mirror of
https://github.com/nextcloud/all-in-one.git
synced 2024-12-26 08:41:07 +08:00
Merge pull request #1596 from nextcloud/enh/noid/pre-generate-secrets
secrets should only get generated if defined in secrets of container.…
This commit is contained in:
commit
9c968d33b9
3 changed files with 22 additions and 5 deletions
|
@ -77,9 +77,9 @@ $app->get('/containers', function ($request, $response, $args) use ($container)
|
|||
return $view->render($response, 'containers.twig', [
|
||||
'domain' => $configurationManager->GetDomain(),
|
||||
'borg_backup_host_location' => $configurationManager->GetBorgBackupHostLocation(),
|
||||
'nextcloud_password' => $configurationManager->GetSecret('NEXTCLOUD_PASSWORD'),
|
||||
'nextcloud_password' => $configurationManager->GetAndGenerateSecret('NEXTCLOUD_PASSWORD'),
|
||||
'containers' => (new \AIO\ContainerDefinitionFetcher($container->get(\AIO\Data\ConfigurationManager::class), $container))->FetchDefinition(),
|
||||
'borgbackup_password' => $configurationManager->GetSecret('BORGBACKUP_PASSWORD'),
|
||||
'borgbackup_password' => $configurationManager->GetAndGenerateSecret('BORGBACKUP_PASSWORD'),
|
||||
'is_mastercontainer_update_available' => $dockerActionManger->IsMastercontainerUpdateAvailable(),
|
||||
'has_backup_run_once' => $configurationManager->hasBackupRunOnce(),
|
||||
'is_backup_container_running' => $dockerActionManger->isBackupContainerRunning(),
|
||||
|
|
|
@ -32,7 +32,7 @@ class ConfigurationManager
|
|||
$this->WriteConfig($config);
|
||||
}
|
||||
|
||||
public function GetSecret(string $secretId) : string {
|
||||
public function GetAndGenerateSecret(string $secretId) : string {
|
||||
$config = $this->GetConfig();
|
||||
if(!isset($config['secrets'][$secretId])) {
|
||||
$config['secrets'][$secretId] = bin2hex(random_bytes(24));
|
||||
|
@ -46,6 +46,15 @@ class ConfigurationManager
|
|||
return $config['secrets'][$secretId];
|
||||
}
|
||||
|
||||
public function GetSecret(string $secretId) : string {
|
||||
$config = $this->GetConfig();
|
||||
if(!isset($config['secrets'][$secretId])) {
|
||||
$config['secrets'][$secretId] = "";
|
||||
}
|
||||
|
||||
return $config['secrets'][$secretId];
|
||||
}
|
||||
|
||||
private function DoubleSafeBackupSecret(string $borgBackupPassword) : void {
|
||||
file_put_contents(DataConst::GetBackupSecretFile(), $borgBackupPassword);
|
||||
}
|
||||
|
@ -269,7 +278,7 @@ class ConfigurationManager
|
|||
}
|
||||
|
||||
// Get Instance ID
|
||||
$instanceID = $this->GetSecret('INSTANCE_ID');
|
||||
$instanceID = $this->GetAndGenerateSecret('INSTANCE_ID');
|
||||
|
||||
// set protocol
|
||||
if ($port !== '443') {
|
||||
|
|
|
@ -228,6 +228,10 @@ class DockerActionManager
|
|||
$requestBody['HostConfig']['Binds'] = $volumes;
|
||||
}
|
||||
|
||||
foreach($container->GetSecrets() as $secret) {
|
||||
$this->configurationManager->GetAndGenerateSecret($secret);
|
||||
}
|
||||
|
||||
$envs = $container->GetEnvironmentVariables()->GetVariables();
|
||||
foreach($envs as $key => $env) {
|
||||
$patterns = ['/%(.*)%/'];
|
||||
|
@ -335,7 +339,11 @@ class DockerActionManager
|
|||
} elseif ($out[1] === 'NEXTCLOUD_ADDITIONAL_PHP_EXTENSIONS') {
|
||||
$replacements[1] = $this->configurationManager->GetNextcloudAdditionalPhpExtensions();
|
||||
} else {
|
||||
$replacements[1] = $this->configurationManager->GetSecret($out[1]);
|
||||
$secret = $this->configurationManager->GetSecret($out[1]);
|
||||
if ($secret === "") {
|
||||
throw new \Exception("The secret " . $out[1] . " is empty. Cannot substitute its value. Pleas check if it is defined in secrets of containers.json.");
|
||||
}
|
||||
$replacements[1] = $secret;
|
||||
}
|
||||
|
||||
$envs[$key] = preg_replace($patterns, $replacements, $env);
|
||||
|
|
Loading…
Reference in a new issue