Skip to content

Move SECRETS in a new component 📦️ #45571

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Closed
wants to merge 3 commits into from
Closed

Move SECRETS in a new component 📦️ #45571

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
745cd3d
📦 Move secret into a new component
casahugo Feb 27, 2022
a792acb
🔧 update secret config
casahugo Feb 27, 2022
7b90d00
🔧 set component version to 6.1
casahugo Feb 27, 2022
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions composer.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -97,6 +97,7 @@
"symfony/security-guard": "self.version",
"symfony/security-http": "self.version",
"symfony/semaphore": "self.version",
"symfony/secret": "self.version",
"symfony/serializer": "self.version",
"symfony/stopwatch": "self.version",
"symfony/string": "self.version",
Expand Down
12 changes: 6 additions & 6 deletions src/Symfony/Bundle/FrameworkBundle/Resources/config/console.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -28,12 +28,6 @@
use Symfony\Bundle\FrameworkBundle\Command\EventDispatcherDebugCommand;
use Symfony\Bundle\FrameworkBundle\Command\RouterDebugCommand;
use Symfony\Bundle\FrameworkBundle\Command\RouterMatchCommand;
use Symfony\Bundle\FrameworkBundle\Command\SecretsDecryptToLocalCommand;
use Symfony\Bundle\FrameworkBundle\Command\SecretsEncryptFromLocalCommand;
use Symfony\Bundle\FrameworkBundle\Command\SecretsGenerateKeysCommand;
use Symfony\Bundle\FrameworkBundle\Command\SecretsListCommand;
use Symfony\Bundle\FrameworkBundle\Command\SecretsRemoveCommand;
use Symfony\Bundle\FrameworkBundle\Command\SecretsSetCommand;
use Symfony\Bundle\FrameworkBundle\Command\TranslationDebugCommand;
use Symfony\Bundle\FrameworkBundle\Command\TranslationUpdateCommand;
use Symfony\Bundle\FrameworkBundle\Command\WorkflowDumpCommand;
Expand All @@ -48,6 +42,12 @@
use Symfony\Component\Messenger\Command\FailedMessagesShowCommand;
use Symfony\Component\Messenger\Command\SetupTransportsCommand;
use Symfony\Component\Messenger\Command\StopWorkersCommand;
use Symfony\Component\Secret\Command\SecretsDecryptToLocalCommand;
use Symfony\Component\Secret\Command\SecretsEncryptFromLocalCommand;
use Symfony\Component\Secret\Command\SecretsGenerateKeysCommand;
use Symfony\Component\Secret\Command\SecretsListCommand;
use Symfony\Component\Secret\Command\SecretsRemoveCommand;
use Symfony\Component\Secret\Command\SecretsSetCommand;
use Symfony\Component\Translation\Command\TranslationPullCommand;
use Symfony\Component\Translation\Command\TranslationPushCommand;
use Symfony\Component\Translation\Command\XliffLintCommand;
Expand Down
4 changes: 2 additions & 2 deletions src/Symfony/Bundle/FrameworkBundle/Resources/config/secrets.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -11,8 +11,8 @@

namespace Symfony\Component\DependencyInjection\Loader\Configurator;

use Symfony\Bundle\FrameworkBundle\Secrets\DotenvVault;
use Symfony\Bundle\FrameworkBundle\Secrets\SodiumVault;
use Symfony\Component\Secret\DotenvVault;
use Symfony\Component\Secret\SodiumVault;

return static function (ContainerConfigurator $container) {
$container->services()
Expand Down
1 change: 1 addition & 0 deletions src/Symfony/Bundle/FrameworkBundle/composer.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -29,6 +29,7 @@
"symfony/polyfill-mbstring": "~1.0",
"symfony/filesystem": "^5.4|^6.0",
"symfony/finder": "^5.4|^6.0",
"symfony/secret": "^6.1",
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

IMHO this should be an optional dependency (The FrameworkBundle does not require secrets to work).

But I'm not sure how we could provide a BC layer (migration path) without requiring it nor duplicating the code.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

can it be also enabled/disabled via a new framework config key?

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

can it be also enabled/disabled via a new framework config key?

That's already the case.

The point of NOT making it a required dependency is to avoid downloading everything "just in case". Otherwise, symfony/framework-bundle will become the next symfony/symfony

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

oki I got it thx for explanations :)

Copy link
Member

@derrabus derrabus Feb 28, 2022
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Let's make it an optional dependency in 7.0 then? Otherwise we would need to duplicate the code for BC and lose the advantage of the optional dependency in terms of download size.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@derrabus agreed, but how triggering a deprecation if the user did not require the deps. Otherwise, bumping symfony to 7.0 will uninstall symfony/secrets

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Sounds good to me

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think, we've had similar problems when we removed messenger transports into bridge packages. How did we solve this issue back then? 🤔

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We made messenger require the bridges (hard dep) until 6.0

"symfony/routing": "^5.4|^6.0"
},
"require-dev": {
Expand Down
4 changes: 4 additions & 0 deletions src/Symfony/Component/Secret/.gitattributes
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,4 @@
/Tests export-ignore
/phpunit.xml.dist export-ignore
/.gitattributes export-ignore
/.gitignore export-ignore
3 changes: 3 additions & 0 deletions src/Symfony/Component/Secret/.gitignore
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
/vendor/
/phpunit.xml
.phpunit.result.cache
8 changes: 4 additions & 4 deletions ...FrameworkBundle/Secrets/AbstractVault.php → ...ymfony/Component/Secret/AbstractVault.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -9,12 +9,12 @@
* file that was distributed with this source code.
*/

namespace Symfony\Bundle\FrameworkBundle\Secrets;
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Instead of moving you should copy & extend those new files by old ones to have BC.

Copy link
Author

@casahugo casahugo Feb 27, 2022
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It is not a problem that the component is dependent on the FrameworkBundle?

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It is, but we can do differently.
The deprecated framework-bundle classes should extend the new component’s classes, or be aliased to them (see e.g.

symfony/src/Symfony/Component/Messenger/Transport/AmqpExt/AmqpTransport.php

Line 18 in fdfa40e

class_exists(BridgeAmqpTransport::class);
).

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

All classes are flagged @internal. As long as symfony/secret is a required dependency we don't need to use this trick.

But if we decide to make synfony/secret optional (see my comment #45571 (comment)), in that case, we should keep a BC layer in the FrameworkBundle

declare(strict_types=1);
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

revert (same comment everywhere)


namespace Symfony\Component\Secret;

/**
* @author Nicolas Grekas <p@tchwork.com>
*
* @internal
*/
abstract class AbstractVault
{
Expand Down Expand Up @@ -42,7 +42,7 @@ protected function validateName(string $name): void
}
}

protected function getPrettyPath(string $path)
protected function getPrettyPath(string $path): string
{
return str_replace(getcwd().\DIRECTORY_SEPARATOR, '', $path);
}
Expand Down
7 changes: 7 additions & 0 deletions src/Symfony/Component/Secret/CHANGELOG.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,7 @@
CHANGELOG
=========

6.1
---

* added the component
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
* added the component
* Add the component

8 changes: 4 additions & 4 deletions .../Command/SecretsDecryptToLocalCommand.php → .../Command/SecretsDecryptToLocalCommand.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -9,21 +9,21 @@
* file that was distributed with this source code.
*/

namespace Symfony\Bundle\FrameworkBundle\Command;
declare(strict_types=1);

namespace Symfony\Component\Secret\Command;

use Symfony\Bundle\FrameworkBundle\Secrets\AbstractVault;
use Symfony\Component\Console\Attribute\AsCommand;
use Symfony\Component\Console\Command\Command;
use Symfony\Component\Console\Input\InputInterface;
use Symfony\Component\Console\Input\InputOption;
use Symfony\Component\Console\Output\ConsoleOutputInterface;
use Symfony\Component\Console\Output\OutputInterface;
use Symfony\Component\Console\Style\SymfonyStyle;
use Symfony\Component\Secret\AbstractVault;

/**
* @author Nicolas Grekas <p@tchwork.com>
*
* @internal
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Most likely should be still there.

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Even if used in the FramworkBundle ?

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I also interpret it that no external project may rely on the interfaces of the class. In that case yes, usage in other libraries of the symfony package should work together with the internal tag.

*/
#[AsCommand(name: 'secrets:decrypt-to-local', description: 'Decrypt all secrets and stores them in the local vault')]
final class SecretsDecryptToLocalCommand extends Command
Expand Down
8 changes: 4 additions & 4 deletions ...ommand/SecretsEncryptFromLocalCommand.php → ...ommand/SecretsEncryptFromLocalCommand.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -9,20 +9,20 @@
* file that was distributed with this source code.
*/

namespace Symfony\Bundle\FrameworkBundle\Command;
declare(strict_types=1);

namespace Symfony\Component\Secret\Command;

use Symfony\Bundle\FrameworkBundle\Secrets\AbstractVault;
use Symfony\Component\Console\Attribute\AsCommand;
use Symfony\Component\Console\Command\Command;
use Symfony\Component\Console\Input\InputInterface;
use Symfony\Component\Console\Output\ConsoleOutputInterface;
use Symfony\Component\Console\Output\OutputInterface;
use Symfony\Component\Console\Style\SymfonyStyle;
use Symfony\Component\Secret\AbstractVault;

/**
* @author Nicolas Grekas <p@tchwork.com>
*
* @internal
*/
#[AsCommand(name: 'secrets:encrypt-from-local', description: 'Encrypt all local secrets to the vault')]
final class SecretsEncryptFromLocalCommand extends Command
Expand Down
8 changes: 4 additions & 4 deletions ...le/Command/SecretsGenerateKeysCommand.php → ...et/Command/SecretsGenerateKeysCommand.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -9,23 +9,23 @@
* file that was distributed with this source code.
*/

namespace Symfony\Bundle\FrameworkBundle\Command;
declare(strict_types=1);

namespace Symfony\Component\Secret\Command;

use Symfony\Bundle\FrameworkBundle\Secrets\AbstractVault;
use Symfony\Component\Console\Attribute\AsCommand;
use Symfony\Component\Console\Command\Command;
use Symfony\Component\Console\Input\InputInterface;
use Symfony\Component\Console\Input\InputOption;
use Symfony\Component\Console\Output\ConsoleOutputInterface;
use Symfony\Component\Console\Output\OutputInterface;
use Symfony\Component\Console\Style\SymfonyStyle;
use Symfony\Component\Secret\AbstractVault;

/**
* @author Tobias Schultze <http://tobion.de>
* @author Jérémy Derussé <jeremy@derusse.com>
* @author Nicolas Grekas <p@tchwork.com>
*
* @internal
*/
#[AsCommand(name: 'secrets:generate-keys', description: 'Generate new encryption keys')]
final class SecretsGenerateKeysCommand extends Command
Expand Down
8 changes: 4 additions & 4 deletions ...workBundle/Command/SecretsListCommand.php → ...ent/Secret/Command/SecretsListCommand.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -9,9 +9,10 @@
* file that was distributed with this source code.
*/

namespace Symfony\Bundle\FrameworkBundle\Command;
declare(strict_types=1);

namespace Symfony\Component\Secret\Command;

use Symfony\Bundle\FrameworkBundle\Secrets\AbstractVault;
use Symfony\Component\Console\Attribute\AsCommand;
use Symfony\Component\Console\Command\Command;
use Symfony\Component\Console\Helper\Dumper;
Expand All @@ -20,13 +21,12 @@
use Symfony\Component\Console\Output\ConsoleOutputInterface;
use Symfony\Component\Console\Output\OutputInterface;
use Symfony\Component\Console\Style\SymfonyStyle;
use Symfony\Component\Secret\AbstractVault;

/**
* @author Tobias Schultze <http://tobion.de>
* @author Jérémy Derussé <jeremy@derusse.com>
* @author Nicolas Grekas <p@tchwork.com>
*
* @internal
*/
#[AsCommand(name: 'secrets:list', description: 'List all secrets')]
final class SecretsListCommand extends Command
Expand Down
8 changes: 4 additions & 4 deletions ...rkBundle/Command/SecretsRemoveCommand.php → ...t/Secret/Command/SecretsRemoveCommand.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -9,9 +9,10 @@
* file that was distributed with this source code.
*/

namespace Symfony\Bundle\FrameworkBundle\Command;
declare(strict_types=1);

namespace Symfony\Component\Secret\Command;

use Symfony\Bundle\FrameworkBundle\Secrets\AbstractVault;
use Symfony\Component\Console\Attribute\AsCommand;
use Symfony\Component\Console\Command\Command;
use Symfony\Component\Console\Completion\CompletionInput;
Expand All @@ -22,12 +23,11 @@
use Symfony\Component\Console\Output\ConsoleOutputInterface;
use Symfony\Component\Console\Output\OutputInterface;
use Symfony\Component\Console\Style\SymfonyStyle;
use Symfony\Component\Secret\AbstractVault;

/**
* @author Jérémy Derussé <jeremy@derusse.com>
* @author Nicolas Grekas <p@tchwork.com>
*
* @internal
*/
#[AsCommand(name: 'secrets:remove', description: 'Remove a secret from the vault')]
final class SecretsRemoveCommand extends Command
Expand Down
8 changes: 4 additions & 4 deletions ...eworkBundle/Command/SecretsSetCommand.php → ...nent/Secret/Command/SecretsSetCommand.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -9,9 +9,10 @@
* file that was distributed with this source code.
*/

namespace Symfony\Bundle\FrameworkBundle\Command;
declare(strict_types=1);

namespace Symfony\Component\Secret\Command;

use Symfony\Bundle\FrameworkBundle\Secrets\AbstractVault;
use Symfony\Component\Console\Attribute\AsCommand;
use Symfony\Component\Console\Command\Command;
use Symfony\Component\Console\Completion\CompletionInput;
Expand All @@ -22,13 +23,12 @@
use Symfony\Component\Console\Output\ConsoleOutputInterface;
use Symfony\Component\Console\Output\OutputInterface;
use Symfony\Component\Console\Style\SymfonyStyle;
use Symfony\Component\Secret\AbstractVault;

/**
* @author Tobias Schultze <http://tobion.de>
* @author Jérémy Derussé <jeremy@derusse.com>
* @author Nicolas Grekas <p@tchwork.com>
*
* @internal
*/
#[AsCommand(name: 'secrets:set', description: 'Set a secret in the vault')]
final class SecretsSetCommand extends Command
Expand Down
6 changes: 3 additions & 3 deletions ...e/FrameworkBundle/Secrets/DotenvVault.php → src/Symfony/Component/Secret/DotenvVault.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -9,12 +9,12 @@
* file that was distributed with this source code.
*/

namespace Symfony\Bundle\FrameworkBundle\Secrets;
declare(strict_types=1);

namespace Symfony\Component\Secret;

/**
* @author Nicolas Grekas <p@tchwork.com>
*
* @internal
*/
class DotenvVault extends AbstractVault
{
Expand Down
19 changes: 19 additions & 0 deletions src/Symfony/Component/Secret/LICENSE
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,19 @@
Copyright (c) 2022 Fabien Potencier

Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal
in the Software without restriction, including without limitation the rights
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
copies of the Software, and to permit persons to whom the Software is furnished
to do so, subject to the following conditions:

The above copyright notice and this permission notice shall be included in all
copies or substantial portions of the Software.

THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
THE SOFTWARE.
13 changes: 13 additions & 0 deletions src/Symfony/Component/Secret/README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,13 @@
Secret Component
=============

The Secret component provide a vault to keep sensitive information secret

Resources
---------

* [Documentation](https://symfony.com/doc/current/configuration/secrets.html)
* [Contributing](https://symfony.com/doc/current/contributing/index.html)
* [Report issues](https://github.com/symfony/symfony/issues) and
[send Pull Requests](https://github.com/symfony/symfony/pulls)
in the [main Symfony repository](https://github.com/symfony/symfony)
6 changes: 3 additions & 3 deletions ...e/FrameworkBundle/Secrets/SodiumVault.php → src/Symfony/Component/Secret/SodiumVault.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -9,7 +9,9 @@
* file that was distributed with this source code.
*/

namespace Symfony\Bundle\FrameworkBundle\Secrets;
declare(strict_types=1);

namespace Symfony\Component\Secret;

use Symfony\Component\DependencyInjection\EnvVarLoaderInterface;
use Symfony\Component\VarExporter\VarExporter;
Expand All @@ -18,8 +20,6 @@
* @author Tobias Schultze <http://tobion.de>
* @author Jérémy Derussé <jeremy@derusse.com>
* @author Nicolas Grekas <p@tchwork.com>
*
* @internal
*/
class SodiumVault extends AbstractVault implements EnvVarLoaderInterface
{
Expand Down
8 changes: 5 additions & 3 deletions ...ests/Command/SecretsRemoveCommandTest.php → ...ests/Command/SecretsRemoveCommandTest.php
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,11 +1,13 @@
<?php

namespace Symfony\Bundle\FrameworkBundle\Tests\Command;
declare(strict_types=1);

namespace Symfony\Component\Secret\Tests\Command;

use PHPUnit\Framework\TestCase;
use Symfony\Bundle\FrameworkBundle\Command\SecretsRemoveCommand;
use Symfony\Bundle\FrameworkBundle\Secrets\AbstractVault;
use Symfony\Component\Console\Tester\CommandCompletionTester;
use Symfony\Component\Secret\AbstractVault;
use Symfony\Component\Secret\Command\SecretsRemoveCommand;

class SecretsRemoveCommandTest extends TestCase
{
Expand Down
8 changes: 5 additions & 3 deletions ...e/Tests/Command/SecretsSetCommandTest.php → ...t/Tests/Command/SecretsSetCommandTest.php
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,11 +1,13 @@
<?php

namespace Symfony\Bundle\FrameworkBundle\Tests\Command;
declare(strict_types=1);

namespace Symfony\Component\Secret\Tests\Command;

use PHPUnit\Framework\TestCase;
use Symfony\Bundle\FrameworkBundle\Command\SecretsSetCommand;
use Symfony\Bundle\FrameworkBundle\Secrets\AbstractVault;
use Symfony\Component\Console\Tester\CommandCompletionTester;
use Symfony\Component\Secret\AbstractVault;
use Symfony\Component\Secret\Command\SecretsSetCommand;

class SecretsSetCommandTest extends TestCase
{
Expand Down
6 changes: 4 additions & 2 deletions ...kBundle/Tests/Secrets/DotenvVaultTest.php → ...omponent/Secret/Tests/DotenvVaultTest.php
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,10 +1,12 @@
<?php

namespace Symfony\Bundle\FrameworkBundle\Tests\Secrets;
declare(strict_types=1);

namespace Symfony\Component\Secret\Tests;

use PHPUnit\Framework\TestCase;
use Symfony\Bundle\FrameworkBundle\Secrets\DotenvVault;
use Symfony\Component\Dotenv\Dotenv;
use Symfony\Component\Secret\DotenvVault;

class DotenvVaultTest extends TestCase
{
Expand Down
6 changes: 4 additions & 2 deletions ...kBundle/Tests/Secrets/SodiumVaultTest.php → ...omponent/Secret/Tests/SodiumVaultTest.php
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,10 +1,12 @@
<?php

namespace Symfony\Bundle\FrameworkBundle\Tests\Secrets;
declare(strict_types=1);

namespace Symfony\Component\Secret\Tests;

use PHPUnit\Framework\TestCase;
use Symfony\Bundle\FrameworkBundle\Secrets\SodiumVault;
use Symfony\Component\Filesystem\Filesystem;
use Symfony\Component\Secret\SodiumVault;

class SodiumVaultTest extends TestCase
{
Expand Down
Loading