-
Notifications
You must be signed in to change notification settings - Fork 5
/
index.js
96 lines (87 loc) · 3.03 KB
/
index.js
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
const core = require('@actions/core');
const github = require('@actions/github');
const auth = require('./auth')
const awsAccess = require('./aws_access')
const secrets = require('./secrets')
const input = require('./input')
async function run() {
try {
core.debug('Fetching input');
const {
accessId,
accessType,
apiUrl,
producerForAwsAccess,
staticSecrets,
dynamicSecrets,
exportSecretsToOutputs,
exportSecretsToEnvironment,
} = input.fetchAndValidateInput();
core.debug(`access id: ${accessId}`);
core.debug(`Fetch akeyless token with access type ${accessType}`);
let akeylessToken;
try {
akeylessLoginResponse = await auth.akeylessLogin(accessId, accessType, apiUrl);
akeylessToken = akeylessLoginResponse['token'];
} catch (error) {
core.error(`Failed to login to AKeyless: ${error}`);
core.setFailed(`Failed to login to AKeyless: ${error}`);
return;
}
core.debug(`AKeyless token length: ${akeylessToken.length}`);
// Logging into AWS and fetching secrets can all run at the same time,
// and we don't need to do anything with the response from them. Therefore, collect
// their promises and then just await for all of them.
let toAwait = []
// AWS Access
if (producerForAwsAccess) {
core.debug(`AWS Access: Fetching credentials with producer ${producerForAwsAccess}`);
toAwait.push(awsAccess.awsLogin(
akeylessToken,
producerForAwsAccess,
apiUrl
));
} else {
core.debug(`AWS Access: Skipping because no AWS producer is specified`);
}
// static secrets
if (staticSecrets) {
core.debug(`Static Secrets: Fetching!`);
toAwait.push(secrets.exportStaticSecrets(
akeylessToken,
staticSecrets,
apiUrl,
exportSecretsToOutputs,
exportSecretsToEnvironment
));
} else {
core.debug(`Static Secrets: Skpping step because no static secrets were specified`);
}
// dynamic secrets
if (dynamicSecrets) {
core.debug(`Dynamic Secrets: Fetching!`);
toAwait.push(secrets.exportDynamicSecrets(
akeylessToken,
dynamicSecrets,
apiUrl,
exportSecretsToOutputs,
exportSecretsToEnvironment
));
} else {
core.debug(`Dynamic Secrets: Skipping step because no dynamic secrets were specified`);
}
} catch (error) {
throw error;
}
}
exports.run = run
if (require.main === module) {
try {
core.debug('Starting main run');
run();
} catch (error) {
core.debug(error.stack);
core.setFailed(error.message);
core.debug(error.message);
}
}