Update documentation that mentions active CMI directory. active was removed.

+++ b/sites/default/default.settings.php
@@ -229,10 +229,10 @@
+ * The default location for the staging directory is inside a randomly-named
+ * directory in the public files path; this setting allows you to override
+ * these locations. If you use files for the active configuration, you can

In the 3rd line here,

these locations => this location

Also... there is more in default.settings.php about the active directory, like:

 * directories used for configuration data. On install, "active" and "staging"
 * directories are created for configuration. The staging directory is used for

Apparently this is incorrect now about "active" being created.

Also in the section about active configuration settings, I think an additional step needs to be put there that will somehow make a directory for the active configuration, if Core isn't going to do it, right?

 * By default, the active configuration is stored in the database in the
 * {config} table. To use a different storage mechanism for the active
 * configuration, do the following prior to installing:
 * - Override the 'bootstrap_config_storage' setting here. It must be set to a
 *   callable that returns an object that implements
 *   \Drupal\Core\Config\StorageInterface.
 * - Override the service definition 'config.storage.active'. Put this
 *   override in a services.yml file in the same directory as settings.php
 *   (definitions in this file will override service definition defaults).
 */

Overall this is very good. I just have punctuation nits.

+++ b/sites/default/default.settings.php
@@ -223,16 +223,16 @@
+ * directories used for configuration data. On install, the "sync" directory is
+ * created, this is used for configuration imports; the active directory is not

What about:

On install, the "sync" directory is created. This is used for configuration imports. The active directory...

+++ b/sites/default/default.settings.php
@@ -223,16 +223,16 @@
+ * the database rather than the file system (this can be changed; see "Active
+ * configuration settings" below).

What about:

(This can be changed. See "Active configuration settings" below).

+++ b/sites/default/default.settings.php
@@ -223,16 +223,16 @@
+ * directory in the public files path; this setting allows you to override

What about:

directory in the public files path. This setting allows...

Agreed with #9. Much better punctuation indeed.

One more thought:

+++ b/sites/default/default.settings.php
@@ -556,6 +556,8 @@
+ *   $config_directories with the array key CONFIG_ACTIVE_DIRECTORY.

So here we're talking about CONFIG_ACTIVE_DIRECTORY but up above we're talking about 'active' and 'sync' [well, active has been removed, but you know what I mean].

I think we should probably just say the array key is 'active' here, or else we should use a constant for the sync directory above?

Done as suggested in #9.

What about #10?

In sites/default/default.settings.php we also have:

* Example:
* @code
*   $config_directories = array(
*     CONFIG_SYNC_DIRECTORY => '/another/directory/outside/webroot',                                                                
*   );
* @endcode
*/

So we already demonstrate the use of a constant for the sync directory. Isn't the recommendation instead would be to suggest one method over the other? E.g.

$config_directories['active'] = '/path/to/active';

Instead of:

$config_directories = array(
  CONFIG_ACTIVE_DIRECTORY => '/path/to/active',                                                                
);

No opinion, really. Rather asking :-)

I don't care which way we go with this, but we are doing both now... Where is CONFIG_ACTIVE_DIRECTORY defined anyway, and would it actually be loaded before settings.php???

It's defined in core/includes/bootstrap.inc so IIUC really early.

const CONFIG_ACTIVE_DIRECTORY = 'active';

Going with 'active' to try and be consistent.

It's looking fairly good, but I think it still needs some work:

1. +++ b/sites/default/default.settings.php
   @@ -223,16 +223,16 @@
   + * the database rather than the file system (This can be changed. See "Active
   + * configuration settings" below).
   

   The punctuation/caps in these lines are wrong.

   Should be:

   ... the file system. (This can ...
   ... below.)

2. +++ b/sites/default/default.settings.php
   @@ -223,16 +223,16 @@
   + * The default location for the sync directory is inside a randomly-named
   + * directory in the public files path. This setting allows you to override
   + * this location. If you use files for the active configuration, you can
   + * enhance security by putting the active configuration outside your
     * document root.
   

   This is kind of confusing.

   It says "this setting allows you to override this location". After reading the first sentence, "this location" is only referring to the sync location.

   Then the last sentence starts talking about the active location, which isn't covered by the first two sentences, so it doesn't make sense in context.

   So does this setting affect active at all? If it does, it needs to be explained better. I think maybe it's where you record the directory you created manually, but if so it's quite different from what sync does (provide an override for where the directory is created).

   Also... if you put an override here for sync, do you also have to create the directory yourself or will it be created in the location you specified during install? This is not clarified by the wording here.

3. +++ b/sites/default/default.settings.php
   @@ -580,6 +580,8 @@
   + * - Create a folder for the active directory and define the path in
   + *   $config_directories with the array key 'active'.
   

   You're not *defining* the path in $config_directories, you are more like recording it or telling the config system about it?

   Also I think we normally call it "directory" not "folder" in our docs, right? Let's keep the terminology consistent.

   And you might point out that the $config_directories setting is a ways above in the file. It's around line 200 and this is line 500 so they are pretty far apart, and it might not be obvious that you need to scroll back up and find it.

#17 - Makes total sense. It's all about the details.

1. Fixed.
2. Hopefully I've improved the wording to clarify that bit?
3. I wasn't shocked by 'define' myself but suggested 'declare' instead. Reads better now?
4. Fixed.
5. Fixed.

I've also wrapped "sync" and "active" in double quotes to be consistent everywhere in settings.php while still be able to refer to the active configuration (without quotes) which has nothing to do with the "active" directory. Let me know if single quotes are preferred?

Better, thanks! I still think it needs some work though:

1. +++ b/sites/default/default.settings.php
   @@ -223,17 +223,17 @@
   + * The default location for the "sync" and "active" directories is inside a
   + * randomly-named directory in the public files path. The below setting allows
   

   Hm. Still not sure there is a "default location" for "active"?

2. +++ b/sites/default/default.settings.php
   @@ -223,17 +223,17 @@
   + * randomly-named directory in the public files path. The below setting allows
   

   below setting => setting below

3. +++ b/sites/default/default.settings.php
   @@ -223,17 +223,17 @@
   + * configuration, you can enhance security by putting the active configuration
   + * outside your document root with CONFIG_ACTIVE_DIRECTORY.
   

   I think this would be clearer if it said:

   ... outside your document root. Tell the system where this directory is by adding an entry with array key CONFIG_ACTIVE_DIRECTORY to this setting.

   As it is... still confusing I think, because it's confusing the part about where to make this directory with how to tell Drupal about it.

   Also... really I would put the sentence about enhancing security into the Active Configuration Settings section where it tells you to create this directory -- that seems like the logical place to say "And by the way you should put it outside your document root", not here? This section should only be about telling Drupal where you created the directory, I think.

4. +++ b/sites/default/default.settings.php
   @@ -580,6 +580,10 @@
   + * - Create an "active" directory and declare its path in $config_directories
   

   See here it says I need to create the active directory, so from this I think there is no "default location" for this directory. It seems like Drupal won't know where it is unless I tell it where it is, right? And it seems I need to create it manually, so there is no default location, right?

   And here is where I would put the part about putting this outside your document root for security.

   Unless this bullet point is wrong...

#19

1. Fixed.
2. Fixed.
3. Tentatively fixed.

4. The way I understand it, "active" being deprecated it's on the developer to create it and give it their preferred location in settings.php - So no, no default location in that it doesn't exist, well, by default. Note the CONFIG_SYNC_DIRECTORY value that only mentions a path outside of the Drupal docroot because its default location is normally under config_HASH

Drupal will alert you on the reports page if there's a configuration directory defined in settings.php that does not exist on the file system. I also can't think of a use case where customers will want to use "active" for the current configuration unless it's for development purposes, e.g. with config_devel or to define a different storage mechanism than the Drupal {{config}} table.

I've changed the following key|value to be more sensible since we only have one default CMI dir by default: CONFIG_SYNC_DIRECTORY => '/directory/outside/webroot', (dropped "some" too) - To give more context, here's how it was before "active" got removed completely:

 * Example:
 * @code
 *   $config_directories = array(
 *     CONFIG_ACTIVE_DIRECTORY => '/some/directory/outside/webroot',                                                                     
 *     CONFIG_STAGING_DIRECTORY => '/another/directory/outside/webroot',
 *   );
 * @endcode
 */

EDIT: extra whitespace on line 237 in the patch will be fixed with the next patch.

It does not really enhance security to put the *sync* directory outside the doc root. Only the active directory, as was stated in earlier patches. So I go back to what I said in my earlier review... I think we should put this note in the lower section that says to create this active directory. Right?

And yes, the extra space. ;)

The rest looks good though. Thanks!

Meanwhile removing whitespace.

#22 I think it does improve security because it means we're putting the "sync" directory in a location that is not virtually accessible to the world.

Regardless, tried to address your concerns with this patch.

Srly. Without white space. Same interdiff as previously.

This seems good to me. Thanks!

Removing random tag. Adding RC eligible tag, as this is just documentation in the default settings.php file.

Excellent work! Thanks for cleaning this up. Committed and pushed to 8.0.x.