secrets should only get generated if defined in secrets of container.json

Signed-off-by: Simon L <szaimen@e.mail.de>
2025-12-20 06:26:57 +00:00 · 2022-12-25 02:26:32 +01:00 · 2022-12-25 02:26:32 +01:00 · 27bd5ce1a4
commit 27bd5ce1a4
parent 4750fb228f
3 changed files with 22 additions and 5 deletions
--- a/php/src/Data/ConfigurationManager.php
+++ b/php/src/Data/ConfigurationManager.php
@ -32,7 +32,7 @@ class ConfigurationManager
        $this->WriteConfig($config);
    }

-    public function GetSecret(string $secretId) : string {
+    public function GetAndGenerateSecret(string $secretId) : string {
        $config = $this->GetConfig();
        if(!isset($config['secrets'][$secretId])) {
            $config['secrets'][$secretId] = bin2hex(random_bytes(24));
@ -46,6 +46,15 @@ class ConfigurationManager
        return $config['secrets'][$secretId];
    }

+    public function GetSecret(string $secretId) : string {
+        $config = $this->GetConfig();
+        if(!isset($config['secrets'][$secretId])) {
+            $config['secrets'][$secretId] = "";
+        }
+
+        return $config['secrets'][$secretId];
+    }
+
    private function DoubleSafeBackupSecret(string $borgBackupPassword) : void {
        file_put_contents(DataConst::GetBackupSecretFile(), $borgBackupPassword);
    }
@ -269,7 +278,7 @@ class ConfigurationManager
            }

            // Get Instance ID
-            $instanceID = $this->GetSecret('INSTANCE_ID');
+            $instanceID = $this->GetAndGenerateSecret('INSTANCE_ID');

            // set protocol
            if ($port !== '443') {
--- a/php/src/Docker/DockerActionManager.php
+++ b/php/src/Docker/DockerActionManager.php
@ -230,6 +230,10 @@ class DockerActionManager
            $requestBody['HostConfig']['Binds'] = $volumes;
        }

+        foreach($container->GetSecrets() as $secret) {
+            $this->configurationManager->GetAndGenerateSecret($secret);
+        }
+
        $envs = $container->GetEnvironmentVariables()->GetVariables();
        foreach($envs as $key => $env) {
            $patterns = ['/%(.*)%/'];
@ -337,7 +341,11 @@ class DockerActionManager
                } elseif ($out[1] === 'NEXTCLOUD_ADDITIONAL_PHP_EXTENSIONS') {
                    $replacements[1] = $this->configurationManager->GetNextcloudAdditionalPhpExtensions();
                } else {
-                    $replacements[1] = $this->configurationManager->GetSecret($out[1]);
+                    $secret = $this->configurationManager->GetSecret($out[1]);
+                    if ($secret === "") {
+                        throw new \Exception("The secret " . $out[1] . " is empty. Cannot substitute its value. Pleas check if it is defined in secrets of containers.json.");
+                    }
+                    $replacements[1] = $secret;
                }

                $envs[$key] = preg_replace($patterns, $replacements, $env);