feat: support for KV version 1 and custom-named engines (#12)

* feat: kv v1 and engine path

* doc: add custom version and engine path usage docs

Co-authored-by: Richard Simpson <richardsimpson@outlook.com>

action.js

@@ -7,6 +7,9 @@ async function exportSecrets() {
     const vaultUrl = core.getInput('url', { required: true });
     const vaultNamespace = core.getInput('namespace', { required: false });
 
+    let enginePath = core.getInput('path', { required: false });
+    let kvVersion = core.getInput('kv-version', { required: false });
+
     const secretsInput = core.getInput('secrets', { required: true });
     const secrets = parseSecretsInput(secretsInput);
 
@@ -21,10 +24,10 @@ async function exportSecrets() {
             const vaultRoleId = core.getInput('roleId', { required: true });
             const vaultSecretId = core.getInput('secretId', { required: true });
             core.debug('Try to retrieve Vault Token from approle');
-            var options = { 
-                headers: {}, 
-                json: { role_id: vaultRoleId, secret_id: vaultSecretId }, 
-                responseType: 'json' 
+            var options = {
+                headers: {},
+                json: { role_id: vaultRoleId, secret_id: vaultSecretId },
+                responseType: 'json'
             };
 
             if (vaultNamespace != null) {
@@ -44,6 +47,20 @@ async function exportSecrets() {
             break;
     }
 
+    if (!enginePath) {
+        enginePath = 'secret';
+    }
+
+    if (!kvVersion) {
+        kvVersion = '2';
+    }
+
+    if (kvVersion !== '1' && kvVersion !== '2') {
+        throw Error(`You must provide a valid K/V version (1 or 2). Input: "${kvVersion}"`);
+    }
+
+    kvVersion = parseInt(kvVersion);
+
     for (const secret of secrets) {
         const { secretPath, outputName, secretKey } = secret;
         const requestOptions = {
@@ -56,12 +73,13 @@ async function exportSecrets() {
             requestOptions.headers["X-Vault-Namespace"] = vaultNamespace;
         }
 
-        const result = await got(`${vaultUrl}/v1/secret/data/${secretPath}`, requestOptions);
+        const requestPath = (kvVersion === 1)
+                            ? `${vaultUrl}/v1/${enginePath}/${secretPath}`
+                            : `${vaultUrl}/v1/${enginePath}/data/${secretPath}`;
+        const result = await got(requestPath, requestOptions);
 
-        const parsedResponse = JSON.parse(result.body);
-        const vaultKeyData = parsedResponse.data;
-        const versionData = vaultKeyData.data;
-        const value = versionData[secretKey];
+        const secretData = parseResponse(result.body, kvVersion);
+        const value = secretData[secretKey];
         command.issue('add-mask', value);
         core.exportVariable(outputName, `${value}`);
         core.debug(`✔ ${secretPath} => ${outputName}`);
@@ -120,6 +138,29 @@ function parseSecretsInput(secretsInput) {
     return output;
 }
 
+/**
+ * Parses a JSON response and returns the secret data
+ * @param {string} responseBody
+ * @param {number} kvVersion
+ */
+function parseResponse(responseBody, kvVersion) {
+    const parsedResponse = JSON.parse(responseBody);
+    let secretData;
+
+    switch(kvVersion) {
+        case 1: {
+            secretData = parsedResponse.data;
+        } break;
+
+        case 2: {
+            const vaultKeyData = parsedResponse.data;
+            secretData = vaultKeyData.data;
+        } break;
+    }
+
+    return secretData;
+}
+
 /**
  * Replaces any forward-slash characters to
  * @param {string} dataKey
@@ -131,5 +172,6 @@ function normalizeOutputKey(dataKey) {
 module.exports = {
     exportSecrets,
     parseSecretsInput,
+    parseResponse,
     normalizeOutputKey
 };