eightball/all-in-one
1
0
Fork 0
mirror of https://github.com/nextcloud/all-in-one.git synced 2025-12-19 22:16:49 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 10

Merge pull request #6841 from nextcloud/global-secrets

Browse source 
Register secrets for generation when their declarations are read
This commit is contained in:
Simon L. 2025-09-10 13:47:58 +02:00 committed by GitHub
commit cfaf69fb58
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
4 changed files with 15 additions and 27 deletions
Download patch file Download diff file Expand all files Collapse all files

6
php/src/Container/Container.php
View file

@ -19,8 +19,6 @@ readonly class Container {
private ContainerEnvironmentVariables $containerEnvironmentVariables, private ContainerEnvironmentVariables $containerEnvironmentVariables,
/** @var string[] */ /** @var string[] */
private array $dependsOn, private array $dependsOn,
/** @var string[] */
private array $secrets,
private string $uiSecret, private string $uiSecret,
/** @var string[] */ /** @var string[] */
private array $devices, private array $devices,
@ -82,10 +80,6 @@ readonly class Container {
return $this->maxShutdownTime; return $this->maxShutdownTime;
} }
public function GetSecrets() : array {
return $this->secrets;
}
public function GetUiSecret() : string { public function GetUiSecret() : string {
return $this->dockerActionManager->GetAndGenerateSecretWrapper($this->uiSecret); return $this->dockerActionManager->GetAndGenerateSecretWrapper($this->uiSecret);
} }

8
php/src/ContainerDefinitionFetcher.php
View file

@ -239,9 +239,12 @@ readonly class ContainerDefinitionFetcher {
$internalPort = $entry['internal_port']; $internalPort = $entry['internal_port'];
} }
$secrets = [];
if (isset($entry['secrets'])) { if (isset($entry['secrets'])) {
$secrets = $entry['secrets']; // All secrets are registered with the configuration when they
// are discovered so they can be later generated at time-of-use.
foreach ($entry['secrets'] as $secret) {
$this->configurationManager->RegisterSecret($secret);
}
} }
$uiSecret = ''; $uiSecret = '';
@ -320,7 +323,6 @@ readonly class ContainerDefinitionFetcher {
$volumes, $volumes,
$variables, $variables,
$dependsOn, $dependsOn,
$secrets,
$uiSecret, $uiSecret,
$devices, $devices,
$enableNvidiaGpu, $enableNvidiaGpu,

14
php/src/Data/ConfigurationManager.php
View file

@ -7,6 +7,8 @@ use AIO\Controller\DockerController;
class ConfigurationManager class ConfigurationManager
{ {
private array $secrets = [];
public function GetConfig() : array public function GetConfig() : array
{ {
if(file_exists(DataConst::GetConfigFile())) if(file_exists(DataConst::GetConfigFile()))
@ -50,13 +52,15 @@ class ConfigurationManager
return $config['secrets'][$secretId]; return $config['secrets'][$secretId];
} }
public function GetSecret(string $secretId) : string { public function GetRegisteredSecret(string $secretId) : string {
$config = $this->GetConfig(); if ($this->secrets[$secretId]) {
if(!isset($config['secrets'][$secretId])) { return $this->GetAndGenerateSecret($secretId);
$config['secrets'][$secretId] = ""; }
throw new \Exception("The secret " . $secretId . " was not registered. Please check if it is defined in secrets of containers.json.");
} }
return $config['secrets'][$secretId]; public function RegisterSecret(string $secretId) : void {
$this->secrets[$secretId] = true;
} }
private function DoubleSafeBackupSecret(string $borgBackupPassword) : void { private function DoubleSafeBackupSecret(string $borgBackupPassword) : void {

14
php/src/Docker/DockerActionManager.php
View file

@ -221,10 +221,6 @@ readonly class DockerActionManager {
$requestBody['HostConfig']['Binds'] = $volumes; $requestBody['HostConfig']['Binds'] = $volumes;
} }
foreach ($container->GetSecrets() as $secret) {
$this->configurationManager->GetAndGenerateSecret($secret);
}
$aioVariables = $container->GetAioVariables()->GetVariables(); $aioVariables = $container->GetAioVariables()->GetVariables();
foreach ($aioVariables as $variable) { foreach ($aioVariables as $variable) {
$config = $this->configurationManager->GetConfig(); $config = $this->configurationManager->GetConfig();
@ -566,18 +562,10 @@ readonly class DockerActionManager {
// Allow to get local ip-address of caddy container and add it to trusted proxies automatically // Allow to get local ip-address of caddy container and add it to trusted proxies automatically
'CADDY_IP_ADDRESS' => in_array('caddy', $this->configurationManager->GetEnabledCommunityContainers(), true) ? gethostbyname('nextcloud-aio-caddy') : '', 'CADDY_IP_ADDRESS' => in_array('caddy', $this->configurationManager->GetEnabledCommunityContainers(), true) ? gethostbyname('nextcloud-aio-caddy') : '',
'WHITEBOARD_ENABLED' => $this->configurationManager->isWhiteboardEnabled() ? 'yes' : '', 'WHITEBOARD_ENABLED' => $this->configurationManager->isWhiteboardEnabled() ? 'yes' : '',
default => $this->getSecretOrThrow($placeholder), default => $this->configurationManager->GetRegisteredSecret($placeholder),
}; };
} }
private function getSecretOrThrow(string $secretName): string {
$secret = $this->configurationManager->GetSecret($secretName);
if ($secret === "") {
throw new \Exception("The secret " . $secretName . " is empty. Cannot substitute its value. Please check if it is defined in secrets of containers.json.");
}
return $secret;
}
private function isContainerUpdateAvailable(string $id): string { private function isContainerUpdateAvailable(string $id): string {
$container = $this->containerDefinitionFetcher->GetContainerById($id); $container = $this->containerDefinitionFetcher->GetContainerById($id);