fix config for 1.137

shcherbak · shcherbak · commit 47cc1a76cfb0 · 2025-09-06T00:25:30.000+03:00
diff --git a/charts/synapse/Chart.yaml b/charts/synapse/Chart.yaml
@@ -1,3 +1,3 @@
 ---
 name: synapse
-version: 0.28.0
+version: 0.28.1
diff --git a/charts/synapse/templates/synapse-configmap.yaml b/charts/synapse/templates/synapse-configmap.yaml
@@ -266,8 +266,19 @@ data:
     # The maximum allowed duration by which sent events can be delayed, as per MSC4140.
     max_event_delay_duration: {{ $.Values.synapse.max_event_delay_duration }}
     {{- end }}
-    {{- if or $.Values.matrixAuthentication.enabled $.Values.experimentalFeatures.msc3266.enabled }}
+    {{- if or $.Values.matrixAuthentication.enabled }}
     # https://matrix-org.github.io/matrix-authentication-service/setup/homeserver.html#configure-the-homeserver-to-delegate-authentication-to-the-service
+    matrix_authentication_service:
+      # Enable the MAS integration
+      enabled: true
+      # The base URL where Synapse will contact MAS
+      {{- $defaultMasEndpoint := http://project.{{ .Release.Namespace }} }}
+      endpoint: {{ $.Values.synapse.matrixAuthenticationServiceEndpoint | default (printf "http://matrix-authentication.%s.svc:%s" $.Release.Namespace $.Values.matrixAuthentication.service.port) }}
+      # The shared secret used to authenticate MAS requests, must be the same as `matrix.secret` in the MAS configuration
+      # See https://element-hq.github.io/matrix-authentication-service/reference/configuration.html#matrix
+      secret: {{ $.Values.experimentalFeatures.msc3861.admin_token }}
+    {{- end }}
+    {{- if or $.Values.experimentalFeatures.msc3967.enabled $.Values.experimentalFeatures.msc3266.enabled }}
     experimental_features:
     {{- if $.Values.experimentalFeatures.msc3266.enabled }}
       # MSC3266: Room summary API. Used for knocking over federation
@@ -276,9 +287,6 @@ data:
       msc3266:
         enabled: {{ $.Values.experimentalFeatures.msc3266.enabled }}
     {{- end }}
-    {{- if $.Values.experimentalFeatures.msc3861.enabled }}
-      msc3861: {{ $.Values.experimentalFeatures.msc3861 | toYaml | nindent 8 }}
-    {{- end }}
     {{- if $.Values.experimentalFeatures.msc3967.enabled }}
       msc3967:
         enabled: true
diff --git a/charts/synapse/values.yaml b/charts/synapse/values.yaml
@@ -1,6 +1,7 @@
 ---
 synapse:
   serverName: NOT-CONFIGURED
+  matrixAuthenticationServiceEndpoint: ''
   # cfg ++
   enable_3pid_changes: false
   allow_profile_lookup_over_federation: false
@@ -234,7 +235,8 @@ experimentalFeatures:
   msc3967:
     enabled: true
   msc3861:
-    enabled: true
+    # enabled by matrixAuthentication.enabled, deprecated section
+    # enabled: true
     issuer: NOT-CONFIGURED
     client_id: NOT-CONFIGURED
     client_auth_method: client_secret_basic
@@ -381,7 +383,7 @@ ingress:
     - "/_matrix/client/(r0|v3|unstable)/user_directory/search$"
   # experimental_features.msc3861.enabled set to true
   # TODO: decide if worker needed
-  #msc3861Routes:
+  #msc3861Routes / MAS additional routes:
   #  - "/_synapse/admin/v2/users/[^/]+$"
   #  - "/_synapse/admin/v1/username_available$"
   #  - "/_synapse/admin/v1/users/[^/]+/_allow_cross_signing_replacement_without_uia$"
