wesley/load-secrets-action
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Create client helper

Browse Source
This commit is contained in:
Jill Regan
2026-02-22 11:38:06 -05:00
parent 5523b3fd67
commit db4ac8464b
1 changed files with 51 additions and 44 deletions
Download Patch File Download Diff File Expand all files Collapse all files

95
src/utils.ts
View File

@@ -92,30 +92,8 @@ const getSecretFromConnectItem = async (
return fieldValue; return fieldValue;
} }
// If a file was found, get the content of the file (with retry on 503)
if (fileId) { if (fileId) {
const maxAttempts = 3; return getFileContentWithRetry(client, parsed.vault, parsed.item, fileId);
const retryDelayMs = 2000;
for (let attempt = 1; attempt <= maxAttempts; attempt++) {
try {
const content = await client.getFileContent(
parsed.vault,
parsed.item,
fileId,
);
return content;
} catch (err) {
const is503 =
err &&
typeof err === "object" &&
(err as Record<string, unknown>).statusCode === 503;
if (is503 && attempt < maxAttempts) {
await new Promise((resolve) => setTimeout(resolve, retryDelayMs));
continue;
}
throw err;
}
}
} }
if (parsed.section) { if (parsed.section) {
@@ -129,6 +107,34 @@ const getSecretFromConnectItem = async (
); );
}; };
const getFileContentWithRetry = async (
client: OPConnect,
vaultId: string,
itemId: string,
fileId: string,
): Promise<string> => {
const maxAttempts = 3;
const retryDelayMs = 2000;
for (let attempt = 1; attempt <= maxAttempts; attempt++) {
try {
return await client.getFileContent(vaultId, itemId, fileId);
} catch (err) {
// Retry on 503 errors as this can happen on multiple secret fetches
const is503 =
err !== null &&
typeof err === "object" &&
(err as Record<string, unknown>).statusCode === 503;
if (is503 && attempt < maxAttempts) {
await new Promise((r) => setTimeout(r, retryDelayMs));
continue;
}
throw err;
}
}
return "";
};
export const findSectionIdsByQuery = ( export const findSectionIdsByQuery = (
sections: FullItem["sections"], sections: FullItem["sections"],
sectionQuery: string | undefined, sectionQuery: string | undefined,
@@ -136,7 +142,7 @@ export const findSectionIdsByQuery = (
// If no sections were returned with the item throw an error // If no sections were returned with the item throw an error
if (!sections || sections.length === 0) { if (!sections || sections.length === 0) {
throw new Error( throw new Error(
`section ${sectionQuery} could not be found in specified item`, `Item has no sections; cannot resolve section "${sectionQuery}"`,
); );
} }
@@ -147,7 +153,7 @@ export const findSectionIdsByQuery = (
// If no sections were found with the given query throw an error // If no sections were found with the given query throw an error
if (ids.length === 0) { if (ids.length === 0) {
throw new Error( throw new Error(
`section ${sectionQuery} could not be found in specified item`, `No section matching "${sectionQuery}" found in specified item`,
); );
} }
@@ -251,6 +257,19 @@ const findSingleMatch = <T>(matches: T[]): T | undefined => {
} }
return matches[0]; return matches[0];
}; };
const createConnectClient = (host: string, token: string): OPConnect => {
try {
return OnePasswordConnect({
// eslint-disable-next-line @typescript-eslint/naming-convention
serverURL: host,
token,
});
} catch (err) {
const message = err instanceof Error ? err.message : String(err);
throw new Error(`Connect authentication failed: ${message}`);
}
};
// #endregion // #endregion
// #region Shared helpers and auth // #region Shared helpers and auth
@@ -352,10 +371,10 @@ const fetchVaultId = async (
client: OPConnect, client: OPConnect,
vaultQuery: string, vaultQuery: string,
ref: string, ref: string,
cache: Map<string, string>, vaultIdCache: Map<string, string>,
): Promise<string> => { ): Promise<string> => {
// Check if the vault ID is already cached // Check if the vault ID is already cached to avoid unnecessary API calls
const cached = cache.get(vaultQuery); const cached = vaultIdCache.get(vaultQuery);
if (cached !== undefined) { if (cached !== undefined) {
return cached; return cached;
} }
@@ -367,7 +386,7 @@ const fetchVaultId = async (
); );
} }
cache.set(vaultQuery, vault.id); vaultIdCache.set(vaultQuery, vault.id);
return vault.id; return vault.id;
}; };
// #endregion // #endregion
@@ -390,20 +409,8 @@ const loadSecretsViaConnect = async (
throw new Error(authErr); throw new Error(authErr);
} }
// Authenticate with the Connect SDK const client = createConnectClient(host, token);
let client; const vaultIdCache = new Map<string, string>();
try {
client = OnePasswordConnect({
// eslint-disable-next-line @typescript-eslint/naming-convention
serverURL: host,
token,
});
} catch (err) {
const message = err instanceof Error ? err.message : String(err);
throw new Error(`Connect authentication failed: ${message}`);
}
const vaultIdByQuery = new Map<string, string>();
for (const envName of envs) { for (const envName of envs) {
const ref = process.env[envName]; const ref = process.env[envName];
@@ -419,7 +426,7 @@ const loadSecretsViaConnect = async (
client, client,
parsed.vault, parsed.vault,
ref, ref,
vaultIdByQuery, vaultIdCache,
); );
const item = await client.getItem(vaultId, parsed.item); const item = await client.getItem(vaultId, parsed.item);