Add secret ref validation
This commit is contained in:
Jill Regan
29
src/utils.ts
29
src/utils.ts
@@ -1,7 +1,7 @@
|
||||
import * as core from "@actions/core";
|
||||
import * as exec from "@actions/exec";
|
||||
import { read, setClientInfo, semverToInt } from "@1password/op-js";
|
||||
import { createClient } from "@1password/sdk";
|
||||
import { createClient, Secrets } from "@1password/sdk";
|
||||
import { version } from "../package.json";
|
||||
import {
|
||||
authErr,
|
||||
@@ -37,6 +37,29 @@ export const getEnvVarNamesWithSecretRefs = (): string[] =>
|
||||
process.env[key]?.startsWith("op://"),
|
||||
);
|
||||
|
||||
const validateSecretRefs = (envNames: string[]): void => {
|
||||
const invalid: string[] = [];
|
||||
|
||||
for (const envName of envNames) {
|
||||
const ref = process.env[envName];
|
||||
if (!ref) {
|
||||
continue;
|
||||
}
|
||||
|
||||
try {
|
||||
Secrets.validateSecretReference(ref);
|
||||
} catch {
|
||||
invalid.push(envName);
|
||||
}
|
||||
}
|
||||
|
||||
// Throw an error if any secret references are invalid
|
||||
if (invalid.length > 0) {
|
||||
const names = invalid.join(", ");
|
||||
throw new Error(`Invalid secret reference(s): ${names}`);
|
||||
}
|
||||
};
|
||||
|
||||
const setResolvedSecret = (
|
||||
envName: string,
|
||||
secretValue: string,
|
||||
@@ -102,6 +125,8 @@ const loadSecretsViaConnect = async (
|
||||
}
|
||||
|
||||
const envs = res.stdout.replace(/\n+$/g, "").split(/\r?\n/);
|
||||
validateSecretRefs(envs);
|
||||
|
||||
for (const envName of envs) {
|
||||
extractSecret(envName, shouldExportEnv);
|
||||
}
|
||||
@@ -119,6 +144,8 @@ const loadSecretsViaServiceAccount = async (
|
||||
return;
|
||||
}
|
||||
|
||||
validateSecretRefs(envs);
|
||||
|
||||
const token = process.env[envServiceAccountToken];
|
||||
if (!token) {
|
||||
throw new Error(authErr);
|
||||
|
||||
Reference in New Issue
Block a user