Implement more configuration options

Summary: Allow extra options to be locked, hidden or masked via config. These options are themselves locked and can not be edited via the web UI. The primary goal here is to let us lock or hide things from SaaS installs (e.g., keys, etc.), or to let server administrators lock or hide information from web UI administrators if they want to for some reason. The secondary goal is to remove the `darkconsole.config-mask` option, although I might just remove the panel entirely and put it in the config app, since that probably makes far more sense. Yeahhhhh... probably doing that. These options need masks when ported (they haven't been ported yet): phabricator.csrf-key phabricator.mail-key security.hmac-key Test Plan: Artifically tweaked lock/hide settings on options, verified the UI respected them. Reviewers: codeblock, btrahan Reviewed By: codeblock CC: aran Maniphest Tasks: T2255 Differential Revision: https://secure.phabricator.com/D4472
2024-11-09 16:32:39 +01:00 · 2013-01-16 10:52:09 -08:00 · 2013-01-16 10:52:09 -08:00 · 3ded757e84
commit 3ded757e84
parent 0e612c910b
9 changed files with 52 additions and 3 deletions
--- a/conf/default.conf.php
+++ b/conf/default.conf.php
@ -162,6 +162,15 @@ return array(
    'ldap.anonymous-user-password',
  ),

+  // Map of additional configuration values to lock.
+  'config.lock' => array(),
+
+  // Map of additional configuration values to hide.
+  'config.hide' => array(),
+
+  // Map of additional configuration values to mask.
+  'config.mask' => array(),
+

 // --  MySQL  --------------------------------------------------------------- //

--- a/src/applications/config/option/PhabricatorAWSConfigOptions.php
+++ b/src/applications/config/option/PhabricatorAWSConfigOptions.php
@ -16,10 +16,12 @@ final class PhabricatorAWSConfigOptions
      $this->newOption('amazon-ses.access-key', 'string', null)
        ->setDescription(pht('Access key for Amazon SES.')),
      $this->newOption('amazon-ses.secret-key', 'string', null)
+        ->setMasked(true)
        ->setDescription(pht('Secret key for Amazon SES.')),
      $this->newOption('amazon-s3.access-key', 'string', null)
        ->setDescription(pht('Access key for Amazon S3.')),
      $this->newOption('amazon-s3.secret-key', 'string', null)
+        ->setMasked(true)
        ->setDescription(pht('Secret key for Amazon S3.')),
      $this->newOption('amazon-s3.endpoint', 'string', null)
        ->setDescription(
@ -31,6 +33,7 @@ final class PhabricatorAWSConfigOptions
      $this->newOption('amazon-ec2.access-key', 'string', null)
        ->setDescription(pht('Access key for Amazon EC2.')),
      $this->newOption('amazon-ec2.secret-key', 'string', null)
+        ->setMasked(true)
        ->setDescription(pht('Secret key for Amazon EC2.')),
    );
  }
--- a/src/applications/config/option/PhabricatorConfigOption.php
+++ b/src/applications/config/option/PhabricatorConfigOption.php
@ -32,10 +32,18 @@ final class PhabricatorConfigOption
  }

  public function getMasked() {
+    if ($this->masked) {
+      return true;
+    }
+
    if ($this->getHidden()) {
      return true;
    }
-    return $this->masked;
+
+    return idx(
+      PhabricatorEnv::getEnvConfig('config.mask', array()),
+      $this->getKey(),
+      false);
  }

  public function setHidden($hidden) {
@ -44,7 +52,14 @@ final class PhabricatorConfigOption
  }

  public function getHidden() {
-    return $this->hidden;
+    if ($this->hidden) {
+      return true;
+    }
+
+    return idx(
+      PhabricatorEnv::getEnvConfig('config.hide', array()),
+      $this->getKey(),
+      false);
  }

  public function setLocked($locked) {
@ -53,10 +68,18 @@ final class PhabricatorConfigOption
  }

  public function getLocked() {
+    if ($this->locked) {
+      return true;
+    }
+
    if ($this->getHidden()) {
      return true;
    }
-    return $this->locked;
+
+    return idx(
+      PhabricatorEnv::getEnvConfig('config.lock', array()),
+      $this->getKey(),
+      false);
  }

  public function addExample($value, $description) {
--- a/src/applications/config/option/PhabricatorCoreConfigOptions.php
+++ b/src/applications/config/option/PhabricatorCoreConfigOptions.php
@ -106,6 +106,15 @@ final class PhabricatorCoreConfigOptions
            "then playing with a user tokenizer (like the user selectors in ".
            "Maniphest or Differential) and seeing which setting loads ".
            "faster and feels better.")),
+      $this->newOption('config.lock', 'wild', array())
+        ->setLocked(true)
+        ->setDescription(pht('Additional configuration options to lock.')),
+      $this->newOption('config.hide', 'wild', array())
+        ->setLocked(true)
+        ->setDescription(pht('Additional configuration options to hide.')),
+      $this->newOption('config.mask', 'wild', array())
+        ->setLocked(true)
+        ->setDescription(pht('Additional configuration options to mask.')),
    );
  }

--- a/src/applications/config/option/PhabricatorDisqusConfigOptions.php
+++ b/src/applications/config/option/PhabricatorDisqusConfigOptions.php
@ -47,6 +47,7 @@ final class PhabricatorDisqusConfigOptions
          pht(
            'Disqus "Client ID" to use for Disqus API access.')),
      $this->newOption('disqus.application-secret', 'string', null)
+        ->setMasked(true)
        ->setDescription(
          pht(
            'Disqus "Secret" to use for Diqsus API access.')),
--- a/src/applications/config/option/PhabricatorFacebookConfigOptions.php
+++ b/src/applications/config/option/PhabricatorFacebookConfigOptions.php
@ -47,6 +47,7 @@ final class PhabricatorFacebookConfigOptions
          pht(
            'Facebook "Application ID" to use for Facebook API access.')),
      $this->newOption('facebook.application-secret', 'string', null)
+        ->setMasked(true)
        ->setDescription(
          pht(
            'Facebook "Application Secret" to use for Facebook API access.')),
--- a/src/applications/config/option/PhabricatorGitHubConfigOptions.php
+++ b/src/applications/config/option/PhabricatorGitHubConfigOptions.php
@ -47,6 +47,7 @@ final class PhabricatorGitHubConfigOptions
          pht(
            'GitHub "Client ID" to use for GitHub API access.')),
      $this->newOption('github.application-secret', 'string', null)
+        ->setMasked(true)
        ->setDescription(
          pht(
            'GitHub "Secret" to use for GitHub API access.')),
--- a/src/applications/config/option/PhabricatorGoogleConfigOptions.php
+++ b/src/applications/config/option/PhabricatorGoogleConfigOptions.php
@ -47,6 +47,7 @@ final class PhabricatorGoogleConfigOptions
          pht(
            'Google "Client ID" to use for Google API access.')),
      $this->newOption('google.application-secret', 'string', null)
+        ->setMasked(true)
        ->setDescription(
          pht(
            'Google "Secret" to use for Google API access.')),
--- a/src/applications/config/option/PhabricatorLDAPConfigOptions.php
+++ b/src/applications/config/option/PhabricatorLDAPConfigOptions.php
@ -29,6 +29,7 @@ final class PhabricatorLDAPConfigOptions
        ->setDescription(
          pht('Username to login to LDAP server with.')),
      $this->newOption('ldap.anonymous-user-password', 'string', null)
+        ->setMasked(true)
        ->setDescription(
          pht('Password to login to LDAP server with.')),