From 5ddbccb8c4c1fa843a7873265495bdba0f291624 Mon Sep 17 00:00:00 2001 From: Milton Moura Date: Tue, 10 Dec 2024 15:55:30 -0100 Subject: [PATCH] Adds scripts and charts updates that enable MAS deployments Signed-off-by: Milton Moura --- .../shell-tools/create_bot_account_mas.sh | 43 +++++++++++++++++++ .../shell-tools/get_meetings_bot_token_mas.sh | 32 ++++++++++++++ .../files/shell-tools/set_ratelimit_bot_db.sh | 4 +- .../templates/configmap.yaml | 10 +++-- .../templates/deployment.yaml | 37 +++++++++++++++- charts/matrix-meetings-bot/values.yaml | 13 +++++- docs/configuration.md | 2 +- 7 files changed, 132 insertions(+), 9 deletions(-) create mode 100644 charts/matrix-meetings-bot/files/shell-tools/create_bot_account_mas.sh create mode 100644 charts/matrix-meetings-bot/files/shell-tools/get_meetings_bot_token_mas.sh diff --git a/charts/matrix-meetings-bot/files/shell-tools/create_bot_account_mas.sh b/charts/matrix-meetings-bot/files/shell-tools/create_bot_account_mas.sh new file mode 100644 index 00000000..61141db2 --- /dev/null +++ b/charts/matrix-meetings-bot/files/shell-tools/create_bot_account_mas.sh @@ -0,0 +1,43 @@ +#/bin/sh +set -x; + +while [ $(curl -k -sw '%{http_code}' "$HOMESERVER" -o /dev/null) -ne 302 ]; do + sleep 1; +done + +# Get Static Client Access Token +ACCESS_TOKEN=$(curl -k -s \ + -u "$MAS_CLIENT_ID:$MAS_CLIENT_SECRET" \ + -d "grant_type=client_credentials&scope=urn:mas:admin" \ + $MAS_URL/oauth2/token | grep -o '"access_token":"[^"]*"' | sed 's/"access_token":"\([^"]*\)"/\1/') + +echo "Bot User:\t$USERTOCREATE" + +# Create User +USER_ID=$(curl -X POST -k -s \ + -d "{\"username\": \"$USERTOCREATE\"}" \ + -H "Content-Type: application/json" \ + -H "Authorization: Bearer $ACCESS_TOKEN" \ + $MAS_URL/api/admin/v1/users | grep -o '"id":"[^"]*"' | sed 's/"id":"\([^"]*\)"/\1/') + +if [ -n "$USER_ID" ] && [ "$USER_ID" != "null" ]; then + echo "Bot User ID:\t$USER_ID" +else + echo "Error or user $USERTOCREATE already exists." + return 1 +fi + +export USER_ID + +# Set Password +SET_PASSWORD_RESPONSE=$(curl -X POST -k -s \ + -d "{\"password\": \"$BOT_PASSWORD\", \"skip_password_check\": true}" \ + -H "Content-Type: application/json" \ + -H "Authorization: Bearer $ACCESS_TOKEN" \ + $MAS_URL/api/admin/v1/users/$USER_ID/set-password) + +if [ -z "$SET_PASSWORD_RESPONSE" ]; then + echo "Set-Password:\tsuccess" +else + echo "Set-Password:\t$SET_PASSWORD_RESPONSE" +fi diff --git a/charts/matrix-meetings-bot/files/shell-tools/get_meetings_bot_token_mas.sh b/charts/matrix-meetings-bot/files/shell-tools/get_meetings_bot_token_mas.sh new file mode 100644 index 00000000..9f29d714 --- /dev/null +++ b/charts/matrix-meetings-bot/files/shell-tools/get_meetings_bot_token_mas.sh @@ -0,0 +1,32 @@ +#/bin/sh + +# Get Static Client Access Token +ACCESS_TOKEN=$(curl -k -s \ + -u "$MAS_CLIENT_ID:$MAS_CLIENT_SECRET" \ + -d "grant_type=client_credentials&scope=urn:mas:admin urn:mas:graphql:*" \ + $MAS_URL/oauth2/token | grep -o '"access_token":"[^"]*"' | sed 's/"access_token":"\([^"]*\)"/\1/') + +# Get Persistent Token +TOKEN_RESPONSE=$(curl -X POST -k -s \ + -H "Content-Type: application/json" \ + -H "Authorization: Bearer $ACCESS_TOKEN" \ + -d "{ \ + \"query\": \"mutation CreateSession(\$userId: String!, \$scope: String!) { createOauth2Session(input: {userId: \$userId, permanent: true, scope: \$scope}) { accessToken refreshToken } }\", \ + \"variables\": { \ + \"userId\": \"user:$USER_ID\", \ + \"scope\": \"urn:matrix:org.matrix.msc2967.client:api:*\" \ + } \ + }" \ + $MAS_URL/graphql) + +PERSISTENT_TOKEN=$(echo "$TOKEN_RESPONSE" | grep -o '"accessToken":"[^"]*"' | sed 's/"accessToken":"\([^"]*\)"/\1/') + +if [ -n "$PERSISTENT_TOKEN" ] && [ "$PERSISTENT_TOKEN" != "null" ]; then + echo "Persistent Token: $PERSISTENT_TOKEN" +else + echo "Unable to get a Persistent Token for $USERTOCREATE." + exit 1 +fi + +# Add it to the env file so it can be used by the bot +echo "ACCESS_TOKEN=$PERSISTENT_TOKEN" > /work-dir/.env diff --git a/charts/matrix-meetings-bot/files/shell-tools/set_ratelimit_bot_db.sh b/charts/matrix-meetings-bot/files/shell-tools/set_ratelimit_bot_db.sh index 7a0f3b84..0b69e038 100644 --- a/charts/matrix-meetings-bot/files/shell-tools/set_ratelimit_bot_db.sh +++ b/charts/matrix-meetings-bot/files/shell-tools/set_ratelimit_bot_db.sh @@ -2,10 +2,10 @@ USER=$(psql -X -A -w -t -c "select user_id from ratelimit_override where user_id='@$USERTOCREATE:$SERVER'") if [ "$USER" = 400 ]; then - echo "Limit is already set" + echo "Limit is already set" exit 0 else -psql -X -A -w -t -c "insert into ratelimit_override values ('@$USERTOCREATE:$SERVER', 0, 0)" +psql -X -A -w -t -c "insert into ratelimit_override values ('@$USERTOCREATE:$SERVER', 0, 0)" fi exit 0 diff --git a/charts/matrix-meetings-bot/templates/configmap.yaml b/charts/matrix-meetings-bot/templates/configmap.yaml index f602b554..86fa4689 100644 --- a/charts/matrix-meetings-bot/templates/configmap.yaml +++ b/charts/matrix-meetings-bot/templates/configmap.yaml @@ -2,10 +2,15 @@ kind: ConfigMap apiVersion: v1 metadata: name: {{ include "matrix-meetings-bot.fullname" . }}-sh-tools -data: +data: +{{- if .Values.init.masAuth.enabled }} +{{ tpl (.Files.Glob "files/shell-tools/create_bot_account_mas.sh").AsConfig . | indent 2 }} +{{ tpl (.Files.Glob "files/shell-tools/get_meetings_bot_token_mas.sh").AsConfig . | indent 2 }} +{{- else }} {{ tpl (.Files.Glob "files/shell-tools/create_bot_account.sh").AsConfig . | indent 2 }} -{{ tpl (.Files.Glob "files/shell-tools/set_ratelimit_bot_db.sh").AsConfig . | indent 2 }} {{ tpl (.Files.Glob "files/shell-tools/get_meetings_bot_token.sh").AsConfig . | indent 2 }} +{{- end }} +{{ tpl (.Files.Glob "files/shell-tools/set_ratelimit_bot_db.sh").AsConfig . | indent 2 }} --- apiVersion: v1 kind: ConfigMap @@ -22,4 +27,3 @@ data: default_widget_layouts.json: | {{- .Values.settings.config.defaultWidgetLayoutsConfig | nindent 4 -}} {{- end }} - diff --git a/charts/matrix-meetings-bot/templates/deployment.yaml b/charts/matrix-meetings-bot/templates/deployment.yaml index 37402533..45cf56aa 100644 --- a/charts/matrix-meetings-bot/templates/deployment.yaml +++ b/charts/matrix-meetings-bot/templates/deployment.yaml @@ -33,6 +33,17 @@ spec: - name: createbotuser image: {{ .Values.init.synapse.image }} env: + {{- if .Values.init.masAuth.enabled }} + - name: MAS_URL + value: {{ .Values.init.masUrl }} + - name: MAS_CLIENT_ID + value: {{ .Values.init.masClientId }} + - name: MAS_CLIENT_SECRET + valueFrom: + secretKeyRef: + name: mas-credentials + key: client_secret + {{- end }} - name: USERTOCREATE value: "{{ .Values.init.username }}" - name: HOMESERVER @@ -42,10 +53,17 @@ spec: secretKeyRef: name: meetings-bot-credentials key: password + {{- if .Values.init.masAuth.enabled }} + command: + - sh + - /scripts/create_bot_account_mas.sh + - secret + {{- else }} command: - sh - /scripts/create_bot_account.sh - secret + {{- end }} volumeMounts: - name: synapse-config mountPath: /data/homeserver.yaml @@ -96,17 +114,34 @@ spec: {{- end }} {{- if .Values.init.getFreshDeviceToken.enabled }} - name: getbottoken - image: {{ .Values.init.postgresClient.image }} + image: {{ .Values.init.synape.image }} + {{- if .Values.init.masAuth.enabled }} + command: + - sh + - /scripts/get_meetings_bot_token_mas.sh + {{- else }} command: - sh - -x - /scripts/get_meetings_bot_token.sh + {{- end }} volumeMounts: - name: workdir mountPath: "/work-dir" - name: shell-tools mountPath: /scripts env: + {{- if .Values.init.masAuth.enabled }} + - name: MAS_URL + value: {{ .Values.init.masUrl }} + - name: MAS_CLIENT_ID + value: {{ .Values.init.masClientId }} + - name: MAS_CLIENT_SECRET + valueFrom: + secretKeyRef: + name: mas-credentials + key: client_secret + {{- end }} - name: USERTOCREATE value: "{{ .Values.init.username }}" - name: HOMESERVER diff --git a/charts/matrix-meetings-bot/values.yaml b/charts/matrix-meetings-bot/values.yaml index 62c0f900..1594f665 100644 --- a/charts/matrix-meetings-bot/values.yaml +++ b/charts/matrix-meetings-bot/values.yaml @@ -126,10 +126,19 @@ init: username: bot-user synapse: - image: matrixdotorg/synapse:v1.55.2 + image: matrixdotorg/synapse:v1.98.0 postgresClient: - image: docker.io/bitnami/postgresql:11.12.0-debian-10-r44 + image: docker.io/bitnami/postgresql:11.12.0-debian-10-r44 + + masAuth: + enabled: false + + masUrl: + url: 'https://mas.matrix.org' + + masClientId: + clientId: 'mas-client-id' createUserAccount: enabled: false diff --git a/docs/configuration.md b/docs/configuration.md index 08c26d42..a9465515 100644 --- a/docs/configuration.md +++ b/docs/configuration.md @@ -166,7 +166,7 @@ The following content is available: - `base32_room_id50`: the base32 encoded room id with max character limit of 50 as needed for Etherpad. - `title`: the title of the meeting (=the room name). - `uuid`: a random UUID. -- `encodeURIComponent()`: a function to encode any value to make it URL-safe +- `encodeURIComponent()`: a function to encode any value to make it URL-safe Usage: `{{#encodeURIComponent}}my-text{{/encodeURIComponent}}` ##### Content