arcodange-org/vault-action
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Fix bug with tlsSkipVerify and add test coverage

Browse Source
This commit is contained in:
Jason O'Donnell
2020-08-07 14:57:44 -04:00
parent 6cf013b5c0
commit e5ef6c9c11
5 changed files with 32 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
.github/workflows/build.yml vendored
View File

@@ -221,6 +221,17 @@ jobs:
test secret | NAMED_SECRET ; test secret | NAMED_SECRET ;
nested/test otherSecret ; nested/test otherSecret ;
- name: Test Vault Action (tlsSkipVerify)
uses: ./
with:
url: https://localhost:8200
token: ${{ env.VAULT_TOKEN }}
tlsSkipVerify: true
clientCertificate: ${{ secrets.VAULT_CLIENT_CERT }}
clientKey: ${{ secrets.VAULT_CLIENT_KEY }}
secrets: |
tlsSkipVerify skip ;
- name: Test Vault Action (default KV V1) - name: Test Vault Action (default KV V1)
uses: ./ uses: ./
with: with:
@@ -255,7 +266,7 @@ jobs:
# Removing publish step for now. # Removing publish step for now.
# publish: # publish:
# if: github.event_name == 'push' && contains(github.ref, 'master')
# runs-on: ubuntu-latest # runs-on: ubuntu-latest
# needs: [build, integration, e2e] # needs: [build, integration, e2e]
# steps: # steps:

2
dist/index.js vendored
View File

@@ -14128,7 +14128,7 @@ async function exportSecrets() {
const tlsSkipVerify = (core.getInput('tlsSkipVerify', { required: false }) || 'false').toLowerCase() != 'false'; const tlsSkipVerify = (core.getInput('tlsSkipVerify', { required: false }) || 'false').toLowerCase() != 'false';
if (tlsSkipVerify === true) { if (tlsSkipVerify === true) {
defaultOptions.https.rejectUnauthorized = true; defaultOptions.https.rejectUnauthorized = false;
} }
const caCertificateRaw = core.getInput('caCertificate', { required: false }); const caCertificateRaw = core.getInput('caCertificate', { required: false });

1
integrationTests/e2e-tls/e2e-tls.test.js
View File

@@ -9,5 +9,6 @@ describe('e2e-tls', () => {
expect(process.env.OTHERALTSECRET).toBe("OTHERCUSTOMSECRET"); expect(process.env.OTHERALTSECRET).toBe("OTHERCUSTOMSECRET");
expect(process.env.FOO).toBe("bar"); expect(process.env.FOO).toBe("bar");
expect(process.env.NAMED_CUBBYSECRET).toBe("zap"); expect(process.env.NAMED_CUBBYSECRET).toBe("zap");
expect(process.env.SKIP).toBe("true");
}); });
}); });

17
integrationTests/e2e-tls/setup.js
View File

@@ -113,6 +113,23 @@ const clientKeyRaw = `${process.env.VAULT_CLIENT_KEY}`;
} }
}); });
await got(`https://${vaultUrl}/v1/secret/data/tlsSkipVerify`, {
method: 'POST',
headers: {
'X-Vault-Token': rootToken,
},
https: {
certificateAuthority: caCertificate,
certificate: clientCertificate,
key: clientKey,
},
json: {
data: {
skip: 'true',
},
}
});
await got(`https://${vaultUrl}/v1/sys/mounts/my-secret`, { await got(`https://${vaultUrl}/v1/sys/mounts/my-secret`, {
method: 'POST', method: 'POST',
headers: { headers: {

2
src/action.js
View File

@@ -35,7 +35,7 @@ async function exportSecrets() {
const tlsSkipVerify = (core.getInput('tlsSkipVerify', { required: false }) || 'false').toLowerCase() != 'false'; const tlsSkipVerify = (core.getInput('tlsSkipVerify', { required: false }) || 'false').toLowerCase() != 'false';
if (tlsSkipVerify === true) { if (tlsSkipVerify === true) {
defaultOptions.https.rejectUnauthorized = true; defaultOptions.https.rejectUnauthorized = false;
} }
const caCertificateRaw = core.getInput('caCertificate', { required: false }); const caCertificateRaw = core.getInput('caCertificate', { required: false });