Merge branch 'release/7.42.0'

Author: appurva21

CHANGELOG.yaml

@@ -1,3 +1,11 @@
+7.42.0:
+  date: 2024-09-04
+  new features:
+    - GH-1452 Enabled async access to vault secrets
+    - GH-1413 Added support for initializing local variables
+  chores:
+    - GH-1452 Update dependencies
+
 7.41.2:
   date: 2024-08-16
   fixed bugs:

README.md

@@ -51,6 +51,9 @@ runner.run(collection, {
     // Globals (a "VariableScope" from the SDK)
     globals: new sdk.VariableScope(),
 
+    // Local variables (a "VariableScope" from the SDK)
+    localVariables: new sdk.VariableScope(),
+
     // Execute a folder/request using id/name or path
     entrypoint: {
         // execute a folder/request using id or name

lib/runner/extensions/event.command.js

@@ -21,6 +21,8 @@ var _ = require('lodash'),
     EXECUTION_COOKIES_EVENT_BASE = 'execution.cookies.',
     EXECUTION_SKIP_REQUEST_EVENT_BASE = 'execution.skipRequest.',
 
+    EXECUTION_VAULT_BASE = 'execution.vault.',
+
     COOKIES_EVENT_STORE_ACTION = 'store',
     COOKIE_STORE_PUT_METHOD = 'putCookie',
     COOKIE_STORE_UPDATE_METHOD = 'updateCookie',
@@ -240,8 +242,17 @@ module.exports = {
 
                 packageResolver = _.get(this, 'options.script.packageResolver'),
 
+                vaultSecrets = payload.context.vaultSecrets,
+                allowVaultAccess = _.get(vaultSecrets, '_.allowScriptAccess'),
+
                 events;
 
+            // Explicitly enable tracking for vault secrets here as this will
+            // not be sent to sandbox who otherwise takes care of mutation tracking
+            if (allowVaultAccess) {
+                vaultSecrets.enableTracking({ autoCompact: true });
+            }
+
             // @todo: find a better place to code this so that event is not aware of such options
             if (abortOnFailure) {
                 abortOnError = true;
@@ -387,6 +398,22 @@ module.exports = {
                         }
                     }.bind(this));
 
+                this.host.on(EXECUTION_VAULT_BASE + executionId, function (id, cmd, ...args) {
+                    // Ensure error is string
+                    // TODO identify why error objects are not being serialized correctly
+                    const dispatch = (e, r) => { this.host.dispatch(EXECUTION_VAULT_BASE + executionId, id, e, r); };
+
+                    if (!allowVaultAccess) {
+                        return dispatch('Vault access denied');
+                    }
+
+                    if (!['get', 'set', 'unset'].includes(cmd)) {
+                        return dispatch(`Invalid vault command: ${cmd}`);
+                    }
+
+                    dispatch(null, vaultSecrets[cmd](...args));
+                }.bind(this));
+
                 this.host.on(EXECUTION_REQUEST_EVENT_BASE + executionId,
                     function (scriptCursor, id, requestId, request) {
                         // remove files in request body if any
@@ -458,11 +485,7 @@ module.exports = {
                             // @todo: Expose this as a property in Collection SDK's Script
                             timeout: payload.scriptTimeout,
                             cursor: scriptCursor,
-                            context: {
-                                ..._.pick(payload.context, SAFE_CONTEXT_VARIABLES),
-                                vaultSecrets: _.get(payload.context.vaultSecrets, '_.allowScriptAccess') ?
-                                    payload.context.vaultSecrets : undefined
-                            },
+                            context: _.pick(payload.context, SAFE_CONTEXT_VARIABLES),
                             resolvedPackages: resolvedPackages,
 
                             // legacy options
@@ -479,6 +502,7 @@ module.exports = {
                             this.host.removeAllListeners(EXECUTION_COOKIES_EVENT_BASE + executionId);
                             this.host.removeAllListeners(EXECUTION_ERROR_EVENT_BASE + executionId);
                             this.host.removeAllListeners(EXECUTION_SKIP_REQUEST_EVENT_BASE + executionId);
+                            this.host.removeAllListeners(EXECUTION_VAULT_BASE + executionId);
 
                             // Handle async errors as well.
                             // If there was an error running the script itself, that takes precedence
@@ -529,10 +553,16 @@ module.exports = {
                             result && result.globals && (result.globals = new sdk.VariableScope(result.globals));
                             result && result.collectionVariables &&
                                 (result.collectionVariables = new sdk.VariableScope(result.collectionVariables));
-                            result && result.vaultSecrets &&
-                                (result.vaultSecrets = new sdk.VariableScope(result.vaultSecrets));
                             result && result.request && (result.request = new sdk.Request(result.request));
 
+                            // vault secrets are not sent to sandbox, thus using the scope from run context.
+                            if (allowVaultAccess && vaultSecrets) {
+                                result.vaultSecrets = vaultSecrets;
+
+                                // Prevent mutations from being carry-forwarded to subsequent events
+                                vaultSecrets.disableTracking();
+                            }
+
                             // @note Since [email protected], response object is not included in the execution
                             // result.
                             // Refer: https://github.com/postmanlabs/postman-sandbox/pull/512

lib/runner/extensions/item.command.js

@@ -152,7 +152,8 @@ module.exports = {
                     item: item,
                     coords: coords,
                     context: ctxTemplate,
-                    trackContext: ['globals', 'environment', 'collectionVariables', 'vaultSecrets'],
+                    // No need to include vaultSecrets here as runtime takes care of tracking internally
+                    trackContext: ['globals', 'environment', 'collectionVariables'],
                     stopOnScriptError: stopOnError,
                     stopOnFailure: stopOnFailure
                 }).done(function (prereqExecutions, prereqExecutionError, shouldSkipExecution) {
@@ -234,7 +235,8 @@ module.exports = {
                             item: item,
                             coords: coords,
                             context: ctxTemplate,
-                            trackContext: ['tests', 'globals', 'environment', 'collectionVariables', 'vaultSecrets'],
+                            // No need to include vaultSecrets here as runtime takes care of tracking internally
+                            trackContext: ['tests', 'globals', 'environment', 'collectionVariables'],
                             stopOnScriptError: stopOnError,
                             abortOnFailure: abortOnFailure,
                             stopOnFailure: stopOnFailure

lib/runner/extensions/waterfall.command.js

@@ -80,7 +80,8 @@ module.exports = {
             new VariableScope(state.vaultSecrets);
         state.collectionVariables = VariableScope.isVariableScope(state.collectionVariables) ?
             state.collectionVariables : new VariableScope(state.collectionVariables);
-        state._variables = new VariableScope();
+        state._variables = VariableScope.isVariableScope(state.localVariables) ?
+            state.localVariables : new VariableScope(state.localVariables);
 
         // prepare the vault variable scope
         prepareVaultVariableScope(state.vaultSecrets);

lib/runner/index.js

@@ -121,6 +121,7 @@ _.assign(Runner.prototype, {
                 vaultSecrets: options.vaultSecrets,
                 // @todo Move to item level to support Item and ItemGroup variables
                 collectionVariables: collection.variables,
+                localVariables: options.localVariables,
                 certificates: options.certificates,
                 proxies: options.proxies
             }, runOptions)));

package-lock.json

@@ -1,6 +1,6 @@
 {
   "name": "postman-runtime",
-  "version": "7.41.2",
+  "version": "7.42.0",
   "description": "Underlying library of executing Postman Collections",
   "author": "Postman Inc.",
   "license": "Apache-2.0",
@@ -55,8 +55,8 @@
     "node-oauth1": "1.3.0",
     "performance-now": "2.1.0",
     "postman-collection": "4.5.0",
-    "postman-request": "2.88.1-postman.39",
-    "postman-sandbox": "5.1.1",
+    "postman-request": "2.88.1-postman.40",
+    "postman-sandbox": "5.1.2",
     "postman-url-encoder": "3.0.5",
     "serialised-error": "1.1.3",
     "strip-json-comments": "3.1.1",

package.json

@@ -4,6 +4,12 @@ var _ = require('lodash'),
 describe('pm.variables', function () {
     var testRun,
         runOptions = {
+            localVariables: {
+                values: [
+                    { key: 'key-1', value: 'local-value-1', name: 'key-1', enabled: true },
+                    { key: 'key-7', value: 'local-value-7', name: 'key-7', enabled: true }
+                ]
+            },
             data: [{
                 'key-4': 'data-value-4'
             }],
@@ -95,26 +101,26 @@ describe('pm.variables', function () {
 
             consoleLogs.forEach(function (consoleLog) {
                 expect(consoleLog).to.eql({
-                    'key-1': 'global-value-1',
+                    'key-1': 'local-value-1',
                     'key-2': 'coll-value-2',
                     'key-3': 'env-value-3',
                     'key-4': 'data-value-4',
                     'vault:key5': 'global-value-5',
-                    'vault:key6': 'vault-value-6'
+                    'key-7': 'local-value-7'
                 });
             });
         });
 
         it('should be honoured in request URL', function () {
             var url = testRun.request.getCall(0).args[3].url.toString(),
-                expectedParam = 'global-value-1:coll-value-2:env-value-3:data-value-4:global-value-5';
+                expectedParam = 'local-value-1:coll-value-2:env-value-3:data-value-4:global-value-5';
 
             expect(url).to.equal('https://postman-echo.com/get?param=' + expectedParam);
         });
 
         it('should be honoured in auth', function () {
             var response = testRun.response.getCall(0).args[2],
-                expectedToken = 'global-value-1:coll-value-2:env-value-3:data-value-4:global-value-5';
+                expectedToken = 'local-value-1:coll-value-2:env-value-3:data-value-4:global-value-5';
 
             expect(response.json()).to.deep.nested.include({
                 'headers.authorization': 'Bearer ' + expectedToken
@@ -235,7 +241,7 @@ describe('pm.variables', function () {
                     'key-3': 'env-value-3',
                     'key-4': 'data-value-4',
                     'vault:key5': 'global-value-5',
-                    'vault:key6': 'vault-value-6'
+                    'key-7': 'local-value-7'
                 }
             ]);
 
@@ -247,7 +253,7 @@ describe('pm.variables', function () {
                     'key-3': 'modified-2',
                     'key-4': 'data-value-4',
                     'vault:key5': 'global-value-5',
-                    'vault:key6': 'vault-value-6'
+                    'key-7': 'local-value-7'
                 }
             ]);
 
@@ -259,7 +265,7 @@ describe('pm.variables', function () {
                     'key-3': 'modified-3',
                     'key-4': 'modified-3',
                     'vault:key5': 'global-value-5',
-                    'vault:key6': 'vault-value-6'
+                    'key-7': 'local-value-7'
                 }
             ]);
 
@@ -271,7 +277,7 @@ describe('pm.variables', function () {
                     'key-3': 'modified-3',
                     'key-4': 'modified-4',
                     'vault:key5': 'global-value-5',
-                    'vault:key6': 'vault-value-6'
+                    'key-7': 'local-value-7'
                 }
             ]);
 
@@ -283,7 +289,7 @@ describe('pm.variables', function () {
                     'key-3': 'modified-3',
                     'key-4': 'modified-4',
                     'vault:key5': 'global-value-5',
-                    'vault:key6': 'vault-value-6'
+                    'key-7': 'local-value-7'
                 }
             ]);
 
@@ -295,7 +301,7 @@ describe('pm.variables', function () {
                     'key-3': 'modified-3',
                     'key-4': 'modified-3',
                     'vault:key5': 'global-value-5',
-                    'vault:key6': 'vault-value-6'
+                    'key-7': 'local-value-7'
                 }
             ]);
         });
@@ -362,7 +368,7 @@ describe('pm.variables', function () {
                     'key-3': 'env-value-3',
                     'key-4': 'data-value-4',
                     'vault:key5': 'global-value-5',
-                    'vault:key6': 'vault-value-6'
+                    'key-7': 'local-value-7'
                 }
             ]);
         });

test/integration/inherited-entities/pm-variables.test.js

@@ -26,7 +26,7 @@ describe('variable changes', function () {
                                 pm.environment.set('environment', 'environment value');
                                 pm.globals.set('globals', 'globals value');
                                 pm.collectionVariables.set('collection', 'collection value');
-                                pm.vault.set('secret1', 'vault value');
+                                await pm.vault.set('secret1', 'vault value');
                             `
                         }
                     }, {
@@ -35,7 +35,7 @@ describe('variable changes', function () {
                             exec: `
                                 pm.environment.set("environment", "environment updated value");
                                 pm.collectionVariables.set("collection", "collection updated value");
-                                pm.vault.set('secret1', 'vault updated value');
+                                await pm.vault.set('secret1', 'vault updated value');
                             `
                         }
                     }],