fix secrets stored in JSON format #473
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
fairclothjm
force-pushed
the
VAULT-17445/fix-multiline-json-str-bug
branch
from
3e33a89
to
a24b038
Compare
fairclothjm
force-pushed
the
VAULT-17445/fix-multiline-json-str-bug
branch
from
7b2ddb7
to
788264d
Compare
src/secrets.js
Outdated
| if (isJSONString(d)) { | ||
| // If we already have a JSON string we will not "stringify" it yet so | ||
| // that we don't end up calling JSON.parse. This would break the | ||
| // secrets that are stored as pure JSON. See: https://github.com/hashicorp/vault-action/issues/194 |
There was a problem hiding this comment.
I feel like you mentioned this before so apologies if this is a repeated q:
Are we avoiding calling JSON.stringify here because under the hood it calls JSON.parse? In that case, a follow up — Hasn't the try-catch block on L139-L143 ensured that JSON.parse does not break things?
There was a problem hiding this comment.
No, JSON.parse does not call JSON.stringify --if I am understanding you correctly. I see how this comment might convey that though. I will see if I can improve the wording a bit.
austingebauer
approved these changes
Jul 6, 2023
robmonte
reviewed
Jul 6, 2023
| - name: Verify Vault Action Outputs | ||
| run: npm run test:integration:e2e | ||
| env: | ||
| OTHER_SECRET_OUTPUT: ${{ steps.kv-secrets.outputs.otherSecret }} | ||
|
|
||
|
|
There was a problem hiding this comment.
Looks like an accidental second newline added?
There was a problem hiding this comment.
Whoops submitted this too late 😓
fairclothjm
added a commit
that referenced
this pull request
Jul 12, 2023
fairclothjm
added a commit
that referenced
this pull request
Jul 12, 2023
fairclothjm
added a commit
that referenced
this pull request
Jul 13, 2023
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
We broke support for secrets in JSON format in #173. This adds that support back and also adds more tests to ensure we can catch any regressions moving forward.
Closes #194