actions/vault-action
3
0
Fork 0
mirror of https://github.com/hashicorp/vault-action.git synced 2026-04-07 20:50:09 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

Add userpass auth and ldap auth support (#440)

Browse source 
* fix(auth): added approle test in basic integration

* feat(auth): adding userpass and and ldap auth

* chore(changelog): added support for userpass and ldap auth
This commit is contained in:
Sai Pranav 2023-03-31 17:58:12 -05:00 committed by GitHub
parent c253c155ba
commit 1d767e3957
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
6 changed files with 272 additions and 4 deletions
Download patch file Download diff file Expand all files Collapse all files

2
src/action.js
View file

@ -5,7 +5,7 @@ const got = require('got').default;
const jsonata = require('jsonata');
const { auth: { retrieveToken }, secrets: { getSecrets } } = require('./index');
const AUTH_METHODS = ['approle', 'token', 'github', 'jwt', 'kubernetes'];
const AUTH_METHODS = ['approle', 'token', 'github', 'jwt', 'kubernetes', 'ldap', 'userpass'];
const ENCODING_TYPES = ['base64', 'hex', 'utf8'];
async function exportSecrets() {

14
src/auth.js
View file

@ -11,7 +11,8 @@ const defaultKubernetesTokenPath = '/var/run/secrets/kubernetes.io/serviceaccoun
* @param {import('got').Got} client
*/
async function retrieveToken(method, client) {
const path = core.getInput('path', { required: false }) || method;
let path = core.getInput('path', { required: false }) || method;
path = `v1/auth/${path}/login`
switch (method) {
case 'approle': {
@ -50,6 +51,13 @@ async function retrieveToken(method, client) {
}
return await getClientToken(client, method, path, { jwt: data, role: role })
}
case 'userpass':
case 'ldap': {
const username = core.getInput('username', { required: true });
const password = core.getInput('password', { required: true });
path = path + `/${username}`
return await getClientToken(client, method, path, { password: password })
}
default: {
if (!method || method === 'token') {
@ -107,12 +115,12 @@ async function getClientToken(client, method, path, payload) {
responseType,
};
core.debug(`Retrieving Vault Token from v1/auth/${path}/login endpoint`);
core.debug(`Retrieving Vault Token from ${path} endpoint`);
/** @type {import('got').Response<VaultLoginResponse>} */
let response;
try {
response = await client.post(`v1/auth/${path}/login`, options);
response = await client.post(`${path}`, options);
} catch (err) {
if (err instanceof got.HTTPError) {
throw Error(`failed to retrieve vault token. code: ${err.code}, message: ${err.message}, vaultResponse: ${JSON.stringify(err.response.body)}`)