Add docker secrets config provider

Author: HaoK

Configuration.sln

@@ -1,16 +1,30 @@
 // Copyright (c) .NET Foundation. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
+using System;
 using System.Collections.Generic;
 using System.Linq;
 
 namespace Microsoft.Extensions.Configuration
 {
     /// <summary>
-    /// Extension methods for <see cref="IConfiguration" />.
+    /// Extension methods for configuration classes./>.
     /// </summary>
     public static class ConfigurationExtensions
     {
+        /// <summary>
+        /// Adds a new configuration source.
+        /// </summary>
+        /// <param name="builder">The <see cref="IConfigurationBuilder"/> to add to.</param>
+        /// <param name="configureSource">Configures the source secrets.</param>
+        /// <returns>The <see cref="IConfigurationBuilder"/>.</returns>
+        public static IConfigurationBuilder Add<TSource>(this IConfigurationBuilder builder, Action<TSource> configureSource) where TSource : IConfigurationSource, new()
+        {
+            var source = new TSource();
+            configureSource?.Invoke(source);
+            return builder.Add(source);
+        }
+
         /// <summary>
         /// Shorthand for GetSection("ConnectionStrings")[name].
         /// </summary>
@@ -44,9 +58,8 @@ public static IEnumerable<KeyValuePair<string, string>> AsEnumerable(this IConfi
             while (stack.Count > 0)
             {
                 var config = stack.Pop();
-                var section = config as IConfigurationSection;
                 // Don't include the sections value if we are removing paths, since it will be an empty key
-                if (section != null && (!makePathsRelative || config != configuration))
+                if (config is IConfigurationSection section && (!makePathsRelative || config != configuration))
                 {
                     yield return new KeyValuePair<string, string>(section.Path.Substring(prefixLength), section.Value);
                 }

src/Microsoft.Extensions.Configuration.Abstractions/ConfigurationExtensions.cs

@@ -1,6 +1,7 @@
 // Copyright (c) .NET Foundation. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
+using System;
 using System.Collections.Generic;
 using Microsoft.Extensions.Configuration.CommandLine;
 
@@ -37,5 +38,14 @@ public static IConfigurationBuilder AddCommandLine(
             configurationBuilder.Add(new CommandLineConfigurationSource { Args = args, SwitchMappings = switchMappings });
             return configurationBuilder;
         }
+
+        /// <summary>
+        /// Adds an <see cref="IConfigurationProvider"/> that reads configuration values from the command line.
+        /// </summary>
+        /// <param name="builder">The <see cref="IConfigurationBuilder"/> to add to.</param>
+        /// <param name="configureSource">Configures the source.</param>
+        /// <returns>The <see cref="IConfigurationBuilder"/>.</returns>
+        public static IConfigurationBuilder AddCommandLine(this IConfigurationBuilder builder, Action<CommandLineConfigurationSource> configureSource)
+            => builder.Add(configureSource);
     }
 }

src/Microsoft.Extensions.Configuration.CommandLine/CommandLineConfigurationExtensions.cs

@@ -0,0 +1,51 @@
+using System;
+using Microsoft.Extensions.Configuration.DockerSecrets;
+
+namespace Microsoft.Extensions.Configuration
+{
+    /// <summary>
+    /// Extension methods for registering <see cref="DockerSecretsConfigurationProvider"/> with <see cref="IConfigurationBuilder"/>.
+    /// </summary>
+    public static class DockerSecretsConfigurationBuilderExtensions
+    {
+        /// <summary>
+        /// Adds an <see cref="IConfigurationProvider"/> that reads configuration values from docker secrets.
+        /// </summary>
+        /// <param name="builder">The <see cref="IConfigurationBuilder"/> to add to.</param>
+        /// <returns>The <see cref="IConfigurationBuilder"/>.</returns>
+        public static IConfigurationBuilder AddDockerSecrets(this IConfigurationBuilder builder) =>
+            builder.AddDockerSecrets(configureSource: null);
+
+        /// <summary>
+        /// Adds an <see cref="IConfigurationProvider"/> that reads configuration values from docker secrets.
+        /// </summary>
+        /// <param name="builder">The <see cref="IConfigurationBuilder"/> to add to.</param>
+        /// <param name="secretsPath">The path to the secrets directory.</param>
+        /// <returns>The <see cref="IConfigurationBuilder"/>.</returns>
+        public static IConfigurationBuilder AddDockerSecrets(this IConfigurationBuilder builder, string secretsPath) 
+            => builder.AddDockerSecrets(source => source.SecretsDirectory = secretsPath);
+
+        /// <summary>
+        /// Adds an <see cref="IConfigurationProvider"/> that reads configuration values from docker secrets.
+        /// </summary>
+        /// <param name="builder">The <see cref="IConfigurationBuilder"/> to add to.</param>
+        /// <param name="secretsPath">The path to the secrets directory.</param>
+        /// <param name="optional">Whether the directory is optional.</param>
+        /// <returns>The <see cref="IConfigurationBuilder"/>.</returns>
+        public static IConfigurationBuilder AddDockerSecrets(this IConfigurationBuilder builder, string secretsPath, bool optional)
+            => builder.AddDockerSecrets(source =>
+            {
+                source.SecretsDirectory = secretsPath;
+                source.Optional = optional;
+            });
+
+        /// <summary>
+        /// Adds a docker secrets configuration source to <paramref name="builder"/>.
+        /// </summary>
+        /// <param name="builder">The <see cref="IConfigurationBuilder"/> to add to.</param>
+        /// <param name="configureSource">Configures the source.</param>
+        /// <returns>The <see cref="IConfigurationBuilder"/>.</returns>
+        public static IConfigurationBuilder AddDockerSecrets(this IConfigurationBuilder builder, Action<DockerSecretsConfigurationSource> configureSource)
+            => builder.Add(configureSource);
+    }
+}

src/Microsoft.Extensions.Configuration.DockerSecrets/DockerSecretsConfigurationBuilderExtensions.cs

@@ -0,0 +1,76 @@
+using System;
+using System.Collections.Generic;
+using System.IO;
+using Microsoft.Extensions.FileProviders;
+
+namespace Microsoft.Extensions.Configuration.DockerSecrets
+{
+    /// <summary>
+    /// An docker secrets based <see cref="ConfigurationProvider"/>.
+    /// </summary>
+    public class DockerSecretsConfigurationProvider : ConfigurationProvider
+    {
+        DockerSecretsConfigurationSource Source { get; set; }
+
+        /// <summary>
+        /// Initializes a new instance.
+        /// </summary>
+        /// <param name="source">The settings.</param>
+        public DockerSecretsConfigurationProvider(DockerSecretsConfigurationSource source)
+        {
+            Source = source ?? throw new ArgumentNullException(nameof(source));
+        }
+
+        private static string NormalizeKey(string key)
+        {
+            return key.Replace("__", ConfigurationPath.KeyDelimiter);
+        }
+
+        /// <summary>
+        /// Loads the docker secrets.
+        /// </summary>
+        public override void Load()
+        {
+            Data = new Dictionary<string, string>(StringComparer.OrdinalIgnoreCase);
+
+            if (Source.FileProvider == null)
+            {
+                if (Directory.Exists(Source.SecretsDirectory))
+                {
+                    Source.FileProvider = new PhysicalFileProvider(Source.SecretsDirectory);
+                }
+                else if (Source.Optional)
+                {
+                    return;
+                }
+                else
+                {
+                    throw new DirectoryNotFoundException("DockerSecrets directory doesn't exist and is not optional.");
+                }
+            }
+
+            var secretsDir = Source.FileProvider.GetDirectoryContents("/");
+            if (!secretsDir.Exists && !Source.Optional)
+            {
+                throw new DirectoryNotFoundException("DockerSecrets directory doesn't exist and is not optional.");
+            }
+
+            foreach (var file in secretsDir)
+            {
+                if (file.IsDirectory)
+                {
+                    continue;
+                }
+
+                using (var stream = file.CreateReadStream())
+                using (var streamReader = new StreamReader(stream))
+                {
+                    if (Source.IgnoreCondition == null || !Source.IgnoreCondition(file.Name))
+                    {
+                        Data.Add(NormalizeKey(file.Name), streamReader.ReadToEnd());
+                    }
+                }
+            }
+        }
+    }
+}

src/Microsoft.Extensions.Configuration.DockerSecrets/DockerSecretsConfigurationProvider.cs

@@ -0,0 +1,55 @@
+using System;
+using System.IO;
+using Microsoft.Extensions.FileProviders;
+
+namespace Microsoft.Extensions.Configuration.DockerSecrets
+{
+    /// <summary>
+    /// An <see cref="ConfigurationProvider"/> for docker secrets.
+    /// </summary>
+    public class DockerSecretsConfigurationSource : IConfigurationSource
+    {
+        /// <summary>
+        /// Constructor
+        /// </summary>
+        public DockerSecretsConfigurationSource()
+        {
+            IgnoreCondition = s => IgnorePrefix != null && s.StartsWith(IgnorePrefix);
+        }
+
+        /// <summary>
+        /// The secrets directory which will be used if FileProvider is not set.
+        /// </summary>
+        public string SecretsDirectory { get; set; } = "/run/secrets";
+
+        /// <summary>
+        /// The FileProvider representing the secrets directory.
+        /// </summary>
+        public IFileProvider FileProvider { get; set; }
+
+        /// <summary>
+        /// Docker secrets that start with this prefix will be excluded.
+        /// </summary>
+        public string IgnorePrefix { get; set; } = "ignore.";
+
+        /// <summary>
+        /// Used to determine if a file should be ignored using its name.
+        /// </summary>
+        public Func<string, bool> IgnoreCondition { get; set; }
+
+        /// <summary>
+        /// If false, will throw if the secrets directory doesn't exist.
+        /// </summary>
+        public bool Optional { get; set; }
+
+        /// <summary>
+        /// Builds the <see cref="DockerSecretsConfigurationProvider"/> for this source.
+        /// </summary>
+        /// <param name="builder">The <see cref="IConfigurationBuilder"/>.</param>
+        /// <returns>A <see cref="DockerSecretsConfigurationProvider"/></returns>
+        public IConfigurationProvider Build(IConfigurationBuilder builder)
+        {
+            return new DockerSecretsConfigurationProvider(this);
+        }
+    }
+}

src/Microsoft.Extensions.Configuration.DockerSecrets/DockerSecretsConfigurationSource.cs

@@ -0,0 +1,21 @@
+<Project Sdk="Microsoft.NET.Sdk" ToolsVersion="15.0">
+
+  <Import Project="..\..\build\common.props" />
+
+  <PropertyGroup>
+    <Description>Configuration providers that work with docker secrets for Microsoft.Extensions.Configuration.</Description>
+    <TargetFrameworks>net451;netstandard1.3</TargetFrameworks>
+    <GenerateDocumentationFile>true</GenerateDocumentationFile>
+    <PackageTags>configuration;docker</PackageTags>
+  </PropertyGroup>
+
+  <ItemGroup>
+    <ProjectReference Include="..\Microsoft.Extensions.Configuration\Microsoft.Extensions.Configuration.csproj" />
+    <PackageReference Include="Microsoft.Extensions.FileProviders.Physical" Version="1.2.0-*" />
+  </ItemGroup>
+
+  <ItemGroup Condition=" '$(TargetFramework)' == 'netstandard1.3' ">
+    <PackageReference Include="System.Threading.Thread" Version="4.4.0-*" />
+  </ItemGroup>
+
+</Project>

src/Microsoft.Extensions.Configuration.DockerSecrets/Microsoft.Extensions.Configuration.DockerSecrets.csproj

@@ -0,0 +1,19 @@
+
+This is a configuration provider forthe up-coming secrets feature of Docker 1.13.
+
+You can use this provider in an ASP.NET Core application that is running in Docker Swarm Mode with commands like the following:
+
+```
+$ echo "mySecretValue" | docker secrets create mysecret
+
+```
+
+```
+$ docker service create --name test --secret mysecret <myImageName>
+```
+
+Now the `test` service will be running and have access to a secret called mysecret. In your app you can access it with
+
+```
+var secretValue = Configuration["mysecret"];
+```

src/Microsoft.Extensions.Configuration.DockerSecrets/README.md

@@ -0,0 +1,26 @@
+{
+  "version": "1.2.0-*",
+  "buildOptions": {
+    "keyFile": "../../tools/Key.snk"
+  },
+
+  "dependencies": {
+    "NETStandard.Library": "1.6.1",
+    "Microsoft.Extensions.Configuration": {
+      "target": "project"
+    },
+    "Microsoft.Extensions.FileProviders.Physical": "1.2.0-*"
+  },
+
+  "frameworks": {
+    "netstandard1.3": {
+      "dependencies": {
+        "System.Threading.Thread": "4.3.0-*"
+      }
+    }
+  },
+
+  "tooling": {
+    "defaultNamespace": "Microsoft.Extensions.Configuration.DockerSecrets"
+  }
+}

src/Microsoft.Extensions.Configuration.DockerSecrets/project.json

@@ -1,6 +1,7 @@
 // Copyright (c) .NET Foundation. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
+using System;
 using Microsoft.Extensions.Configuration.EnvironmentVariables;
 
 namespace Microsoft.Extensions.Configuration
@@ -35,5 +36,14 @@ public static IConfigurationBuilder AddEnvironmentVariables(
             configurationBuilder.Add(new EnvironmentVariablesConfigurationSource { Prefix = prefix });
             return configurationBuilder;
         }
+
+        /// <summary>
+        /// Adds an <see cref="IConfigurationProvider"/> that reads configuration values from environment variables.
+        /// </summary>
+        /// <param name="builder">The <see cref="IConfigurationBuilder"/> to add to.</param>
+        /// <param name="configureSource">Configures the source.</param>
+        /// <returns>The <see cref="IConfigurationBuilder"/>.</returns>
+        public static IConfigurationBuilder AddEnvironmentVariables(this IConfigurationBuilder builder, Action<EnvironmentVariablesConfigurationSource> configureSource)
+            => builder.Add(configureSource);
     }
 }