app/matrix: make cas deployment configurable
This is an alternative to https://gerrit.hackerspace.pl/509 that was
reverted in https://gerrit.hackerspace.pl/541 .
This has already been deployed.
Change-Id: I7d54943c970804cac910e0e15201d1c3fa337489
diff --git a/app/matrix/lib/matrix.libsonnet b/app/matrix/lib/matrix.libsonnet
index 9887f58..4190941 100644
--- a/app/matrix/lib/matrix.libsonnet
+++ b/app/matrix/lib/matrix.libsonnet
@@ -54,6 +54,15 @@
cas: {
# whether to enable the CAS proxy (ie. connect to hswaw sso via OAuth)
enable: false,
+ # generate client ID and secret in with your OAuth2 provider, refer to https://www.oauth.com/oauth2-servers/client-registration/client-id-secret/
+ oauth2: {
+ clientID: error "cas.oauth2.clientID must be set",
+ clientSecret: error "cas.oauth2.clientSecret must be set",
+ scope: error "cas.oauth2.scope must be set",
+ authorizeURL: error "cas.oauth2.authorizeURL must be set",
+ tokenURL: error "cas.oauth2.tokenURL must be set",
+ userinfoURL: error "cas.oauth2.userinfoURL must be set",
+ },
},
},
@@ -138,8 +147,12 @@
env_: {
BASE_URL: "https://%s" % [cfg.webDomain],
SERVICE_URL: "https://%s" % [cfg.webDomain],
- OAUTH2_CLIENT: "matrix",
- OAUTH2_SECRET: { secretKeyRef: { name: "oauth2-cas-proxy", key: "oauth2_secret" } },
+ OAUTH2_CLIENT: cfg.cas.oauth2.clientID,
+ OAUTH2_SECRET: cfg.cas.oauth2.clientSecret,
+ OAUTH2_SCOPE: cfg.cas.oauth2.scope,
+ OAUTH2_AUTHORIZE: cfg.cas.oauth2.authorizeURL,
+ OAUTH2_TOKEN: cfg.cas.oauth2.tokenURL,
+ OAUTH2_USERINFO: cfg.cas.oauth2.userinfoURL,
},
},
},
diff --git a/app/matrix/matrix.hackerspace.pl.jsonnet b/app/matrix/matrix.hackerspace.pl.jsonnet
index e882636..d71dd84 100644
--- a/app/matrix/matrix.hackerspace.pl.jsonnet
+++ b/app/matrix/matrix.hackerspace.pl.jsonnet
@@ -11,6 +11,14 @@
serverName: "hackerspace.pl",
cas: {
enable: true,
+ oauth2: {
+ clientID: "matrix",
+ clientSecret: { secretKeyRef: { name: "oauth2-cas-proxy", key: "oauth2_secret" } },
+ scope: "profile:read",
+ authorizeURL: "https://sso.hackerspace.pl/oauth/authorize",
+ tokenURL: "https://sso.hackerspace.pl/oauth/token",
+ userinfoURL: "https://sso.hackerspace.pl/api/1/profile",
+ },
},
},