Merge pull request #641 from element-hq/bbz/remove-well-known-element

benbz · web-flow · commit 0013b48e55f7 · 2025-08-01T15:38:29.000+01:00
Remove support for `/.well-known/element/element.json`
diff --git a/charts/matrix-stack/ci/test-cluster-mixin.yaml b/charts/matrix-stack/ci/test-cluster-mixin.yaml
@@ -9,6 +9,9 @@
 certManager:
   clusterIssuer: ess-selfsigned
 
+ingress:
+  controllerType: ingress-nginx
+
 matrixRTC:
   # Because the authoriser service won't trust certificates issued by the above self-signed CA
   extraEnv:
diff --git a/charts/matrix-stack/configs/haproxy/haproxy.cfg.tpl b/charts/matrix-stack/configs/haproxy/haproxy.cfg.tpl
@@ -1,5 +1,5 @@
 {{- /*
-Copyright 2024 New Vector Ltd
+Copyright 2024-2025 New Vector Ltd
 
 SPDX-License-Identifier: AGPL-3.0-only
 */ -}}
@@ -66,16 +66,6 @@ defaults
   compression algo gzip
   compression type text/plain text/html text/xml application/json text/css
 
-  # if we hit the maxconn on a server, and the queue timeout expires, we want
-  # to avoid returning 503, since that will cause cloudflare to mark us down.
-  #
-  # https://cbonte.github.io/haproxy-dconv/1.8/configuration.html#1.3.1 says:
-  #
-  #   503  when no server was available to handle the request, or in response to
-  #        monitoring requests which match the "monitor fail" condition
-  #
-  errorfile 503 /usr/local/etc/haproxy/429.http
-
   # Use a consistent hashing scheme so that worker with balancing going down doesn't cause
   # the traffic for all others to be shuffled around.
   hash-type consistent sdbm
diff --git a/charts/matrix-stack/configs/synapse/429.http.tpl b/charts/matrix-stack/configs/synapse/429.http.tpl
@@ -1,5 +1,5 @@
 {{- /*
-Copyright 2024 New Vector Ltd
+Copyright 2024-2025 New Vector Ltd
 
 SPDX-License-Identifier: AGPL-3.0-only
 */ -}}
diff --git a/charts/matrix-stack/configs/synapse/partial-haproxy.cfg.tpl b/charts/matrix-stack/configs/synapse/partial-haproxy.cfg.tpl
@@ -25,6 +25,16 @@ frontend synapse-http-in
   # same as http log, with %Th (handshake time)
   log-format "%ci:%cp [%tr] %ft %b/%s %Th/%TR/%Tw/%Tc/%Tr/%Ta %ST %B %CC %CS %tsc %ac/%fc/%bc/%sc/%rc %sq/%bq %hr %hs %{+Q}r"
 
+  # if we hit the maxconn on a server, and the queue timeout expires, we want
+  # to avoid returning 503, since that will cause cloudflare to mark us down.
+  #
+  # https://cbonte.github.io/haproxy-dconv/1.8/configuration.html#1.3.1 says:
+  #
+  #   503  when no server was available to handle the request, or in response to
+  #        monitoring requests which match the "monitor fail" condition
+  #
+  errorfile 503 /synapse/429.http
+
   capture request header Host len 32
   capture request header Referer len 200
   capture request header User-Agent len 200
diff --git a/charts/matrix-stack/configs/well-known/partial-haproxy.cfg.tpl b/charts/matrix-stack/configs/well-known/partial-haproxy.cfg.tpl
@@ -19,7 +19,6 @@ frontend well-known-in
   acl well-known path /.well-known/matrix/server
   acl well-known path /.well-known/matrix/client
   acl well-known path /.well-known/matrix/support
-  acl well-known path /.well-known/element/element.json
 
 {{ if .baseDomainRedirect.enabled }}
 {{- if $root.Values.elementWeb.enabled }}
@@ -33,6 +32,7 @@ frontend well-known-in
 {{- end }}
 
   use_backend well-known-static if well-known
+  default_backend well-known-no-match
 
 backend well-known-static
   mode http
@@ -50,6 +50,10 @@ backend well-known-static
   http-request return status 200 content-type "application/json" file "/well-known/server" if { path /.well-known/matrix/server }
   http-request return status 200 content-type "application/json" file "/well-known/client" if { path /.well-known/matrix/client }
   http-request return status 200 content-type "application/json" file "/well-known/support" if { path /.well-known/matrix/support }
-  http-request return status 200 content-type "application/json" file "/well-known/element.json" if { path /.well-known/element/element.json }
+
+backend well-known-no-match
+  mode http
+
+  http-request deny status 404
 
 {{- end -}}
diff --git a/charts/matrix-stack/source/wellKnownDelegation.json b/charts/matrix-stack/source/wellKnownDelegation.json
@@ -29,9 +29,6 @@
         "client": {
           "type": "string"
         },
-        "element": {
-          "type": "string"
-        },
         "server": {
           "type": "string"
         },
diff --git a/charts/matrix-stack/source/wellKnownDelegation.yaml.j2 b/charts/matrix-stack/source/wellKnownDelegation.yaml.j2
@@ -1,5 +1,5 @@
 {#
-Copyright 2024 New Vector Ltd
+Copyright 2024-2025 New Vector Ltd
 
 SPDX-License-Identifier: AGPL-3.0-only
 #}
@@ -22,5 +22,4 @@ baseDomainRedirect:
 additional:
   client: "{}"
   server: "{}"
-  element: "{}"
   support: "{}"
diff --git a/charts/matrix-stack/templates/haproxy/_helpers.tpl b/charts/matrix-stack/templates/haproxy/_helpers.tpl
@@ -20,8 +20,6 @@ app.kubernetes.io/version: {{ include "element-io.ess-library.labels.makeSafe" .
 {{- with required "element-io.haproxy.configmap-data missing context" .context -}}
 haproxy.cfg: |
 {{- tpl ($root.Files.Get "configs/haproxy/haproxy.cfg.tpl") (dict "root" $root "context" .) | nindent 2 }}
-429.http: |
-{{- (tpl ($root.Files.Get "configs/haproxy/429.http.tpl") dict) | nindent 2 }}
 {{- end -}}
 {{- end -}}
 
diff --git a/charts/matrix-stack/templates/synapse/_helpers.tpl b/charts/matrix-stack/templates/synapse/_helpers.tpl
@@ -223,6 +223,8 @@ redis.conf: |
 
 {{- define "element-io.synapse-haproxy.configmap-data" -}}
 {{- $root := .root -}}
+429.http: |
+{{- (tpl ($root.Files.Get "configs/haproxy/429.http.tpl") dict) | nindent 2 }}
 path_map_file: |
 {{- (tpl ($root.Files.Get "configs/synapse/path_map_file.tpl") (dict "root" $root)) | nindent 2 }}
 path_map_file_get: |
diff --git a/charts/matrix-stack/templates/well-known/_helpers.tpl b/charts/matrix-stack/templates/well-known/_helpers.tpl
@@ -80,15 +80,6 @@ k8s.element.io/target-instance: {{ $root.Release.Name }}-haproxy
 {{- end -}}
 {{- end }}
 
-{{- define "element-io.well-known-delegation.element" }}
-{{- $root := .root -}}
-{{- with required "element-io.well-known-delegation.element missing context" .context -}}
-{{- $config := dict -}}
-{{- $additional := .additional.element | fromJson -}}
-{{- tpl (toPrettyJson (mustMergeOverwrite $additional $config)) $root -}}
-{{- end -}}
-{{- end }}
-
 {{- define "element-io.well-known-delegation.support" }}
 {{- $root := .root -}}
 {{- with required "element-io.well-known-delegation.support missing context" .context -}}
@@ -107,7 +98,5 @@ server: |
   {{- (tpl (include "element-io.well-known-delegation.server" (dict "root" $root "context" .)) $root) | nindent 2 }}
 support: |
   {{- (tpl (include "element-io.well-known-delegation.support" (dict "root" $root "context" .)) $root) | nindent 2 }}
-element.json: |
-  {{- (tpl (include "element-io.well-known-delegation.element" (dict "root" $root "context" .)) $root) | nindent 2 }}
 {{- end -}}
 {{- end -}}
diff --git a/charts/matrix-stack/templates/well-known/ingress.yaml b/charts/matrix-stack/templates/well-known/ingress.yaml
@@ -37,13 +37,6 @@ spec:
             name: "{{ $.Release.Name }}-well-known"
             port:
               name: haproxy-wkd
-      - path: /.well-known/element
-        pathType: {{ include "element-io.ess-library.ingress.ingress-nginx-dot-path-type" (dict "root" $ "context" .ingress.controllerType) }}
-        backend:
-          service:
-            name: "{{ $.Release.Name }}-well-known"
-            port:
-              name: haproxy-wkd
 {{- end -}}
 {{- end -}}
 {{- end -}}
diff --git a/charts/matrix-stack/values.schema.json b/charts/matrix-stack/values.schema.json
@@ -11549,9 +11549,6 @@
             "client": {
               "type": "string"
             },
-            "element": {
-              "type": "string"
-            },
             "server": {
               "type": "string"
             },
diff --git a/charts/matrix-stack/values.yaml b/charts/matrix-stack/values.yaml
@@ -4142,5 +4142,4 @@ wellKnownDelegation:
   additional:
     client: "{}"
     server: "{}"
-    element: "{}"
     support: "{}"
diff --git a/newsfragments/641.changed.md b/newsfragments/641.changed.md
@@ -0,0 +1,5 @@
+Remove support for `/.well-known/element/element.json`.
+
+It isn't used by clients of ESS Community.
+
+If you've set it, please remove `wellKnownDelegation.additional.element` from your values files.
diff --git a/tests/integration/test_well_known_delegation.py b/tests/integration/test_well_known_delegation.py
@@ -1,4 +1,4 @@
-# Copyright 2024 New Vector Ltd
+# Copyright 2024-2025 New Vector Ltd
 #
 # SPDX-License-Identifier: AGPL-3.0-only
 
@@ -42,11 +42,6 @@ async def test_well_known_files_can_be_accessed(
     )
     assert json_content == {}
 
-    json_content = await aiohttp_get_json(
-        f"https://{generated_data.server_name}/.well-known/element/element.json", ssl_context
-    )
-    assert json_content == {}
-
 
 @pytest.mark.skipif(value_file_has("wellKnownDelegation.enabled", False), reason="WellKnownDelegation not deployed")
 @pytest.mark.asyncio_cooperative
diff --git a/tests/manifests/test_well_known_delegation.py b/tests/manifests/test_well_known_delegation.py
@@ -26,14 +26,10 @@ async def assert_well_known_files(
     make_templates,
     expected_client=None,
     expected_server=None,
-    expected_element=None,
     client_config=None,
     server_config=None,
-    element_config=None,
     support_config=None,
 ):
-    if expected_element is None:
-        expected_element = {}
     if expected_server is None:
         expected_server = {}
     if expected_client is None:
@@ -43,14 +39,11 @@ async def assert_well_known_files(
         client_config = {"testclientkey": {"testsubkey": "testvalue"}}
     if server_config is None:
         server_config = {"testserverkey": {"testsubkey": "testvalue"}}
-    if element_config is None:
-        element_config = {"testelementkey": {"testsubkey": "testvalue"}}
     if support_config is None:
         support_config = {"testsupportkey": {"testsubkey": "testvalue"}}
 
     values["wellKnownDelegation"].setdefault("additional", {})["client"] = json.dumps(client_config)
     values["wellKnownDelegation"].setdefault("additional", {})["server"] = json.dumps(server_config)
-    values["wellKnownDelegation"].setdefault("additional", {})["element"] = json.dumps(element_config)
     values["wellKnownDelegation"].setdefault("additional", {})["support"] = json.dumps(support_config)
     for template in await make_templates(values):
         if template["kind"] == "ConfigMap" and template["metadata"]["name"] == f"{release_name}-well-known-haproxy":
@@ -60,12 +53,11 @@ async def assert_well_known_files(
             server_from_json = json.loads(template["data"]["server"])
             assert server_from_json == server_config | expected_server
 
-            element_from_json = json.loads(template["data"]["element.json"])
-            assert element_from_json == element_config | expected_element
-
             support_config_from_json = json.loads(template["data"]["support"])
             assert support_config == support_config_from_json
 
+            assert "element.json" not in template["data"]
+
             break
     else:
         raise AssertionError("Unable to find WellKnownDelegationConfigMap")
