actions/vault-action
5
0
Fork 0
mirror of https://github.com/hashicorp/vault-action.git synced 2025-11-14 18:13:45 +00:00
Code Activity Actions
vault-action/src/auth.js
Richard Simpson 25885cbbc9 feat: add generic auth 
Adds the ability to authenticate against any normal Vault endpoint by added the uthPayload input.

When an unrecognized method is provided, the action will attempt to hit 1/auth/<method>/login with the provided uthPayload and parse out the token in the response
2020-04-04 12:55:25 -05:00

59 lines
2.1 KiB
JavaScript
Raw Blame History

const core = require('@actions/core');
/***
* Authentication with Vault and retrieve a vault token
* @param {string} method
* @param {import('got')} client
*/
async function retrieveToken(method, client) {
switch (method) {
case 'approle': {
const vaultRoleId = core.getInput('roleId', { required: true });
const vaultSecretId = core.getInput('secretId', { required: true });
return await getClientToken(client, method, { role_id: vaultRoleId, secret_id: vaultSecretId });
}
case 'github': {
const githubToken = core.getInput('githubToken', { required: true });
return await getClientToken(client, method, { token: githubToken });
}
default: {
if (!method || method === 'token') {
return core.getInput('token', { required: true });
} else {
/** @type {string} */
const payload = core.getInput('authPayload', { required: true });
if (!payload) {
throw Error('When using a custom authentication method, you must provide the payload');
}
return await getClientToken(client, method, JSON.parse(payload.trim()));
}
}
}
}
/***
* Authentication with Vault and retrieve a vault token
* @param {import('got')} client
* @param {string} method
* @param {any} payload
*/
async function getClientToken(client, method, payload) {
/** @type {any} */
var options = {
json: payload,
responseType: 'json'
};
core.debug(`Retrieving Vault Token from v1/auth/${method}/login endpoint`);
const response = await client.post(`v1/auth/${method}/login`, options);
if (response && response.body && response.body.auth && response.body.auth.client_token) {
core.debug('✔ Vault Token successfully retrieved');
return response.body.auth.client_token;
} else {
throw Error(`Unable to retrieve token from ${method}'s login endpoint.`);
}
}
module.exports = {
retrieveToken
}
View git blame Copy permalink