github/codeql-action
0
0
Fork 0
mirror of https://github.com/github/codeql-action.git synced 2026-04-26 00:38:48 +00:00
Code Issues Packages Projects Releases Wiki Activity

Fix OIDC credential property names

Browse Source
This commit is contained in:
Michael B. Gale
2026-04-09 17:48:45 +01:00
parent 76a687e1d8
commit d277a56348
5 changed files with 84 additions and 78 deletions
Download Patch File Download Diff File Expand all files Collapse all files
lib/start-proxy-action.js
Generated
+26 -23
View File
@@ -121709,15 +121709,15 @@ function isToken(config) {
return "token" in config && isStringOrUndefined(config.token);
}
function isAzureConfig(config) {
return "tenant_id" in config && "client_id" in config && isDefined2(config.tenant_id) && isDefined2(config.client_id) && isString(config.tenant_id) && isString(config.client_id);
return "tenant-id" in config && "client-id" in config && isDefined2(config["tenant-id"]) && isDefined2(config["client-id"]) && isString(config["tenant-id"]) && isString(config["client-id"]);
}
function isAWSConfig(config) {
const requiredProperties = [
"aws_region",
"account_id",
"role_name",
"aws-region",
"account-id",
"role-name",
"domain",
"domain_owner"
"domain-owner"
];
for (const property of requiredProperties) {
if (!(property in config) || !isDefined2(config[property]) || !isString(config[property])) {
@@ -121733,10 +121733,10 @@ function isJFrogConfig(config) {
if ("audience" in config && !isStringOrUndefined(config.audience)) {
return false;
}
if ("identity_mapping_name" in config && !isStringOrUndefined(config.identity_mapping_name)) {
if ("identity-mapping-name" in config && !isStringOrUndefined(config["identity-mapping-name"])) {
return false;
}
return "jfrog_oidc_provider_name" in config && isDefined2(config.jfrog_oidc_provider_name) && isString(config.jfrog_oidc_provider_name);
return "jfrog-oidc-provider-name" in config && isDefined2(config["jfrog-oidc-provider-name"]) && isString(config["jfrog-oidc-provider-name"]);
}
function credentialToStr(credential) {
let result = `Type: ${credential.type};`;
@@ -121760,18 +121760,21 @@ function credentialToStr(credential) {
appendIfDefined("Token", isDefined2(credential.token) ? "***" : void 0);
}
if (isAzureConfig(credential)) {
appendIfDefined("Tenant", credential.tenant_id);
appendIfDefined("Client", credential.client_id);
appendIfDefined("Tenant", credential["tenant-id"]);
appendIfDefined("Client", credential["client-id"]);
} else if (isAWSConfig(credential)) {
appendIfDefined("AWS Region", credential.aws_region);
appendIfDefined("AWS Account", credential.account_id);
appendIfDefined("AWS Role", credential.role_name);
appendIfDefined("AWS Region", credential["aws-region"]);
appendIfDefined("AWS Account", credential["account-id"]);
appendIfDefined("AWS Role", credential["role-name"]);
appendIfDefined("AWS Domain", credential.domain);
appendIfDefined("AWS Domain Owner", credential.domain_owner);
appendIfDefined("AWS Domain Owner", credential["domain-owner"]);
appendIfDefined("AWS Audience", credential.audience);
} else if (isJFrogConfig(credential)) {
appendIfDefined("JFrog Provider", credential.jfrog_oidc_provider_name);
appendIfDefined("JFrog Identity Mapping", credential.identity_mapping_name);
appendIfDefined("JFrog Provider", credential["jfrog-oidc-provider-name"]);
appendIfDefined(
"JFrog Identity Mapping",
credential["identity-mapping-name"]
);
appendIfDefined("JFrog Audience", credential.audience);
}
return result;
@@ -122188,22 +122191,22 @@ function getRegistryAddress(registry) {
function getAuthConfig(config) {
if (isAzureConfig(config)) {
return {
tenant_id: config.tenant_id,
client_id: config.client_id
"tenant-id": config["tenant-id"],
"client-id": config["client-id"]
};
} else if (isAWSConfig(config)) {
return {
aws_region: config.aws_region,
account_id: config.account_id,
role_name: config.role_name,
"aws-region": config["aws-region"],
"account-id": config["account-id"],
"role-name": config["role-name"],
domain: config.domain,
domain_owner: config.domain_owner,
"domain-owner": config["domain-owner"],
audience: config.audience
};
} else if (isJFrogConfig(config)) {
return {
jfrog_oidc_provider_name: config.jfrog_oidc_provider_name,
identity_mapping_name: config.identity_mapping_name,
"jfrog-oidc-provider-name": config["jfrog-oidc-provider-name"],
"identity-mapping-name": config["identity-mapping-name"],
audience: config.audience
};
} else if (isToken(config)) {
src/start-proxy.test.ts
+8 -8
View File
@@ -351,23 +351,23 @@ test("getCredentials throws an error when non-printable characters are used", as
});
const validAzureCredential: startProxyExports.AzureConfig = {
tenant_id: "12345678-1234-1234-1234-123456789012",
client_id: "abcdef01-2345-6789-abcd-ef0123456789",
"tenant-id": "12345678-1234-1234-1234-123456789012",
"client-id": "abcdef01-2345-6789-abcd-ef0123456789",
};
const validAwsCredential: startProxyExports.AWSConfig = {
aws_region: "us-east-1",
account_id: "123456789012",
role_name: "MY_ROLE",
"aws-region": "us-east-1",
"account-id": "123456789012",
"role-name": "MY_ROLE",
domain: "MY_DOMAIN",
domain_owner: "987654321098",
"domain-owner": "987654321098",
audience: "custom-audience",
};
const validJFrogCredential: startProxyExports.JFrogConfig = {
jfrog_oidc_provider_name: "MY_PROVIDER",
"jfrog-oidc-provider-name": "MY_PROVIDER",
audience: "jfrog-audience",
identity_mapping_name: "my-mapping",
"identity-mapping-name": "my-mapping",
};
test("getCredentials throws an error when non-printable characters are used for Azure OIDC", (t) => {
src/start-proxy.ts
+8 -8
View File
@@ -301,22 +301,22 @@ export function getAuthConfig(
// which we can use to identify them.
if (isAzureConfig(config)) {
return {
tenant_id: config.tenant_id,
client_id: config.client_id,
"tenant-id": config["tenant-id"],
"client-id": config["client-id"],
} satisfies AzureConfig;
} else if (isAWSConfig(config)) {
return {
aws_region: config.aws_region,
account_id: config.account_id,
role_name: config.role_name,
"aws-region": config["aws-region"],
"account-id": config["account-id"],
"role-name": config["role-name"],
domain: config.domain,
domain_owner: config.domain_owner,
"domain-owner": config["domain-owner"],
audience: config.audience,
} satisfies AWSConfig;
} else if (isJFrogConfig(config)) {
return {
jfrog_oidc_provider_name: config.jfrog_oidc_provider_name,
identity_mapping_name: config.identity_mapping_name,
"jfrog-oidc-provider-name": config["jfrog-oidc-provider-name"],
"identity-mapping-name": config["identity-mapping-name"],
audience: config.audience,
} satisfies JFrogConfig;
} else if (isToken(config)) {
src/start-proxy/types.test.ts
+8 -8
View File
@@ -7,23 +7,23 @@ import * as types from "./types";
setupTests(test);
const validAzureCredential: types.AzureConfig = {
tenant_id: "12345678-1234-1234-1234-123456789012",
client_id: "abcdef01-2345-6789-abcd-ef0123456789",
"tenant-id": "12345678-1234-1234-1234-123456789012",
"client-id": "abcdef01-2345-6789-abcd-ef0123456789",
};
const validAwsCredential: types.AWSConfig = {
aws_region: "us-east-1",
account_id: "123456789012",
role_name: "MY_ROLE",
"aws-region": "us-east-1",
"account-id": "123456789012",
"role-name": "MY_ROLE",
domain: "MY_DOMAIN",
domain_owner: "987654321098",
"domain-owner": "987654321098",
audience: "custom-audience",
};
const validJFrogCredential: types.JFrogConfig = {
jfrog_oidc_provider_name: "MY_PROVIDER",
"jfrog-oidc-provider-name": "MY_PROVIDER",
audience: "jfrog-audience",
identity_mapping_name: "my-mapping",
"identity-mapping-name": "my-mapping",
};
test("credentialToStr - pretty-prints valid username+password configurations", (t) => {
src/start-proxy/types.ts
+34 -31
View File
@@ -59,29 +59,29 @@ export function isToken(
}
/** Configuration for Azure OIDC. */
export type AzureConfig = { tenant_id: string; client_id: string };
export type AzureConfig = { "tenant-id": string; "client-id": string };
/** Decides whether `config` is an Azure OIDC configuration. */
export function isAzureConfig(
config: UnvalidatedObject<AuthConfig>,
): config is AzureConfig {
return (
"tenant_id" in config &&
"client_id" in config &&
isDefined(config.tenant_id) &&
isDefined(config.client_id) &&
json.isString(config.tenant_id) &&
json.isString(config.client_id)
"tenant-id" in config &&
"client-id" in config &&
isDefined(config["tenant-id"]) &&
isDefined(config["client-id"]) &&
json.isString(config["tenant-id"]) &&
json.isString(config["client-id"])
);
}
/** Configuration for AWS OIDC. */
export type AWSConfig = {
aws_region: string;
account_id: string;
role_name: string;
"aws-region": string;
"account-id": string;
"role-name": string;
domain: string;
domain_owner: string;
"domain-owner": string;
audience?: string;
};
@@ -91,11 +91,11 @@ export function isAWSConfig(
): config is AWSConfig {
// All of these properties are required.
const requiredProperties = [
"aws_region",
"account_id",
"role_name",
"aws-region",
"account-id",
"role-name",
"domain",
"domain_owner",
"domain-owner",
];
for (const property of requiredProperties) {
@@ -118,30 +118,30 @@ export function isAWSConfig(
/** Configuration for JFrog OIDC. */
export type JFrogConfig = {
jfrog_oidc_provider_name: string;
"jfrog-oidc-provider-name": string;
audience?: string;
identity_mapping_name?: string;
"identity-mapping-name"?: string;
};
/** Decides whether `config` is a JFrog OIDC configuration. */
export function isJFrogConfig(
config: UnvalidatedObject<AuthConfig>,
): config is JFrogConfig {
// The "audience" and "identity_mapping_name" fields are optional, but should be strings if present.
// The "audience" and "identity-mapping-name" fields are optional, but should be strings if present.
if ("audience" in config && !json.isStringOrUndefined(config.audience)) {
return false;
}
if (
"identity_mapping_name" in config &&
!json.isStringOrUndefined(config.identity_mapping_name)
"identity-mapping-name" in config &&
!json.isStringOrUndefined(config["identity-mapping-name"])
) {
return false;
}
return (
"jfrog_oidc_provider_name" in config &&
isDefined(config.jfrog_oidc_provider_name) &&
json.isString(config.jfrog_oidc_provider_name)
"jfrog-oidc-provider-name" in config &&
isDefined(config["jfrog-oidc-provider-name"]) &&
json.isString(config["jfrog-oidc-provider-name"])
);
}
@@ -189,18 +189,21 @@ export function credentialToStr(credential: Credential): string {
}
if (isAzureConfig(credential)) {
appendIfDefined("Tenant", credential.tenant_id);
appendIfDefined("Client", credential.client_id);
appendIfDefined("Tenant", credential["tenant-id"]);
appendIfDefined("Client", credential["client-id"]);
} else if (isAWSConfig(credential)) {
appendIfDefined("AWS Region", credential.aws_region);
appendIfDefined("AWS Account", credential.account_id);
appendIfDefined("AWS Role", credential.role_name);
appendIfDefined("AWS Region", credential["aws-region"]);
appendIfDefined("AWS Account", credential["account-id"]);
appendIfDefined("AWS Role", credential["role-name"]);
appendIfDefined("AWS Domain", credential.domain);
appendIfDefined("AWS Domain Owner", credential.domain_owner);
appendIfDefined("AWS Domain Owner", credential["domain-owner"]);
appendIfDefined("AWS Audience", credential.audience);
} else if (isJFrogConfig(credential)) {
appendIfDefined("JFrog Provider", credential.jfrog_oidc_provider_name);
appendIfDefined("JFrog Identity Mapping", credential.identity_mapping_name);
appendIfDefined("JFrog Provider", credential["jfrog-oidc-provider-name"]);
appendIfDefined(
"JFrog Identity Mapping",
credential["identity-mapping-name"],
);
appendIfDefined("JFrog Audience", credential.audience);
}