From a8957d878668092df0c127fd49a5f0bddc20d306 Mon Sep 17 00:00:00 2001 From: Noah Stride Date: Mon, 12 Aug 2024 13:39:55 +0100 Subject: [PATCH] Add `disable-env-vars` input and document outputs --- actions/auth-application/README.md | 8 ++++++++ actions/auth-application/src/index.ts | 1 + actions/auth-k8s/README.md | 20 ++++++++++++++++++++ actions/auth-k8s/src/index.ts | 12 ++++++++---- actions/auth/README.md | 22 ++++++++++++++++++++++ actions/auth/src/index.ts | 9 ++++++--- common/lib/tbot.ts | 3 +++ 7 files changed, 68 insertions(+), 7 deletions(-) diff --git a/actions/auth-application/README.md b/actions/auth-application/README.md index e325d11..df2ac2f 100644 --- a/actions/auth-application/README.md +++ b/actions/auth-application/README.md @@ -72,3 +72,11 @@ jobs: - name: Make request run: curl --cert ${{ steps.auth.outputs.certificate-file }} --key ${{ steps.auth.outputs.key-file }} https://grafana-example.tele.example.com/api/users ``` +## Outputs + +This action will output the following values: + +- `identity-file`: the path to the identity file. +- `certificate-file`: the path to the client certificate. +- `key-file`: the path to the private key for the client certificate. + diff --git a/actions/auth-application/src/index.ts b/actions/auth-application/src/index.ts index c201e79..cc9aab5 100644 --- a/actions/auth-application/src/index.ts +++ b/actions/auth-application/src/index.ts @@ -49,6 +49,7 @@ async function run() { ); await tbot.execute(configPath, env); + core.setOutput('identity-file', path.join(destinationPath, 'identity')); core.setOutput('certificate-file', path.join(destinationPath, 'tlscert')); core.setOutput('key-file', path.join(destinationPath, 'key')); } diff --git a/actions/auth-k8s/README.md b/actions/auth-k8s/README.md index e8523f7..8724e11 100644 --- a/actions/auth-k8s/README.md +++ b/actions/auth-k8s/README.md @@ -71,6 +71,26 @@ jobs: run: kubectl get pods ``` +## Environment Variables + +By default, this action will set the following environment variables: + +- `KUBECONFIG`: the path to the generated Kubernetes configuration file. + +This will automatically configure tools like `kubectl` to use the generated +credentials. However, this can cause issues if you intend to invoke `tbot` +multiple times. + +You can disable this behaviour by setting the `disable-env-vars` input to +`true`. + +## Outputs + +This action will output the following values: + +- `identity-file`: the path to the identity file. +- `kubeconfig`: the path to the generated Kubernetes configuration file. + ## Next steps Read the `teleport-actions/auth-k8s` getting started guide: diff --git a/actions/auth-k8s/src/index.ts b/actions/auth-k8s/src/index.ts index aad0f69..1adef88 100644 --- a/actions/auth-k8s/src/index.ts +++ b/actions/auth-k8s/src/index.ts @@ -49,9 +49,13 @@ async function run() { ); await tbot.execute(configPath, env); - core.exportVariable( - 'KUBECONFIG', - path.join(destinationPath, '/kubeconfig.yaml') - ); + const identityPath = path.join(destinationPath, 'identity'); + const kubeConfigPath = path.join(destinationPath, 'kubeconfig.yaml'); + core.setOutput('identity-file', identityPath); + core.setOutput('kubeconfig', kubeConfigPath); + + if (!sharedInputs.disableEnvVars) { + core.exportVariable('KUBECONFIG', kubeConfigPath); + } } run().catch(core.setFailed); diff --git a/actions/auth/README.md b/actions/auth/README.md index 68efcfb..59fe655 100644 --- a/actions/auth/README.md +++ b/actions/auth/README.md @@ -73,6 +73,28 @@ jobs: Note that `tsh` and `tctl` require the flag pointing at the identity file and `tctl` also requires the address of the Proxy or Auth Server to be provided. +## Environment Variables + +By default, this action will set the following environment variables: + +- `TELEPORT_AUTH_SERVER`: the address of the Teleport Auth Server. +- `TELEPORT_PROXY`: the address of the Teleport Proxy. +- `TELEPORT_IDENTITY_FILE`: the path to the identity file. + +This will automatically configure tools like `tsh` and `tctl` to use the +generated credentials. However, this can cause issues if you intend to invoke +`tbot` multiple times. + +You can disable this behaviour by setting the `disable-env-vars` input to +`true`. + +## Outputs + +This action will output the following values: + +- `identity-file`: the path to the identity file. +- `ssh-config`: the path to the generated SSH config. + ## Next steps Read the `teleport-actions/auth` getting started guide: diff --git a/actions/auth/src/index.ts b/actions/auth/src/index.ts index db67de7..aeaa927 100644 --- a/actions/auth/src/index.ts +++ b/actions/auth/src/index.ts @@ -38,8 +38,11 @@ async function run() { const sshConfigFilePath = path.join(destinationPath, 'ssh_config'); core.setOutput('identity-file', identityFilePath); core.setOutput('ssh-config', sshConfigFilePath); - core.exportVariable('TELEPORT_PROXY', sharedInputs.proxy); - core.exportVariable('TELEPORT_AUTH_SERVER', sharedInputs.proxy); - core.exportVariable('TELEPORT_IDENTITY_FILE', identityFilePath); + + if (!sharedInputs.disableEnvVars) { + core.exportVariable('TELEPORT_PROXY', sharedInputs.proxy); + core.exportVariable('TELEPORT_AUTH_SERVER', sharedInputs.proxy); + core.exportVariable('TELEPORT_IDENTITY_FILE', identityFilePath); + } } run().catch(core.setFailed); diff --git a/common/lib/tbot.ts b/common/lib/tbot.ts index 75bef9f..b1f277b 100644 --- a/common/lib/tbot.ts +++ b/common/lib/tbot.ts @@ -14,6 +14,7 @@ export interface SharedInputs { certificateTTL: string; anonymousTelemetry: boolean; caPins: string[]; + disableEnvVars: boolean; } function stringToBool(str: string): boolean { @@ -29,6 +30,7 @@ export function getSharedInputs(): SharedInputs { const certificateTTL = core.getInput('certificate-ttl'); const anonymousTelemetry = stringToBool(core.getInput('anonymous-telemetry')); const caPins = core.getMultilineInput('ca-pins'); + const disableEnvVars = stringToBool(core.getInput('disable-env-vars')); return { proxy, @@ -36,6 +38,7 @@ export function getSharedInputs(): SharedInputs { certificateTTL, anonymousTelemetry, caPins, + disableEnvVars, }; }