mudhorn/n8n
1
0
Fork 0
mirror of https://github.com/n8n-io/n8n.git synced 2025-03-05 20:50:17 -08:00
Code Issues Actions Packages Projects Releases Wiki Activity

feat: Add config option to prefer GET request over LIST when using Hashicorp Vault (#8049)

Browse source 
## Summary
Hashicorp Vault prefers a `LIST` HTTP method to be used when fetching
secrets but not all environments will allow custom http methods through
WAFs. This PR adds `N8N_EXTERNAL_SECRETS_PREFER_GET` which when set to
`true` will use GET instead of LIST to fetch secrets.


## Review / Merge checklist
- [x] PR title and summary are descriptive. **Remember, the title
automatically goes into the changelog. Use `(no-changelog)` otherwise.**
([conventions](https://github.com/n8n-io/n8n/blob/master/.github/pull_request_title_conventions.md))
This commit is contained in:
Jon 2023-12-15 16:20:39 +00:00 committed by GitHub
parent 5b7ea16d9a
commit 439a22d68f
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
3 changed files with 14 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
packages/cli/src/ExternalSecrets/externalSecretsHelper.ee.ts
View file

@ -3,6 +3,7 @@ import config from '@/config';
import Container from 'typedi'; import Container from 'typedi';
export const updateIntervalTime = () => config.getEnv('externalSecrets.updateInterval') * 1000; export const updateIntervalTime = () => config.getEnv('externalSecrets.updateInterval') * 1000;
export const preferGet = () => config.getEnv('externalSecrets.preferGet');
export function isExternalSecretsEnabled() { export function isExternalSecretsEnabled() {
const license = Container.get(License); const license = Container.get(License);

11
packages/cli/src/ExternalSecrets/providers/vault.ts
View file

@ -5,6 +5,7 @@ import type { AxiosInstance, AxiosResponse } from 'axios';
import axios from 'axios'; import axios from 'axios';
import { Logger } from '@/Logger'; import { Logger } from '@/Logger';
import { EXTERNAL_SECRETS_NAME_REGEX } from '../constants'; import { EXTERNAL_SECRETS_NAME_REGEX } from '../constants';
import { preferGet } from '../externalSecretsHelper.ee';
import { Container } from 'typedi'; import { Container } from 'typedi';
type VaultAuthMethod = 'token' | 'usernameAndPassword' | 'appRole'; type VaultAuthMethod = 'token' | 'usernameAndPassword' | 'appRole';
@ -422,10 +423,14 @@ export class VaultProvider extends SecretsProvider {
listPath += path; listPath += path;
let listResp: AxiosResponse<VaultResponse<VaultSecretList>>; let listResp: AxiosResponse<VaultResponse<VaultSecretList>>;
try { try {
listResp = await this.#http.request<VaultResponse<VaultSecretList>>({ const shouldPreferGet = preferGet();
url: listPath, const url = `${listPath}${shouldPreferGet ? '?list=true' : ''}`;
// eslint-disable-next-line @typescript-eslint/no-unsafe-assignment // eslint-disable-next-line @typescript-eslint/no-unsafe-assignment
method: 'LIST' as any, const method = shouldPreferGet ? 'GET' : ('LIST' as any);
listResp = await this.#http.request<VaultResponse<VaultSecretList>>({
url,
// eslint-disable-next-line @typescript-eslint/no-unsafe-assignment
method,
}); });
} catch { } catch {
return null; return null;

6
packages/cli/src/config/schema.ts
View file

@ -1032,6 +1032,12 @@ export const schema = {
env: 'N8N_EXTERNAL_SECRETS_UPDATE_INTERVAL', env: 'N8N_EXTERNAL_SECRETS_UPDATE_INTERVAL',
doc: 'How often (in seconds) to check for secret updates.', doc: 'How often (in seconds) to check for secret updates.',
}, },
preferGet: {
format: Boolean,
default: false,
env: 'N8N_EXTERNAL_SECRETS_PREFER_GET',
doc: 'Whether to prefer GET over LIST when fetching secrets from Hashicorp Vault.',
},
}, },
deployment: { deployment: {