feat: wildcard for fetching all secrets

[matryxxx02]

fixes #234

This PR allows the use of * (wildcard) to fetch all secrets into env variables.

Example Usage

example of secrets :

{
 ci : {
   aws : {
     URL_API : {
        "http://localhost:3000"
     }
   }
 }
}

jobs:
    build:
        # ...
        steps:
            # ...
            - name: Import Secrets
              uses: hashicorp/vault-action@v2.3.1
              with:
                url: https://vault.mycompany.com:8200
                token: ${{ secrets.VaultToken }}
                caCertificate: ${{ secrets.VAULTCA }}
                secrets: |
                    secret/data/ci/aws *
            # ...
           - name : Test secret
              run: echo "Hello ${{env.URL_API}}"

[hashicorp-cla]

All committers have signed the CLA.

[slemme1]

When will this be resolved to get this code merged?

[slemme1]

When will this get resolved to get this code merged?

[bfaulk96]

This would be great!

[bfaulk96]

@matryxxx02 any chance you could resolve those merge conflicts?

[bfaulk96]

Dang, that was fast!! @doowb What are the chances of this landing in the next release?

[ElenaForester]

Eagerly waiting for this to be released 🙏

[karlanuetzel]

+1 on this landing in next release

[ndrader]

Any news on this getting merged? Would love to use it.

[ElenaForester]

Any news on this getting merged? Would love to use it.

I figured out that for now you can use

secrets: |
                    secret/data/ci/aws $.$

[Marcanta]

Any news on this getting merged? Would love to use it.

I figured out that for now you can use

secrets: |
                    secret/data/ci/aws $.$

I agree, however, it's annoying to use...

      - name: Import env.TEST from vault
        uses: hashicorp/vault-action@v2.3.0
        with:
          url: http://127.0.0.1:8200
          tlsSkipVerify: true
          token: ${{ secrets.VAULT_TOKEN }}
          secrets: |
              secret/data/test $.$ | TEST
              
      - name : echo env
        run: echo "Hello ${{env.TEST.HELLO_WORLD}}"

It would be great if we could drop the TEST.

[karlanuetzel]

Any update on this?

[bfaulk96]

Currently going on 1 year, 47 days, 21 hours, 50 minutes since this great PR was created and subsequently ignored.

[heatherezell]

Currently going on 1 year, 47 days, 21 hours, 50 minutes since this great PR was created and subsequently ignored.

You're right, and you have my apologies as well as my thanks for resurfacing this. I'll have our engineering team take a look. :)

[bfaulk96]

@hsimon-hashicorp Well, the as the old adage goes, "Better late than never". Thank you for looking into this! 😄

[bfaulk96]

@matryxxx02 looks like there are once again a few merge conflicts, if you have time to address them

[brewgator]

Good work so far, just a couple possible issues I noticed. Thank you for sticking with this, I do think that this is a good feature we would want to include.

[brewgator]

Can you remove the changes here? dist/index.js is generated upon release, so we don't need to include any files in the dist/ directory.

[brewgator]

I believe we will need to pull out the JSON parse and move it here so body is parsed in both conditional branches.

[brewgator]

I think moving this to its own function is a good idea, however it seems to cause some issues with the acceptance tests

~$ npm run test

> vault-action@0.1.0 test
> jest

 PASS  src/auth.test.js
 FAIL  src/action.test.js
  ● exportSecrets › single-line secret gets masked

    expect(jest.fn()).toBeCalledTimes(expected)

    Expected number of calls: 1
    Received number of calls: 2

      334 |         await exportSecrets();
      335 |
    > 336 |         expect(command.issue).toBeCalledTimes(1);
          |                               ^
      337 |
      338 |         expect(command.issue).toBeCalledWith('add-mask', 'secret');
      339 |         expect(core.setOutput).toBeCalledWith('key', 'secret');

      at Object.toBeCalledTimes (src/action.test.js:336:31)

  ● exportSecrets › multi-line secret gets masked for each line

    expect(jest.fn()).toBeCalledTimes(expected)

    Expected number of calls: 2
    Received number of calls: 4

      354 |         await exportSecrets();
      355 |
    > 356 |         expect(command.issue).toBeCalledTimes(2); // 1 for each non-empty line.
          |                               ^
      357 |
      358 |         expect(command.issue).toBeCalledWith('add-mask', 'a multi-line string');
      359 |         expect(command.issue).toBeCalledWith('add-mask', 'with blank lines');

      at Object.toBeCalledTimes (src/action.test.js:356:31)

::add-mask::value
::add-mask::value
 PASS  src/retries.test.js

Test Suites: 1 failed, 2 passed, 3 total
Tests:       2 failed, 27 passed, 29 total
Snapshots:   0 total
Time:        2.532 s, estimated 3 s
Ran all test suites.
::add-mask::value
::add-mask::value

[maxcoulombe]

Hey everyone, thanks for showing interest in this feature. I'm happy to report that an equivalent implementation was recently merged in #488 . I'll close this PR for now as the functionality implemented appears equivalent.

The wildcard selector feature should be available in an up-coming v2.8.0 release, cheers!