Sync secrets for local use

[vinmassaro]

Description of work

• Syncs secrets from Pantheon for local use, using new secret:site:local-generate terminus secrets manager command
• Adds CUSTOMER_SECRETS_FAKE_FILE lando env var now supported by customer-secrets-php-sdk

Functional testing steps:

• Clone branch and run npm run setup, or delete .lando.local.yml and re-run npm run setup on an existing local setup
• Verify that secrets.json exists locally and is gitignore'd
• Log into generated site as user 1, visit /admin/config/people/captcha/examples and verify that the recaptcha v2 example loads. If it loads with no error, secrets are being loaded correctly.

[github-actions]

Created multidev environment pr-412 for yalesites-platform.

[codechefmarc]

@vinmassaro - I'm getting some errors on local when loading pages that have the webform about Undefined array key "Secrets" I assume that will be fixed with this PR?

[vinmassaro]

@codechefmarc Yes, this PR is still in draft because it is dependent on this PR: pantheon-systems/customer-secrets-php-sdk#13

[dpagini]

I'm getting some errors on local when loading pages that have the webform about Undefined array key "Secrets" I assume that will be fixed with this PR?

@codechefmarc I'm getting this same error as well and I'm pulling my hair out trying to track down what's going on with this... have you had any luck?

[vinmassaro]

@dpagini Terminus Secrets Manager currently does not sync secrets for local development. There is a new terminus secret:site:local-generate command to generate a local secrets.json file, but the default code looks for it in /tmp/secrets.json so you will need to copy it into the container running your appserver (that is what the code in this PR does for our specific project).

[dpagini]

Hi @vinmassaro - Sorry to comment on your repo here, I know it's a little unrelated, but it's where I found the "Undefined array key 'Secrets'" message in the comments above.
So I'm actually on a simple LAMP stack locally, and I manually placed a file at /tmp/secrets.json, and it has a structure like the below, but I am still getting this undefined error... and I actually can't get a breakpoint to fire when the error shows up, so I'm a bit puzzled.

My /tmp/secrets.json:

{"Secrets":{"secret1":{"Value":"abcdefg","Type":"web","Scopes":[]},"secret2":{"Value":"hijklmn","Type":"web","Scopes":[]}}}

So I guess I see why this PR helps for your site... and maybe @codechefmarc is hitting that error b/c he doesn't have the file at /tmp/secrets.json?

[dpagini]

j/w, is $ terminus secret:site:local-generate a locally defined command? Or where is that from?

[vinmassaro]

@dpagini the command comes from v1.2.2 of Terminus Secrets Manager Plugin

Edit: unsure about the format of your secrets.json, but mine using that command has some additional info.

I believe your format of secrets.json is incorrect. That is the format used by the deprecated Terminus Secrets plugin.
Upgrade to the latest v.1.2.2 and generate a new copy using the command above.

For further support, you can try the #secrets-management Pantheon slack channel. Good luck!

[codechefmarc]

Yup, I think once this PR has been merged (no rush from me), I'll be solved with the error messages on my local.

[dpagini]

Sorry again, @vinmassaro... figured I would throw a comment here in case anyone else ends up here like I did b/c of the error message...
So the problem I just ran into is that PHP/Apache has a setting for a PrivateTmp which basically "sandboxes" calls to /tmp to point somewhere other than the system's /tmp. So my site was trying to read /tmp/secrets.json from a sandbox.
This was such a pain, but glad I figured it out. Sorry again for posting in your project for something sort of unrelated.

I'll have to give Pantheon the feedback that it would be nice to configure where Drupal is looking for that local secrets file.

[dblanken-yale]

Locally, I had to revert the HTML element patch that @codechefmarc did to get it to complete; I believe this is due to his changes being accepted into the main repo. I have a couple of PRs with that fix in there.

With that modified, it did work, although I am seeing that it couldn't apply the add-php-c-format.patch; I can't see where that would be related to this PR, but first time I ran into that so I thought I'd mention it. I did have some lando/Docker build issues this afternoon, which took up quite a bit of time. The solution was to reset the lando docker virtual network, so I doubt it would affect the patch. I'll be curious if anyone else has this issue.

But as far as the changes in this are concerned, it all looks good and I was able to see the captchas without issue.

[codechefmarc]

Just FYI, I removed the add-php-c-format.patch in the Drupal 10 branch as it wasn't needed. I think because we refactored how dates were being displayed / grabbed for the templates for events a while ago and that patch wasn't doing anything anymore.

[dblanken-yale]

Ah, gotcha! I won't worry about that patch then. Usually it patches just fine though. haha

I merged a PR that included the revert on the HTML element filter, so updating the branch should help it build now.