From 4a4c9d3036c255e35261de34dbc790e1f4f49a4c Mon Sep 17 00:00:00 2001 From: Rick Peterman Date: Mon, 8 Apr 2024 16:30:51 -0500 Subject: [PATCH] config: parse secrets.json into env vars --- wp-config-constants.php | 6 --- wp-config-pantheon.php | 104 +++++++++++++++++++++++----------------- wp-config.php | 7 +++ 3 files changed, 68 insertions(+), 49 deletions(-) diff --git a/wp-config-constants.php b/wp-config-constants.php index 7c2336fb2..e638b40c2 100644 --- a/wp-config-constants.php +++ b/wp-config-constants.php @@ -15,9 +15,3 @@ * Name of the environment variable that acts as a flag for the platform server. */ define( 'SERVER_PLATFORM_ENVIRONMENT_VARIABLE_NAME', 'PANTHEON_ENVIRONMENT' ); - -/** - * Wire up S3 Uploads key and secret values to ENV variable. - */ -define( 'S3_UPLOADS_KEY', getenv( 'S3_KEY' ) ); -define( 'S3_UPLOADS_SECRET', getenv( 'S3_SECRET' ) ); diff --git a/wp-config-pantheon.php b/wp-config-pantheon.php index 9c3c2bdba..a1f98610d 100644 --- a/wp-config-pantheon.php +++ b/wp-config-pantheon.php @@ -12,22 +12,22 @@ // ** MySQL settings - included in the Pantheon Environment ** // /** The name of the database for WordPress */ -define('DB_NAME', $_ENV['DB_NAME']); +define( 'DB_NAME', $_ENV['DB_NAME'] ); /** MySQL database username */ -define('DB_USER', $_ENV['DB_USER']); +define( 'DB_USER', $_ENV['DB_USER'] ); /** MySQL database password */ -define('DB_PASSWORD', $_ENV['DB_PASSWORD']); +define( 'DB_PASSWORD', $_ENV['DB_PASSWORD'] ); /** MySQL hostname; on Pantheon this includes a specific port number. */ -define('DB_HOST', $_ENV['DB_HOST'] . ':' . $_ENV['DB_PORT']); +define( 'DB_HOST', $_ENV['DB_HOST'] . ':' . $_ENV['DB_PORT'] ); /** Database Charset to use in creating database tables. */ -define('DB_CHARSET', 'utf8mb4'); +define( 'DB_CHARSET', 'utf8mb4' ); /** The Database Collate type. Don't change this if in doubt. */ -define('DB_COLLATE', ''); +define( 'DB_COLLATE', '' ); /**#@+ * Authentication Unique Keys and Salts. @@ -39,53 +39,71 @@ * * @since 2.6.0 */ -define('AUTH_KEY', $_ENV['AUTH_KEY']); -define('SECURE_AUTH_KEY', $_ENV['SECURE_AUTH_KEY']); -define('LOGGED_IN_KEY', $_ENV['LOGGED_IN_KEY']); -define('NONCE_KEY', $_ENV['NONCE_KEY']); -define('AUTH_SALT', $_ENV['AUTH_SALT']); -define('SECURE_AUTH_SALT', $_ENV['SECURE_AUTH_SALT']); -define('LOGGED_IN_SALT', $_ENV['LOGGED_IN_SALT']); -define('NONCE_SALT', $_ENV['NONCE_SALT']); +define( 'AUTH_KEY', $_ENV['AUTH_KEY'] ); +define( 'SECURE_AUTH_KEY', $_ENV['SECURE_AUTH_KEY'] ); +define( 'LOGGED_IN_KEY', $_ENV['LOGGED_IN_KEY'] ); +define( 'NONCE_KEY', $_ENV['NONCE_KEY'] ); +define( 'AUTH_SALT', $_ENV['AUTH_SALT'] ); +define( 'SECURE_AUTH_SALT', $_ENV['SECURE_AUTH_SALT'] ); +define( 'LOGGED_IN_SALT', $_ENV['LOGGED_IN_SALT'] ); +define( 'NONCE_SALT', $_ENV['NONCE_SALT'] ); /**#@-*/ -/** A couple extra tweaks to help things run well on Pantheon. **/ -if (isset($_SERVER['HTTP_HOST'])) { - // HTTP is still the default scheme for now. - $scheme = 'http'; - // If we have detected that the end use is HTTPS, make sure we pass that - // through here, so tags and the like don't generate mixed-mode - // content warnings. - if (isset($_SERVER['HTTP_USER_AGENT_HTTPS']) && $_SERVER['HTTP_USER_AGENT_HTTPS'] == 'ON') { - $scheme = 'https'; - $_SERVER['HTTPS'] = 'on'; - } - define('WP_HOME', $scheme . '://' . $_SERVER['HTTP_HOST']); - define('WP_SITEURL', $scheme . '://' . $_SERVER['HTTP_HOST']); +/** A couple extra tweaks to help things run well on Pantheon. */ +if ( isset( $_SERVER['HTTP_HOST'] ) ) { + // HTTP is still the default scheme for now. + $scheme = 'http'; + // If we have detected that the end use is HTTPS, make sure we pass that + // through here, so tags and the like don't generate mixed-mode + // content warnings. + if ( isset( $_SERVER['HTTP_USER_AGENT_HTTPS'] ) && $_SERVER['HTTP_USER_AGENT_HTTPS'] == 'ON' ) { + $scheme = 'https'; + $_SERVER['HTTPS'] = 'on'; + } + define( 'WP_HOME', $scheme . '://' . $_SERVER['HTTP_HOST'] ); + define( 'WP_SITEURL', $scheme . '://' . $_SERVER['HTTP_HOST'] ); } // Don't show deprecations; useful under PHP 5.5 -error_reporting(E_ALL ^ E_DEPRECATED); +error_reporting( E_ALL ^ E_DEPRECATED ); /** Define appropriate location for default tmp directory on Pantheon */ -define('WP_TEMP_DIR', sys_get_temp_dir()); +define( 'WP_TEMP_DIR', sys_get_temp_dir() ); // FS writes aren't permitted in test or live, so we should let WordPress know to disable relevant UI -if (in_array($_ENV['PANTHEON_ENVIRONMENT'], array( 'test', 'live' )) && ! defined('DISALLOW_FILE_MODS')) { - define('DISALLOW_FILE_MODS', true); +if ( in_array( $_ENV['PANTHEON_ENVIRONMENT'], array( 'test', 'live' ) ) && ! defined( 'DISALLOW_FILE_MODS' ) ) { + define( 'DISALLOW_FILE_MODS', true ); } /** * Set WP_ENVIRONMENT_TYPE according to the Pantheon Environment */ -if (getenv('WP_ENVIRONMENT_TYPE') === false) { - switch ($_ENV['PANTHEON_ENVIRONMENT']) { - case 'live': - putenv('WP_ENVIRONMENT_TYPE=production'); - break; - case 'test': - putenv('WP_ENVIRONMENT_TYPE=staging'); - break; - default: - putenv('WP_ENVIRONMENT_TYPE=development'); - break; - } +if ( getenv( 'WP_ENVIRONMENT_TYPE' ) === false ) { + switch ( $_ENV['PANTHEON_ENVIRONMENT'] ) { + case 'live': + putenv( 'WP_ENVIRONMENT_TYPE=production' ); + break; + case 'test': + putenv( 'WP_ENVIRONMENT_TYPE=staging' ); + break; + default: + putenv( 'WP_ENVIRONMENT_TYPE=development' ); + break; + } +} + +/** + * Decode secrets.json and convert key/value pairs into environment variables. + */ +if ( file_exists( __DIR__ . '/wp-content/uploads/private/secrets.json' ) && isset( $_ENV['PANTHEON_ENVIRONMENT'] ) ) { + // Decode as associative array... + $json = json_decode( file_get_contents( __DIR__ . '/wp-content/uploads/private/secrets.json' ), true ); + + if ( ! empty( $json ) && ! empty( $_ENV['PANTHEON_ENVIRONMENT'] ) ) { + // Loop over key/value pairs... + foreach ( $json as $key => $value ) { + // Define environment variable if one doesn't already exists... + if ( ! isset( $_ENV[ $key ] ) ) { + putenv( "{$key}={$value}" ); + } + } + } } diff --git a/wp-config.php b/wp-config.php index ae879fa23..9aaa430e7 100644 --- a/wp-config.php +++ b/wp-config.php @@ -16,6 +16,13 @@ require_once __DIR__ . '/wp-config-' . SERVER_PLATFORM_NAME . '.php'; } +/** + * Wire up S3 Uploads key and secret values to ENV variable. + * Needs to be assigned AFTER platform config. + */ +define( 'S3_UPLOADS_KEY', getenv( 'S3_KEY' ) ); +define( 'S3_UPLOADS_SECRET', getenv( 'S3_SECRET' ) ); + /** Standard wp-config.php stuff from here on down. */