Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add disable-env-vars input and document outputs #48

Merged
merged 3 commits into from
Aug 20, 2024
Merged
Show file tree
Hide file tree
Changes from 2 commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
8 changes: 8 additions & 0 deletions actions/auth-application/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -72,3 +72,11 @@ jobs:
- name: Make request
run: curl --cert ${{ steps.auth.outputs.certificate-file }} --key ${{ steps.auth.outputs.key-file }} https://grafana-example.tele.example.com/api/users
```

## Outputs

This action will output the following values:

- `identity-file`: the path to the identity file.
- `certificate-file`: the path to the client certificate.
- `key-file`: the path to the private key for the client certificate.
1 change: 1 addition & 0 deletions actions/auth-application/src/index.ts
Original file line number Diff line number Diff line change
Expand Up @@ -49,6 +49,7 @@ async function run() {
);
await tbot.execute(configPath, env);

core.setOutput('identity-file', path.join(destinationPath, 'identity'));
core.setOutput('certificate-file', path.join(destinationPath, 'tlscert'));
core.setOutput('key-file', path.join(destinationPath, 'key'));
}
Expand Down
20 changes: 20 additions & 0 deletions actions/auth-k8s/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -71,6 +71,26 @@ jobs:
run: kubectl get pods
```

## Environment Variables

By default, this action will set the following environment variables:

- `KUBECONFIG`: the path to the generated Kubernetes configuration file.

This will automatically configure tools like `kubectl` to use the generated
credentials. However, this can cause issues if you intend to invoke `tbot`
multiple times.

You can disable this behaviour by setting the `disable-env-vars` input to
`true`.

## Outputs

This action will output the following values:

- `identity-file`: the path to the identity file.
- `kubeconfig`: the path to the generated Kubernetes configuration file.

## Next steps

Read the `teleport-actions/auth-k8s` getting started guide:
Expand Down
12 changes: 8 additions & 4 deletions actions/auth-k8s/src/index.ts
Original file line number Diff line number Diff line change
Expand Up @@ -49,9 +49,13 @@ async function run() {
);
await tbot.execute(configPath, env);

core.exportVariable(
'KUBECONFIG',
path.join(destinationPath, '/kubeconfig.yaml')
);
const identityPath = path.join(destinationPath, 'identity');
const kubeConfigPath = path.join(destinationPath, 'kubeconfig.yaml');
core.setOutput('identity-file', identityPath);
core.setOutput('kubeconfig', kubeConfigPath);

if (!sharedInputs.disableEnvVars) {
core.exportVariable('KUBECONFIG', kubeConfigPath);
}
}
run().catch(core.setFailed);
22 changes: 22 additions & 0 deletions actions/auth/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -73,6 +73,28 @@ jobs:
Note that `tsh` and `tctl` require the flag pointing at the identity file and
`tctl` also requires the address of the Proxy or Auth Server to be provided.

## Environment Variables

By default, this action will set the following environment variables:

- `TELEPORT_AUTH_SERVER`: the address of the Teleport Auth Server.
- `TELEPORT_PROXY`: the address of the Teleport Proxy.
- `TELEPORT_IDENTITY_FILE`: the path to the identity file.

This will automatically configure tools like `tsh` and `tctl` to use the
generated credentials. However, this can cause issues if you intend to invoke
`tbot` multiple times.

You can disable this behaviour by setting the `disable-env-vars` input to
`true`.

## Outputs

This action will output the following values:

- `identity-file`: the path to the identity file.
- `ssh-config`: the path to the generated SSH config.

## Next steps

Read the `teleport-actions/auth` getting started guide:
Expand Down
9 changes: 6 additions & 3 deletions actions/auth/src/index.ts
Original file line number Diff line number Diff line change
Expand Up @@ -38,8 +38,11 @@ async function run() {
const sshConfigFilePath = path.join(destinationPath, 'ssh_config');
core.setOutput('identity-file', identityFilePath);
core.setOutput('ssh-config', sshConfigFilePath);
core.exportVariable('TELEPORT_PROXY', sharedInputs.proxy);
core.exportVariable('TELEPORT_AUTH_SERVER', sharedInputs.proxy);
core.exportVariable('TELEPORT_IDENTITY_FILE', identityFilePath);

if (!sharedInputs.disableEnvVars) {
core.exportVariable('TELEPORT_PROXY', sharedInputs.proxy);
core.exportVariable('TELEPORT_AUTH_SERVER', sharedInputs.proxy);
core.exportVariable('TELEPORT_IDENTITY_FILE', identityFilePath);
}
}
run().catch(core.setFailed);
3 changes: 3 additions & 0 deletions common/lib/tbot.ts
Original file line number Diff line number Diff line change
Expand Up @@ -14,6 +14,7 @@ export interface SharedInputs {
certificateTTL: string;
anonymousTelemetry: boolean;
caPins: string[];
disableEnvVars: boolean;
}

function stringToBool(str: string): boolean {
Expand All @@ -29,13 +30,15 @@ export function getSharedInputs(): SharedInputs {
const certificateTTL = core.getInput('certificate-ttl');
const anonymousTelemetry = stringToBool(core.getInput('anonymous-telemetry'));
const caPins = core.getMultilineInput('ca-pins');
const disableEnvVars = stringToBool(core.getInput('disable-env-vars'));

return {
proxy,
token,
certificateTTL,
anonymousTelemetry,
caPins,
disableEnvVars,
};
}

Expand Down
1 change: 1 addition & 0 deletions package.json
Original file line number Diff line number Diff line change
Expand Up @@ -9,6 +9,7 @@
"common/lib/"
],
"scripts": {
"prettier-write": "yarn prettier --write .",
"prettier-check": "yarn prettier --check .",
"eslint": "eslint --ext .ts .",
"lint": "yarn eslint && yarn prettier-check"
Expand Down
Loading