context: AppIfConfigured returns error; consider not-yet-provisioned modules

context.go

@@ -453,10 +453,32 @@ func (ctx Context) App(name string) (any, error) {
  return modVal, nil
 }
 
+// AppStrict is like App, but it returns an error if the app
+// has not been configured. This is useful when the app is
+// required and its absence is a configuration error.
+func (ctx Context) AppStrict(name string) (any, error) {
+ if app, ok := ctx.cfg.apps[name]; ok {
+ return app, nil
+ }
+ appRaw := ctx.cfg.AppsRaw[name]
+ if appRaw == nil {
+ return nil, fmt.Errorf("app module %s is not configured", name)
+ }
+ return ctx.App(name)
+}
+
 // AppIfConfigured returns an app by its name if it has been
-// configured. Can be called instead of App() to avoid
-// instantiating an empty app when that's not desirable. If
-// the app has not been loaded, nil is returned.
+// configured and provisioned. Can be called instead of App()
+// to avoid instantiating an empty app when that's not desirable.
+// If the app has not been loaded, nil is returned.
+//
+// Since this method does not return the app if it has not been
+// provisioned, this could be misleading if the provisioning order
+// caused the app to not be provisioned yet. This could return
+// nil even if the app is configured, but not yet provisioned.
+// In that case, the caller should probably use AppStrict() instead
+// to ensure the app is provisioned, and no app will be instantiated
+// if it is not configured.
 //
 // We return any type instead of the App type because it is not
 // intended for the caller of this method to be the one to start

modules/caddypki/adminapi.go

@@ -50,8 +50,11 @@ func (a *adminAPI) Provision(ctx caddy.Context) error {
  a.ctx = ctx
  a.log = ctx.Logger(a) // TODO: passing in 'a' is a hack until the admin API is officially extensible (see #5032)
 
- // Avoid initializing PKI if it wasn't configured
- if pkiApp := a.ctx.AppIfConfigured("pki"); pkiApp != nil {
+ // Avoid initializing PKI if it wasn't configured.
+ // We intentionally ignore the error since it's not
+ // fatal if the PKI app is not explicitly configured.
+ pkiApp, err := ctx.AppStrict("pki")
+ if err == nil {
  a.pkiApp = pkiApp.(*PKI)
  }
 

modules/caddytls/capools.go

@@ -188,9 +188,9 @@ func (PKIRootCAPool) CaddyModule() caddy.ModuleInfo {
 
 // Loads the PKI app and load the root certificates into the certificate pool
 func (p *PKIRootCAPool) Provision(ctx caddy.Context) error {
- pkiApp := ctx.AppIfConfigured("pki")
- if pkiApp == nil {
- return fmt.Errorf("PKI app not configured")
+ pkiApp, err := ctx.AppStrict("pki")
+ if err != nil {
+ return fmt.Errorf("pki_root CA pool requires that a PKI app is configured: %v", err)
  }
  pki := pkiApp.(*caddypki.PKI)
  for _, caID := range p.Authority {
@@ -260,9 +260,9 @@ func (PKIIntermediateCAPool) CaddyModule() caddy.ModuleInfo {
 
 // Loads the PKI app and load the intermediate certificates into the certificate pool
 func (p *PKIIntermediateCAPool) Provision(ctx caddy.Context) error {
- pkiApp := ctx.AppIfConfigured("pki")
- if pkiApp == nil {
- return fmt.Errorf("PKI app not configured")
+ pkiApp, err := ctx.AppStrict("pki")
+ if err != nil {
+ return fmt.Errorf("pki_intermediate CA pool requires that a PKI app is configured: %v", err)
  }
  pki := pkiApp.(*caddypki.PKI)
  for _, caID := range p.Authority {