Merge pull request #1596 from nextcloud/enh/noid/pre-generate-secrets

secrets should only get generated if defined in secrets of container.…

php/public/index.php

@@ -77,9 +77,9 @@ $app->get('/containers', function ($request, $response, $args) use ($container)
     return $view->render($response, 'containers.twig', [
         'domain' => $configurationManager->GetDomain(),
         'borg_backup_host_location' => $configurationManager->GetBorgBackupHostLocation(),
-        'nextcloud_password' => $configurationManager->GetSecret('NEXTCLOUD_PASSWORD'),
+        'nextcloud_password' => $configurationManager->GetAndGenerateSecret('NEXTCLOUD_PASSWORD'),
         'containers' => (new \AIO\ContainerDefinitionFetcher($container->get(\AIO\Data\ConfigurationManager::class), $container))->FetchDefinition(),
-        'borgbackup_password' => $configurationManager->GetSecret('BORGBACKUP_PASSWORD'),
+        'borgbackup_password' => $configurationManager->GetAndGenerateSecret('BORGBACKUP_PASSWORD'),
         'is_mastercontainer_update_available' => $dockerActionManger->IsMastercontainerUpdateAvailable(),
         'has_backup_run_once' => $configurationManager->hasBackupRunOnce(),
         'is_backup_container_running' => $dockerActionManger->isBackupContainerRunning(),

php/src/Data/ConfigurationManager.php

@@ -32,7 +32,7 @@ class ConfigurationManager
         $this->WriteConfig($config);
     }
 
-    public function GetSecret(string $secretId) : string {
+    public function GetAndGenerateSecret(string $secretId) : string {
         $config = $this->GetConfig();
         if(!isset($config['secrets'][$secretId])) {
             $config['secrets'][$secretId] = bin2hex(random_bytes(24));
@@ -46,6 +46,15 @@ class ConfigurationManager
         return $config['secrets'][$secretId];
     }
 
+    public function GetSecret(string $secretId) : string {
+        $config = $this->GetConfig();
+        if(!isset($config['secrets'][$secretId])) {
+            $config['secrets'][$secretId] = "";
+        }
+
+        return $config['secrets'][$secretId];
+    }
+
     private function DoubleSafeBackupSecret(string $borgBackupPassword) : void {
         file_put_contents(DataConst::GetBackupSecretFile(), $borgBackupPassword);
     }
@@ -269,7 +278,7 @@ class ConfigurationManager
             }
 
             // Get Instance ID
-            $instanceID = $this->GetSecret('INSTANCE_ID');
+            $instanceID = $this->GetAndGenerateSecret('INSTANCE_ID');
 
             // set protocol
             if ($port !== '443') {

php/src/Docker/DockerActionManager.php

@@ -228,6 +228,10 @@ class DockerActionManager
             $requestBody['HostConfig']['Binds'] = $volumes;
         }
 
+        foreach($container->GetSecrets() as $secret) {
+            $this->configurationManager->GetAndGenerateSecret($secret);
+        }
+
         $envs = $container->GetEnvironmentVariables()->GetVariables();
         foreach($envs as $key => $env) {
             $patterns = ['/%(.*)%/'];
@@ -335,7 +339,11 @@ class DockerActionManager
                 } elseif ($out[1] === 'NEXTCLOUD_ADDITIONAL_PHP_EXTENSIONS') {
                     $replacements[1] = $this->configurationManager->GetNextcloudAdditionalPhpExtensions();
                 } else {
-                    $replacements[1] = $this->configurationManager->GetSecret($out[1]);
+                    $secret = $this->configurationManager->GetSecret($out[1]);
+                    if ($secret === "") {
+                        throw new \Exception("The secret " . $out[1] . " is empty. Cannot substitute its value. Pleas check if it is defined in secrets of containers.json.");
+                    }
+                    $replacements[1] = $secret;
                 }
 
                 $envs[$key] = preg_replace($patterns, $replacements, $env);