OPS-1485: Add more credential type support#14
Merged
thedevelopnik merged 12 commits intomainfrom Dec 29, 2025
Merged
Conversation
- Move edge-api.yaml from __test__/resources to resources/ - Update kubb config to output generated code to gen/ instead of __test__/gen/ - Adjust tsconfig.json rootDir - Update vitest coverage exclusions for new gen/ directory
- Add @kubb/plugin-client dependency - Configure client generation in kubb.config.ts with fetch client - Rename npm script from test:generate to generate - Generate new API client code from OpenAPI spec
Add support for: - UsernamePassword - OAuthToken - GoogleWorkloadIdentityFederation - AwsStsFederation Changes: - Create new credential.ts module with getCredential and setOutputs functions - Refactor main.ts to use new credential module instead of api-key module - Update validate.ts to use generated credential type enums - Add validateServerPort function with proper number validation
- Add comprehensive credential.test.ts for new credential module - Update main.test.ts to mock credential module instead of api-key - Update all test imports to use new generated types location - Add server port validation tests - Update test mocks to handle multiple credential types - Remove old api-key.test.ts as it's been replaced by credential.test.ts
thedevelopnik
force-pushed
the
OPS-1485
branch
from
4af0c07 to
7a041d2
Compare
* (feat): GitHub markdowns to emphasize critical information * (feat): flag to trim whitespace. * (lint): linting...
Collaborator
Author
|
Taking this out of draft, as it's fully gone through QA. Question for @apujari-aembit and @m43kwon : do we want to take out the "alpha release" note now that it's gone through all QA steps? I'm pretty confident in it now. But I'm ok leaving it there until we've done more Aembit-on-Aembit work. |
m43kwon
approved these changes
Dec 29, 2025
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Related Issue / Ticket
Ref: https://aembit.atlassian.net/browse/OPS-1485
Summary
This PR adds support for multiple credential types beyond the initial API Key implementation, including Username/Password, OAuth tokens, Google Workload Identity Federation, and AWS STS Federation credentials.
Changes
Build & Infrastructure:
@kubb/plugin-clientfor API client generationFeatures:
credential.tsmodule supporting 5 credential types:ApiKey,UsernamePassword,OAuthToken,GoogleWorkloadIdentityFederation,AwsStsFederationvalidateServerPortfunction with proper validationapi-key.tsmoduleTesting:
Documentation:
Security Considerations
This change handles multiple types of sensitive credentials (passwords, tokens, access keys). All credential outputs are properly masked using
core.setSecret()before being set as Action outputs. No changes to inputsanitization or dependency versions.
Checklist
$ yarn buildbefore my final commit to have an up-to-date distribution of the Action.