Skip to content

Commit f5b94f0

Browse files
danegstaCopilot
andauthored
Allow certificates config context to access raw arguments and environment before processing (#12995)
* Allow certificates config context to access existing raw arguments and environment * Update src/Aspire.Hosting/ApplicationModel/ResourceExtensions.cs Co-authored-by: Copilot <[email protected]> * Update src/Aspire.Hosting/ApplicationModel/ResourceExtensions.cs Co-authored-by: Copilot <[email protected]> * Add xmldoc and update tests * Update to use new DCP cert APIs * Don't invalidate lifecycle key for persistent containers when adding pfx * Fix failing test * Correct path for executable certs * Disable developer cert features by default in tests * Reduce the test cases * Disable cert trust in tests unless explicitly enabled * Disable dev cert features by default for mac in template tests --------- Co-authored-by: Copilot <[email protected]>
1 parent 6129089 commit f5b94f0

File tree

11 files changed

+775
-809
lines changed

11 files changed

+775
-809
lines changed

src/Aspire.Hosting.JavaScript/JavaScriptHostingExtensions.cs

Lines changed: 14 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -223,7 +223,20 @@ private static IResourceBuilder<TResource> WithNodeDefaults<TResource>(this IRes
223223
}
224224
else
225225
{
226-
ctx.Arguments.Add("--use-openssl-ca");
226+
if (ctx.EnvironmentVariables.TryGetValue("NODE_OPTIONS", out var existingOptionsObj))
227+
{
228+
ctx.EnvironmentVariables["NODE_OPTIONS"] = existingOptionsObj switch
229+
{
230+
// Attempt to append to existing NODE_OPTIONS if possible, otherwise overwrite
231+
string s when !string.IsNullOrEmpty(s) => $"{s} --use-openssl-ca",
232+
ReferenceExpression re => ReferenceExpression.Create($"{re} --use-openssl-ca"),
233+
_ => "--use-openssl-ca",
234+
};
235+
}
236+
else
237+
{
238+
ctx.EnvironmentVariables["NODE_OPTIONS"] = "--use-openssl-ca";
239+
}
227240
}
228241

229242
return Task.CompletedTask;

src/Aspire.Hosting.Yarp/YarpResourceExtensions.cs

Lines changed: 4 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -45,7 +45,10 @@ public static IResourceBuilder<YarpResource> AddYarp(
4545
{
4646
ctx.EnvironmentVariables["Kestrel__Certificates__Default__Path"] = ctx.CertificatePath;
4747
ctx.EnvironmentVariables["Kestrel__Certificates__Default__KeyPath"] = ctx.KeyPath;
48-
ctx.EnvironmentVariables["Kestrel__Certificates__Default__Password"] = ctx.Password;
48+
if (ctx.Password is not null)
49+
{
50+
ctx.EnvironmentVariables["Kestrel__Certificates__Default__Password"] = ctx.Password;
51+
}
4952

5053
return Task.CompletedTask;
5154
});

src/Aspire.Hosting/ApplicationModel/CertificateKeyPairConfigurationCallbackAnnotaion.cs

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -73,7 +73,7 @@ public sealed class CertificateKeyPairConfigurationCallbackAnnotationContext
7373
/// </code>
7474
/// </example>
7575
/// </remarks>
76-
public required Dictionary<string, object?> EnvironmentVariables { get; init; }
76+
public required Dictionary<string, object> EnvironmentVariables { get; init; }
7777

7878
/// <summary>
7979
/// A value provider that will resolve to a path to the certificate file.

src/Aspire.Hosting/ApplicationModel/ResourceExtensions.cs

Lines changed: 396 additions & 98 deletions
Large diffs are not rendered by default.

src/Aspire.Hosting/Dcp/DcpExecutor.cs

Lines changed: 184 additions & 603 deletions
Large diffs are not rendered by default.

src/Aspire.Hosting/Dcp/Model/Container.cs

Lines changed: 23 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -91,6 +91,10 @@ internal sealed class ContainerSpec
9191

9292
[JsonPropertyName("createFiles")]
9393
public List<ContainerCreateFileSystem>? CreateFiles { get; set; }
94+
95+
// List of public PEM certificates to be trusted by the container
96+
[JsonPropertyName("pemCertificates")]
97+
public ContainerPemCertificates? PemCertificates { get; set; }
9498
}
9599

96100
internal sealed class BuildContext
@@ -439,6 +443,25 @@ internal static class ContainerFileSystemEntryType
439443
public const string OpenSSL = "openssl";
440444
}
441445

446+
internal sealed class ContainerPemCertificates
447+
{
448+
// The destination in the container the certificates should be written to
449+
[JsonPropertyName("destination")]
450+
public string? Destination { get; set; }
451+
452+
// The list of PEM encoded certificates to write
453+
[JsonPropertyName("certificates")]
454+
public List<PemCertificate>? Certificates { get; set; }
455+
456+
// Optional list of bundle paths to overwrite in the container with the generated CA bundle
457+
[JsonPropertyName("overwriteBundlePaths")]
458+
public List<string>? OverwriteBundlePaths { get; set; }
459+
460+
// Should resource creation continue if there are errors writing one or more certificates?
461+
[JsonPropertyName("continueOnError")]
462+
public bool ContinueOnError { get; set; }
463+
}
464+
442465
internal sealed record ContainerStatus : V1Status
443466
{
444467
// Container name displayed in Docker

src/Aspire.Hosting/Dcp/Model/Executable.cs

Lines changed: 18 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -63,6 +63,12 @@ internal sealed class ExecutableSpec
6363
/// </summary>
6464
[JsonPropertyName("ambientEnvironment")]
6565
public AmbientEnvironment? AmbientEnvironment { get; set; }
66+
67+
/// <summary>
68+
/// Public PEM certificates to be configured for the Executable.
69+
/// </summary>
70+
[JsonPropertyName("pemCertificates")]
71+
public ExecutablePemCertificates? PemCertificates { get; set; }
6672
}
6773

6874
internal sealed class AmbientEnvironment
@@ -101,6 +107,18 @@ internal static class ExecutionType
101107
public const string IDE = "IDE";
102108
}
103109

110+
internal sealed class ExecutablePemCertificates
111+
{
112+
// The list of public PEM encoded certificates for the executable.
113+
[JsonPropertyName("certificates")]
114+
public List<PemCertificate>? Certificates { get; set; }
115+
116+
// Indicates whether to continue starting the Executable if there are issues setting up any certificates for
117+
// the executable.
118+
[JsonPropertyName("continueOnError")]
119+
public bool ContinueOnError { get; set; }
120+
}
121+
104122
internal sealed record ExecutableStatus : V1Status
105123
{
106124
/// <summary>
Lines changed: 18 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,18 @@
1+
// Licensed to the .NET Foundation under one or more agreements.
2+
// The .NET Foundation licenses this file to you under the MIT license.
3+
4+
using System.Text.Json.Serialization;
5+
6+
namespace Aspire.Hosting.Dcp.Model;
7+
8+
// Represents a public PEM encoded certificate
9+
internal sealed class PemCertificate
10+
{
11+
// Thumbprint of the certificate
12+
[JsonPropertyName("thumbprint")]
13+
public string? Thumbprint { get; set; }
14+
15+
// The PEM encoded contents of the public certificate
16+
[JsonPropertyName("contents")]
17+
public string? Contents { get; set; }
18+
}

0 commit comments

Comments
 (0)