From 12abe748efa14da0ac32cd23868a4524f2ffacfe Mon Sep 17 00:00:00 2001 From: Daniel Hougaard Date: Tue, 20 Aug 2024 00:48:14 +0400 Subject: [PATCH 1/3] Feat: Expand references on retrieve secret --- crates/infisical/src/manager/secrets/get.rs | 3 +-- crates/infisical/tests/secrets.rs | 1 + 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/crates/infisical/src/manager/secrets/get.rs b/crates/infisical/src/manager/secrets/get.rs index 6627375..3b04a2c 100644 --- a/crates/infisical/src/manager/secrets/get.rs +++ b/crates/infisical/src/manager/secrets/get.rs @@ -13,9 +13,8 @@ pub struct GetSecretOptions { pub environment: String, pub project_id: String, pub path: Option, - + pub expand_secret_references: Option, pub r#type: Option, - pub include_imports: Option, } diff --git a/crates/infisical/tests/secrets.rs b/crates/infisical/tests/secrets.rs index 7fe3893..9b69744 100644 --- a/crates/infisical/tests/secrets.rs +++ b/crates/infisical/tests/secrets.rs @@ -183,6 +183,7 @@ mod tests { project_id: variables.project_id.to_string(), path: None, r#type: None, + expand_secret_references: None, include_imports: None, }; From 0db16caa6bc710a81f31c3bc54cd164c64a694a1 Mon Sep 17 00:00:00 2001 From: Daniel Hougaard Date: Tue, 20 Aug 2024 00:48:30 +0400 Subject: [PATCH 2/3] Fix: Access token auth --- .../src/client/auth_method_settings.rs | 23 +++++++++++++++++-- crates/infisical/src/client/client.rs | 4 +++- crates/infisical/src/constants.rs | 2 ++ crates/infisical/src/helper.rs | 6 ++++- 4 files changed, 31 insertions(+), 4 deletions(-) diff --git a/crates/infisical/src/client/auth_method_settings.rs b/crates/infisical/src/client/auth_method_settings.rs index 3521196..ab18ed1 100644 --- a/crates/infisical/src/client/auth_method_settings.rs +++ b/crates/infisical/src/client/auth_method_settings.rs @@ -3,8 +3,8 @@ use schemars::JsonSchema; use serde::{Deserialize, Serialize}; use crate::constants::{ - INFISICAL_AWS_IAM_AUTH_IDENTITY_ID_ENV_NAME, INFISICAL_AZURE_AUTH_IDENTITY_ID_ENV_NAME, - INFISICAL_GCP_AUTH_IDENTITY_ID_ENV_NAME, + INFISICAL_ACCESS_TOKEN_ENV_NAME, INFISICAL_AWS_IAM_AUTH_IDENTITY_ID_ENV_NAME, + INFISICAL_AZURE_AUTH_IDENTITY_ID_ENV_NAME, INFISICAL_GCP_AUTH_IDENTITY_ID_ENV_NAME, INFISICAL_GCP_IAM_SERVICE_ACCOUNT_KEY_FILE_PATH_ENV_NAME, INFISICAL_KUBERNETES_IDENTITY_ID_ENV_NAME, INFISICAL_KUBERNETES_SERVICE_ACCOUNT_TOKEN_PATH_ENV_NAME, @@ -105,11 +105,20 @@ pub enum AuthMethod { GcpIdToken, GcpIam, AwsIam, + AccessToken, } // Custom validation to ensure that if universal_auth or gcp_auth are present, their fields are populated impl AuthenticationOptions { pub fn validate(&mut self) -> Result { + // ACCESS TOKEN: + if let Some(ref access_token) = self.access_token { + if !access_token.is_empty() { + return Ok(AuthMethod::AccessToken); + } + return Err("access_token is present but is empty".into()); + } + // UNIVERSAL AUTH: if let Some(ref auth) = self.universal_auth { if !auth.client_id.is_empty() && !auth.client_secret.is_empty() { @@ -155,6 +164,10 @@ impl AuthenticationOptions { } else { debug!("No authentication method is set. Checking environment variables."); + // access token env + let access_token_env = + std::env::var(INFISICAL_ACCESS_TOKEN_ENV_NAME).unwrap_or_default(); + // universal auth env's let universal_auth_client_id_env = std::env::var(INFISICAL_UNIVERSAL_AUTH_CLIENT_ID_ENV_NAME).unwrap_or_default(); @@ -183,6 +196,12 @@ impl AuthenticationOptions { let azure_auth_identity_id_env = std::env::var(INFISICAL_AZURE_AUTH_IDENTITY_ID_ENV_NAME).unwrap_or_default(); + // access token env check + if !access_token_env.is_empty() { + self.access_token = Some(access_token_env); + return Ok(AuthMethod::AccessToken); + } + // universal auth env check if !universal_auth_client_id_env.is_empty() && !universal_auth_client_secret_env.is_empty() diff --git a/crates/infisical/src/client/client.rs b/crates/infisical/src/client/client.rs index 8ee9325..1683859 100644 --- a/crates/infisical/src/client/client.rs +++ b/crates/infisical/src/client/client.rs @@ -24,7 +24,9 @@ impl Client { // Move the deprecated fields to the new auth object for backwards compatibility. #[allow(deprecated)] { - settings.auth.access_token = settings.access_token; + if settings.auth.access_token.is_none() { + settings.auth.access_token = settings.access_token; + } if settings.client_id.is_some() && settings.client_secret.is_some() { settings.auth.universal_auth = Some(UniversalAuthMethod { diff --git a/crates/infisical/src/constants.rs b/crates/infisical/src/constants.rs index aef7710..777f090 100644 --- a/crates/infisical/src/constants.rs +++ b/crates/infisical/src/constants.rs @@ -21,6 +21,8 @@ pub const INFISICAL_AZURE_AUTH_IDENTITY_ID_ENV_NAME: &str = "INFISICAL_AZURE_AUT pub const INFISICAL_KUBERNETES_IDENTITY_ID_ENV_NAME: &str = "INFISICAL_KUBERNETES_IDENTITY_ID"; +pub const INFISICAL_ACCESS_TOKEN_ENV_NAME: &str = "INFISICAL_ACCESS_TOKEN"; + // AWS EC2 Metadata Service: pub const AWS_EC2_METADATA_TOKEN_URL: &str = "http://169.254.169.254/latest/api/token"; pub const AWS_EC2_INSTANCE_IDENTITY_DOCUMENT_URL: &str = diff --git a/crates/infisical/src/helper.rs b/crates/infisical/src/helper.rs index 99d04e0..8571aab 100644 --- a/crates/infisical/src/helper.rs +++ b/crates/infisical/src/helper.rs @@ -38,10 +38,14 @@ pub async fn handle_authentication(client: &mut Client) -> Result<()> { debug!("Auth validation passed"); let auth_method = validation_result.unwrap_or(AuthMethod::UniversalAuth); - let result; match auth_method { + AuthMethod::AccessToken => { + // Special case, since we don't need to do any authentication with Infisical. + client.set_access_token(client.auth.access_token.clone().unwrap_or("".to_string())); + return Ok(()); + } AuthMethod::UniversalAuth => { debug!("Auth method is Universal Auth"); From a39f624bdff6d2a970fc132ff7620ccbbfd73359 Mon Sep 17 00:00:00 2001 From: Daniel Hougaard Date: Tue, 20 Aug 2024 00:48:39 +0400 Subject: [PATCH 3/3] Fix: Include imports on get single secret --- crates/infisical/src/api/secrets/get_secret.rs | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/crates/infisical/src/api/secrets/get_secret.rs b/crates/infisical/src/api/secrets/get_secret.rs index 0761190..2d6e404 100644 --- a/crates/infisical/src/api/secrets/get_secret.rs +++ b/crates/infisical/src/api/secrets/get_secret.rs @@ -19,9 +19,9 @@ pub async fn get_secret_request( let json: &serde_json::Value = &serde_json::json!({ "workspaceId": input.project_id, "environment": input.environment, - "secretPath": input.path.as_ref().unwrap_or(&"/".to_string()), // default is "/" - "type": input.r#type.as_ref().unwrap_or(&"shared".to_string()), // default is shared - "include_imports": input.include_imports.as_ref().unwrap_or(&false), // default is false + "secretPath": input.path.clone().unwrap_or("/".to_string()), // default is "/" + "type": input.r#type.clone().unwrap_or("shared".to_string()), // default is shared + "include_imports": input.include_imports.unwrap_or(false).to_string(), }); let secret_type = match input.r#type.as_ref() {