review & finish auth

2025-02-14 10:57:00 +01:00 · 2025-02-14 10:57:00 +01:00 · b79956fe77
commit b79956fe77
parent a4a8c3b319
16 changed files with 94 additions and 36 deletions
--- a/src/main/cljc/dda/c4k_jitsi/core.cljc
+++ b/src/main/cljc/dda/c4k_jitsi/core.cljc
@ -56,7 +56,7 @@
       (filter
        #(not (nil? %))
        (cm/concat-vec
-         (jitsi/prosody-secret auth)
+         (jitsi/prosody-auth auth)
         ;[(jitsi/generate-secret-jitsi config auth)]
         (when (:contains? config :mon-cfg)
           (mon/generate-auth (:mon-cfg config) (:mon-auth auth)))))))
--- a/src/main/cljc/dda/c4k_jitsi/jitsi.cljc
+++ b/src/main/cljc/dda/c4k_jitsi/jitsi.cljc
@ -138,37 +138,36 @@
     (yaml/load-as-edn "jitsi/modelector-deployment.yaml")
     (cm/replace-all-matching "NAMESPACE" namespace))))

+(defn- load-and-adjust-namespace
+  [file namespace]
+  (->
+   (yaml/load-as-edn file)
+   (cm/replace-all-matching "NAMESPACE" namespace)))
+
 (defn-spec prosody-config cp/map-or-seq?
  [config config?]
  (let [{:keys [fqdn namespace]} config]
-    [(->
-      (yaml/load-as-edn "jitsi/prosody-sa.yaml")
-      (cm/replace-all-matching "NAMESPACE" namespace))
+    [(load-and-adjust-namespace "jitsi/prosody-config-serviceaccount.yaml" namespace)
     (->
-      (yaml/load-as-edn "jitsi/prosody-common-cm.yaml")
-      (cm/replace-all-matching "JITSI_FQDN" fqdn)
-      (cm/replace-all-matching "NAMESPACE" namespace))
-     (->
-      (yaml/load-as-edn "jitsi/prosody-default-cm.yaml")
-      (cm/replace-all-matching "NAMESPACE" namespace))
-     (->
-      (yaml/load-as-edn "jitsi/prosody-envs-cm.yaml")
-      (cm/replace-all-matching "NAMESPACE" namespace))
-     (->
-      (yaml/load-as-edn "jitsi/prosody-init-cm.yaml")
-      (cm/replace-all-matching "NAMESPACE" namespace))
-     (->
-      (yaml/load-as-edn "jitsi/prosody-stateful-set.yaml")
-      (cm/replace-all-matching "NAMESPACE" namespace))
-     (->
-      (yaml/load-as-edn "jitsi/prosody-service.yaml")
-      (cm/replace-all-matching "NAMESPACE" namespace))
-     (->
-      (yaml/load-as-edn "jitsi/prosody-test-deployment.yaml")
-      (cm/replace-all-matching "NAMESPACE" namespace))]))
+      (load-and-adjust-namespace "jitsi/prosody-config-common-cm.yaml" namespace)
+      (cm/replace-all-matching "JITSI_FQDN" fqdn))
+     (load-and-adjust-namespace "jitsi/prosody-config-default-cm.yaml" namespace)
+     (load-and-adjust-namespace "jitsi/prosody-config-envs-cm.yaml" namespace)
+     (load-and-adjust-namespace "jitsi/prosody-config-init-cm.yaml"namespace)
+     (load-and-adjust-namespace "jitsi/prosody-config-stateful-set.yaml" namespace)
+     (load-and-adjust-namespace "jitsi/prosody-config-service.yaml" namespace)
+     (load-and-adjust-namespace "jitsi/prosody-config-test-deployment.yaml" namespace)]))

-(defn-spec prosody-secret cp/map-or-seq?
+(defn-spec prosody-auth cp/map-or-seq?
  [auth auth?]
-  [(->
-    (yaml/load-as-edn "jitsi/prosody-secret.yaml")
-    (cm/replace-all-matching "NAMESPACE" namespace))])
+  (let [{:keys [jvb-auth-password jicofo-auth-password jicofo-component-secret]} auth]
+  [(load-and-adjust-namespace "jitsi/prosody-auth-secret.yaml" namespace)
+   (load-and-adjust-namespace "jitsi/prosody-auth-jibri-secret.yaml" namespace)
+   (->
+    (load-and-adjust-namespace "jitsi/prosody-auth-jicofo-secret.yaml" namespace)
+    (cm/replace-key-value :JICOFO_AUTH_PASSWORD (b64/encode jicofo-auth-password))
+    (cm/replace-key-value :JICOFO_COMPONENT_SECRET (b64/encode jicofo-component-secret)))
+   (load-and-adjust-namespace "jitsi/prosody-auth-jigasi-secret.yaml" namespace)
+   (-> 
+    (load-and-adjust-namespace "jitsi/prosody-auth-jvb-secret.yaml" namespace)
+    (cm/replace-key-value :JVB_AUTH_PASSWORD (b64/encode jvb-auth-password)))]))
--- a/src/main/resources/jitsi/prosody-auth-jibri-secret.yaml
+++ b/src/main/resources/jitsi/prosody-auth-jibri-secret.yaml
@ -0,0 +1,10 @@
+apiVersion: v1
+kind: Secret
+metadata:
+  name: prosody-jibri
+  namespace: NAMESPACE
+  labels:
+    app.kubernetes.io/name: jitsi-meet
+    app.kubernetes.io/component: jibri
+type: Opaque
+data:
--- a/src/main/resources/jitsi/prosody-auth-jicofo-secret.yaml
+++ b/src/main/resources/jitsi/prosody-auth-jicofo-secret.yaml
@ -0,0 +1,13 @@
+apiVersion: v1
+kind: Secret
+metadata:
+  name: prosody-jicofo
+  namespace: NAMESPACE
+  labels:
+    app.kubernetes.io/name: jitsi-meet
+    app.kubernetes.io/component: jicofo
+type: Opaque
+data:
+  JICOFO_AUTH_USER: 'Zm9jdXM='
+  JICOFO_AUTH_PASSWORD: REPLACE_ME
+  JICOFO_COMPONENT_SECRET: REPLACE_ME
--- a/src/main/resources/jitsi/prosody-auth-jigasi-secret.yaml
+++ b/src/main/resources/jitsi/prosody-auth-jigasi-secret.yaml
@ -0,0 +1,10 @@
+apiVersion: v1
+kind: Secret
+metadata:
+  name: prosody-jigasi
+  namespace: NAMESPACE
+  labels:
+    app.kubernetes.io/name: jitsi-meet
+    app.kubernetes.io/component: jigasi
+type: Opaque
+data:
--- a/src/main/resources/jitsi/prosody-auth-jvb-secret.yaml
+++ b/src/main/resources/jitsi/prosody-auth-jvb-secret.yaml
@ -0,0 +1,12 @@
+apiVersion: v1
+kind: Secret
+metadata:
+  name: prosody-jvb
+  namespace: NAMESPACE
+  labels:
+    app.kubernetes.io/name: jitsi-meet
+    app.kubernetes.io/component: jvb
+type: Opaque
+data:
+  JVB_AUTH_USER: 'anZi'
+  JVB_AUTH_PASSWORD: REPLACE_ME
--- a/src/main/resources/jitsi/prosody-auth-secret.yaml
+++ b/src/main/resources/jitsi/prosody-auth-secret.yaml
@ -5,5 +5,6 @@ metadata:
  namespace: NAMESPACE
  labels:
    app.kubernetes.io/name: prosody
+    app.kubernetes.io/component: prosody
 type: Opaque
 data:
--- a/src/main/resources/jitsi/prosody-config-common-cm.yaml
+++ b/src/main/resources/jitsi/prosody-config-common-cm.yaml
@ -6,6 +6,7 @@ metadata:
  namespace: NAMESPACE
  labels:
    app.kubernetes.io/name: jitsi-meet
+    app.kubernetes.io/component: prosody
 data:
  ENABLE_AUTH: "0"
  ENABLE_GUESTS: "1"
--- a/src/main/resources/jitsi/prosody-config-default-cm.yaml
+++ b/src/main/resources/jitsi/prosody-config-default-cm.yaml
@ -5,6 +5,7 @@ metadata:
  namespace: NAMESPACE
  labels:
    app.kubernetes.io/name: prosody
+    app.kubernetes.io/component: prosody
 data:
  prosody.cfg.lua: |
    # Using prosody /default/prosody.cfg.lua from container image
--- a/src/main/resources/jitsi/prosody-config-envs-cm.yaml
+++ b/src/main/resources/jitsi/prosody-config-envs-cm.yaml
@ -5,4 +5,5 @@ metadata:
  namespace: NAMESPACE
  labels:
    app.kubernetes.io/name: prosody
+    app.kubernetes.io/component: prosody
 data:
--- a/src/main/resources/jitsi/prosody-config-init-cm.yaml
+++ b/src/main/resources/jitsi/prosody-config-init-cm.yaml
@ -5,6 +5,7 @@ metadata:
  namespace: NAMESPACE
  labels:
    app.kubernetes.io/name: prosody
+    app.kubernetes.io/component: prosody
 data:
  10-config: |
    # Using prosody /etc/cont-init.d/10-config from container image
--- a/src/main/resources/jitsi/prosody-config-service.yaml
+++ b/src/main/resources/jitsi/prosody-config-service.yaml
@ -5,6 +5,7 @@ metadata:
  namespace: NAMESPACE
  labels:
    app.kubernetes.io/name: prosody
+    app.kubernetes.io/component: prosody
 spec:
  type: ClusterIP
  ports:
--- a/src/main/resources/jitsi/prosody-config-serviceaccount.yaml
+++ b/src/main/resources/jitsi/prosody-config-serviceaccount.yaml
@ -4,4 +4,5 @@ metadata:
  name: prosody
  namespace: NAMESPACE
  labels:
-    app.kubernetes.io/name: prosody
+    app.kubernetes.io/name: prosody
+    app.kubernetes.io/component: prosody
--- a/src/main/resources/jitsi/prosody-config-stateful-set.yaml
+++ b/src/main/resources/jitsi/prosody-config-stateful-set.yaml
@ -5,6 +5,7 @@ metadata:
  namespace: NAMESPACE
  labels:
    app.kubernetes.io/name: prosody
+    app.kubernetes.io/component: prosody
 spec:
  serviceName: "prosody"
  replicas: 1
--- a/src/main/resources/jitsi/prosody-config-test-deployment.yaml
+++ b/src/main/resources/jitsi/prosody-config-test-deployment.yaml
@ -5,6 +5,7 @@ metadata:
  namespace: NAMESPACE
  labels:
    app.kubernetes.io/name: "prosody-test-connection"
+    app.kubernetes.io/component: prosody
 spec:
  replicas: 0
  strategy:
--- a/src/test/cljc/dda/c4k_jitsi/jitsi_test.cljc
+++ b/src/test/cljc/dda/c4k_jitsi/jitsi_test.cljc
@ -306,8 +306,8 @@
          {:name "prosody",
           :namespace "jitsi",
           :labels
-           {:app.kubernetes.io/name "prosody"}}}
-         (first (cut/prosody
+           #:app.kubernetes.io{:name "prosody" :component "prosody"}}}
+         (first (cut/prosody-config
                 {:fqdn "xy.xy.xy"
                  :namespace "jitsi"}))))
  (is (= {:apiVersion "v1",
@ -316,7 +316,7 @@
          {:name "prosody-common",
           :namespace "jitsi",
           :labels
-           #:app.kubernetes.io{:name "jitsi-meet"}},
+           #:app.kubernetes.io{:name "jitsi-meet" :component "prosody"}},
          :data
          {:ENABLE_AUTH "0",
           :ENABLE_GUESTS "1",
@ -331,10 +331,15 @@
           :ENABLE_COLIBRI_WEBSOCKET_UNSAFE_REGEX "1",
           :ENABLE_XMPP_WEBSOCKET "true",
           :TZ "Europe/Amsterdam"}}
-         (second (cut/prosody
+         (second (cut/prosody-config
                  {:fqdn "xy.xy.xy"
                   :namespace "jitsi"}))))
  (is (= 8
-         (count (cut/prosody
+         (count (cut/prosody-config
                 {:fqdn "xy.xy.xy"
-                  :namespace "jitsi"})))))
+                  :namespace "jitsi"}))))
+   (is (= 5
+         (count (cut/prosody-auth
+                 {:jvb-auth-password "jvb-auth"
+                  :jicofo-auth-password "jicofo-auth"
+                  :jicofo-component-secret "jicofo-comp"})))))