Save password parameter default values to user secrets

#1151
dotnet · Jun 14, 2024 · 03ffc39 · 03ffc39
1 parent bda3168
commit 03ffc39
Show file tree

Hide file tree

Showing 24 changed files with 234 additions and 157 deletions.
diff --git a/playground/TestShop/AppHost/ParameterExtensions.cs b/playground/TestShop/AppHost/ParameterExtensions.cs
diff --git a/playground/TestShop/AppHost/Program.cs b/playground/TestShop/AppHost/Program.cs
@@ -1,6 +1,7 @@
 var builder = DistributedApplication.CreateBuilder(args);
 
 var catalogDb = builder.AddPostgres("postgres")
+                       .WithDataVolume()
                        .WithPgAdmin()
                        .AddDatabase("catalogdb");
 
@@ -15,7 +16,7 @@
                             .WithReference(catalogDb)
                             .WithReplicas(2);
 
-var messaging = builder.AddRabbitMQ("messaging", password: builder.CreateStablePassword("rabbitmq-password", special: false))
+var messaging = builder.AddRabbitMQ("messaging")
                        .WithDataVolume()
                        .WithManagementPlugin()
                        .PublishAsContainer();

diff --git a/src/Aspire.Hosting.MySql/MySqlBuilderExtensions.cs b/src/Aspire.Hosting.MySql/MySqlBuilderExtensions.cs
@@ -25,7 +25,13 @@ public static class MySqlBuilderExtensions
     /// <returns>A reference to the <see cref="IResourceBuilder{T}"/>.</returns>
     public static IResourceBuilder<MySqlServerResource> AddMySql(this IDistributedApplicationBuilder builder, string name, IResourceBuilder<ParameterResource>? password = null, int? port = null)
     {
-        var passwordParameter = password?.Resource ?? ParameterResourceBuilderExtensions.CreateDefaultPasswordParameter(builder, $"{name}-password");
+        var passwordParameterName = $"{name}-password";
+        var passwordParameter = password?.Resource ?? ParameterResourceBuilderExtensions.CreateDefaultPasswordParameter(builder, passwordParameterName);
+
+        if (passwordParameter.Default is not null)
+        {
+            passwordParameter.Default = new UserSecretsParameterDefault(builder.Environment.ApplicationName, passwordParameterName, passwordParameter.Default);
+        }
 
         var resource = new MySqlServerResource(name, passwordParameter);
         return builder.AddResource(resource)

diff --git a/src/Aspire.Hosting.Oracle/OracleDatabaseBuilderExtensions.cs b/src/Aspire.Hosting.Oracle/OracleDatabaseBuilderExtensions.cs
@@ -23,7 +23,13 @@ public static class OracleDatabaseBuilderExtensions
     /// <returns>A reference to the <see cref="IResourceBuilder{T}"/>.</returns>
     public static IResourceBuilder<OracleDatabaseServerResource> AddOracle(this IDistributedApplicationBuilder builder, string name, IResourceBuilder<ParameterResource>? password = null, int? port = null)
     {
-        var passwordParameter = password?.Resource ?? ParameterResourceBuilderExtensions.CreateDefaultPasswordParameter(builder, $"{name}-password");
+        var passwordParameterName = $"{name}-password";
+        var passwordParameter = password?.Resource ?? ParameterResourceBuilderExtensions.CreateDefaultPasswordParameter(builder, passwordParameterName);
+
+        if (passwordParameter.Default is not null)
+        {
+            passwordParameter.Default = new UserSecretsParameterDefault(builder.Environment.ApplicationName, passwordParameterName, passwordParameter.Default);
+        }
 
         var oracleDatabaseServer = new OracleDatabaseServerResource(name, passwordParameter);
         return builder.AddResource(oracleDatabaseServer)

diff --git a/src/Aspire.Hosting.PostgreSQL/PostgresBuilderExtensions.cs b/src/Aspire.Hosting.PostgreSQL/PostgresBuilderExtensions.cs
@@ -31,9 +31,16 @@ public static IResourceBuilder<PostgresServerResource> AddPostgres(this IDistrib
         IResourceBuilder<ParameterResource>? password = null,
         int? port = null)
     {
-        var passwordParameter = password?.Resource ?? ParameterResourceBuilderExtensions.CreateDefaultPasswordParameter(builder, $"{name}-password");
+        var passwordParameterName = $"{name}-password";
+        var passwordParameter = password?.Resource ?? ParameterResourceBuilderExtensions.CreateDefaultPasswordParameter(builder, passwordParameterName);
+
+        if (passwordParameter.Default is not null)
+        {
+            passwordParameter.Default = new UserSecretsParameterDefault(builder.Environment.ApplicationName, passwordParameterName, passwordParameter.Default);
+        }
 
         var postgresServer = new PostgresServerResource(name, userName?.Resource, passwordParameter);
+
         return builder.AddResource(postgresServer)
                       .WithEndpoint(port: port, targetPort: 5432, name: PostgresServerResource.PrimaryEndpointName) // Internal port is always 5432.
                       .WithImage(PostgresContainerImageTags.Image, PostgresContainerImageTags.Tag)

diff --git a/src/Aspire.Hosting.Qdrant/QdrantBuilderExtensions.cs b/src/Aspire.Hosting.Qdrant/QdrantBuilderExtensions.cs
@@ -36,8 +36,15 @@ public static IResourceBuilder<QdrantServerResource> AddQdrant(this IDistributed
         int? grpcPort = null,
         int? httpPort = null)
     {
+        var apiKeyParameterName = $"{name}-Key";
         var apiKeyParameter = apiKey?.Resource ??
-            ParameterResourceBuilderExtensions.CreateDefaultPasswordParameter(builder, $"{name}-Key", special: false);
+            ParameterResourceBuilderExtensions.CreateDefaultPasswordParameter(builder, apiKeyParameterName, special: false);
+
+        if (apiKeyParameter.Default is not null)
+        {
+            apiKeyParameter.Default = new UserSecretsParameterDefault(builder.Environment.ApplicationName, apiKeyParameterName, apiKeyParameter.Default);
+        }
+
         var qdrant = new QdrantServerResource(name, apiKeyParameter);
         return builder.AddResource(qdrant)
             .WithImage(QdrantContainerImageTags.Image, QdrantContainerImageTags.Tag)

diff --git a/src/Aspire.Hosting.RabbitMQ/RabbitMQBuilderExtensions.cs b/src/Aspire.Hosting.RabbitMQ/RabbitMQBuilderExtensions.cs
@@ -30,8 +30,14 @@ public static IResourceBuilder<RabbitMQServerResource> AddRabbitMQ(this IDistrib
         IResourceBuilder<ParameterResource>? password = null,
         int? port = null)
     {
+        var passwordParameterName = $"{name}-password";
         // don't use special characters in the password, since it goes into a URI
-        var passwordParameter = password?.Resource ?? ParameterResourceBuilderExtensions.CreateDefaultPasswordParameter(builder, $"{name}-password", special: false);
+        var passwordParameter = password?.Resource ?? ParameterResourceBuilderExtensions.CreateDefaultPasswordParameter(builder, passwordParameterName, special: false);
+
+        if (passwordParameter.Default is not null)
+        {
+            passwordParameter.Default = new UserSecretsParameterDefault(builder.Environment.ApplicationName, passwordParameterName, passwordParameter.Default);
+        }
 
         var rabbitMq = new RabbitMQServerResource(name, userName?.Resource, passwordParameter);
         var rabbitmq = builder.AddResource(rabbitMq)

diff --git a/src/Aspire.Hosting.SqlServer/SqlServerBuilderExtensions.cs b/src/Aspire.Hosting.SqlServer/SqlServerBuilderExtensions.cs
@@ -21,8 +21,14 @@ public static class SqlServerBuilderExtensions
     /// <returns>A reference to the <see cref="IResourceBuilder{T}"/>.</returns>
     public static IResourceBuilder<SqlServerServerResource> AddSqlServer(this IDistributedApplicationBuilder builder, string name, IResourceBuilder<ParameterResource>? password = null, int? port = null)
     {
+        var passwordParameterName = $"{name}-password";
         // The password must be at least 8 characters long and contain characters from three of the following four sets: Uppercase letters, Lowercase letters, Base 10 digits, and Symbols
-        var passwordParameter = password?.Resource ?? ParameterResourceBuilderExtensions.CreateDefaultPasswordParameter(builder, $"{name}-password", minLower: 1, minUpper: 1, minNumeric: 1);
+        var passwordParameter = password?.Resource ?? ParameterResourceBuilderExtensions.CreateDefaultPasswordParameter(builder, passwordParameterName, minLower: 1, minUpper: 1, minNumeric: 1);
+
+        if (passwordParameter.Default is not null)
+        {
+            passwordParameter.Default = new UserSecretsParameterDefault(builder.Environment.ApplicationName, passwordParameterName, passwordParameter.Default);
+        }
 
         var sqlServer = new SqlServerServerResource(name, passwordParameter);
         return builder.AddResource(sqlServer)

diff --git a/src/Aspire.Hosting/ApplicationModel/UserSecretsParameterDefault.cs b/src/Aspire.Hosting/ApplicationModel/UserSecretsParameterDefault.cs
@@ -0,0 +1,56 @@
+// Licensed to the .NET Foundation under one or more agreements.
+// The .NET Foundation licenses this file to you under the MIT license.
+
+using System.Reflection;
+using Aspire.Hosting.Publishing;
+using Microsoft.Extensions.Configuration.UserSecrets;
+using Microsoft.Extensions.SecretManager.Tools.Internal;
+
+namespace Aspire.Hosting.ApplicationModel;
+
+/// <summary>
+/// Wraps a <see cref="ParameterDefault"/> such that the default value is saved to the project's user secrets store.
+/// </summary>
+/// <param name="applicationName">The application name.</param>
+/// <param name="parameterName">The parameter name.</param>
+/// <param name="parameterDefault">The parameter with default value.</param>
+public sealed class UserSecretsParameterDefault(string applicationName, string parameterName, ParameterDefault parameterDefault)
+    : ParameterDefault
+{
+    /// <inheritdoc/>
+    public override string GetDefaultValue()
+    {
+        var value = parameterDefault.GetDefaultValue();
+        var configurationKey = $"{ParameterResourceBuilderExtensions.ConfigurationSectionKey}:{parameterName}";
+        if (!TrySetUserSecret(applicationName, configurationKey, value))
+        {
+            throw new DistributedApplicationException($"Failed to set value for parameter '{parameterName}' in application '{applicationName}' to user secrets.");
+        }
+        return value;
+    }
+
+    /// <inheritdoc/>
+    public override void WriteToManifest(ManifestPublishingContext context) => parameterDefault.WriteToManifest(context);
+
+    private static bool TrySetUserSecret(string applicationName, string name, string value)
+    {
+        if (!string.IsNullOrEmpty(applicationName))
+        {
+            var appAssembly = Assembly.Load(new AssemblyName(applicationName));
+            if (appAssembly is not null && appAssembly.GetCustomAttribute<UserSecretsIdAttribute>()?.UserSecretsId is { } userSecretsId)
+            {
+                // Save the value to the secret store
+                try
+                {
+                    var secretsStore = new SecretsStore(userSecretsId);
+                    secretsStore.Set(name, value);
+                    secretsStore.Save();
+                    return true;
+                }
+                catch (Exception) { }
+            }
+        }
+
+        return false;
+    }
+}
diff --git a/src/Aspire.Hosting/Aspire.Hosting.csproj b/src/Aspire.Hosting/Aspire.Hosting.csproj
@@ -32,6 +32,7 @@
     <Compile Include="$(SharedDir)LaunchSettings.cs" Link="LaunchSettings.cs" />
     <Compile Include="$(SharedDir)LaunchProfile.cs" Link="LaunchProfile.cs" />
     <Compile Include="$(SharedDir)LaunchSettingsSerializerContext.cs" Link="LaunchSettingsSerializerContext.cs" />
+    <Compile Include="$(SharedDir)SecretsStore.cs" Link="Utils\SecretsStore.cs" />
   </ItemGroup>
 
   <ItemGroup>

diff --git a/src/Aspire.Hosting/ParameterResourceBuilderExtensions.cs b/src/Aspire.Hosting/ParameterResourceBuilderExtensions.cs
@@ -14,6 +14,11 @@ namespace Aspire.Hosting;
 /// </summary>
 public static class ParameterResourceBuilderExtensions
 {
+    /// <summary>
+    /// The configuration section that parameter values are read from.
+    /// </summary>
+    public const string ConfigurationSectionKey = "Parameters";
+
     /// <summary>
     /// Adds a parameter resource to the application.
     /// </summary>
@@ -29,7 +34,7 @@ public static IResourceBuilder<ParameterResource> AddParameter(this IDistributed
 
     private static string GetParameterValue(IConfiguration configuration, string name, ParameterDefault? parameterDefault)
     {
-        var configurationKey = $"Parameters:{name}";
+        var configurationKey = $"{ConfigurationSectionKey}:{name}";
         return configuration[configurationKey]
             ?? parameterDefault?.GetDefaultValue()
             ?? throw new DistributedApplicationException($"Parameter resource could not be used because configuration key '{configurationKey}' is missing and the Parameter has no default value."); ;
@@ -51,7 +56,7 @@ internal static IResourceBuilder<ParameterResource> AddParameter(this IDistribut
             State = KnownResourceStates.Hidden,
             Properties = [
                 new("parameter.secret", secret.ToString()),
-                new(CustomResourceKnownProperties.Source, connectionString ? $"ConnectionStrings:{name}" : $"Parameters:{name}")
+                new(CustomResourceKnownProperties.Source, connectionString ? $"ConnectionStrings:{name}" : $"{ParameterResourceBuilderExtensions.ConfigurationSectionKey}:{name}")
             ]
         };
 

diff --git a/src/Aspire.Hosting/PublicAPI.Unshipped.txt b/src/Aspire.Hosting/PublicAPI.Unshipped.txt
@@ -1,2 +1,6 @@
 #nullable enable
-
+Aspire.Hosting.ApplicationModel.UserSecretsParameterDefault
+Aspire.Hosting.ApplicationModel.UserSecretsParameterDefault.UserSecretsParameterDefault(string! applicationName, string! parameterName, Aspire.Hosting.ApplicationModel.ParameterDefault! parameterDefault) -> void
+const Aspire.Hosting.ParameterResourceBuilderExtensions.ConfigurationSectionKey = "Parameters" -> string!
+override Aspire.Hosting.ApplicationModel.UserSecretsParameterDefault.GetDefaultValue() -> string!
+override Aspire.Hosting.ApplicationModel.UserSecretsParameterDefault.WriteToManifest(Aspire.Hosting.Publishing.ManifestPublishingContext! context) -> void