <34121980+austingebauer@users.noreply.github.com>
 2023-01-23 15:52:40 -08:00
Luis (LT) Carbonell
0f409d4023
Add Decoding to Secrets (#408) 
* Add decoding to secrets

* remove index.js

* Add test case, and other updates
 2023-01-17 10:42:49 -06:00
Tom Proctor
55a11671e0
Retry on 412 status codes (#333) 
* Retry on 412 status codes
* Add retry tests
 2022-06-29 12:55:26 +01:00
Christopher Swenson
2dcbd17a34
Add additional mocks needed for tests in new versions of @actions (#343) 
Tests started failing after @actions was bumped in
https://github.com/hashicorp/vault-action/pull/334
 2022-06-28 14:35:22 -07:00
Tom Proctor
8e9712e63b
Fix tests from jest-when version bump (#311) 
* Fix tests from jest-when version bump
* Delete unused test helpers
* Add workflow_dispatch for tests
 2022-04-28 11:12:56 +01:00
Christopher Swenson
40fb8d7236
Write a better error message when secret not found (follow-up) (#306) 
* Write a better error message when key not found

* Address additional comments on #182

Co-authored-by: Simon Johansson <simon@simonjohansson.com>
 2022-04-20 15:53:24 -07:00
Kamil Domański
2f64a97498
make "role" input optional (#291) 
* make "role" input optional

Per Vault documentation it doesn't have to be provided,
and the auth provider's "default_role" parameter is required
precisely for this case.
https://www.vaultproject.io/api/auth/jwt
 2022-04-07 15:34:46 +01:00
Kevin Schoonover
c14a190aaa
feat(): make secrets parameter optional (#299) 2022-04-07 14:10:23 +01:00
Alex Kulikovskikh
c502100fbe
feat(): add support for github provided jwt auth (#257) 
* fix: update `privateKeyRaw` condition

* fix: add `contents: read` permission

* fix: get token via `@actions/core`

- Update README
- Switch to use `getIDToken` method for Github token retrieval
- Bump `@actions/core` to 1.6.0
- Add `jwtGithubAudience` input
- Remove unnecessary code

* fix: add description for `jwtGithubAudience`

* fix: move default value for `jwtGithubAudience` to `action.yml`

* docs: fix typo in README & grammar

* test: add tests

* fix: reset `dist/index.js`

* fix: remove default value for `jwtGithubAudience` from `action.yml`

* fix: reset `dist/index.js`

* fix: reset `dist/index.js`
 2021-10-08 09:46:21 -07:00
Falcon Taylor-Carter
72c7a899ca
Implement kubernetes auth / Add customizable auth path (#218) 
* Implement kubernetes auth / Add customizable auth path

* Fix typo

* Apply suggestions from code review

Co-authored-by: Jason O'Donnell <2160810+jasonodonnell@users.noreply.github.com>

Co-authored-by: Jason O'Donnell <2160810+jasonodonnell@users.noreply.github.com>
 2021-06-03 10:59:51 -04:00
Tom Proctor
3526e1be65
Mask each line of multi-line secrets (#208) 
* Mask each line of multi-line secrets

* Don't include carriage return characters in masking

* Update CHANGELOG.md
 2021-05-05 11:54:07 +01:00
Raman Harnak
9e8f22534f
Implement JWT auth (#188) 2021-05-04 08:49:35 -04:00
bilucodota
1d4917ec58
- Support complex keys, such as yaml/json files (#173) 2021-01-11 11:47:51 -05:00
ZANCO Bertrand
2f76ad395b
Add ability to export Vault Token (#127) 
* Add export Vault Token

* Set correct condition for default value

* Add test for exportToken
Fix key with dash

* Restore index.js
 2020-10-01 10:22:10 -04:00
Jason O'Donnell
f7f0d5a289
Simplify secret request UX (#102) 
* Simplify secret UX

* Update doc

* Fix tests
 2020-08-11 10:06:28 -04:00
Jason O'Donnell
e5ef6c9c11 Fix bug with tlsSkipVerify and add test coverage 2020-08-07 14:57:44 -04:00
Jason O'Donnell
683c9b2557 Add toLower and type equality check 2020-08-06 11:10:44 -04:00
Jason O'Donnell
e59c94afbe Add TLS and mTLS support 2020-08-05 16:36:27 -04:00
Richard Simpson
a7527a3e8a
chore: make vault action consumable (#43) 
* chore: make vault action consumable

* fix prefixless queries to default to data

* fix the right build entrypoint

* make output more forgiving and shore up selectors

* clarify doc language

* add npmtoken
 2020-04-11 23:54:04 -05:00
Richard Simpson
83d944ba1a fix: actually allow custom methods 2020-04-07 12:14:02 -05:00
Richard Simpson
5c464962be
feat: add generic auth (#39) 
* feat: add generic auth

Adds the ability to authenticate against any normal Vault endpoint by added the `authPayload` input.

When an unrecognized method is provided, the action will attempt to hit `v1/auth/<method>/login` with the provided `authPayload and parse out the token in the response
 2020-04-04 13:19:48 -05:00