fix template and tests. Fix issues from rebase

canonical · Dec 13, 2024 · 3c0236b · 3c0236b
1 parent 74248fc
commit 3c0236b
Show file tree

Hide file tree

Showing 7 changed files with 68 additions and 40 deletions.
diff --git a/requirements.txt b/requirements.txt
@@ -7,5 +7,5 @@ jsonschema ==4.23.0
 ops ==2.17.1
 psycopg2-binary ==2.9.10
 pydantic ==2.10.3
-requests ==2.32.3
 python-ulid ==3.0.0
+requests ==2.32.3
diff --git a/src/auth/mas.py b/src/auth/mas.py
@@ -162,6 +162,7 @@ def verify_user_email(
 def generate_mas_config(
     mas_configuration: MASConfiguration,
     synapse_configuration: SynapseConfig,
+    oauth_provider_info: typing.Optional[OauthProviderConfig],
     main_unit_address: str,
 ) -> str:
     """Render the MAS configuration file.
@@ -170,6 +171,7 @@ def generate_mas_config(
         mas_configuration: Path of the template to load.
         synapse_configuration: Context needed to render the template.
         main_unit_address: Address of synapse main unit.
+        oauth_provider_info: upstream provider configuration.
 
     Returns:
         str: The rendered MAS configuration.
@@ -189,6 +191,8 @@ def generate_mas_config(
         "enable_password_config": synapse_configuration.enable_password_config,
         "synapse_server_name_config": synapse_configuration.server_name,
         "synapse_main_unit_address": main_unit_address,
+        "upstream_oidc_provider_id": mas_context.upstream_oidc_provider_id,
+        "oauth_provider_info": oauth_provider_info,
     }
     env = Environment(
         loader=FileSystemLoader("./templates"),
@@ -239,3 +243,27 @@ def generate_synapse_msc3861_config(
             "introspection_endpoint": f"{mas_local_address}oauth2/introspect",
         },
     }
+
+
+def generate_oauth_client_config(
+    mas_configuration: MASConfiguration, synapse_configuration: SynapseConfig
+) -> ClientConfig:
+    """Generate the oauth client config.
+
+    Args:
+        mas_configuration: Path of the template to load.
+        synapse_configuration: Context needed to render the template.
+
+    Returns:
+        ClientConfig: Oauth client config.
+    """
+    redirect_uri = (
+        f"{synapse_configuration.public_baseurl}"
+        f"/auth/upstream/callback/{mas_configuration.mas_context.upstream_oidc_provider_id}"
+    )
+    return ClientConfig(
+        redirect_uri=redirect_uri,
+        scope=MAS_OIDC_SCOPE,
+        grant_types=MAS_AUTHORIZATION_GRANT,
+        token_endpoint_auth_method=MAS_TOKEN_ENDPOINT_AUTH_METHOD,
+    )
diff --git a/src/charm.py b/src/charm.py
@@ -25,6 +25,7 @@
     MASRegisterUserFailedError,
     MASVerifyUserEmailFailedError,
     generate_mas_config,
+    generate_oauth_client_config,
     generate_synapse_msc3861_config,
     register_user,
     verify_user_email,
@@ -222,21 +223,24 @@ def reconcile(self, charm_state: CharmState, mas_configuration: MASConfiguration
             return
         self.model.unit.status = ops.MaintenanceStatus("Configuring Synapse")
 
-        oauth_client_config = self._mas.generate_oauth_client_config(
+        oauth_client_config = generate_oauth_client_config(
             mas_configuration, charm_state.synapse_config
         )
+        logger.info('Generated oauth client config: %s', oauth_client_config)
         self._oauth.update_client_config(oauth_client_config)
         oauth_provider_info = None
         if self._oauth.is_client_created():
             oauth_provider_info = self._oauth.get_provider_info()
 
-        rendered_mas_configuration = self._mas.generate_mas_config(
+        logger.info('IS client created: %s', self._oauth.is_client_created())
+
+        rendered_mas_configuration = generate_mas_config(
             mas_configuration,
             charm_state.synapse_config,
             oauth_provider_info,
             self.get_main_unit_address(),
         )
-        synapse_msc3861_configuration = self._mas.generate_synapse_msc3861_config(
+        synapse_msc3861_configuration = generate_synapse_msc3861_config(
             mas_configuration, charm_state.synapse_config
         )
 
@@ -249,12 +253,6 @@ def reconcile(self, charm_state: CharmState, mas_configuration: MASConfiguration
                 container.push(
                     signing_key_path, signing_key_from_secret, make_dirs=True, encoding="utf-8"
                 )
-            rendered_mas_configuration = generate_mas_config(
-                mas_configuration, charm_state.synapse_config, self.get_main_unit_address()
-            )
-            synapse_msc3861_configuration = generate_synapse_msc3861_config(
-                mas_configuration, charm_state.synapse_config
-            )
             # reconcile configuration
             pebble.reconcile(
                 charm_state,

diff --git a/src/pebble.py b/src/pebble.py
@@ -413,6 +413,9 @@ def reconcile(  # noqa: C901
         if charm_state.datasource and is_main:
             logger.info("Synapse Stats Exporter enabled.")
             replan_stats_exporter(container=container, charm_state=charm_state)
+        # Activate MAS on synapse
+        synapse.configure_mas(current_synapse_config, synapse_msc3861_configuration)
+
         config_has_changed = DeepDiff(
             existing_synapse_config,
             current_synapse_config,
@@ -421,9 +424,6 @@ def reconcile(  # noqa: C901
         )
 
         restart_mas(container, rendered_mas_configuration)
-        # Activate MAS on synapse
-        synapse.configure_mas(current_synapse_config, synapse_msc3861_configuration)
-
         if config_has_changed:
             logging.info("Configuration has changed, Synapse will be restarted.")
             logging.debug("The change is: %s", config_has_changed)

diff --git a/synapse_rock/rockcraft.yaml b/synapse_rock/rockcraft.yaml
@@ -201,13 +201,12 @@ parts:
       - NODE_ENV: dev
     override-build: |
       curl -Ls $NODE_URI | tar xzf - -C /usr/ --skip-old-files --no-same-owner --strip-components=1
-      npm --prefix=$CRAFT_PART_BUILD/frontend ci
-      npm --prefix=$CRAFT_PART_BUILD/frontend run build
+      (cd $CRAFT_PART_BUILD/frontend; npm ci; npm run build)
       mkdir -p $CRAFT_PART_INSTALL/mas/share/assets
-      cp -r frontend/dist/* $CRAFT_PART_INSTALL/mas/share/assets/
       cp frontend/dist/manifest.json $CRAFT_PART_INSTALL/mas/share/manifest.json
+      cp -r frontend/dist/ $CRAFT_PART_INSTALL/mas/share/assets
     stage:
-      - mas/*
+      - mas/share/*
   mas-cli:
     plugin: rust
     rust-channel: stable

diff --git a/templates/mas_config.yaml.j2 b/templates/mas_config.yaml.j2
@@ -47,26 +47,27 @@ templates:
   translations_path: /mas/share/translations
 policy:
   wasm_module: /mas/share/policy.wasm
-{% if oauth_provider_config is not None %}
-providers:
-  - id: {{ upstream_oidc_provider_id }}
-    human_name: SSO
-    issuer: {{ oauth_provider_config.issuer_url }}
-    client_id: {{ oauth_provider_config.client_id }}
-    client_secret: {{ oauth_provider_config.client_secret }}
-    scope: "openid profile email"
-    token_endpoint_auth_method: client_secret_basic
-    discovery_mode: oidc
-    claims_imports:
-        subject:
-            action: require
-            template: {{ '"{{ user.sub }}' }}
-        displayname:
-            action: suggest
-            template: {{ '"{{ user.name }}"' }}
-        localpart:
-            action: ignore
-        email:
-            action: suggest
-            template: {{ '"{{ user.email }}"' }}
+{% if oauth_provider_info is not none %}
+upstream_oauth2:
+  providers:
+    - id: {{ upstream_oidc_provider_id }}
+      human_name: Single Sign-On
+      issuer: {{ oauth_provider_info.issuer_url }}
+      client_id: {{ oauth_provider_info.client_id }}
+      client_secret: {{ oauth_provider_info.client_secret }}
+      scope: "openid profile email"
+      token_endpoint_auth_method: client_secret_basic
+      discovery_mode: oidc
+      claims_imports:
+          subject:
+              action: require
+              template: {{ '"{{ user.sub }}"' }}
+          displayname:
+              action: suggest
+              template: {{ '"{{ user.name }}"' }}
+          localpart:
+              action: ignore
+          email:
+              action: suggest
+              template: {{ '"{{ user.email }}"' }}
 {% endif %}
diff --git a/tests/unit/test_mas.py b/tests/unit/test_mas.py
@@ -41,7 +41,9 @@ def test_mas_generate_config(monkeypatch: pytest.MonkeyPatch) -> None:
         "public_baseurl": "https://foo",
     }
     synapse_configuration = SynapseConfig(**config)  # type: ignore[arg-type]
-    rendered_mas_config = generate_mas_config(mas_configuration, synapse_configuration, "10.1.1.0")
+    rendered_mas_config = generate_mas_config(
+        mas_configuration, synapse_configuration, None, "10.1.1.0"
+    )
     rendered_msc3861_config = generate_synapse_msc3861_config(
         mas_configuration, synapse_configuration
     )