fix secrets stored in JSON format (#473)

* fix secrets stored in JSON format * add more tests * fix lint and pass token to build * add test cases * add debug * fix ordering of build steps * fix test string format * update test check * fix test string format * final cleanup * remove comment * remove unused var assignment * simplify more * simplify code and add more comments
2026-04-10 06:00:05 +00:00 · 2023-07-06 10:51:26 -05:00 · 2023-07-06 10:51:26 -05:00 · b138504969
commit b138504969
parent e926631bb2
7 changed files with 153 additions and 6 deletions
--- a/src/action.test.js
+++ b/src/action.test.js
@ -220,6 +220,58 @@ describe('exportSecrets', () => {
        expect(core.setOutput).toBeCalledWith('key', '1');
    });

+    it('JSON data secret retrieval', async () => {
+        const jsonData = {"x":1,"y":2};
+
+        // for secrets stored in Vault as pure JSON, we call stringify twice
+        // and remove the surrounding quotes
+        let result = JSON.stringify(JSON.stringify(jsonData));
+        result = result.substring(1, result.length - 1);
+
+        mockInput('test key');
+        mockVaultData({
+            key: jsonData,
+        });
+
+        await exportSecrets();
+
+        expect(core.exportVariable).toBeCalledWith('KEY', result);
+        expect(core.setOutput).toBeCalledWith('key', result);
+    });
+
+    it('JSON string secret retrieval', async () => {
+        const jsonString = '{"x":1,"y":2}';
+
+        mockInput('test key');
+        mockVaultData({
+            key: jsonString,
+        });
+
+        await exportSecrets();
+
+        expect(core.exportVariable).toBeCalledWith('KEY', jsonString);
+        expect(core.setOutput).toBeCalledWith('key', jsonString);
+    });
+
+    it('multi-line JSON string secret retrieval', async () => {
+        const jsonString = `
+        {
+            "x":1,
+            "y":"bar"
+        }
+        `;
+
+        mockInput('test key');
+        mockVaultData({
+            key: jsonString,
+        });
+
+        await exportSecrets();
+
+        expect(core.exportVariable).toBeCalledWith('KEY', jsonString);
+        expect(core.setOutput).toBeCalledWith('key', jsonString);
+    });
+
    it('intl secret retrieval', async () => {
        mockInput('测试 测试');
        mockVaultData({
@ -334,7 +386,30 @@ describe('exportSecrets', () => {
        expect(core.setOutput).toBeCalledWith('key', 'secret');
    })

-    it('multi-line secret gets masked for each line', async () => {
+    it('multi-line secret', async () => {
+        const multiLineString = `ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAklOUpkDHrfHY17SbrmTIpNLTGK9Tjom/BWDSU
+GPl+nafzlHDTYW7hdI4yZ5ew18JH4JW9jbhUFrviQzM7xlELEVf4h9lFX5QVkbPppSwg0cda3
+Pbv7kOdJ/MTyBlWXFCR+HAo3FXRitBqxiX1nKhXpHAZsMciLq8V6RjsNAQwdsdMFvSlVK/7XA
+NrRFi9wrf+M7Q==`;
+
+        mockInput('test key');
+        mockVaultData({
+            key: multiLineString
+        });
+        mockExportToken("false")
+
+        await exportSecrets();
+
+        expect(core.setSecret).toBeCalledTimes(5); // 1 for each non-empty line + VAULT_TOKEN
+
+        expect(core.setSecret).toBeCalledWith("ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAklOUpkDHrfHY17SbrmTIpNLTGK9Tjom/BWDSU");
+        expect(core.setSecret).toBeCalledWith("GPl+nafzlHDTYW7hdI4yZ5ew18JH4JW9jbhUFrviQzM7xlELEVf4h9lFX5QVkbPppSwg0cda3");
+        expect(core.setSecret).toBeCalledWith("Pbv7kOdJ/MTyBlWXFCR+HAo3FXRitBqxiX1nKhXpHAZsMciLq8V6RjsNAQwdsdMFvSlVK/7XA");
+        expect(core.setSecret).toBeCalledWith("NrRFi9wrf+M7Q==");
+        expect(core.setOutput).toBeCalledWith('key', multiLineString);
+    })
+
+    it('multi-line secret gets masked for each non-empty line', async () => {
        const multiLineString = `a multi-line string

 with blank lines