Add ability to export Vault Token (#127)

* Add export Vault Token * Set correct condition for default value * Add test for exportToken Fix key with dash * Restore index.js
2026-04-10 14:10:09 +00:00 · 2020-10-01 16:22:10 +02:00 · 2020-10-01 16:22:10 +02:00 · 2f76ad395b
commit 2f76ad395b
parent 307c9ae581
7 changed files with 66 additions and 15 deletions
--- a/src/action.js
+++ b/src/action.js
@ -12,6 +12,7 @@ async function exportSecrets() {
    const vaultNamespace = core.getInput('namespace', { required: false });
    const extraHeaders = parseHeadersInput('extraHeaders', { required: false });
    const exportEnv = core.getInput('exportEnv', { required: false }) != 'false';
+    const exportToken = (core.getInput('exportToken', { required: false }) || 'false').toLowerCase() != 'false';

    const secretsInput = core.getInput('secrets', { required: true });
    const secretRequests = parseSecretsInput(secretsInput);
@ -60,6 +61,11 @@ async function exportSecrets() {
    defaultOptions.headers['X-Vault-Token'] = vaultToken;
    const client = got.extend(defaultOptions);

+    if (exportToken === true) {
+        command.issue('add-mask', vaultToken);
+        core.exportVariable('VAULT_TOKEN', `${vaultToken}`);
+    }
+
    const requests = secretRequests.map(request => {
        const { path, selector } = request;
        return request;
@ -124,12 +130,13 @@ function parseSecretsInput(secretsInput) {
            throw Error(`You must provide a valid path and key. Input: "${secret}"`);
        }

-        const [path, selector] = pathParts;
+        const [path, selectorQuoted] = pathParts;

        /** @type {any} */
-        const selectorAst = jsonata(selector).ast();
+        const selectorAst = jsonata(selectorQuoted).ast();
+        const selector = selectorQuoted.replace(new RegExp('"', 'g'), '');

-        if ((selectorAst.type !== "path" || selectorAst.steps[0].stages) && !outputVarName) {
+        if ((selectorAst.type !== "path" || selectorAst.steps[0].stages) && selectorAst.type !== "string" && !outputVarName) {
            throw Error(`You must provide a name for the output key when using json selectors. Input: "${secret}"`);
        }

@ -156,7 +163,7 @@ function parseSecretsInput(secretsInput) {
 */
 function normalizeOutputKey(dataKey, isEnvVar = false) {
    let outputKey = dataKey
-        .replace('.', '__').replace(/[^\p{L}\p{N}_-]/gu, '');
+        .replace('.', '__').replace(new RegExp('-', 'g'), '').replace(/[^\p{L}\p{N}_-]/gu, '');
    if (isEnvVar) {
        outputKey = outputKey.toUpperCase();
    }
--- a/src/action.test.js
+++ b/src/action.test.js
@ -178,6 +178,12 @@ describe('exportSecrets', () => {
        }
    }

+    function mockExportToken(doExport) {
+        when(core.getInput)
+            .calledWith('exportToken')
+            .mockReturnValueOnce(doExport);
+    }
+
    it('simple secret retrieval', async () => {
        mockInput('test key');
        mockVaultData({
@ -257,4 +263,35 @@ describe('exportSecrets', () => {
        expect(core.exportVariable).toBeCalledWith('KEY__VALUE', '1');
        expect(core.setOutput).toBeCalledWith('key__value', '1');
    });
+
+    it('export Vault token', async () => {
+        mockInput('test key');
+        mockVaultData({
+            key: 1
+        });
+        mockExportToken("true")
+
+        await exportSecrets();
+
+        expect(core.exportVariable).toBeCalledTimes(2);
+
+        expect(core.exportVariable).toBeCalledWith('VAULT_TOKEN', 'EXAMPLE');
+        expect(core.exportVariable).toBeCalledWith('KEY', '1');
+        expect(core.setOutput).toBeCalledWith('key', '1');
+    });
+
+    it('not export Vault token', async () => {
+        mockInput('test key');
+        mockVaultData({
+            key: 1
+        });
+        mockExportToken("false")
+
+        await exportSecrets();
+
+        expect(core.exportVariable).toBeCalledTimes(1);
+
+        expect(core.exportVariable).toBeCalledWith('KEY', '1');
+        expect(core.setOutput).toBeCalledWith('key', '1');
+    });
 });
--- a/src/secrets.js
+++ b/src/secrets.js
@ -38,7 +38,9 @@ async function getSecrets(secretRequests, client) {
            body = result.body;
            responseCache.set(requestPath, body);
        }
-
+        if (!selector.match(/.*[\.].*/)) {
+            selector = '"' + selector + '"'
+        }
        selector = "data." + selector
        body = JSON.parse(body)
        if (body.data["data"] != undefined) {
@ -64,7 +66,7 @@ function selectData(data, selector) {
    const ata = jsonata(selector);
    let result = JSON.stringify(ata.evaluate(data));
    // Compat for custom engines
-    if (!result && ata.ast().type === "path" && ata.ast()['steps'].length === 1 && selector !== 'data' && 'data' in data) {
+    if (!result && ((ata.ast().type === "path" && ata.ast()['steps'].length === 1) || ata.ast().type === "string") && selector !== 'data' && 'data' in data) {
        result = JSON.stringify(jsonata(`data.${selector}`).evaluate(data));
    } else if (!result) {
        throw Error(`Unable to retrieve result for ${selector}. No match data was found. Double check your Key or Selector.`);