actions/vault-action
3
0
Fork 0
mirror of https://github.com/hashicorp/vault-action.git synced 2026-04-08 13:10:05 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

feat(): add support for github provided jwt auth (#257)

Browse source 
* fix: update `privateKeyRaw` condition

* fix: add `contents: read` permission

* fix: get token via `@actions/core`

- Update README
- Switch to use `getIDToken` method for Github token retrieval
- Bump `@actions/core` to 1.6.0
- Add `jwtGithubAudience` input
- Remove unnecessary code

* fix: add description for `jwtGithubAudience`

* fix: move default value for `jwtGithubAudience` to `action.yml`

* docs: fix typo in README & grammar

* test: add tests

* fix: reset `dist/index.js`

* fix: remove default value for `jwtGithubAudience` from `action.yml`

* fix: reset `dist/index.js`

* fix: reset `dist/index.js`
This commit is contained in:
Alex Kulikovskikh 2021-10-08 12:46:21 -04:00 committed by GitHub
parent b8c90c7243
commit c502100fbe
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
7 changed files with 34680 additions and 14979 deletions
Download patch file Download diff file Expand all files Collapse all files

13
src/auth.js
View file

@ -23,12 +23,21 @@ async function retrieveToken(method, client) {
return await getClientToken(client, method, path, { token: githubToken });
}
case 'jwt': {
/** @type {string} */
let jwt;
const role = core.getInput('role', { required: true });
const privateKeyRaw = core.getInput('jwtPrivateKey', { required: true });
const privateKeyRaw = core.getInput('jwtPrivateKey', { required: false });
const privateKey = Buffer.from(privateKeyRaw, 'base64').toString();
const keyPassword = core.getInput('jwtKeyPassword', { required: false });
const tokenTtl = core.getInput('jwtTtl', { required: false }) || '3600'; // 1 hour
const jwt = generateJwt(privateKey, keyPassword, Number(tokenTtl));
const githubAudience = core.getInput('jwtGithubAudience', { required: false });
if (!privateKey) {
jwt = await core.getIDToken(githubAudience)
} else {
jwt = generateJwt(privateKey, keyPassword, Number(tokenTtl));
}
return await getClientToken(client, method, path, { jwt: jwt, role: role });
}
case 'kubernetes': {