From b79956fe7779b3f5b9d8c5c1474f66d09aa8d1ff Mon Sep 17 00:00:00 2001
From: Michael Jerger <michael.jerger@meissa-gmbh.de>
Date: Fri, 14 Feb 2025 10:57:00 +0100
Subject: [PATCH] review & finish auth
---
src/main/cljc/dda/c4k_jitsi/core.cljc | 2 +-
src/main/cljc/dda/c4k_jitsi/jitsi.cljc | 55 +++++++++----------
.../jitsi/prosody-auth-jibri-secret.yaml | 10 ++++
.../jitsi/prosody-auth-jicofo-secret.yaml | 13 +++++
.../jitsi/prosody-auth-jigasi-secret.yaml | 10 ++++
.../jitsi/prosody-auth-jvb-secret.yaml | 12 ++++
...y-secret.yaml => prosody-auth-secret.yaml} | 1 +
...-cm.yaml => prosody-config-common-cm.yaml} | 1 +
...cm.yaml => prosody-config-default-cm.yaml} | 1 +
...vs-cm.yaml => prosody-config-envs-cm.yaml} | 1 +
...it-cm.yaml => prosody-config-init-cm.yaml} | 1 +
...rvice.yaml => prosody-config-service.yaml} | 1 +
...aml => prosody-config-serviceaccount.yaml} | 3 +-
....yaml => prosody-config-stateful-set.yaml} | 1 +
...ml => prosody-config-test-deployment.yaml} | 1 +
src/test/cljc/dda/c4k_jitsi/jitsi_test.cljc | 17 ++++--
16 files changed, 94 insertions(+), 36 deletions(-)
create mode 100644 src/main/resources/jitsi/prosody-auth-jibri-secret.yaml
create mode 100644 src/main/resources/jitsi/prosody-auth-jicofo-secret.yaml
create mode 100644 src/main/resources/jitsi/prosody-auth-jigasi-secret.yaml
create mode 100644 src/main/resources/jitsi/prosody-auth-jvb-secret.yaml
rename src/main/resources/jitsi/{prosody-secret.yaml => prosody-auth-secret.yaml} (77%)
rename src/main/resources/jitsi/{prosody-common-cm.yaml => prosody-config-common-cm.yaml} (93%)
rename src/main/resources/jitsi/{prosody-default-cm.yaml => prosody-config-default-cm.yaml} (91%)
rename src/main/resources/jitsi/{prosody-envs-cm.yaml => prosody-config-envs-cm.yaml} (76%)
rename src/main/resources/jitsi/{prosody-init-cm.yaml => prosody-config-init-cm.yaml} (84%)
rename src/main/resources/jitsi/{prosody-service.yaml => prosody-config-service.yaml} (92%)
rename src/main/resources/jitsi/{prosody-sa.yaml => prosody-config-serviceaccount.yaml} (55%)
rename src/main/resources/jitsi/{prosody-stateful-set.yaml => prosody-config-stateful-set.yaml} (98%)
rename src/main/resources/jitsi/{prosody-test-deployment.yaml => prosody-config-test-deployment.yaml} (93%)
diff --git a/src/main/cljc/dda/c4k_jitsi/core.cljc b/src/main/cljc/dda/c4k_jitsi/core.cljc
index 78ca942..76291a3 100644
--- a/src/main/cljc/dda/c4k_jitsi/core.cljc
+++ b/src/main/cljc/dda/c4k_jitsi/core.cljc
@@ -56,7 +56,7 @@
(filter
#(not (nil? %))
(cm/concat-vec
- (jitsi/prosody-secret auth)
+ (jitsi/prosody-auth auth)
;[(jitsi/generate-secret-jitsi config auth)]
(when (:contains? config :mon-cfg)
(mon/generate-auth (:mon-cfg config) (:mon-auth auth)))))))
diff --git a/src/main/cljc/dda/c4k_jitsi/jitsi.cljc b/src/main/cljc/dda/c4k_jitsi/jitsi.cljc
index bdd47d9..2b58835 100644
--- a/src/main/cljc/dda/c4k_jitsi/jitsi.cljc
+++ b/src/main/cljc/dda/c4k_jitsi/jitsi.cljc
@@ -138,37 +138,36 @@
(yaml/load-as-edn "jitsi/modelector-deployment.yaml")
(cm/replace-all-matching "NAMESPACE" namespace))))
+(defn- load-and-adjust-namespace
+ [file namespace]
+ (->
+ (yaml/load-as-edn file)
+ (cm/replace-all-matching "NAMESPACE" namespace)))
+
(defn-spec prosody-config cp/map-or-seq?
[config config?]
(let [{:keys [fqdn namespace]} config]
- [(->
- (yaml/load-as-edn "jitsi/prosody-sa.yaml")
- (cm/replace-all-matching "NAMESPACE" namespace))
+ [(load-and-adjust-namespace "jitsi/prosody-config-serviceaccount.yaml" namespace)
(->
- (yaml/load-as-edn "jitsi/prosody-common-cm.yaml")
- (cm/replace-all-matching "JITSI_FQDN" fqdn)
- (cm/replace-all-matching "NAMESPACE" namespace))
- (->
- (yaml/load-as-edn "jitsi/prosody-default-cm.yaml")
- (cm/replace-all-matching "NAMESPACE" namespace))
- (->
- (yaml/load-as-edn "jitsi/prosody-envs-cm.yaml")
- (cm/replace-all-matching "NAMESPACE" namespace))
- (->
- (yaml/load-as-edn "jitsi/prosody-init-cm.yaml")
- (cm/replace-all-matching "NAMESPACE" namespace))
- (->
- (yaml/load-as-edn "jitsi/prosody-stateful-set.yaml")
- (cm/replace-all-matching "NAMESPACE" namespace))
- (->
- (yaml/load-as-edn "jitsi/prosody-service.yaml")
- (cm/replace-all-matching "NAMESPACE" namespace))
- (->
- (yaml/load-as-edn "jitsi/prosody-test-deployment.yaml")
- (cm/replace-all-matching "NAMESPACE" namespace))]))
+ (load-and-adjust-namespace "jitsi/prosody-config-common-cm.yaml" namespace)
+ (cm/replace-all-matching "JITSI_FQDN" fqdn))
+ (load-and-adjust-namespace "jitsi/prosody-config-default-cm.yaml" namespace)
+ (load-and-adjust-namespace "jitsi/prosody-config-envs-cm.yaml" namespace)
+ (load-and-adjust-namespace "jitsi/prosody-config-init-cm.yaml"namespace)
+ (load-and-adjust-namespace "jitsi/prosody-config-stateful-set.yaml" namespace)
+ (load-and-adjust-namespace "jitsi/prosody-config-service.yaml" namespace)
+ (load-and-adjust-namespace "jitsi/prosody-config-test-deployment.yaml" namespace)]))
-(defn-spec prosody-secret cp/map-or-seq?
+(defn-spec prosody-auth cp/map-or-seq?
[auth auth?]
- [(->
- (yaml/load-as-edn "jitsi/prosody-secret.yaml")
- (cm/replace-all-matching "NAMESPACE" namespace))])
+ (let [{:keys [jvb-auth-password jicofo-auth-password jicofo-component-secret]} auth]
+ [(load-and-adjust-namespace "jitsi/prosody-auth-secret.yaml" namespace)
+ (load-and-adjust-namespace "jitsi/prosody-auth-jibri-secret.yaml" namespace)
+ (->
+ (load-and-adjust-namespace "jitsi/prosody-auth-jicofo-secret.yaml" namespace)
+ (cm/replace-key-value :JICOFO_AUTH_PASSWORD (b64/encode jicofo-auth-password))
+ (cm/replace-key-value :JICOFO_COMPONENT_SECRET (b64/encode jicofo-component-secret)))
+ (load-and-adjust-namespace "jitsi/prosody-auth-jigasi-secret.yaml" namespace)
+ (->
+ (load-and-adjust-namespace "jitsi/prosody-auth-jvb-secret.yaml" namespace)
+ (cm/replace-key-value :JVB_AUTH_PASSWORD (b64/encode jvb-auth-password)))]))
diff --git a/src/main/resources/jitsi/prosody-auth-jibri-secret.yaml b/src/main/resources/jitsi/prosody-auth-jibri-secret.yaml
new file mode 100644
index 0000000..32954d3
--- /dev/null
+++ b/src/main/resources/jitsi/prosody-auth-jibri-secret.yaml
@@ -0,0 +1,10 @@
+apiVersion: v1
+kind: Secret
+metadata:
+ name: prosody-jibri
+ namespace: NAMESPACE
+ labels:
+ app.kubernetes.io/name: jitsi-meet
+ app.kubernetes.io/component: jibri
+type: Opaque
+data:
\ No newline at end of file
diff --git a/src/main/resources/jitsi/prosody-auth-jicofo-secret.yaml b/src/main/resources/jitsi/prosody-auth-jicofo-secret.yaml
new file mode 100644
index 0000000..77b2bfb
--- /dev/null
+++ b/src/main/resources/jitsi/prosody-auth-jicofo-secret.yaml
@@ -0,0 +1,13 @@
+apiVersion: v1
+kind: Secret
+metadata:
+ name: prosody-jicofo
+ namespace: NAMESPACE
+ labels:
+ app.kubernetes.io/name: jitsi-meet
+ app.kubernetes.io/component: jicofo
+type: Opaque
+data:
+ JICOFO_AUTH_USER: 'Zm9jdXM='
+ JICOFO_AUTH_PASSWORD: REPLACE_ME
+ JICOFO_COMPONENT_SECRET: REPLACE_ME
\ No newline at end of file
diff --git a/src/main/resources/jitsi/prosody-auth-jigasi-secret.yaml b/src/main/resources/jitsi/prosody-auth-jigasi-secret.yaml
new file mode 100644
index 0000000..eaa13bf
--- /dev/null
+++ b/src/main/resources/jitsi/prosody-auth-jigasi-secret.yaml
@@ -0,0 +1,10 @@
+apiVersion: v1
+kind: Secret
+metadata:
+ name: prosody-jigasi
+ namespace: NAMESPACE
+ labels:
+ app.kubernetes.io/name: jitsi-meet
+ app.kubernetes.io/component: jigasi
+type: Opaque
+data:
\ No newline at end of file
diff --git a/src/main/resources/jitsi/prosody-auth-jvb-secret.yaml b/src/main/resources/jitsi/prosody-auth-jvb-secret.yaml
new file mode 100644
index 0000000..e741e2e
--- /dev/null
+++ b/src/main/resources/jitsi/prosody-auth-jvb-secret.yaml
@@ -0,0 +1,12 @@
+apiVersion: v1
+kind: Secret
+metadata:
+ name: prosody-jvb
+ namespace: NAMESPACE
+ labels:
+ app.kubernetes.io/name: jitsi-meet
+ app.kubernetes.io/component: jvb
+type: Opaque
+data:
+ JVB_AUTH_USER: 'anZi'
+ JVB_AUTH_PASSWORD: REPLACE_ME
\ No newline at end of file
diff --git a/src/main/resources/jitsi/prosody-secret.yaml b/src/main/resources/jitsi/prosody-auth-secret.yaml
similarity index 77%
rename from src/main/resources/jitsi/prosody-secret.yaml
rename to src/main/resources/jitsi/prosody-auth-secret.yaml
index 4cda16f..2022112 100644
--- a/src/main/resources/jitsi/prosody-secret.yaml
+++ b/src/main/resources/jitsi/prosody-auth-secret.yaml
@@ -5,5 +5,6 @@ metadata:
namespace: NAMESPACE
labels:
app.kubernetes.io/name: prosody
+ app.kubernetes.io/component: prosody
type: Opaque
data:
\ No newline at end of file
diff --git a/src/main/resources/jitsi/prosody-common-cm.yaml b/src/main/resources/jitsi/prosody-config-common-cm.yaml
similarity index 93%
rename from src/main/resources/jitsi/prosody-common-cm.yaml
rename to src/main/resources/jitsi/prosody-config-common-cm.yaml
index 5619166..43040fa 100644
--- a/src/main/resources/jitsi/prosody-common-cm.yaml
+++ b/src/main/resources/jitsi/prosody-config-common-cm.yaml
@@ -6,6 +6,7 @@ metadata:
namespace: NAMESPACE
labels:
app.kubernetes.io/name: jitsi-meet
+ app.kubernetes.io/component: prosody
data:
ENABLE_AUTH: "0"
ENABLE_GUESTS: "1"
diff --git a/src/main/resources/jitsi/prosody-default-cm.yaml b/src/main/resources/jitsi/prosody-config-default-cm.yaml
similarity index 91%
rename from src/main/resources/jitsi/prosody-default-cm.yaml
rename to src/main/resources/jitsi/prosody-config-default-cm.yaml
index 04d1cd4..71193b0 100644
--- a/src/main/resources/jitsi/prosody-default-cm.yaml
+++ b/src/main/resources/jitsi/prosody-config-default-cm.yaml
@@ -5,6 +5,7 @@ metadata:
namespace: NAMESPACE
labels:
app.kubernetes.io/name: prosody
+ app.kubernetes.io/component: prosody
data:
prosody.cfg.lua: |
# Using prosody /default/prosody.cfg.lua from container image
diff --git a/src/main/resources/jitsi/prosody-envs-cm.yaml b/src/main/resources/jitsi/prosody-config-envs-cm.yaml
similarity index 76%
rename from src/main/resources/jitsi/prosody-envs-cm.yaml
rename to src/main/resources/jitsi/prosody-config-envs-cm.yaml
index 2901a8e..d83d8f4 100644
--- a/src/main/resources/jitsi/prosody-envs-cm.yaml
+++ b/src/main/resources/jitsi/prosody-config-envs-cm.yaml
@@ -5,4 +5,5 @@ metadata:
namespace: NAMESPACE
labels:
app.kubernetes.io/name: prosody
+ app.kubernetes.io/component: prosody
data:
\ No newline at end of file
diff --git a/src/main/resources/jitsi/prosody-init-cm.yaml b/src/main/resources/jitsi/prosody-config-init-cm.yaml
similarity index 84%
rename from src/main/resources/jitsi/prosody-init-cm.yaml
rename to src/main/resources/jitsi/prosody-config-init-cm.yaml
index 13d1440..779e900 100644
--- a/src/main/resources/jitsi/prosody-init-cm.yaml
+++ b/src/main/resources/jitsi/prosody-config-init-cm.yaml
@@ -5,6 +5,7 @@ metadata:
namespace: NAMESPACE
labels:
app.kubernetes.io/name: prosody
+ app.kubernetes.io/component: prosody
data:
10-config: |
# Using prosody /etc/cont-init.d/10-config from container image
\ No newline at end of file
diff --git a/src/main/resources/jitsi/prosody-service.yaml b/src/main/resources/jitsi/prosody-config-service.yaml
similarity index 92%
rename from src/main/resources/jitsi/prosody-service.yaml
rename to src/main/resources/jitsi/prosody-config-service.yaml
index 8d186bb..54e6db2 100644
--- a/src/main/resources/jitsi/prosody-service.yaml
+++ b/src/main/resources/jitsi/prosody-config-service.yaml
@@ -5,6 +5,7 @@ metadata:
namespace: NAMESPACE
labels:
app.kubernetes.io/name: prosody
+ app.kubernetes.io/component: prosody
spec:
type: ClusterIP
ports:
diff --git a/src/main/resources/jitsi/prosody-sa.yaml b/src/main/resources/jitsi/prosody-config-serviceaccount.yaml
similarity index 55%
rename from src/main/resources/jitsi/prosody-sa.yaml
rename to src/main/resources/jitsi/prosody-config-serviceaccount.yaml
index 765094f..740da57 100644
--- a/src/main/resources/jitsi/prosody-sa.yaml
+++ b/src/main/resources/jitsi/prosody-config-serviceaccount.yaml
@@ -4,4 +4,5 @@ metadata:
name: prosody
namespace: NAMESPACE
labels:
- app.kubernetes.io/name: prosody
\ No newline at end of file
+ app.kubernetes.io/name: prosody
+ app.kubernetes.io/component: prosody
\ No newline at end of file
diff --git a/src/main/resources/jitsi/prosody-stateful-set.yaml b/src/main/resources/jitsi/prosody-config-stateful-set.yaml
similarity index 98%
rename from src/main/resources/jitsi/prosody-stateful-set.yaml
rename to src/main/resources/jitsi/prosody-config-stateful-set.yaml
index fd57147..7174b05 100644
--- a/src/main/resources/jitsi/prosody-stateful-set.yaml
+++ b/src/main/resources/jitsi/prosody-config-stateful-set.yaml
@@ -5,6 +5,7 @@ metadata:
namespace: NAMESPACE
labels:
app.kubernetes.io/name: prosody
+ app.kubernetes.io/component: prosody
spec:
serviceName: "prosody"
replicas: 1
diff --git a/src/main/resources/jitsi/prosody-test-deployment.yaml b/src/main/resources/jitsi/prosody-config-test-deployment.yaml
similarity index 93%
rename from src/main/resources/jitsi/prosody-test-deployment.yaml
rename to src/main/resources/jitsi/prosody-config-test-deployment.yaml
index 55993ce..6ea9c08 100644
--- a/src/main/resources/jitsi/prosody-test-deployment.yaml
+++ b/src/main/resources/jitsi/prosody-config-test-deployment.yaml
@@ -5,6 +5,7 @@ metadata:
namespace: NAMESPACE
labels:
app.kubernetes.io/name: "prosody-test-connection"
+ app.kubernetes.io/component: prosody
spec:
replicas: 0
strategy:
diff --git a/src/test/cljc/dda/c4k_jitsi/jitsi_test.cljc b/src/test/cljc/dda/c4k_jitsi/jitsi_test.cljc
index 27ba072..9025a57 100644
--- a/src/test/cljc/dda/c4k_jitsi/jitsi_test.cljc
+++ b/src/test/cljc/dda/c4k_jitsi/jitsi_test.cljc
@@ -306,8 +306,8 @@
{:name "prosody",
:namespace "jitsi",
:labels
- {:app.kubernetes.io/name "prosody"}}}
- (first (cut/prosody
+ #:app.kubernetes.io{:name "prosody" :component "prosody"}}}
+ (first (cut/prosody-config
{:fqdn "xy.xy.xy"
:namespace "jitsi"}))))
(is (= {:apiVersion "v1",
@@ -316,7 +316,7 @@
{:name "prosody-common",
:namespace "jitsi",
:labels
- #:app.kubernetes.io{:name "jitsi-meet"}},
+ #:app.kubernetes.io{:name "jitsi-meet" :component "prosody"}},
:data
{:ENABLE_AUTH "0",
:ENABLE_GUESTS "1",
@@ -331,10 +331,15 @@
:ENABLE_COLIBRI_WEBSOCKET_UNSAFE_REGEX "1",
:ENABLE_XMPP_WEBSOCKET "true",
:TZ "Europe/Amsterdam"}}
- (second (cut/prosody
+ (second (cut/prosody-config
{:fqdn "xy.xy.xy"
:namespace "jitsi"}))))
(is (= 8
- (count (cut/prosody
+ (count (cut/prosody-config
{:fqdn "xy.xy.xy"
- :namespace "jitsi"})))))
\ No newline at end of file
+ :namespace "jitsi"}))))
+ (is (= 5
+ (count (cut/prosody-auth
+ {:jvb-auth-password "jvb-auth"
+ :jicofo-auth-password "jicofo-auth"
+ :jicofo-component-secret "jicofo-comp"})))))
\ No newline at end of file