diff --git a/guides/source/configuring.md b/guides/source/configuring.md index 3d9d9f21b2bd8..e584d43d6d8e7 100644 --- a/guides/source/configuring.md +++ b/guides/source/configuring.md @@ -266,7 +266,7 @@ Defaults to `config/credentials/#{Rails.env}.yml.enc` if it exists, or `config/credentials.yml.enc` otherwise. NOTE: In order for the `bin/rails credentials` commands to recognize this value, -it must be set in `config/application.rb`. +it must be set in `config/application.rb` or `config/environments/#{Rails.env}.rb`. #### `config.credentials.key_path` @@ -276,7 +276,7 @@ Defaults to `config/credentials/#{Rails.env}.key` if it exists, or `config/master.key` otherwise. NOTE: In order for the `bin/rails credentials` commands to recognize this value, -it must be set in `config/application.rb`. +it must be set in `config/application.rb` or `config/environments/#{Rails.env}.rb`. #### `config.debug_exception_response_format` diff --git a/railties/CHANGELOG.md b/railties/CHANGELOG.md index e4f1aa76dedc1..c34e53ea2ae68 100644 --- a/railties/CHANGELOG.md +++ b/railties/CHANGELOG.md @@ -4,7 +4,7 @@ * Credentials commands (e.g. `bin/rails credentials:edit`) now respect `config.credentials.content_path` and `config.credentials.key_path` when set - in `config/application.rb`. + in `config/application.rb` or `config/environments/#{Rails.env}.rb`. Before: @@ -25,19 +25,8 @@ would load for the current `RAILS_ENV`. * `bin/rails credentials:edit` respects `config.credentials.content_path` - and `config.credentials.key_path` when set in `config/application.rb`. - Using `RAILS_ENV`, environment-specific paths can be set, such as: - - ```ruby - # config/application.rb - module MyCoolApp - class Application < Rails::Application - config.credentials.content_path = "my_credentials/#{Rails.env}.yml.enc" - - config.credentials.key_path = "path/to/production.key" if Rails.env.production? - end - end - ``` + and `config.credentials.key_path` when set in `config/application.rb` + or `config/environments/#{Rails.env}.rb`. * `bin/rails credentials:edit --environment foo` will create and edit `config/credentials/foo.yml.enc` _if_ `config.credentials.content_path` diff --git a/railties/lib/rails/command/actions.rb b/railties/lib/rails/command/actions.rb index 50651ad61a9e9..105a4bc4f5a66 100644 --- a/railties/lib/rails/command/actions.rb +++ b/railties/lib/rails/command/actions.rb @@ -10,23 +10,21 @@ def set_application_directory! Dir.chdir(File.expand_path("../..", APP_PATH)) unless File.exist?(File.expand_path("config.ru")) end - def require_application_and_environment! - require_application! - require_environment! - end - def require_application! require ENGINE_PATH if defined?(ENGINE_PATH) + require APP_PATH if defined?(APP_PATH) + end - if defined?(APP_PATH) - require APP_PATH - end + def boot_application! + require_application! + Rails.application.require_environment! if defined?(APP_PATH) end - def require_environment! - if defined?(APP_PATH) - Rails.application.require_environment! - end + def load_environment_config! + require_application! + # Only run initializers that are in the :all group, which includes the + # :load_environment_config initializer. + Rails.application.initialize!(:_) if defined?(APP_PATH) end if defined?(ENGINE_PATH) diff --git a/railties/lib/rails/commands/console/console_command.rb b/railties/lib/rails/commands/console/console_command.rb index ca2939358edf2..d5720ff5fbdf3 100644 --- a/railties/lib/rails/commands/console/console_command.rb +++ b/railties/lib/rails/commands/console/console_command.rb @@ -98,7 +98,7 @@ def initialize(args = [], local_options = {}, config = {}) desc "console", "Start the Rails console" def perform - require_application_and_environment! + boot_application! Rails::Console.start(Rails.application, options) end end diff --git a/railties/lib/rails/commands/credentials/credentials_command.rb b/railties/lib/rails/commands/credentials/credentials_command.rb index 70aa3cb370977..2967fbc2cd6ec 100644 --- a/railties/lib/rails/commands/credentials/credentials_command.rb +++ b/railties/lib/rails/commands/credentials/credentials_command.rb @@ -16,7 +16,7 @@ class CredentialsCommand < Rails::Command::Base # :nodoc: desc "edit", "Open the decrypted credentials in `$EDITOR` for editing" def edit - require_application! + load_environment_config! load_generators if environment_specified? @@ -33,7 +33,7 @@ def edit desc "show", "Show the decrypted credentials" def show - require_application! + load_environment_config! say credentials.read.presence || missing_credentials_message end @@ -46,7 +46,7 @@ def show def diff(content_path = nil) if @content_path = content_path self.environment = extract_environment_from_path(content_path) - require_application! + load_environment_config! say credentials.read.presence || credentials.content_path.read else diff --git a/railties/lib/rails/commands/dbconsole/dbconsole_command.rb b/railties/lib/rails/commands/dbconsole/dbconsole_command.rb index a3d176aa034c5..542f3b7a1a92a 100644 --- a/railties/lib/rails/commands/dbconsole/dbconsole_command.rb +++ b/railties/lib/rails/commands/dbconsole/dbconsole_command.rb @@ -90,7 +90,7 @@ class DbconsoleCommand < Base # :nodoc: desc "dbconsole", "Start a console for the database specified in config/database.yml" def perform - require_application_and_environment! + boot_application! Rails::DBConsole.start(options) end end diff --git a/railties/lib/rails/commands/destroy/destroy_command.rb b/railties/lib/rails/commands/destroy/destroy_command.rb index ef8aa5534d4e7..462c3c3e8a29d 100644 --- a/railties/lib/rails/commands/destroy/destroy_command.rb +++ b/railties/lib/rails/commands/destroy/destroy_command.rb @@ -7,7 +7,7 @@ module Command class DestroyCommand < Base # :nodoc: no_commands do def help - require_application_and_environment! + boot_application! load_generators Rails::Generators.help self.class.command_name @@ -19,7 +19,7 @@ def perform(*) generator = args.shift return help unless generator - require_application_and_environment! + boot_application! load_generators Rails::Generators.invoke generator, args, behavior: :revoke, destination_root: Rails::Command.root diff --git a/railties/lib/rails/commands/encrypted/encrypted_command.rb b/railties/lib/rails/commands/encrypted/encrypted_command.rb index 0bcb121a5e445..4d9ba509949d1 100644 --- a/railties/lib/rails/commands/encrypted/encrypted_command.rb +++ b/railties/lib/rails/commands/encrypted/encrypted_command.rb @@ -14,7 +14,7 @@ class EncryptedCommand < Rails::Command::Base # :nodoc: desc "edit", "Open the decrypted file in `$EDITOR` for editing" def edit(*) - require_application! + load_environment_config! ensure_encryption_key_has_been_added ensure_encrypted_configuration_has_been_added @@ -24,7 +24,7 @@ def edit(*) desc "show", "Show the decrypted contents of the file" def show(*) - require_application! + load_environment_config! say encrypted_configuration.read.presence || missing_encrypted_configuration_message end diff --git a/railties/lib/rails/commands/generate/generate_command.rb b/railties/lib/rails/commands/generate/generate_command.rb index 09110a254725c..45611949b8573 100644 --- a/railties/lib/rails/commands/generate/generate_command.rb +++ b/railties/lib/rails/commands/generate/generate_command.rb @@ -7,7 +7,7 @@ module Command class GenerateCommand < Base # :nodoc: no_commands do def help - require_application_and_environment! + boot_application! load_generators Rails::Generators.help self.class.command_name @@ -18,7 +18,7 @@ def perform(*) generator = args.shift return help unless generator - require_application_and_environment! + boot_application! load_generators ARGV.replace(args) # set up ARGV for third-party libraries diff --git a/railties/lib/rails/commands/initializers/initializers_command.rb b/railties/lib/rails/commands/initializers/initializers_command.rb index b8ad7bf76f4b8..06934cbcb703c 100644 --- a/railties/lib/rails/commands/initializers/initializers_command.rb +++ b/railties/lib/rails/commands/initializers/initializers_command.rb @@ -9,7 +9,7 @@ class InitializersCommand < Base # :nodoc: desc "initializers", "Print out all defined initializers in the order they are invoked by Rails." def perform - require_application_and_environment! + boot_application! Rails.application.initializers.tsort_each do |initializer| say "#{initializer.context_class}.#{initializer.name}" diff --git a/railties/lib/rails/commands/notes/notes_command.rb b/railties/lib/rails/commands/notes/notes_command.rb index 24930ff7c34fc..a09e30dbe90a0 100644 --- a/railties/lib/rails/commands/notes/notes_command.rb +++ b/railties/lib/rails/commands/notes/notes_command.rb @@ -9,7 +9,7 @@ class NotesCommand < Base # :nodoc: desc "notes", "Show comments in your code annotated with FIXME, OPTIMIZE, and TODO" def perform(*) - require_application_and_environment! + boot_application! display_annotations end diff --git a/railties/lib/rails/commands/routes/routes_command.rb b/railties/lib/rails/commands/routes/routes_command.rb index a179b995ac79c..c979a9014b8a1 100644 --- a/railties/lib/rails/commands/routes/routes_command.rb +++ b/railties/lib/rails/commands/routes/routes_command.rb @@ -22,7 +22,7 @@ def invoke_command(*) desc "routes", "List all the defined routes" def perform(*) - require_application_and_environment! + boot_application! require "action_dispatch/routing/inspector" say inspector.format(formatter, routes_filter) diff --git a/railties/lib/rails/commands/runner/runner_command.rb b/railties/lib/rails/commands/runner/runner_command.rb index 56ff04c47a918..0fe58fdfa7f2c 100644 --- a/railties/lib/rails/commands/runner/runner_command.rb +++ b/railties/lib/rails/commands/runner/runner_command.rb @@ -25,7 +25,7 @@ def perform(code_or_file = nil, *command_argv) exit 1 end - require_application_and_environment! + boot_application! Rails.application.load_runner ARGV.replace(command_argv) diff --git a/railties/lib/rails/commands/secrets/secrets_command.rb b/railties/lib/rails/commands/secrets/secrets_command.rb index 4ba0193f3891d..c379e6ce8c381 100644 --- a/railties/lib/rails/commands/secrets/secrets_command.rb +++ b/railties/lib/rails/commands/secrets/secrets_command.rb @@ -16,7 +16,7 @@ def setup desc "edit", "Open the secrets in `$EDITOR` for editing" def edit - require_application_and_environment! + boot_application! using_system_editor do Rails::Secrets.read_for_editing { |tmp_path| system_editor(tmp_path) } diff --git a/railties/lib/rails/commands/unused_routes/unused_routes_command.rb b/railties/lib/rails/commands/unused_routes/unused_routes_command.rb index 8f56deb05ed90..9fd4fbff14890 100644 --- a/railties/lib/rails/commands/unused_routes/unused_routes_command.rb +++ b/railties/lib/rails/commands/unused_routes/unused_routes_command.rb @@ -40,7 +40,7 @@ def action_missing? end def perform(*) - require_application_and_environment! + boot_application! require "action_dispatch/routing/inspector" say(inspector.format(formatter, routes_filter)) diff --git a/railties/test/commands/credentials_test.rb b/railties/test/commands/credentials_test.rb index 25017dd2ab43c..a8dc2b468de29 100644 --- a/railties/test/commands/credentials_test.rb +++ b/railties/test/commands/credentials_test.rb @@ -303,6 +303,28 @@ class Rails::Command::CredentialsCommandTest < ActiveSupport::TestCase assert_credentials_paths "config/credentials/production.yml.enc", key_path, environment: "production" end + test "respects config.credentials.content_path when set in config/environments/*.rb" do + content_path = "my_secrets/credentials.yml.enc" + add_to_env_config "production", "config.credentials.content_path = #{content_path.inspect}" + + with_rails_env "production" do + assert_credentials_paths content_path, "config/master.key" + end + + assert_credentials_paths content_path, "config/credentials/production.key", environment: "production" + end + + test "respects config.credentials.key_path when set in config/environments/*.rb" do + key_path = "my_secrets/master.key" + add_to_env_config "production", "config.credentials.key_path = #{key_path.inspect}" + + with_rails_env "production" do + assert_credentials_paths "config/credentials.yml.enc", key_path + end + + assert_credentials_paths "config/credentials/production.yml.enc", key_path, environment: "production" + end + private DEFAULT_CREDENTIALS_PATTERN = /access_key_id: 123\n.*secret_key_base: \h{128}\n/m