Update to v2.7.0 (#468)

hashicorp · Jun 21, 2023 · 357cb9c · 357cb9c
1 parent b9f4d16
commit 357cb9c
Show file tree

Hide file tree

Showing 2 changed files with 49 additions and 5 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,5 +1,9 @@
 ## Unreleased
 
+* Add changes here
+
+## 2.7.0 (June 21, 2023)
+
 Bugs:
 
 * Fix a regression that broke support for secrets in JSON format [GH-466](https://github.com/hashicorp/vault-action/pull/466)

diff --git a/dist/index.js b/dist/index.js
@@ -18937,7 +18937,6 @@ module.exports = {
 
 const jsonata = __nccwpck_require__(4245);
 
-
 /**
  * @typedef {Object} SecretRequest
  * @property {string} path
@@ -19004,12 +19003,20 @@ async function getSecrets(secretRequests, client) {
 
 /**
  * Uses a Jsonata selector retrieve a bit of data from the result
- * @param {object} data 
- * @param {string} selector 
+ * @param {object} data
+ * @param {string} selector
  */
 async function selectData(data, selector) {
     const ata = jsonata(selector);
-    let result = JSON.stringify(await ata.evaluate(data));
+    let d = await ata.evaluate(data);
+    if (isJSON(d)) {
+        // If we already have JSON we will not "stringify" it yet so that we
+        // don't end up calling JSON.parse. This would break the secrets that
+        // are stored as JSON. See: https://github.com/hashicorp/vault-action/issues/194
+        result = d;
+    } else {
+        result = JSON.stringify(d);
+    }
     // Compat for custom engines
     if (!result && ((ata.ast().type === "path" && ata.ast()['steps'].length === 1) || ata.ast().type === "string") && selector !== 'data' && 'data' in data) {
         result = JSON.stringify(await jsonata(`data.${selector}`).evaluate(data));
@@ -19018,16 +19025,49 @@ async function selectData(data, selector) {
     }
 
     if (result.startsWith(`"`)) {
-        result = JSON.parse(result);
+        // we need to strip the beginning and ending quotes otherwise it will
+        // always successfully parse as JSON
+        result = result.substring(1, result.length - 1);
+        if (!isJSON(result)) {
+            // add the quotes back so we can parse it into a Javascript object
+            // to allow support for multi-line secrets. See https://github.com/hashicorp/vault-action/issues/160
+            result = `"${result}"`
+            result = JSON.parse(result);
+        }
+    } else if (isJSON(result)) {
+        // This is required to support secrets in JSON format.
+        // See https://github.com/hashicorp/vault-action/issues/194 and https://github.com/hashicorp/vault-action/pull/173
+        result = JSON.stringify(result);
+        result = result.substring(1, result.length - 1);
     }
     return result;
 }
 
+/**
+ * isJSON returns true if str parses as a valid JSON string
+ * @param {string} str
+ */
+function isJSON(str) {
+    if (typeof str !== "string"){
+        return false;
+    }
+
+    try {
+        JSON.parse(str);
+    } catch (e) {
+        return false;
+    }
+
+    return true;
+}
+
 module.exports = {
     getSecrets,
     selectData
 }
 
+
+
 /***/ }),
 
 /***/ 9491: