add environment variables for MAS secrets (#48)

mcalinghee · web-flow · commit fc46b798009e · 2025-10-06T10:37:52.000+02:00
* set the same secret as tchap-docker-integration

* add MAS clients variables to be able to use the tchap docker integration tool
diff --git a/tchap/.env.sample b/tchap/.env.sample
@@ -1,2 +1,10 @@
-#Copy synapse secret from `element-docker-demo/data/mas/config.yaml`
-HOMESERVER_SECRET=
+#Copy matrix.secret from `element-docker-demo/data/mas/config.yaml`
+HOMESERVER_SECRET=
+#Copy synapse client id from `element-docker-demo/data/mas/config.yaml`
+SYNAPSE_CLIENT_ID=
+#Copy synapse client secret from `element-docker-demo/data/mas/config.yaml`
+SYNAPSE_CLIENT_SECRET=
+#Copy admin client id from `element-docker-demo/data/mas/config.yaml`
+ADMIN_CLIENT_ID=
+#Copy admin client secret from `element-docker-demo/data/mas/config.yaml`
+ADMIN_CLIENT_SECRET=
diff --git a/tchap/README.md b/tchap/README.md
@@ -37,7 +37,11 @@ For building the Docker image, the [`build` github action](../.github/workflows/
 
 If Synapse integration is needed, install the environment from element-docker-demo and run it (see README.md)
 
-Copy synapse secret from `element-docker-demo/data/mas/config.yaml` to .env file : HOMESERVER_SECRET=
+Copy matrix.secret from `element-docker-demo/data/mas/config.yaml` to .env file : HOMESERVER_SECRET=
+Copy synapse client id from `element-docker-demo/data/mas/config.yaml` to .env file : SYNAPSE_CLIENT_ID=
+Copy synapse client secret from `element-docker-demo/data/mas/config.yaml` to .env file : SYNAPSE_CLIENT_SECRET=
+Copy admin client id from `element-docker-demo/data/mas/config.yaml` to .env file : ADMIN_CLIENT_ID=
+Copy admin client secret from `element-docker-demo/data/mas/config.yaml` to .env file : ADMIN_CLIENT_SECRET=
 
 
 # Important knowledge
diff --git a/tchap/build_conf.sh b/tchap/build_conf.sh
@@ -54,8 +54,40 @@ if [ -n "${HOMESERVER_SECRET+x}" ] && [ -n "$HOMESERVER_SECRET" ]; then
   # HOMESERVER_SECRET is defined and not empty
   sed -i '' -E "s|secret: 'TO BE COPY'|secret: '$HOMESERVER_SECRET'|" "$yaml_file"
 else
-  sed -i '' -E "s|secret: 'TO BE COPY'|secret: 'WARNING NO HOMESERVER SECRET DEFINED'|" "$yaml_file"
+  sed -i '' -E "s|secret: 'TO BE COPY'|secret: 'WARNING NO HOMESERVER_SECRET DEFINED'|" "$yaml_file"
   echo "WARNING: HOMESERVER_SECRET is not defined or empty. Using warning message instead."
 fi
 
+if [ -n "${SYNAPSE_CLIENT_ID+x}" ] && [ -n "$SYNAPSE_CLIENT_ID" ]; then
+  # SYNAPSE_CLIENT_ID is defined and not empty
+  sed -i '' -E "s|client_id: 'SYNAPSE_CLIENT_ID'|client_id: '$SYNAPSE_CLIENT_ID'|" "$yaml_file"
+else
+  sed -i '' -E "s|client_id: 'SYNAPSE_CLIENT_ID'|client_id: 'WARNING NO SYNAPSE_CLIENT_ID DEFINED'|" "$yaml_file"
+  echo "WARNING: SYNAPSE_CLIENT_ID is not defined or empty. Using warning message instead."
+fi
+
+if [ -n "${SYNAPSE_CLIENT_SECRET+x}" ] && [ -n "$SYNAPSE_CLIENT_SECRET" ]; then
+  # SYNAPSE_CLIENT_SECRET is defined and not empty
+  sed -i '' -E "s|client_secret: 'SYNAPSE_CLIENT_SECRET'|client_secret: '$SYNAPSE_CLIENT_SECRET'|" "$yaml_file"
+else
+  sed -i '' -E "s|client_secret: 'SYNAPSE_CLIENT_SECRET'|client_secret: 'WARNING NO SYNAPSE_CLIENT_SECRET DEFINED'|" "$yaml_file"
+  echo "WARNING: SYNAPSE_CLIENT_SECRET is not defined or empty. Using warning message instead."
+fi
+
+if [ -n "${ADMIN_CLIENT_ID+x}" ] && [ -n "$ADMIN_CLIENT_ID" ]; then
+  # ADMIN_CLIENT_ID is defined and not empty
+  sed -i '' -E "s|client_id: 'ADMIN_CLIENT_ID'|client_id: '$ADMIN_CLIENT_ID'|" "$yaml_file"
+else
+  sed -i '' -E "s|client_id: 'ADMIN_CLIENT_ID'|client_id: 'WARNING NO ADMIN_CLIENT_ID DEFINED'|" "$yaml_file"
+  echo "WARNING: ADMIN_CLIENT_ID is not defined or empty. Using warning message instead."
+fi
+
+if [ -n "${ADMIN_CLIENT_SECRET+x}" ] && [ -n "$ADMIN_CLIENT_SECRET" ]; then
+  # ADMIN_CLIENT_SECRET is defined and not empty
+  sed -i '' -E "s|client_secret: 'ADMIN_CLIENT_SECRET'|client_secret: '$ADMIN_CLIENT_SECRET'|" "$yaml_file"
+else
+  sed -i '' -E "s|client_secret: 'ADMIN_CLIENT_SECRET'|client_secret: 'WARNING NO ADMIN_CLIENT_SECRET DEFINED'|" "$yaml_file"
+  echo "WARNING: ADMIN_CLIENT_SECRET is not defined or empty. Using warning message instead."
+fi
+
 echo "Configuration build completed successfully!"
diff --git a/tchap/conf/config.template.yaml b/tchap/conf/config.template.yaml
@@ -118,14 +118,17 @@ matrix:
   endpoint: https://matrix.tchapgouv.com/
 
 clients:
-  - client_id: 0000000000000000000SYNAPSE
+  - client_id: 'SYNAPSE_CLIENT_ID'
     client_auth_method: client_secret_basic
-    client_secret: '/DjWc4D3yyqgjYN8tum65g'
+    client_secret: 'SYNAPSE_CLIENT_SECRET'
   
   # for api admin calls
-  - client_id: 01J44RKQYM4G3TNVANTMTDYTX6
+  - client_id: 'ADMIN_CLIENT_ID'
     client_auth_method: client_secret_basic
-    client_secret: phoo8ahneir3ohY2eigh4xuu6Oodaewi
+    client_secret: 'ADMIN_CLIENT_SECRET'
+    # List of authorized redirect URIs
+    redirect_uris:
+      - https://auth.tchapgouv.com/api/doc/oauth2-callback
 
 
 policy:
