Option to delete unattended.user.json fil after unattended install

[jesperweber]

Prerequisites

• I have added steps to test this contribution in the description below

1. Enable unattended install
2. add the following appSetting in web.config <add key="Umbraco.Core.RuntimeState.DeleteUnattendedUserFile" value="false"/>
3. See that the unattended.user.json user file is not deleted

Description

We use unattended install to quickly setup local environments when developers should start working on other projects.

For that we use the new feature to automatically create a user, but in our local environment we don't want the unattended.user.json file to be deleted every we setup the solution, we only want the unattended.user.json file to be deleted on our test, preproduction and production environments.

This PR add a new option to indicate if the unattended.user.json file should be deleted or not during the unattended install. The default value is true

[umbrabot]

Hi there @jesperweber, thank you for this contribution! 👍

While we wait for one of the Core Collaborators team to have a look at your work, we wanted to let you know about that we have a checklist for some of the things we will consider during review:

• It's clear what problem this is solving, there's a connected issue or a description of what the changes do and how to test them
• The automated tests all pass (see "Checks" tab on this PR)
• The level of security for this contribution is the same or improved
• The level of performance for this contribution is the same or improved
• Avoids creating breaking changes; note that behavioral changes might also be perceived as breaking
• If this is a new feature, Umbraco HQ provided guidance on the implementation beforehand
• The contribution looks original and the contributor is presumably allowed to share it

Don't worry if you got something wrong. We like to think of a pull request as the start of a conversation, we're happy to provide guidance on improving your contribution.

If you realize that you might want to make some changes then you can do that by adding new commits to the branch you created for this work and pushing new commits. They should then automatically show up as updates to this pull request.

Thanks, from your friendly Umbraco GitHub bot 🤖 🙂

[nul800sebastiaan]

I understand the desire, but having this file around is already risky security-wise. I can only see problems where this file stays around forever with clear-text admin credentials. I'll chat to the team, but I feel like this is not a good idea.

The alternative, which is way more secure AND robust is to use environment variables on your build servers. On Azure DevOps, for example, these can be secrets as well so nobody can ever see them again after they have been saved.

[jesperweber]

I understand the security concerns. I set the default value to true so that if you don't set the settings the file will be deleted.

When deploying using pipelines to external environments environments variables are good, but we would like to use this to easier setup our local environments on our own machines. If we would need to setup environments variables it would just be easier to go through the standard Umbraco install :-)

But again I understand the security concerns.

[nul800sebastiaan]

Thanks again @jesperweber, indeed we feel like it is a little to prone to errors to keep this file laying around for too long, if you have a look in the other PR I've left you some code that might be useful for you to easily set up local sites as well, hope that helps! #10995 (comment)

I'll close this PR, but thanks for giving it a try! 👍

[jesperweber]

Fair enough.