wesley/load-secrets-action
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Fix item and vault loading by name

Browse Source
This commit is contained in:
Floris van der Grinten
2021-06-09 11:07:49 +02:00
parent 7bf534f3d4
commit 8d95cf6d0d
2 changed files with 26 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
.github/workflows/test.yml vendored
View File

@@ -39,12 +39,12 @@ jobs:
run: printenv run: printenv
- name: Assert removed secrets - name: Assert removed secrets
run: ./tests/assert-env-unset.sh run: ./tests/assert-env-unset.sh
- name: Load secret again - name: Load secrets by vault and item titles
uses: ./ # 1password/load-secrets-action@<version> uses: ./ # 1password/load-secrets-action@<version>
env: env:
SECRET: op://v5pz6venw4roosmkzdq2nhpv6u/hrgkzhrlvscomepxlgafb2m3ca/password SECRET: op://acceptance-tests/test-secret/password
SECRET_IN_SECTION: op://v5pz6venw4roosmkzdq2nhpv6u/hrgkzhrlvscomepxlgafb2m3ca/test-section/password SECRET_IN_SECTION: op://acceptance-tests/test-secret/test-section/password
MULTILINE_SECRET: op://v5pz6venw4roosmkzdq2nhpv6u/ghtz3jvcc6dqmzc53d3r3eskge/notesPlain MULTILINE_SECRET: op://acceptance-tests/multiline-secret/notesPlain
- name: Print environment variables with masked secrets - name: Print environment variables with masked secrets
run: printenv run: printenv
- name: Assert test secret values again - name: Assert test secret values again

23
entrypoint.sh
View File

@@ -27,6 +27,8 @@ if [ "$INPUT_UNSET_PREVIOUS" == "true" ]; then
managed_variables=() managed_variables=()
fi fi
curl_headers=(-H "Content-Type: application/json" -H "Authorization: Bearer $OP_CONNECT_TOKEN")
# Iterate over environment varables to find 1Password references, load the secret values, # Iterate over environment varables to find 1Password references, load the secret values,
# and make them available as environment variables in the next steps. # and make them available as environment variables in the next steps.
IFS=$'\n' IFS=$'\n'
@@ -70,8 +72,27 @@ for possible_ref in $(printenv | grep "=op://" | grep -v "^#"); do
section="" section=""
fi fi
if [[ $(echo -n $(echo $vault | grep "^[a-z0-9]*$") | wc -c) -ne 26 ]]; then
echo "Getting vault ID from vault name: $vault"
vault=$(curl -sSf "${curl_headers[@]}" "$OP_CONNECT_HOST/v1/vaults?filter=name%20eq%20%22$vault%22" | jq -r '.[0] | .id')
if [ -z "$vault" ]; then
echo "Could not find vault ID for vault: $vault"
exit 1
fi
fi
if [[ $(echo -n $(echo $item | grep "^[a-z0-9]*$") | wc -c) -ne 26 ]]; then
echo "Getting item ID from vault $vault..."
item=$(curl -sSf "${curl_headers[@]}" "$OP_CONNECT_HOST/v1/vaults/$vault/items?filter=title%20eq%20%22$item%22" | jq -r '.[0] | .id')
if [ -z "$item" ]; then
echo "Could not find item ID for item: $item"
exit 1
fi
fi
echo "Loading item $item from vault $vault..." echo "Loading item $item from vault $vault..."
item_json=$(curl -sSf -H "Content-Type: application/json" -H "Authorization: Bearer $OP_CONNECT_TOKEN" "$OP_CONNECT_HOST/v1/vaults/$vault/items/$item") item_json=$(curl -sSf "${curl_headers[@]}" "$OP_CONNECT_HOST/v1/vaults/$vault/items/$item")
jq_field_selector=".id == \"$field\" or .label == \"$field\"" jq_field_selector=".id == \"$field\" or .label == \"$field\""
jq_section_selector=".section == null" jq_section_selector=".section == null"