Merge pull request #185 from PRX/fix/config-decode-secrets-json

HOTFIX: config: parse secrets.json into env vars

wp-config-constants.php

@@ -15,9 +15,3 @@
  * Name of the environment variable that acts as a flag for the platform server.
  */
 define( 'SERVER_PLATFORM_ENVIRONMENT_VARIABLE_NAME', 'PANTHEON_ENVIRONMENT' );
-
-/**
- * Wire up S3 Uploads key and secret values to ENV variable.
- */
-define( 'S3_UPLOADS_KEY', getenv( 'S3_KEY' ) );
-define( 'S3_UPLOADS_SECRET', getenv( 'S3_SECRET' ) );

wp-config-pantheon.php

@@ -12,22 +12,22 @@
 
 // ** MySQL settings - included in the Pantheon Environment ** //
 /** The name of the database for WordPress */
-define('DB_NAME', $_ENV['DB_NAME']);
+define( 'DB_NAME', $_ENV['DB_NAME'] );
 
 /** MySQL database username */
-define('DB_USER', $_ENV['DB_USER']);
+define( 'DB_USER', $_ENV['DB_USER'] );
 
 /** MySQL database password */
-define('DB_PASSWORD', $_ENV['DB_PASSWORD']);
+define( 'DB_PASSWORD', $_ENV['DB_PASSWORD'] );
 
 /** MySQL hostname; on Pantheon this includes a specific port number. */
-define('DB_HOST', $_ENV['DB_HOST'] . ':' . $_ENV['DB_PORT']);
+define( 'DB_HOST', $_ENV['DB_HOST'] . ':' . $_ENV['DB_PORT'] );
 
 /** Database Charset to use in creating database tables. */
-define('DB_CHARSET', 'utf8mb4');
+define( 'DB_CHARSET', 'utf8mb4' );
 
 /** The Database Collate type. Don't change this if in doubt. */
-define('DB_COLLATE', '');
+define( 'DB_COLLATE', '' );
 
 /**#@+
  * Authentication Unique Keys and Salts.
@@ -39,53 +39,71 @@
  *
  * @since 2.6.0
  */
-define('AUTH_KEY', $_ENV['AUTH_KEY']);
-define('SECURE_AUTH_KEY', $_ENV['SECURE_AUTH_KEY']);
-define('LOGGED_IN_KEY', $_ENV['LOGGED_IN_KEY']);
-define('NONCE_KEY', $_ENV['NONCE_KEY']);
-define('AUTH_SALT', $_ENV['AUTH_SALT']);
-define('SECURE_AUTH_SALT', $_ENV['SECURE_AUTH_SALT']);
-define('LOGGED_IN_SALT', $_ENV['LOGGED_IN_SALT']);
-define('NONCE_SALT', $_ENV['NONCE_SALT']);
+define( 'AUTH_KEY', $_ENV['AUTH_KEY'] );
+define( 'SECURE_AUTH_KEY', $_ENV['SECURE_AUTH_KEY'] );
+define( 'LOGGED_IN_KEY', $_ENV['LOGGED_IN_KEY'] );
+define( 'NONCE_KEY', $_ENV['NONCE_KEY'] );
+define( 'AUTH_SALT', $_ENV['AUTH_SALT'] );
+define( 'SECURE_AUTH_SALT', $_ENV['SECURE_AUTH_SALT'] );
+define( 'LOGGED_IN_SALT', $_ENV['LOGGED_IN_SALT'] );
+define( 'NONCE_SALT', $_ENV['NONCE_SALT'] );
 /**#@-*/
 
-/** A couple extra tweaks to help things run well on Pantheon. **/
-if (isset($_SERVER['HTTP_HOST'])) {
-    // HTTP is still the default scheme for now.
-    $scheme = 'http';
-    // If we have detected that the end use is HTTPS, make sure we pass that
-    // through here, so <img> tags and the like don't generate mixed-mode
-    // content warnings.
-    if (isset($_SERVER['HTTP_USER_AGENT_HTTPS']) && $_SERVER['HTTP_USER_AGENT_HTTPS'] == 'ON') {
-        $scheme = 'https';
-        $_SERVER['HTTPS'] = 'on';
-    }
-    define('WP_HOME', $scheme . '://' . $_SERVER['HTTP_HOST']);
-    define('WP_SITEURL', $scheme . '://' . $_SERVER['HTTP_HOST']);
+/** A couple extra tweaks to help things run well on Pantheon. */
+if ( isset( $_SERVER['HTTP_HOST'] ) ) {
+	// HTTP is still the default scheme for now.
+	$scheme = 'http';
+	// If we have detected that the end use is HTTPS, make sure we pass that
+	// through here, so <img> tags and the like don't generate mixed-mode
+	// content warnings.
+	if ( isset( $_SERVER['HTTP_USER_AGENT_HTTPS'] ) && $_SERVER['HTTP_USER_AGENT_HTTPS'] == 'ON' ) {
+		$scheme           = 'https';
+		$_SERVER['HTTPS'] = 'on';
+	}
+	define( 'WP_HOME', $scheme . '://' . $_SERVER['HTTP_HOST'] );
+	define( 'WP_SITEURL', $scheme . '://' . $_SERVER['HTTP_HOST'] );
 }
 // Don't show deprecations; useful under PHP 5.5
-error_reporting(E_ALL ^ E_DEPRECATED);
+error_reporting( E_ALL ^ E_DEPRECATED );
 /** Define appropriate location for default tmp directory on Pantheon */
-define('WP_TEMP_DIR', sys_get_temp_dir());
+define( 'WP_TEMP_DIR', sys_get_temp_dir() );
 
 // FS writes aren't permitted in test or live, so we should let WordPress know to disable relevant UI
-if (in_array($_ENV['PANTHEON_ENVIRONMENT'], array( 'test', 'live' )) && ! defined('DISALLOW_FILE_MODS')) {
-    define('DISALLOW_FILE_MODS', true);
+if ( in_array( $_ENV['PANTHEON_ENVIRONMENT'], array( 'test', 'live' ) ) && ! defined( 'DISALLOW_FILE_MODS' ) ) {
+	define( 'DISALLOW_FILE_MODS', true );
 }
 
 /**
  * Set WP_ENVIRONMENT_TYPE according to the Pantheon Environment
  */
-if (getenv('WP_ENVIRONMENT_TYPE') === false) {
-    switch ($_ENV['PANTHEON_ENVIRONMENT']) {
-        case 'live':
-            putenv('WP_ENVIRONMENT_TYPE=production');
-            break;
-        case 'test':
-            putenv('WP_ENVIRONMENT_TYPE=staging');
-            break;
-        default:
-            putenv('WP_ENVIRONMENT_TYPE=development');
-            break;
-    }
+if ( getenv( 'WP_ENVIRONMENT_TYPE' ) === false ) {
+	switch ( $_ENV['PANTHEON_ENVIRONMENT'] ) {
+		case 'live':
+			putenv( 'WP_ENVIRONMENT_TYPE=production' );
+			break;
+		case 'test':
+			putenv( 'WP_ENVIRONMENT_TYPE=staging' );
+			break;
+		default:
+			putenv( 'WP_ENVIRONMENT_TYPE=development' );
+			break;
+	}
+}
+
+/**
+ * Decode secrets.json and convert key/value pairs into environment variables.
+ */
+if ( file_exists( __DIR__ . '/wp-content/uploads/private/secrets.json' ) && isset( $_ENV['PANTHEON_ENVIRONMENT'] ) ) {
+	// Decode as associative array...
+	$json = json_decode( file_get_contents( __DIR__ . '/wp-content/uploads/private/secrets.json' ), true );
+
+	if ( ! empty( $json ) && ! empty( $_ENV['PANTHEON_ENVIRONMENT'] ) ) {
+		// Loop over key/value pairs...
+		foreach ( $json as $key => $value ) {
+			// Define environment variable if one doesn't already exists...
+			if ( ! isset( $_ENV[ $key ] ) ) {
+				putenv( "{$key}={$value}" );
+			}
+		}
+	}
 }

wp-config.php

@@ -16,6 +16,13 @@
 	require_once __DIR__ . '/wp-config-' . SERVER_PLATFORM_NAME . '.php';
 }
 
+/**
+ * Wire up S3 Uploads key and secret values to ENV variable.
+ * Needs to be assigned AFTER platform config.
+ */
+define( 'S3_UPLOADS_KEY', getenv( 'S3_KEY' ) );
+define( 'S3_UPLOADS_SECRET', getenv( 'S3_SECRET' ) );
+
 
 /** Standard wp-config.php stuff from here on down. */