Skip to content

Commit

Permalink
fix wildcard handling when field contains dot (#542)
Browse files Browse the repository at this point in the history
* fix wildcard handling when field contains dot

* changelog
  • Loading branch information
fairclothjm authored Apr 15, 2024
1 parent 66531b2 commit 47dbc64
Show file tree
Hide file tree
Showing 4 changed files with 62 additions and 28 deletions.
4 changes: 4 additions & 0 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
@@ -1,5 +1,9 @@
## Unreleased

Improvements:

* fix wildcard handling when field contains dot [GH-542](https://github.com/hashicorp/vault-action/pull/542)

Features:

* `secretId` is no longer required for approle to support advanced use cases like machine login when `bind_secret_id` is false. [GH-522](https://github.com/hashicorp/vault-action/pull/522)
Expand Down
34 changes: 20 additions & 14 deletions dist/index.js
Original file line number Diff line number Diff line change
Expand Up @@ -18999,28 +18999,34 @@ async function getSecrets(secretRequests, client, ignoreNotFound) {

body = JSON.parse(body);

if (selector == WILDCARD) {
if (selector == WILDCARD) {
let keys = body.data;
if (body.data["data"] != undefined) {
keys = keys.data;
}

for (let key in keys) {
let newRequest = Object.assign({},secretRequest);
newRequest.selector = key;
newRequest.selector = key;

if (secretRequest.selector === secretRequest.outputVarName) {
newRequest.outputVarName = key;
newRequest.envVarName = key;
}
else {
newRequest.envVarName = key;
} else {
newRequest.outputVarName = secretRequest.outputVarName+key;
newRequest.envVarName = secretRequest.envVarName+key;
newRequest.envVarName = secretRequest.envVarName+key;
}

newRequest.outputVarName = normalizeOutputKey(newRequest.outputVarName);
newRequest.envVarName = normalizeOutputKey(newRequest.envVarName,true);

newRequest.envVarName = normalizeOutputKey(newRequest.envVarName,true);

// JSONata field references containing reserved tokens should
// be enclosed in backticks
// https://docs.jsonata.org/simple#examples
if (key.includes(".")) {
const backtick = '`';
key = backtick.concat(key, backtick);
}
selector = key;

results = await selectAndAppendResults(
Expand All @@ -19034,13 +19040,13 @@ async function getSecrets(secretRequests, client, ignoreNotFound) {
}
else {
results = await selectAndAppendResults(
selector,
body,
cachedResponse,
secretRequest,
selector,
body,
cachedResponse,
secretRequest,
results
);
}
}
}

return results;
Expand Down
18 changes: 18 additions & 0 deletions integrationTests/basic/integration.test.js
Original file line number Diff line number Diff line change
Expand Up @@ -31,6 +31,14 @@ describe('integration', () => {
},
});

await got(`${vaultUrl}/v1/secret/data/test-with-dot-char`, {
method: 'POST',
headers: {
'X-Vault-Token': vaultToken,
},
body: `{"data":{"secret.foo":"SUPERSECRET"}}`
});

await got(`${vaultUrl}/v1/secret/data/nested/test`, {
method: 'POST',
headers: {
Expand Down Expand Up @@ -193,6 +201,16 @@ describe('integration', () => {
expect(core.exportVariable).toBeCalledWith('OTHERSECRETDASH', 'OTHERSUPERSECRET');
});

it('get wildcard secrets with dot char', async () => {
mockInput(`secret/data/test-with-dot-char * ;`);

await exportSecrets();

expect(core.exportVariable).toBeCalledTimes(1);

expect(core.exportVariable).toBeCalledWith('SECRET__FOO', 'SUPERSECRET');
});

it('get wildcard secrets', async () => {
mockInput(`secret/data/test * ;`);

Expand Down
34 changes: 20 additions & 14 deletions src/secrets.js
Original file line number Diff line number Diff line change
Expand Up @@ -59,28 +59,34 @@ async function getSecrets(secretRequests, client, ignoreNotFound) {

body = JSON.parse(body);

if (selector == WILDCARD) {
if (selector == WILDCARD) {
let keys = body.data;
if (body.data["data"] != undefined) {
keys = keys.data;
}

for (let key in keys) {
let newRequest = Object.assign({},secretRequest);
newRequest.selector = key;
newRequest.selector = key;

if (secretRequest.selector === secretRequest.outputVarName) {
newRequest.outputVarName = key;
newRequest.envVarName = key;
}
else {
newRequest.envVarName = key;
} else {
newRequest.outputVarName = secretRequest.outputVarName+key;
newRequest.envVarName = secretRequest.envVarName+key;
newRequest.envVarName = secretRequest.envVarName+key;
}

newRequest.outputVarName = normalizeOutputKey(newRequest.outputVarName);
newRequest.envVarName = normalizeOutputKey(newRequest.envVarName,true);

newRequest.envVarName = normalizeOutputKey(newRequest.envVarName,true);

// JSONata field references containing reserved tokens should
// be enclosed in backticks
// https://docs.jsonata.org/simple#examples
if (key.includes(".")) {
const backtick = '`';
key = backtick.concat(key, backtick);
}
selector = key;

results = await selectAndAppendResults(
Expand All @@ -94,13 +100,13 @@ async function getSecrets(secretRequests, client, ignoreNotFound) {
}
else {
results = await selectAndAppendResults(
selector,
body,
cachedResponse,
secretRequest,
selector,
body,
cachedResponse,
secretRequest,
results
);
}
}
}

return results;
Expand Down

0 comments on commit 47dbc64

Please sign in to comment.