Skip to content

Commit

Permalink
Add disable-env-vars input and document outputs
Browse files Browse the repository at this point in the history
  • Loading branch information
strideynet committed Aug 12, 2024
1 parent f16241b commit a8957d8
Show file tree
Hide file tree
Showing 7 changed files with 68 additions and 7 deletions.
8 changes: 8 additions & 0 deletions actions/auth-application/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -72,3 +72,11 @@ jobs:
- name: Make request
run: curl --cert ${{ steps.auth.outputs.certificate-file }} --key ${{ steps.auth.outputs.key-file }} https://grafana-example.tele.example.com/api/users
```
## Outputs
This action will output the following values:
- `identity-file`: the path to the identity file.
- `certificate-file`: the path to the client certificate.
- `key-file`: the path to the private key for the client certificate.

1 change: 1 addition & 0 deletions actions/auth-application/src/index.ts
Original file line number Diff line number Diff line change
Expand Up @@ -49,6 +49,7 @@ async function run() {
);
await tbot.execute(configPath, env);

core.setOutput('identity-file', path.join(destinationPath, 'identity'));
core.setOutput('certificate-file', path.join(destinationPath, 'tlscert'));
core.setOutput('key-file', path.join(destinationPath, 'key'));
}
Expand Down
20 changes: 20 additions & 0 deletions actions/auth-k8s/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -71,6 +71,26 @@ jobs:
run: kubectl get pods
```
## Environment Variables
By default, this action will set the following environment variables:
- `KUBECONFIG`: the path to the generated Kubernetes configuration file.

This will automatically configure tools like `kubectl` to use the generated
credentials. However, this can cause issues if you intend to invoke `tbot`
multiple times.

You can disable this behaviour by setting the `disable-env-vars` input to
`true`.

## Outputs

This action will output the following values:

- `identity-file`: the path to the identity file.
- `kubeconfig`: the path to the generated Kubernetes configuration file.

## Next steps

Read the `teleport-actions/auth-k8s` getting started guide:
Expand Down
12 changes: 8 additions & 4 deletions actions/auth-k8s/src/index.ts
Original file line number Diff line number Diff line change
Expand Up @@ -49,9 +49,13 @@ async function run() {
);
await tbot.execute(configPath, env);

core.exportVariable(
'KUBECONFIG',
path.join(destinationPath, '/kubeconfig.yaml')
);
const identityPath = path.join(destinationPath, 'identity');
const kubeConfigPath = path.join(destinationPath, 'kubeconfig.yaml');
core.setOutput('identity-file', identityPath);
core.setOutput('kubeconfig', kubeConfigPath);

if (!sharedInputs.disableEnvVars) {
core.exportVariable('KUBECONFIG', kubeConfigPath);
}
}
run().catch(core.setFailed);
22 changes: 22 additions & 0 deletions actions/auth/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -73,6 +73,28 @@ jobs:
Note that `tsh` and `tctl` require the flag pointing at the identity file and
`tctl` also requires the address of the Proxy or Auth Server to be provided.

## Environment Variables

By default, this action will set the following environment variables:

- `TELEPORT_AUTH_SERVER`: the address of the Teleport Auth Server.
- `TELEPORT_PROXY`: the address of the Teleport Proxy.
- `TELEPORT_IDENTITY_FILE`: the path to the identity file.

This will automatically configure tools like `tsh` and `tctl` to use the
generated credentials. However, this can cause issues if you intend to invoke
`tbot` multiple times.

You can disable this behaviour by setting the `disable-env-vars` input to
`true`.

## Outputs

This action will output the following values:

- `identity-file`: the path to the identity file.
- `ssh-config`: the path to the generated SSH config.

## Next steps

Read the `teleport-actions/auth` getting started guide:
Expand Down
9 changes: 6 additions & 3 deletions actions/auth/src/index.ts
Original file line number Diff line number Diff line change
Expand Up @@ -38,8 +38,11 @@ async function run() {
const sshConfigFilePath = path.join(destinationPath, 'ssh_config');
core.setOutput('identity-file', identityFilePath);
core.setOutput('ssh-config', sshConfigFilePath);
core.exportVariable('TELEPORT_PROXY', sharedInputs.proxy);
core.exportVariable('TELEPORT_AUTH_SERVER', sharedInputs.proxy);
core.exportVariable('TELEPORT_IDENTITY_FILE', identityFilePath);

if (!sharedInputs.disableEnvVars) {
core.exportVariable('TELEPORT_PROXY', sharedInputs.proxy);
core.exportVariable('TELEPORT_AUTH_SERVER', sharedInputs.proxy);
core.exportVariable('TELEPORT_IDENTITY_FILE', identityFilePath);
}
}
run().catch(core.setFailed);
3 changes: 3 additions & 0 deletions common/lib/tbot.ts
Original file line number Diff line number Diff line change
Expand Up @@ -14,6 +14,7 @@ export interface SharedInputs {
certificateTTL: string;
anonymousTelemetry: boolean;
caPins: string[];
disableEnvVars: boolean;
}

function stringToBool(str: string): boolean {
Expand All @@ -29,13 +30,15 @@ export function getSharedInputs(): SharedInputs {
const certificateTTL = core.getInput('certificate-ttl');
const anonymousTelemetry = stringToBool(core.getInput('anonymous-telemetry'));
const caPins = core.getMultilineInput('ca-pins');
const disableEnvVars = stringToBool(core.getInput('disable-env-vars'));

return {
proxy,
token,
certificateTTL,
anonymousTelemetry,
caPins,
disableEnvVars,
};
}

Expand Down

0 comments on commit a8957d8

Please sign in to comment.