app/matrix: make cas deployment configurable

This is an alternative to https://gerrit.hackerspace.pl/509 that was reverted in https://gerrit.hackerspace.pl/541 . This has already been deployed. Change-Id: I7d54943c970804cac910e0e15201d1c3fa337489
2020-11-10 22:07:30 +01:00 · 2020-11-10 22:07:30 +01:00 · 8483d37581
parent 9e5a8b8520
commit 8483d37581
2 changed files with 23 additions and 2 deletions
--- a/app/matrix/lib/matrix.libsonnet
+++ b/app/matrix/lib/matrix.libsonnet
@ -54,6 +54,15 @@ local postgres = import "../../../kube/postgres.libsonnet";
        cas: {
            # whether to enable the CAS proxy (ie. connect to hswaw sso via OAuth)
            enable: false,
+            # generate client ID and secret in with your OAuth2 provider, refer to https://www.oauth.com/oauth2-servers/client-registration/client-id-secret/
+            oauth2: {
+                clientID:       error "cas.oauth2.clientID must be set",
+                clientSecret:   error "cas.oauth2.clientSecret must be set",
+                scope:          error "cas.oauth2.scope must be set",
+                authorizeURL:   error "cas.oauth2.authorizeURL must be set",
+                tokenURL:       error "cas.oauth2.tokenURL must be set",
+                userinfoURL:    error "cas.oauth2.userinfoURL must be set",
+            },
        },
    },

@ -138,8 +147,12 @@ local postgres = import "../../../kube/postgres.libsonnet";
                            env_: {
                                BASE_URL: "https://%s" % [cfg.webDomain],
                                SERVICE_URL: "https://%s" % [cfg.webDomain],
-                                OAUTH2_CLIENT: "matrix",
-                                OAUTH2_SECRET: { secretKeyRef: { name: "oauth2-cas-proxy", key: "oauth2_secret" } },
+                                OAUTH2_CLIENT: cfg.cas.oauth2.clientID,
+                                OAUTH2_SECRET: cfg.cas.oauth2.clientSecret,
+                                OAUTH2_SCOPE: cfg.cas.oauth2.scope,
+                                OAUTH2_AUTHORIZE: cfg.cas.oauth2.authorizeURL,
+                                OAUTH2_TOKEN: cfg.cas.oauth2.tokenURL,
+                                OAUTH2_USERINFO: cfg.cas.oauth2.userinfoURL,
                            },
                        },
                    },
--- a/app/matrix/matrix.hackerspace.pl.jsonnet
+++ b/app/matrix/matrix.hackerspace.pl.jsonnet
@ -11,6 +11,14 @@ matrix {
        serverName: "hackerspace.pl",
        cas: {
            enable: true,
+            oauth2: {
+                clientID: "matrix",
+                clientSecret: { secretKeyRef: { name: "oauth2-cas-proxy", key: "oauth2_secret" } },
+                scope: "profile:read",
+                authorizeURL: "https://sso.hackerspace.pl/oauth/authorize",
+                tokenURL: "https://sso.hackerspace.pl/oauth/token",
+                userinfoURL: "https://sso.hackerspace.pl/api/1/profile",
+            },
        },
    },