From 4bd533450e2440712aef32970ff75083857fcd2c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Kamil=20Doma=C5=84ski?= Date: Thu, 27 Jan 2022 22:33:06 +0100 Subject: [PATCH] make "role" input optional Per Vault documentation it doesn't have to be provided, and the auth provider's "default_role" parameter is required precisely for this case. https://www.vaultproject.io/api/auth/jwt --- integrationTests/basic/jwt_auth.test.js | 9 +++++++++ src/auth.js | 2 +- 2 files changed, 10 insertions(+), 1 deletion(-) diff --git a/integrationTests/basic/jwt_auth.test.js b/integrationTests/basic/jwt_auth.test.js index c761bd40..423758d4 100644 --- a/integrationTests/basic/jwt_auth.test.js +++ b/integrationTests/basic/jwt_auth.test.js @@ -233,6 +233,15 @@ describe('jwt auth', () => { expect(core.exportVariable).toBeCalledWith('SECRET', 'SUPERSECRET'); }) + it('successfully authenticates as default role without specifying it', async () => { + when(core.getInput) + .calledWith('role') + .mockReturnValueOnce(null); + + await exportSecrets(); + expect(core.exportVariable).toBeCalledWith('SECRET', 'SUPERSECRET'); + }) + }); }); diff --git a/src/auth.js b/src/auth.js index ba89eeb8..5e9cb204 100644 --- a/src/auth.js +++ b/src/auth.js @@ -25,7 +25,7 @@ async function retrieveToken(method, client) { case 'jwt': { /** @type {string} */ let jwt; - const role = core.getInput('role', { required: true }); + const role = core.getInput('role', { required: false }); const privateKeyRaw = core.getInput('jwtPrivateKey', { required: false }); const privateKey = Buffer.from(privateKeyRaw, 'base64').toString(); const keyPassword = core.getInput('jwtKeyPassword', { required: false });