fix(matrix-authentication-service): first usable release

2024-03-11 22:50:34 +01:00 · 2024-03-11 22:50:34 +01:00 · 1e4f49c896
commit 1e4f49c896
parent f96cd62c47
5 changed files with 148 additions and 53 deletions
--- a/matrix-authentication-service/Chart.yaml
+++ b/matrix-authentication-service/Chart.yaml
@ -4,7 +4,7 @@ name: matrix-authentication-service
 description: OAuth2.0 + OpenID Provider for Matrix Homeservers (per MSC3861)
 icon: https://matrix.org/images/matrix-logo.svg
 type: application
-version: 0.0.1
+version: 0.0.2
 # renovate: image=ghcr.io/matrix-org/matrix-authentication-service
 appVersion: "0.8.0"
 maintainers:
--- a/matrix-authentication-service/README.adoc
+++ b/matrix-authentication-service/README.adoc
@ -2,7 +2,7 @@
 = matrix-authentication-service
-image::https://img.shields.io/badge/Version-0.0.1-informational?style=flat-square[Version: 0.0.1]
+image::https://img.shields.io/badge/Version-0.0.2-informational?style=flat-square[Version: 0.0.2]
 image::https://img.shields.io/badge/Version-application-informational?style=flat-square[Type: application]
 image::https://img.shields.io/badge/AppVersion-0.8.0-informational?style=flat-square[AppVersion: 0.8.0]
 == Maintainers
@ -237,14 +237,9 @@ helm uninstall matrix-authentication-service-release
 | `"/usr/local/share/mas-cli/assets/"`
 |
-| config.http.listeners[1].binds[0].host
+| config.http.listeners[1].binds[0].address
 | string
-| `"localhost"`
+| `"[::]:8081"`
 |
 | config.http.listeners[1].binds[0].port
 | int
 | `8081`
 |
 | config.http.listeners[1].name
@ -252,11 +247,6 @@ helm uninstall matrix-authentication-service-release
 | `"internal"`
 |
 | config.http.listeners[1].proxy_protocol
 | bool
 | `false`
 |
 | config.http.listeners[1].resources[0].name
 | string
 | `"health"`
@ -274,7 +264,7 @@ helm uninstall matrix-authentication-service-release
 | config.http.listeners[2].resources[0].name
 | string
-| `"metrics"`
+| `"prometheus"`
 |
 | config.http.public_base
@ -379,7 +369,7 @@ helm uninstall matrix-authentication-service-release
 | config.secrets.encryption
 | string
-| `"5d3e33fa3c297d77b4c587cfc12b9adc03afe57ff36783fceceef2c0c1ba757d"`
+| `nil`
 |
 | config.secrets.keys
@ -484,35 +474,50 @@ helm uninstall matrix-authentication-service-release
 | ingress.hosts[0].host
 | string
-| `"chart-example.local"`
+| `"auth.matrix.chart-example.local"`
 |
 | ingress.hosts[0].paths[0].path
 | string
-| `"/_matrix/client/v3/login"`
+| `"/l"`
 |
 | ingress.hosts[0].paths[0].pathType
 | string
 | `"Prefix"`
 |
 | ingress.hosts[1].host
 | string
 | `"matrix.chart-example.local"`
 |
 | ingress.hosts[1].paths[0].path
 | string
 | `"/_matrix/client/v3/login"`
 |
 | ingress.hosts[1].paths[0].pathType
 | string
 | `"Exact"`
 |
-| ingress.hosts[0].paths[1].path
+| ingress.hosts[1].paths[1].path
 | string
 | `"/_matrix/client/v3/logout"`
 |
-| ingress.hosts[0].paths[1].pathType
+| ingress.hosts[1].paths[1].pathType
 | string
 | `"Exact"`
 |
-| ingress.hosts[0].paths[2].path
+| ingress.hosts[1].paths[2].path
 | string
 | `"/_matrix/client/v3/refresh"`
 |
-| ingress.hosts[0].paths[2].pathType
+| ingress.hosts[1].paths[2].pathType
 | string
 | `"Exact"`
 |
@ -656,7 +661,7 @@ helm uninstall matrix-authentication-service-release
 Autogenerated from chart metadata using https://github.com/norwoodj/helm-docs[helm-docs]
 = matrix-authentication-service
-image::https://img.shields.io/badge/Version-0.0.1-informational?style=flat-square[Version: 0.0.1]
+image::https://img.shields.io/badge/Version-0.0.2-informational?style=flat-square[Version: 0.0.2]
 image::https://img.shields.io/badge/Version-application-informational?style=flat-square[Type: application]
 image::https://img.shields.io/badge/AppVersion-0.8.0-informational?style=flat-square[AppVersion: 0.8.0]
@ -869,14 +874,9 @@ OAuth2.0 + OpenID Provider for Matrix Homeservers (per MSC3861)
 | `"/usr/local/share/mas-cli/assets/"`
 |
-| config.http.listeners[1].binds[0].host
+| config.http.listeners[1].binds[0].address
 | string
-| `"localhost"`
+| `"[::]:8081"`
 |
 | config.http.listeners[1].binds[0].port
 | int
 | `8081`
 |
 | config.http.listeners[1].name
@ -884,11 +884,6 @@ OAuth2.0 + OpenID Provider for Matrix Homeservers (per MSC3861)
 | `"internal"`
 |
 | config.http.listeners[1].proxy_protocol
 | bool
 | `false`
 |
 | config.http.listeners[1].resources[0].name
 | string
 | `"health"`
@ -906,7 +901,7 @@ OAuth2.0 + OpenID Provider for Matrix Homeservers (per MSC3861)
 | config.http.listeners[2].resources[0].name
 | string
-| `"metrics"`
+| `"prometheus"`
 |
 | config.http.public_base
@ -1011,7 +1006,7 @@ OAuth2.0 + OpenID Provider for Matrix Homeservers (per MSC3861)
 | config.secrets.encryption
 | string
-| `"5d3e33fa3c297d77b4c587cfc12b9adc03afe57ff36783fceceef2c0c1ba757d"`
+| `nil`
 |
 | config.secrets.keys
@ -1116,35 +1111,50 @@ OAuth2.0 + OpenID Provider for Matrix Homeservers (per MSC3861)
 | ingress.hosts[0].host
 | string
-| `"chart-example.local"`
+| `"auth.matrix.chart-example.local"`
 |
 | ingress.hosts[0].paths[0].path
 | string
-| `"/_matrix/client/v3/login"`
+| `"/l"`
 |
 | ingress.hosts[0].paths[0].pathType
 | string
 | `"Prefix"`
 |
 | ingress.hosts[1].host
 | string
 | `"matrix.chart-example.local"`
 |
 | ingress.hosts[1].paths[0].path
 | string
 | `"/_matrix/client/v3/login"`
 |
 | ingress.hosts[1].paths[0].pathType
 | string
 | `"Exact"`
 |
-| ingress.hosts[0].paths[1].path
+| ingress.hosts[1].paths[1].path
 | string
 | `"/_matrix/client/v3/logout"`
 |
-| ingress.hosts[0].paths[1].pathType
+| ingress.hosts[1].paths[1].pathType
 | string
 | `"Exact"`
 |
-| ingress.hosts[0].paths[2].path
+| ingress.hosts[1].paths[2].path
 | string
 | `"/_matrix/client/v3/refresh"`
 |
-| ingress.hosts[0].paths[2].pathType
+| ingress.hosts[1].paths[2].pathType
 | string
 | `"Exact"`
 |
--- a/matrix-authentication-service/templates/deployment.yaml
+++ b/matrix-authentication-service/templates/deployment.yaml
@ -31,6 +31,55 @@ spec:
      serviceAccountName: {{ include "matrix-authentication-service.serviceAccountName" . }}
      securityContext:
        {{- toYaml .Values.podSecurityContext | nindent 8 }}
      initContainers:
        - name: database-migrate
          securityContext:
            {{- toYaml .Values.securityContext | nindent 12 }}
          {{- with .Values.image }}
          image: "{{ coalesce $.Values.global.image.registry .registry }}/{{ .repository }}:{{ .tag | default $.Chart.AppVersion }}"
          imagePullPolicy: {{ coalesce $.Values.global.image.pullPolicy .pullPolicy }}
          {{- end }}
          env:
            - name: "MAS_CONFIG"
              value: "/etc/mas-config.yaml"
          command:
            - /usr/local/bin/mas-cli
            - database
            - migrate
          resources:
            {{- toYaml .Values.resources | nindent 12 }}
          volumeMounts:
            - name: config
              mountPath: "/etc/mas-config.yaml"
              subPath: "mas-config.yaml"
              readOnly: true
            {{- with .Values.volumeMounts }}
            {{- toYaml . | nindent 12 }}
            {{- end }}
        - name: config-sync
          securityContext:
            {{- toYaml .Values.securityContext | nindent 12 }}
          {{- with .Values.image }}
          image: "{{ coalesce $.Values.global.image.registry .registry }}/{{ .repository }}:{{ .tag | default $.Chart.AppVersion }}"
          imagePullPolicy: {{ coalesce $.Values.global.image.pullPolicy .pullPolicy }}
          {{- end }}
          env:
            - name: "MAS_CONFIG"
              value: "/etc/mas-config.yaml"
          command:
            - /usr/local/bin/mas-cli
            - config
            - sync
          resources:
            {{- toYaml .Values.resources | nindent 12 }}
          volumeMounts:
            - name: config
              mountPath: "/etc/mas-config.yaml"
              subPath: "mas-config.yaml"
              readOnly: true
            {{- with .Values.volumeMounts }}
            {{- toYaml . | nindent 12 }}
            {{- end }}
      containers:
        - name: {{ .Chart.Name }}
          securityContext:
@ -60,8 +109,8 @@ spec:
            {{- toYaml .Values.resources | nindent 12 }}
          volumeMounts:
            - name: config
-              mountPath: "/etc"
+              mountPath: "/etc/mas-config.yaml"
-              subPath: "/etc/mas-config.yaml"
+              subPath: "mas-config.yaml"
              readOnly: true
            {{- with .Values.volumeMounts }}
            {{- toYaml . | nindent 12 }}
--- a/matrix-authentication-service/templates/secrets.yaml
+++ b/matrix-authentication-service/templates/secrets.yaml
@ -6,5 +6,38 @@ metadata:
  labels:
    {{- include "matrix-authentication-service.labels" . | nindent 4 }}
 data:
  {{- $mergeObj := dict }}
  {{- $currentData := lookup "v1" "Secret" .Release.Namespace $secretName }}
  {{- if not .Values.config.secrets.encryption }}
  {{- $secretEncrpytion := (dig "data" "secret_encryption" "" $currentData | b64dec) | default (randAscii 64 | sha256sum) }}
  secret_encryption: {{ $secretEncrpytion | b64enc }}
  {{- $mergeObj = mergeOverwrite $mergeObj ( dict 
    "secrets" (dict
      "encryption" $secretEncrpytion
    )
  ) }}
  {{- end }}
  {{- if not .Values.config.secrets.keys }}
  {{- $keyRSA := (dig "data"  "key_rsa" "" $currentData | b64dec) | default (genPrivateKey "rsa") }}
  {{- $keyECDSA := (dig "data" "key_ecdsa" "" $currentData | b64dec) | default (genPrivateKey "ecdsa") }}
  key_rsa: {{ $keyRSA | b64enc }}
  key_ecdsa: {{ $keyECDSA | b64enc }}
  {{- $mergeObj = mergeOverwrite $mergeObj ( dict 
    "secrets" (dict
      "keys" (list
        (dict
           "kid" "rsa"
           "key" $keyRSA
        )
        (dict
           "kid" "ecdsa"
           "key" $keyECDSA
        )
      )
    )
  ) }}
  {{- end }}
  config.yaml: |-
-    {{- .Values.config | nindent 4 }}
+    {{ mergeOverwrite .Values.config $mergeObj | toYaml | b64enc }}
--- a/matrix-authentication-service/values.yaml
+++ b/matrix-authentication-service/values.yaml
@ -36,12 +36,10 @@ config:
        resources:
          - name: health
        binds:
-          - host: localhost
+          - address: '[::]:8081'
            port: 8081
        proxy_protocol: false
      - name: metrics
        resources:
-          - name: metrics
+          - name: prometheus
        binds:
          - address: '[::]:9100'
    trusted_proxies:
@ -81,7 +79,7 @@ config:
    reply_to: '"Authentication Service" <root@localhost>'
    transport: blackhole
  secrets:
-    encryption: 5d3e33fa3c297d77b4c587cfc12b9adc03afe57ff36783fceceef2c0c1ba757d
+    encryption:
    keys: []
  passwords:
    enabled: true
@ -157,7 +155,11 @@ ingress:
    # kubernetes.io/ingress.class: nginx
    # kubernetes.io/tls-acme: "true"
  hosts:
-    - host: chart-example.local
+    - host: auth.matrix.chart-example.local
      paths:
        - path: /l
          pathType: Prefix
    - host: matrix.chart-example.local
      paths:
        - path: /_matrix/client/v3/login
          pathType: Exact
@ -168,7 +170,8 @@ ingress:
  tls: []
  #  - secretName: chart-example-tls
  #    hosts:
-  #      - chart-example.local
+  #      - auth.matrix.chart-example.local
  #      - matrix.chart-example.local
 resources: {}
  # We usually recommend not to specify default resources and to leave this as a conscious