Adds scripts and charts updates that enable MAS deployments

Signed-off-by: Milton Moura <[email protected]>

charts/matrix-meetings-bot/files/shell-tools/create_bot_account_mas.sh

@@ -0,0 +1,43 @@
+#/bin/sh
+set -x;
+
+while [ $(curl -k -sw '%{http_code}' "$HOMESERVER" -o /dev/null) -ne 302 ]; do
+  sleep 1;
+done
+
+# Get Static Client Access Token
+ACCESS_TOKEN=$(curl -k -s \
+  -u "$MAS_CLIENT_ID:$MAS_CLIENT_SECRET" \
+  -d "grant_type=client_credentials&scope=urn:mas:admin" \
+  $MAS_URL/oauth2/token | grep -o '"access_token":"[^"]*"' | sed 's/"access_token":"\([^"]*\)"/\1/')
+
+echo "Bot User:\t$USERTOCREATE"
+
+# Create User
+USER_ID=$(curl -X POST -k -s \
+  -d "{\"username\": \"$USERTOCREATE\"}" \
+  -H "Content-Type: application/json" \
+  -H "Authorization: Bearer $ACCESS_TOKEN" \
+  $MAS_URL/api/admin/v1/users | grep -o '"id":"[^"]*"' | sed 's/"id":"\([^"]*\)"/\1/')
+
+if [ -n "$USER_ID" ] && [ "$USER_ID" != "null" ]; then
+  echo "Bot User ID:\t$USER_ID"
+else
+  echo "Error or user $USERTOCREATE already exists."
+  return 1
+fi
+
+export USER_ID
+
+# Set Password
+SET_PASSWORD_RESPONSE=$(curl -X POST -k -s \
+  -d "{\"password\": \"$BOT_PASSWORD\", \"skip_password_check\": true}" \
+  -H "Content-Type: application/json" \
+  -H "Authorization: Bearer $ACCESS_TOKEN" \
+  $MAS_URL/api/admin/v1/users/$USER_ID/set-password)
+
+if [ -z "$SET_PASSWORD_RESPONSE" ]; then
+  echo "Set-Password:\tsuccess"
+else
+  echo "Set-Password:\t$SET_PASSWORD_RESPONSE"
+fi

charts/matrix-meetings-bot/files/shell-tools/get_meetings_bot_token_mas.sh

@@ -0,0 +1,32 @@
+#/bin/sh
+
+# Get Static Client Access Token
+ACCESS_TOKEN=$(curl -k -s \
+  -u "$MAS_CLIENT_ID:$MAS_CLIENT_SECRET" \
+  -d "grant_type=client_credentials&scope=urn:mas:admin urn:mas:graphql:*" \
+  $MAS_URL/oauth2/token | grep -o '"access_token":"[^"]*"' | sed 's/"access_token":"\([^"]*\)"/\1/')
+
+# Get Persistent Token
+TOKEN_RESPONSE=$(curl -X POST -k -s \
+  -H "Content-Type: application/json" \
+  -H "Authorization: Bearer $ACCESS_TOKEN" \
+  -d "{ \
+    \"query\": \"mutation CreateSession(\$userId: String!, \$scope: String!) { createOauth2Session(input: {userId: \$userId, permanent: true, scope: \$scope}) { accessToken refreshToken } }\", \
+    \"variables\": { \
+        \"userId\": \"user:$USER_ID\", \
+        \"scope\": \"urn:matrix:org.matrix.msc2967.client:api:*\" \
+    } \
+  }" \
+  $MAS_URL/graphql)
+
+PERSISTENT_TOKEN=$(echo "$TOKEN_RESPONSE" | grep -o '"accessToken":"[^"]*"' | sed 's/"accessToken":"\([^"]*\)"/\1/')
+
+if [ -n "$PERSISTENT_TOKEN" ] && [ "$PERSISTENT_TOKEN" != "null" ]; then
+  echo "Persistent Token: $PERSISTENT_TOKEN"
+else
+  echo "Unable to get a Persistent Token for $USERTOCREATE."
+  exit 1
+fi
+
+# Add it to the env file so it can be used by the bot
+echo "ACCESS_TOKEN=$PERSISTENT_TOKEN" > /work-dir/.env

charts/matrix-meetings-bot/files/shell-tools/set_ratelimit_bot_db.sh

@@ -2,10 +2,10 @@
 
 USER=$(psql  -X -A -w -t   -c "select user_id from ratelimit_override where user_id='@$USERTOCREATE:$SERVER'")
 if [ "$USER" = 400 ]; then
-    echo "Limit is already set" 
+    echo "Limit is already set"
     exit 0
 else
-psql -X -A -w -t   -c "insert into ratelimit_override values ('@$USERTOCREATE:$SERVER', 0, 0)"
+psql -X -A -w -t -c "insert into ratelimit_override values ('@$USERTOCREATE:$SERVER', 0, 0)"
 fi
 exit 0
 

charts/matrix-meetings-bot/templates/configmap.yaml

@@ -2,10 +2,15 @@ kind: ConfigMap
 apiVersion: v1
 metadata:
   name: {{ include "matrix-meetings-bot.fullname" . }}-sh-tools
-data: 
+data:
+{{- if .Values.init.masAuth.enabled }}
+{{ tpl (.Files.Glob "files/shell-tools/create_bot_account_mas.sh").AsConfig . | indent 2 }}
+{{ tpl (.Files.Glob "files/shell-tools/get_meetings_bot_token_mas.sh").AsConfig . | indent 2 }}
+{{- else }}
 {{ tpl (.Files.Glob "files/shell-tools/create_bot_account.sh").AsConfig . | indent 2 }}
-{{ tpl (.Files.Glob "files/shell-tools/set_ratelimit_bot_db.sh").AsConfig . | indent 2 }}
 {{ tpl (.Files.Glob "files/shell-tools/get_meetings_bot_token.sh").AsConfig . | indent 2 }}
+{{- end }}
+{{ tpl (.Files.Glob "files/shell-tools/set_ratelimit_bot_db.sh").AsConfig . | indent 2 }}
 ---
 apiVersion: v1
 kind: ConfigMap
@@ -22,4 +27,3 @@ data:
   default_widget_layouts.json: |
     {{- .Values.settings.config.defaultWidgetLayoutsConfig | nindent 4 -}}
   {{- end }}
-

charts/matrix-meetings-bot/templates/deployment.yaml

@@ -33,6 +33,17 @@ spec:
         - name: createbotuser
           image: {{ .Values.init.synapse.image }}
           env:
+          {{- if .Values.init.masAuth.enabled }}
+            - name: MAS_URL
+              value: {{ .Values.init.masUrl }}
+            - name: MAS_CLIENT_ID
+              value: {{ .Values.init.masClientId }}
+            - name: MAS_CLIENT_SECRET
+              valueFrom:
+                secretKeyRef:
+                  name: mas-credentials
+                  key: client_secret
+          {{- end }}
             - name: USERTOCREATE
               value: "{{ .Values.init.username }}"
             - name: HOMESERVER
@@ -42,10 +53,17 @@ spec:
                 secretKeyRef:
                   name: meetings-bot-credentials
                   key: password
+          {{- if .Values.init.masAuth.enabled }}
+          command:
+            - sh
+            - /scripts/create_bot_account_mas.sh
+            - secret
+          {{- else }}
           command:
             - sh
             - /scripts/create_bot_account.sh
             - secret
+          {{- end }}
           volumeMounts:
             - name: synapse-config
               mountPath: /data/homeserver.yaml
@@ -96,17 +114,34 @@ spec:
         {{- end }}
         {{- if .Values.init.getFreshDeviceToken.enabled }}
         - name: getbottoken
-          image: {{ .Values.init.postgresClient.image }}
+          image: {{ .Values.init.synape.image }}
+          {{- if .Values.init.masAuth.enabled }}
+          command:
+            - sh
+            - /scripts/get_meetings_bot_token_mas.sh
+          {{- else }}
           command:
             - sh
             - -x
             - /scripts/get_meetings_bot_token.sh
+          {{- end }}
           volumeMounts:
             - name: workdir
               mountPath: "/work-dir"
             - name: shell-tools
               mountPath: /scripts
           env:
+          {{- if .Values.init.masAuth.enabled }}
+            - name: MAS_URL
+              value: {{ .Values.init.masUrl }}
+            - name: MAS_CLIENT_ID
+              value: {{ .Values.init.masClientId }}
+            - name: MAS_CLIENT_SECRET
+              valueFrom:
+                secretKeyRef:
+                  name: mas-credentials
+                  key: client_secret
+          {{- end }}
             - name: USERTOCREATE
               value: "{{ .Values.init.username }}"
             - name: HOMESERVER

charts/matrix-meetings-bot/values.yaml

@@ -126,10 +126,19 @@ init:
   username: bot-user
 
   synapse:
-    image: matrixdotorg/synapse:v1.55.2
+    image: matrixdotorg/synapse:v1.98.0
 
   postgresClient:
-    image: docker.io/bitnami/postgresql:11.12.0-debian-10-r44 
+    image: docker.io/bitnami/postgresql:11.12.0-debian-10-r44
+
+  masAuth:
+    enabled: false
+
+  masUrl:
+    url: 'https://mas.matrix.org'
+
+  masClientId:
+    clientId: 'mas-client-id'
 
   createUserAccount:
     enabled: false

docs/configuration.md

@@ -166,7 +166,7 @@ The following content is available:
 - `base32_room_id50`: the base32 encoded room id with max character limit of 50 as needed for Etherpad.
 - `title`: the title of the meeting (=the room name).
 - `uuid`: a random UUID.
-- `encodeURIComponent()`: a function to encode any value to make it URL-safe  
+- `encodeURIComponent()`: a function to encode any value to make it URL-safe
   Usage: `{{#encodeURIComponent}}my-text{{/encodeURIComponent}}`
 
 ##### Content