Skip to content
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
16 changes: 6 additions & 10 deletions .github/workflows/build.yml
Original file line number Diff line number Diff line change
Expand Up @@ -2,14 +2,11 @@ name: build
run-name: Check vault and web builds

on:
workflow_run:
workflows:
- vault
- web
types:
- completed
push:
branches:
- main
- "**"
tags:
- "**"
workflow_dispatch:
inputs:
sha:
Expand All @@ -30,14 +27,14 @@ jobs:
env:
GH_TOKEN: ${{ github.token }}
REPO: ${{ github.repository }}
TRIGGER_SHA: ${{ github.event.workflow_run.head_sha }}
INPUT_SHA: ${{ inputs.sha }}
CURRENT_SHA: ${{ github.sha }}
run: |
set -euo pipefail

sha="$INPUT_SHA"
if [ -z "$sha" ]; then
sha="$TRIGGER_SHA"
sha="$CURRENT_SHA"
fi
if [ -z "$sha" ]; then
sha="$(gh api "repos/$REPO/branches/main" --jq '.commit.sha')"
Expand All @@ -51,7 +48,6 @@ jobs:
for attempt in $(seq 1 60); do
result="$(
gh api --method GET "repos/$REPO/actions/workflows/$workflow/runs" \
-f branch=main \
-f head_sha="$sha" \
-f per_page=1 \
--jq '(.workflow_runs[0] // empty) | [.status, (.conclusion // ""), .html_url] | @tsv'
Expand Down
18 changes: 17 additions & 1 deletion vault/api/api.go
Original file line number Diff line number Diff line change
Expand Up @@ -44,6 +44,7 @@ func InitializeRoutes(router *gin.Engine) {
router.GET("/ping", Ping)

router.POST("/integrations/github/actions/env", ExportGitHubActionsEnv)
router.POST("/integrations/kubernetes/secrets", ExportKubernetesSecrets)

router.POST("/auth/login", LoginWithSentinel)
router.GET("/auth/session", GetSession)
Expand All @@ -57,6 +58,16 @@ func InitializeRoutes(router *gin.Engine) {
router.PUT("/integrations/github/actions/rules/:id", UpdateGitHubActionsRule)
router.DELETE("/integrations/github/actions/rules/:id", DeleteGitHubActionsRule)

router.GET("/integrations/kubernetes/clusters", ListKubernetesClusters)
router.POST("/integrations/kubernetes/clusters/verify", VerifyKubernetesCluster)
router.POST("/integrations/kubernetes/clusters", CreateKubernetesCluster)
router.PUT("/integrations/kubernetes/clusters/:id", UpdateKubernetesCluster)
router.DELETE("/integrations/kubernetes/clusters/:id", DeleteKubernetesCluster)
router.GET("/integrations/kubernetes/rules", ListKubernetesSecretRules)
router.POST("/integrations/kubernetes/rules", CreateKubernetesSecretRule)
router.PUT("/integrations/kubernetes/rules/:id", UpdateKubernetesSecretRule)
router.DELETE("/integrations/kubernetes/rules/:id", DeleteKubernetesSecretRule)

router.POST("/secrets/totp/qr", DecodeTOTPRegistrationQRCode)

router.GET("/app-secrets", ListApplications)
Expand Down Expand Up @@ -116,7 +127,8 @@ func authRouteSkipsTokenValidation(path string) bool {
return path == "/auth/login" ||
path == "/auth/refresh" ||
path == "/auth/logout" ||
path == "/integrations/github/actions/env"
path == "/integrations/github/actions/env" ||
path == "/integrations/kubernetes/secrets"
}

func UnauthorizedPanicHandler() gin.HandlerFunc {
Expand Down Expand Up @@ -243,6 +255,10 @@ func RequestTokenCanManageGitHubActionsRules(c *gin.Context) bool {
return RequestTokenCanManageSettings(c) || RequestTokenHasGroupName(c, "DevopsMembers")
}

func RequestTokenCanManageKubernetesSecretRules(c *gin.Context) bool {
return RequestTokenCanManageSettings(c) || RequestTokenHasGroupName(c, "DevopsMembers")
}

func GetRequestToken(c *gin.Context) string {
token, _ := c.Get("Auth-Token")
return contextString(token)
Expand Down
Loading
Loading