diff --git a/CHANGELOG.md b/CHANGELOG.md index e0f5f7f6..1e76a54d 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,12 @@ * Add changes here +## 2.7.2 (July 6, 2023) + +Bugs: + +* Fix a regression that broke support for secrets in JSON format [GH-473](https://github.com/hashicorp/vault-action/pull/473) + ## 2.7.1 (July 3, 2023) Bugs: diff --git a/dist/index.js b/dist/index.js index 4a22e9e5..1fa24f45 100644 --- a/dist/index.js +++ b/dist/index.js @@ -19004,12 +19004,13 @@ async function getSecrets(secretRequests, client) { /** * Uses a Jsonata selector retrieve a bit of data from the result - * @param {object} data - * @param {string} selector + * @param {object} data + * @param {string} selector */ async function selectData(data, selector) { const ata = jsonata(selector); let result = JSON.stringify(await ata.evaluate(data)); + // Compat for custom engines if (!result && ((ata.ast().type === "path" && ata.ast()['steps'].length === 1) || ata.ast().type === "string") && selector !== 'data' && 'data' in data) { result = JSON.stringify(await jsonata(`data.${selector}`).evaluate(data)); @@ -19018,7 +19019,18 @@ async function selectData(data, selector) { } if (result.startsWith(`"`)) { + // Support multi-line secrets like JSON strings and ssh keys, see https://github.com/hashicorp/vault-action/pull/173 + // Deserialize the value so that newlines and special characters are + // not escaped in our return value. result = JSON.parse(result); + } else { + // Support secrets stored in Vault as pure JSON, see https://github.com/hashicorp/vault-action/issues/194 + // Serialize the value so that any special characters in the data are + // properly escaped. + result = JSON.stringify(result); + // strip the surrounding quotes added by stringify because the data did + // not have them in the first place + result = result.substring(1, result.length - 1); } return result; } @@ -19028,6 +19040,7 @@ module.exports = { selectData } + /***/ }), /***/ 9491: