[FrameworkBundle][Secret] Leverage vault to store APP_SECRET env var #1005
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
noniagriconomie
force-pushed
the
ft-vault-secret
branch
from
7b684ac to
5fac3b3
Compare
ghost
deployed
to
|
Thanks for the PR 😍 How to test these changes in your application
Diff between recipe versionsIn order to help with the review stage, I'm in charge of computing the diff between the various versions of patched recipes. symfony/framework-bundle3.3 vs 3.4diff --git a/symfony/framework-bundle/3.3/config/packages/framework.yaml b/symfony/framework-bundle/3.4/config/packages/framework.yaml
index d2b31bf..f532576 100644
--- a/symfony/framework-bundle/3.3/config/packages/framework.yaml
+++ b/symfony/framework-bundle/3.4/config/packages/framework.yaml
@@ -7,6 +7,7 @@ framework:
# Remove or comment this section to explicitly disable session support.
session:
handler_id: null
+ cookie_samesite: lax
#esi: true
#fragments: true3.4 vs 4.2diff --git a/symfony/framework-bundle/3.4/config/bootstrap.php b/symfony/framework-bundle/4.2/config/bootstrap.php
index 2a47186..55560fb 100644
--- a/symfony/framework-bundle/3.4/config/bootstrap.php
+++ b/symfony/framework-bundle/4.2/config/bootstrap.php
@@ -13,38 +13,8 @@ if (!class_exists(Dotenv::class)) {
if (is_array($env = @include dirname(__DIR__).'/.env.local.php') && (!isset($env['APP_ENV']) || ($_SERVER['APP_ENV'] ?? $_ENV['APP_ENV'] ?? $env['APP_ENV']) === $env['APP_ENV'])) {
(new Dotenv(false))->populate($env);
} else {
- $path = dirname(__DIR__).'/.env';
- $dotenv = new Dotenv(false);
-
// load all the .env files
- if (method_exists($dotenv, 'loadEnv')) {
- $dotenv->loadEnv($path);
- } else {
- // fallback code in case your Dotenv component is not 4.2 or higher (when loadEnv() was added)
-
- if (file_exists($path) || !file_exists($p = "$path.dist")) {
- $dotenv->load($path);
- } else {
- $dotenv->load($p);
- }
-
- if (null === $env = $_SERVER['APP_ENV'] ?? $_ENV['APP_ENV'] ?? null) {
- $dotenv->populate(array('APP_ENV' => $env = 'dev'));
- }
-
- if ('test' !== $env && file_exists($p = "$path.local")) {
- $dotenv->load($p);
- $env = $_SERVER['APP_ENV'] ?? $_ENV['APP_ENV'] ?? $env;
- }
-
- if (file_exists($p = "$path.$env")) {
- $dotenv->load($p);
- }
-
- if (file_exists($p = "$path.$env.local")) {
- $dotenv->load($p);
- }
- }
+ (new Dotenv(false))->loadEnv(dirname(__DIR__).'/.env');
}
$_SERVER += $_ENV;
diff --git a/symfony/framework-bundle/3.4/config/packages/framework.yaml b/symfony/framework-bundle/4.2/config/packages/framework.yaml
index f532576..cad7f78 100644
--- a/symfony/framework-bundle/3.4/config/packages/framework.yaml
+++ b/symfony/framework-bundle/4.2/config/packages/framework.yaml
@@ -1,3 +1,4 @@
+# see https://symfony.com/doc/current/reference/configuration/framework.html
framework:
secret: '%env(APP_SECRET)%'
#csrf_protection: true
@@ -7,6 +8,7 @@ framework:
# Remove or comment this section to explicitly disable session support.
session:
handler_id: null
+ cookie_secure: auto
cookie_samesite: lax
#esi: true
diff --git a/symfony/framework-bundle/3.4/config/services.yaml b/symfony/framework-bundle/4.2/config/services.yaml
index 07d653c..337b2b0 100644
--- a/symfony/framework-bundle/3.4/config/services.yaml
+++ b/symfony/framework-bundle/4.2/config/services.yaml
@@ -10,15 +10,12 @@ services:
_defaults:
autowire: true # Automatically injects dependencies in your services.
autoconfigure: true # Automatically registers your services as commands, event subscribers, etc.
- public: false # Allows optimizing the container by removing unused services; this also means
- # fetching services directly from the container via $container->get() won't work.
- # The best practice is to be explicit about your dependencies anyway.
# makes classes in src/ available to be used as services
# this creates a service per class whose id is the fully-qualified class name
App\:
resource: '../src/*'
- exclude: '../src/{DependencyInjection,Entity,Migrations,Tests,Kernel.php}'
+ exclude: '../src/{DependencyInjection,Entity,Tests,Kernel.php}'
# controllers are imported separately to make sure services can be injected
# as action arguments even if you don't extend any base controller class
diff --git a/symfony/framework-bundle/3.4/manifest.json b/symfony/framework-bundle/4.2/manifest.json
index aa0150e..101b2aa 100644
--- a/symfony/framework-bundle/3.4/manifest.json
+++ b/symfony/framework-bundle/4.2/manifest.json
@@ -14,13 +14,14 @@
"env": {
"APP_ENV": "dev",
"APP_SECRET": "%generate(secret)%",
- "#TRUSTED_PROXIES": "127.0.0.1,127.0.0.2",
+ "#TRUSTED_PROXIES": "127.0.0.0/8,10.0.0.0/8,172.16.0.0/12,192.168.0.0/16",
"#TRUSTED_HOSTS": "'^(localhost|example\\.com)$'"
},
"gitignore": [
"/.env.local",
"/.env.local.php",
"/.env.*.local",
+ "/%CONFIG_DIR%/secrets/prod/prod.decrypt.private.php",
"/%PUBLIC_DIR%/bundles/",
"/%VAR_DIR%/",
"/vendor/"
diff --git a/symfony/framework-bundle/3.4/post-install.txt b/symfony/framework-bundle/4.2/post-install.txt
index 944aa06..12f3669 100644
--- a/symfony/framework-bundle/3.4/post-install.txt
+++ b/symfony/framework-bundle/4.2/post-install.txt
@@ -1,7 +1,6 @@
* Run your application:
1. Go to the project directory
2. Create your code repository with the git init command
- 3. Download the Symfony CLI at https://symfony.com/download to install a development web server,
- or run composer require server --dev for a minimalist one
+ 3. Download the Symfony CLI at https://symfony.com/download to install a development web server
* Read the documentation at https://symfony.com/doc
diff --git a/symfony/framework-bundle/3.4/src/Kernel.php b/symfony/framework-bundle/4.2/src/Kernel.php
index 68b7a56..1cd0572 100644
--- a/symfony/framework-bundle/3.4/src/Kernel.php
+++ b/symfony/framework-bundle/4.2/src/Kernel.php
@@ -13,19 +13,9 @@ class Kernel extends BaseKernel
{
use MicroKernelTrait;
- const CONFIG_EXTS = '.{php,xml,yaml,yml}';
+ private const CONFIG_EXTS = '.{php,xml,yaml,yml}';
- public function getCacheDir()
- {
- return $this->getProjectDir().'/var/cache/'.$this->environment;
- }
-
- public function getLogDir()
- {
- return $this->getProjectDir().'/var/log';
- }
-
- public function registerBundles()
+ public function registerBundles(): iterable
{
$contents = require $this->getProjectDir().'/config/bundles.php';
foreach ($contents as $class => $envs) {
@@ -35,13 +25,16 @@ class Kernel extends BaseKernel
}
}
- protected function configureContainer(ContainerBuilder $container, LoaderInterface $loader)
+ public function getProjectDir(): string
+ {
+ return \dirname(__DIR__);
+ }
+
+ protected function configureContainer(ContainerBuilder $container, LoaderInterface $loader): void
{
$container->addResource(new FileResource($this->getProjectDir().'/config/bundles.php'));
- // Feel free to remove the "container.autowiring.strict_mode" parameter
- // if you are using symfony/dependency-injection 4.0+ as it's the default behavior
- $container->setParameter('container.autowiring.strict_mode', true);
- $container->setParameter('container.dumper.inline_class_loader', true);
+ $container->setParameter('container.dumper.inline_class_loader', \PHP_VERSION_ID < 70400 || $this->debug);
+ $container->setParameter('container.dumper.inline_factories', true);
$confDir = $this->getProjectDir().'/config';
$loader->load($confDir.'/{packages}/*'.self::CONFIG_EXTS, 'glob');
@@ -50,7 +43,7 @@ class Kernel extends BaseKernel
$loader->load($confDir.'/{services}_'.$this->environment.self::CONFIG_EXTS, 'glob');
}
- protected function configureRoutes(RouteCollectionBuilder $routes)
+ protected function configureRoutes(RouteCollectionBuilder $routes): void
{
$confDir = $this->getProjectDir().'/config';
4.2 vs 4.4diff --git a/symfony/framework-bundle/4.4/config/preload.php b/symfony/framework-bundle/4.4/config/preload.php
new file mode 100644
index 0000000..064bdcd
--- /dev/null
+++ b/symfony/framework-bundle/4.4/config/preload.php
@@ -0,0 +1,9 @@
+<?php
+
+if (file_exists(dirname(__DIR__).'/var/cache/prod/srcApp_KernelProdContainer.preload.php')) {
+ require dirname(__DIR__).'/var/cache/prod/srcApp_KernelProdContainer.preload.php';
+}
+
+if (file_exists(dirname(__DIR__).'/var/cache/prod/App_KernelProdContainer.preload.php')) {
+ require dirname(__DIR__).'/var/cache/prod/App_KernelProdContainer.preload.php';
+}
diff --git a/symfony/framework-bundle/4.4/config/routes/dev/framework.yaml b/symfony/framework-bundle/4.4/config/routes/dev/framework.yaml
new file mode 100644
index 0000000..bcbbf13
--- /dev/null
+++ b/symfony/framework-bundle/4.4/config/routes/dev/framework.yaml
@@ -0,0 +1,3 @@
+_errors:
+ resource: '@FrameworkBundle/Resources/config/routing/errors.xml'
+ prefix: /_error
diff --git a/symfony/framework-bundle/4.2/config/services.yaml b/symfony/framework-bundle/4.4/config/services.yaml
index 337b2b0..c7296dd 100644
--- a/symfony/framework-bundle/4.2/config/services.yaml
+++ b/symfony/framework-bundle/4.4/config/services.yaml
@@ -14,13 +14,17 @@ services:
# makes classes in src/ available to be used as services
# this creates a service per class whose id is the fully-qualified class name
App\:
- resource: '../src/*'
- exclude: '../src/{DependencyInjection,Entity,Tests,Kernel.php}'
+ resource: '../src/'
+ exclude:
+ - '../src/DependencyInjection/'
+ - '../src/Entity/'
+ - '../src/Kernel.php'
+ - '../src/Tests/'
# controllers are imported separately to make sure services can be injected
# as action arguments even if you don't extend any base controller class
App\Controller\:
- resource: '../src/Controller'
+ resource: '../src/Controller/'
tags: ['controller.service_arguments']
# add more service definitions when explicit configuration is needed
diff --git a/symfony/framework-bundle/4.2/public/index.php b/symfony/framework-bundle/4.4/public/index.php
index 929197c..d0b6e02 100644
--- a/symfony/framework-bundle/4.2/public/index.php
+++ b/symfony/framework-bundle/4.4/public/index.php
@@ -1,7 +1,7 @@
<?php
use App\Kernel;
-use Symfony\Component\Debug\Debug;
+use Symfony\Component\ErrorHandler\Debug;
use Symfony\Component\HttpFoundation\Request;
require dirname(__DIR__).'/config/bootstrap.php';4.4 vs 5.1diff --git a/symfony/framework-bundle/4.4/config/bootstrap.php b/symfony/framework-bundle/4.4/config/bootstrap.php
deleted file mode 100644
index 55560fb..0000000
--- a/symfony/framework-bundle/4.4/config/bootstrap.php
+++ /dev/null
@@ -1,23 +0,0 @@
-<?php
-
-use Symfony\Component\Dotenv\Dotenv;
-
-require dirname(__DIR__).'/vendor/autoload.php';
-
-if (!class_exists(Dotenv::class)) {
- throw new LogicException('Please run "composer require symfony/dotenv" to load the ".env" files configuring the application.');
-}
-
-// Load cached env vars if the .env.local.php file exists
-// Run "composer dump-env prod" to create it (requires symfony/flex >=1.2)
-if (is_array($env = @include dirname(__DIR__).'/.env.local.php') && (!isset($env['APP_ENV']) || ($_SERVER['APP_ENV'] ?? $_ENV['APP_ENV'] ?? $env['APP_ENV']) === $env['APP_ENV'])) {
- (new Dotenv(false))->populate($env);
-} else {
- // load all the .env files
- (new Dotenv(false))->loadEnv(dirname(__DIR__).'/.env');
-}
-
-$_SERVER += $_ENV;
-$_SERVER['APP_ENV'] = $_ENV['APP_ENV'] = ($_SERVER['APP_ENV'] ?? $_ENV['APP_ENV'] ?? null) ?: 'dev';
-$_SERVER['APP_DEBUG'] = $_SERVER['APP_DEBUG'] ?? $_ENV['APP_DEBUG'] ?? 'prod' !== $_SERVER['APP_ENV'];
-$_SERVER['APP_DEBUG'] = $_ENV['APP_DEBUG'] = (int) $_SERVER['APP_DEBUG'] || filter_var($_SERVER['APP_DEBUG'], FILTER_VALIDATE_BOOLEAN) ? '1' : '0';
diff --git a/symfony/framework-bundle/4.4/config/preload.php b/symfony/framework-bundle/5.1/config/preload.php
index 064bdcd..5ebcdb2 100644
--- a/symfony/framework-bundle/4.4/config/preload.php
+++ b/symfony/framework-bundle/5.1/config/preload.php
@@ -1,9 +1,5 @@
<?php
-if (file_exists(dirname(__DIR__).'/var/cache/prod/srcApp_KernelProdContainer.preload.php')) {
- require dirname(__DIR__).'/var/cache/prod/srcApp_KernelProdContainer.preload.php';
-}
-
if (file_exists(dirname(__DIR__).'/var/cache/prod/App_KernelProdContainer.preload.php')) {
require dirname(__DIR__).'/var/cache/prod/App_KernelProdContainer.preload.php';
}
diff --git a/symfony/framework-bundle/4.4/public/index.php b/symfony/framework-bundle/5.1/public/index.php
index d0b6e02..097baa3 100644
--- a/symfony/framework-bundle/4.4/public/index.php
+++ b/symfony/framework-bundle/5.1/public/index.php
@@ -1,10 +1,13 @@
<?php
use App\Kernel;
+use Symfony\Component\Dotenv\Dotenv;
use Symfony\Component\ErrorHandler\Debug;
use Symfony\Component\HttpFoundation\Request;
-require dirname(__DIR__).'/config/bootstrap.php';
+require dirname(__DIR__).'/vendor/autoload.php';
+
+(new Dotenv())->bootEnv(dirname(__DIR__).'/.env');
if ($_SERVER['APP_DEBUG']) {
umask(0000);
diff --git a/symfony/framework-bundle/4.4/src/Kernel.php b/symfony/framework-bundle/5.1/src/Kernel.php
index 1cd0572..655e796 100644
--- a/symfony/framework-bundle/4.4/src/Kernel.php
+++ b/symfony/framework-bundle/5.1/src/Kernel.php
@@ -3,52 +3,36 @@
namespace App;
use Symfony\Bundle\FrameworkBundle\Kernel\MicroKernelTrait;
-use Symfony\Component\Config\Loader\LoaderInterface;
-use Symfony\Component\Config\Resource\FileResource;
-use Symfony\Component\DependencyInjection\ContainerBuilder;
+use Symfony\Component\DependencyInjection\Loader\Configurator\ContainerConfigurator;
use Symfony\Component\HttpKernel\Kernel as BaseKernel;
-use Symfony\Component\Routing\RouteCollectionBuilder;
+use Symfony\Component\Routing\Loader\Configurator\RoutingConfigurator;
class Kernel extends BaseKernel
{
use MicroKernelTrait;
- private const CONFIG_EXTS = '.{php,xml,yaml,yml}';
-
- public function registerBundles(): iterable
+ protected function configureContainer(ContainerConfigurator $container): void
{
- $contents = require $this->getProjectDir().'/config/bundles.php';
- foreach ($contents as $class => $envs) {
- if ($envs[$this->environment] ?? $envs['all'] ?? false) {
- yield new $class();
- }
+ $container->import('../config/{packages}/*.yaml');
+ $container->import('../config/{packages}/'.$this->environment.'/*.yaml');
+
+ if (is_file(\dirname(__DIR__).'/config/services.yaml')) {
+ $container->import('../config/services.yaml');
+ $container->import('../config/{services}_'.$this->environment.'.yaml');
+ } elseif (is_file($path = \dirname(__DIR__).'/config/services.php')) {
+ (require $path)($container->withPath($path), $this);
}
}
- public function getProjectDir(): string
+ protected function configureRoutes(RoutingConfigurator $routes): void
{
- return \dirname(__DIR__);
- }
+ $routes->import('../config/{routes}/'.$this->environment.'/*.yaml');
+ $routes->import('../config/{routes}/*.yaml');
- protected function configureContainer(ContainerBuilder $container, LoaderInterface $loader): void
- {
- $container->addResource(new FileResource($this->getProjectDir().'/config/bundles.php'));
- $container->setParameter('container.dumper.inline_class_loader', \PHP_VERSION_ID < 70400 || $this->debug);
- $container->setParameter('container.dumper.inline_factories', true);
- $confDir = $this->getProjectDir().'/config';
-
- $loader->load($confDir.'/{packages}/*'.self::CONFIG_EXTS, 'glob');
- $loader->load($confDir.'/{packages}/'.$this->environment.'/*'.self::CONFIG_EXTS, 'glob');
- $loader->load($confDir.'/{services}'.self::CONFIG_EXTS, 'glob');
- $loader->load($confDir.'/{services}_'.$this->environment.self::CONFIG_EXTS, 'glob');
- }
-
- protected function configureRoutes(RouteCollectionBuilder $routes): void
- {
- $confDir = $this->getProjectDir().'/config';
-
- $routes->import($confDir.'/{routes}/'.$this->environment.'/*'.self::CONFIG_EXTS, '/', 'glob');
- $routes->import($confDir.'/{routes}/*'.self::CONFIG_EXTS, '/', 'glob');
- $routes->import($confDir.'/{routes}'.self::CONFIG_EXTS, '/', 'glob');
+ if (is_file(\dirname(__DIR__).'/config/routes.yaml')) {
+ $routes->import('../config/routes.yaml');
+ } elseif (is_file($path = \dirname(__DIR__).'/config/routes.php')) {
+ (require $path)($routes->withPath($path), $this);
+ }
}
}5.1 vs 5.2diff --git a/symfony/framework-bundle/5.1/manifest.json b/symfony/framework-bundle/5.2/manifest.json
index 101b2aa..17fa50a 100644
--- a/symfony/framework-bundle/5.1/manifest.json
+++ b/symfony/framework-bundle/5.2/manifest.json
@@ -13,9 +13,7 @@
},
"env": {
"APP_ENV": "dev",
- "APP_SECRET": "%generate(secret)%",
- "#TRUSTED_PROXIES": "127.0.0.0/8,10.0.0.0/8,172.16.0.0/12,192.168.0.0/16",
- "#TRUSTED_HOSTS": "'^(localhost|example\\.com)$'"
+ "APP_SECRET": "%generate(secret)%"
},
"gitignore": [
"/.env.local",
diff --git a/symfony/framework-bundle/5.1/public/index.php b/symfony/framework-bundle/5.2/public/index.php
index 097baa3..3bcee0b 100644
--- a/symfony/framework-bundle/5.1/public/index.php
+++ b/symfony/framework-bundle/5.2/public/index.php
@@ -15,14 +15,6 @@ if ($_SERVER['APP_DEBUG']) {
Debug::enable();
}
-if ($trustedProxies = $_SERVER['TRUSTED_PROXIES'] ?? false) {
- Request::setTrustedProxies(explode(',', $trustedProxies), Request::HEADER_X_FORWARDED_FOR | Request::HEADER_X_FORWARDED_PORT | Request::HEADER_X_FORWARDED_PROTO);
-}
-
-if ($trustedHosts = $_SERVER['TRUSTED_HOSTS'] ?? false) {
- Request::setTrustedHosts([$trustedHosts]);
-}
-
$kernel = new Kernel($_SERVER['APP_ENV'], (bool) $_SERVER['APP_DEBUG']);
$request = Request::createFromGlobals();
$response = $kernel->handle($request);5.2 vs 5.3diff --git a/symfony/framework-bundle/5.2/config/packages/framework.yaml b/symfony/framework-bundle/5.3/config/packages/framework.yaml
index cad7f78..7853e9e 100644
--- a/symfony/framework-bundle/5.2/config/packages/framework.yaml
+++ b/symfony/framework-bundle/5.3/config/packages/framework.yaml
@@ -2,7 +2,7 @@
framework:
secret: '%env(APP_SECRET)%'
#csrf_protection: true
- #http_method_override: true
+ http_method_override: false
# Enables session support. Note that the session will ONLY be started if you read or write from it.
# Remove or comment this section to explicitly disable session support.
@@ -10,8 +10,15 @@ framework:
handler_id: null
cookie_secure: auto
cookie_samesite: lax
+ storage_factory_id: session.storage.factory.native
#esi: true
#fragments: true
php_errors:
log: true
+
+when@test:
+ framework:
+ test: true
+ session:
+ storage_factory_id: session.storage.factory.mock_file
diff --git a/symfony/framework-bundle/5.2/config/packages/test/framework.yaml b/symfony/framework-bundle/5.2/config/packages/test/framework.yaml
deleted file mode 100644
index d051c84..0000000
--- a/symfony/framework-bundle/5.2/config/packages/test/framework.yaml
+++ /dev/null
@@ -1,4 +0,0 @@
-framework:
- test: true
- session:
- storage_id: session.storage.mock_file
diff --git a/symfony/framework-bundle/5.2/config/routes/dev/framework.yaml b/symfony/framework-bundle/5.2/config/routes/dev/framework.yaml
deleted file mode 100644
index bcbbf13..0000000
--- a/symfony/framework-bundle/5.2/config/routes/dev/framework.yaml
+++ /dev/null
@@ -1,3 +0,0 @@
-_errors:
- resource: '@FrameworkBundle/Resources/config/routing/errors.xml'
- prefix: /_error
diff --git a/symfony/framework-bundle/5.3/config/routes/framework.yaml b/symfony/framework-bundle/5.3/config/routes/framework.yaml
new file mode 100644
index 0000000..0fc74bb
--- /dev/null
+++ b/symfony/framework-bundle/5.3/config/routes/framework.yaml
@@ -0,0 +1,4 @@
+when@dev:
+ _errors:
+ resource: '@FrameworkBundle/Resources/config/routing/errors.xml'
+ prefix: /_error
diff --git a/symfony/framework-bundle/5.2/config/services.yaml b/symfony/framework-bundle/5.3/config/services.yaml
index c7296dd..ef07b76 100644
--- a/symfony/framework-bundle/5.2/config/services.yaml
+++ b/symfony/framework-bundle/5.3/config/services.yaml
@@ -2,7 +2,7 @@
# Files in the packages/ subdirectory configure your dependencies.
# Put parameters here that don't need to change on each machine where the app is deployed
-# https://symfony.com/doc/current/best_practices/configuration.html#application-related-configuration
+# https://symfony.com/doc/current/best_practices.html#use-parameters-for-application-configuration
parameters:
services:
@@ -21,11 +21,5 @@ services:
- '../src/Kernel.php'
- '../src/Tests/'
- # controllers are imported separately to make sure services can be injected
- # as action arguments even if you don't extend any base controller class
- App\Controller\:
- resource: '../src/Controller/'
- tags: ['controller.service_arguments']
-
# add more service definitions when explicit configuration is needed
# please note that last definitions always *replace* previous ones
diff --git a/symfony/framework-bundle/5.2/public/index.php b/symfony/framework-bundle/5.3/public/index.php
index 3bcee0b..9982c21 100644
--- a/symfony/framework-bundle/5.2/public/index.php
+++ b/symfony/framework-bundle/5.3/public/index.php
@@ -1,22 +1,9 @@
<?php
use App\Kernel;
-use Symfony\Component\Dotenv\Dotenv;
-use Symfony\Component\ErrorHandler\Debug;
-use Symfony\Component\HttpFoundation\Request;
-require dirname(__DIR__).'/vendor/autoload.php';
+require_once dirname(__DIR__).'/vendor/autoload_runtime.php';
-(new Dotenv())->bootEnv(dirname(__DIR__).'/.env');
-
-if ($_SERVER['APP_DEBUG']) {
- umask(0000);
-
- Debug::enable();
-}
-
-$kernel = new Kernel($_SERVER['APP_ENV'], (bool) $_SERVER['APP_DEBUG']);
-$request = Request::createFromGlobals();
-$response = $kernel->handle($request);
-$response->send();
-$kernel->terminate($request, $response);
+return function (array $context) {
+ return new Kernel($context['APP_ENV'], (bool) $context['APP_DEBUG']);
+};
diff --git a/symfony/framework-bundle/5.2/src/Kernel.php b/symfony/framework-bundle/5.3/src/Kernel.php
index 655e796..8e96873 100644
--- a/symfony/framework-bundle/5.2/src/Kernel.php
+++ b/symfony/framework-bundle/5.3/src/Kernel.php
@@ -19,8 +19,8 @@ class Kernel extends BaseKernel
if (is_file(\dirname(__DIR__).'/config/services.yaml')) {
$container->import('../config/services.yaml');
$container->import('../config/{services}_'.$this->environment.'.yaml');
- } elseif (is_file($path = \dirname(__DIR__).'/config/services.php')) {
- (require $path)($container->withPath($path), $this);
+ } else {
+ $container->import('../config/{services}.php');
}
}
@@ -31,8 +31,8 @@ class Kernel extends BaseKernel
if (is_file(\dirname(__DIR__).'/config/routes.yaml')) {
$routes->import('../config/routes.yaml');
- } elseif (is_file($path = \dirname(__DIR__).'/config/routes.php')) {
- (require $path)($routes->withPath($path), $this);
+ } else {
+ $routes->import('../config/{routes}.php');
}
}
}5.3 vs 5.4diff --git a/symfony/framework-bundle/5.3/manifest.json b/symfony/framework-bundle/5.4/manifest.json
index 17fa50a..daf2b51 100644
--- a/symfony/framework-bundle/5.3/manifest.json
+++ b/symfony/framework-bundle/5.4/manifest.json
@@ -9,11 +9,12 @@
},
"composer-scripts": {
"cache:clear": "symfony-cmd",
- "assets:install %PUBLIC_DIR%": "symfony-cmd"
+ "assets:install %PUBLIC_DIR%": "symfony-cmd",
+ "secrets:generate-keys": "symfony-cmd",
+ "secrets:set APP_SECRET --random": "symfony-cmd"
},
"env": {
- "APP_ENV": "dev",
- "APP_SECRET": "%generate(secret)%"
+ "APP_ENV": "dev"
},
"gitignore": [
"/.env.local",
diff --git a/symfony/framework-bundle/5.3/src/Kernel.php b/symfony/framework-bundle/5.4/src/Kernel.php
index 8e96873..779cd1f 100644
--- a/symfony/framework-bundle/5.3/src/Kernel.php
+++ b/symfony/framework-bundle/5.4/src/Kernel.php
@@ -3,36 +3,9 @@
namespace App;
use Symfony\Bundle\FrameworkBundle\Kernel\MicroKernelTrait;
-use Symfony\Component\DependencyInjection\Loader\Configurator\ContainerConfigurator;
use Symfony\Component\HttpKernel\Kernel as BaseKernel;
-use Symfony\Component\Routing\Loader\Configurator\RoutingConfigurator;
class Kernel extends BaseKernel
{
use MicroKernelTrait;
-
- protected function configureContainer(ContainerConfigurator $container): void
- {
- $container->import('../config/{packages}/*.yaml');
- $container->import('../config/{packages}/'.$this->environment.'/*.yaml');
-
- if (is_file(\dirname(__DIR__).'/config/services.yaml')) {
- $container->import('../config/services.yaml');
- $container->import('../config/{services}_'.$this->environment.'.yaml');
- } else {
- $container->import('../config/{services}.php');
- }
- }
-
- protected function configureRoutes(RoutingConfigurator $routes): void
- {
- $routes->import('../config/{routes}/'.$this->environment.'/*.yaml');
- $routes->import('../config/{routes}/*.yaml');
-
- if (is_file(\dirname(__DIR__).'/config/routes.yaml')) {
- $routes->import('../config/routes.yaml');
- } else {
- $routes->import('../config/{routes}.php');
- }
- }
} |
noniagriconomie
force-pushed
the
ft-vault-secret
branch
from
5fac3b3 to
40709fa
Compare
noniagriconomie
force-pushed
the
ft-vault-secret
branch
from
40709fa to
93fb283
Compare
Tobion
suggested changes
Sep 23, 2021
| @@ -9,11 +9,13 @@ | |||
| }, | |||
| "composer-scripts": { | |||
| "cache:clear": "symfony-cmd", | |||
| "assets:install %PUBLIC_DIR%": "symfony-cmd" | |||
| "assets:install %PUBLIC_DIR%": "symfony-cmd", | |||
| "secrets:generate-keys": "symfony-cmd", | |||
There was a problem hiding this comment.
the composer scripts run on each install/update. you don't want to regenerate keys every time
There was a problem hiding this comment.
according to the command doc:
If encryption keys already exist, the command must be called with
the --rotate option in order to override those keys and re-encrypt
existing secrets.
bin/console secrets:generate-keys --rotate
@Tobion iiuc it is ok like this; after the first install, other updates will change nothing related to those keys
noniagriconomie
force-pushed
the
ft-vault-secret
branch
from
93fb283 to
4713ce9
Compare
noniagriconomie
commented
Sep 23, 2021
| "assets:install %PUBLIC_DIR%": "symfony-cmd" | ||
| "assets:install %PUBLIC_DIR%": "symfony-cmd", | ||
| "secrets:generate-keys": "symfony-cmd", | ||
| "secrets:set APP_SECRET --random": "symfony-cmd" |
There was a problem hiding this comment.
I do not know if I should use the --local option here
There was a problem hiding this comment.
doesn't this generate a new APP_SECRET every time?
There was a problem hiding this comment.
indeed it does :s
2 options:
- either "do not care in dev" that this env is regenerated
- or we should add an option to this command so that, if already existing in the vault, it is not overriden if no flag provided (cf the
secrets:generate-keys --rotate)
There was a problem hiding this comment.
@nicolas-grekas friendly ping :)
related to symfony/symfony#38021 (comment) and the creation of the secret logic, do you have an idea here?
many thanks!
noniagriconomie
force-pushed
the
ft-vault-secret
branch
from
4713ce9 to
59dcc87
Compare
noniagriconomie
changed the title
|
I'm sorry but I'm going to close here. I'm going to explain why in the linked issue. |
javiereguiluz
added a commit
to symfony/symfony-docs
that referenced
this pull request
Nov 2, 2021
…mie) This PR was merged into the 4.4 branch. Discussion ---------- Add caution on the framework kernel secret Hi, small caution on the doc according to this framework config value, I think it is usefull Related to symfony/symfony#38021 and symfony/symfony#38021 (comment) After my attempt at symfony/recipes#1005 and symfony/symfony#38021 (comment) Commits ------- 9bc68bf Update framework.rst
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Hi, I've found this issue and wanted to give it a try for next v5.4
ℹ️ not tested for now, just code PR
Commands taken from https://symfony.com/doc/current/configuration/secrets.html
I also used the
--randomflag instead of thegenerate()feature to get a secret value(Also related to #979)
Friendly ping @Tobion