actions/vault-action
3
0
Fork 0
mirror of https://github.com/hashicorp/vault-action.git synced 2026-04-07 20:50:09 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

Implemented wildcard selector (based on #238) (#488)

Browse source 
* Initial check-in of wildcard to get all secrets in path (Issue#234)
* Fix wildcard for K/V v2 and Cubbyhole.  Add more tests
* Refactored out selectAndAppendResults
* Use selectAndAppendResults for wildcard
* Use normalizeOutputKey in action.js
* Refactored wildcard

---------

Co-authored-by: Scott Lemme <68233981+slemme1@users.noreply.github.com>
Co-authored-by: Lemme <slemme@massmutual.com>
This commit is contained in:
keattang 2023-09-15 22:56:07 +10:00 committed by GitHub
parent cb841f2c86
commit d9197ec2d2
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
8 changed files with 343 additions and 68 deletions
Download patch file Download diff file Expand all files Collapse all files

103
src/secrets.js
View file

@ -1,6 +1,6 @@
const jsonata = require("jsonata");
const { WILDCARD } = require("./constants");
const { normalizeOutputKey } = require("./utils");
/**
* @typedef {Object} SecretRequest
* @property {string} path
@ -23,7 +23,8 @@ const jsonata = require("jsonata");
*/
async function getSecrets(secretRequests, client) {
const responseCache = new Map();
const results = [];
let results = [];
for (const secretRequest of secretRequests) {
let { path, selector } = secretRequest;
@ -46,22 +47,53 @@ async function getSecrets(secretRequests, client) {
throw error
}
}
if (!selector.match(/.*[\.].*/)) {
selector = '"' + selector + '"'
}
selector = "data." + selector
body = JSON.parse(body)
if (body.data["data"] != undefined) {
selector = "data." + selector
}
const value = await selectData(body, selector);
results.push({
request: secretRequest,
value,
cachedResponse
});
body = JSON.parse(body);
if (selector == WILDCARD) {
let keys = body.data;
if (body.data["data"] != undefined) {
keys = keys.data;
}
for (let key in keys) {
let newRequest = Object.assign({},secretRequest);
newRequest.selector = key;
if (secretRequest.selector === secretRequest.outputVarName) {
newRequest.outputVarName = key;
newRequest.envVarName = key;
}
else {
newRequest.outputVarName = secretRequest.outputVarName+key;
newRequest.envVarName = secretRequest.envVarName+key;
}
newRequest.outputVarName = normalizeOutputKey(newRequest.outputVarName);
newRequest.envVarName = normalizeOutputKey(newRequest.envVarName,true);
selector = key;
results = await selectAndAppendResults(
selector,
body,
cachedResponse,
newRequest,
results
);
}
}
else {
results = await selectAndAppendResults(
selector,
body,
cachedResponse,
secretRequest,
results
);
}
}
return results;
}
@ -87,6 +119,43 @@ async function selectData(data, selector) {
return result;
}
/**
* Uses selectData with the selector to get the value and then appends it to the
* results. Returns a new array with all of the results.
* @param {string} selector
* @param {object} body
* @param {object} cachedResponse
* @param {TRequest} secretRequest
* @param {SecretResponse<TRequest>[]} results
* @return {Promise<SecretResponse<TRequest>[]>}
*/
const selectAndAppendResults = async (
selector,
body,
cachedResponse,
secretRequest,
results
) => {
if (!selector.match(/.*[\.].*/)) {
selector = '"' + selector + '"';
}
selector = "data." + selector;
if (body.data["data"] != undefined) {
selector = "data." + selector;
}
const value = await selectData(body, selector);
return [
...results,
{
request: secretRequest,
value,
cachedResponse,
},
];
};
module.exports = {
getSecrets,
selectData