diff --git a/services/comms/mas-local-users-ensure-job.yaml b/services/comms/mas-local-users-ensure-job.yaml index 04b41f6..6b7f6bf 100644 --- a/services/comms/mas-local-users-ensure-job.yaml +++ b/services/comms/mas-local-users-ensure-job.yaml @@ -2,7 +2,7 @@ apiVersion: batch/v1 kind: Job metadata: - name: mas-local-users-ensure-1 + name: mas-local-users-ensure-2 namespace: comms spec: backoffLimit: 1 @@ -64,6 +64,7 @@ spec: MAS_ADMIN_CLIENT_SECRET_FILE = os.environ["MAS_ADMIN_CLIENT_SECRET_FILE"] MAS_TOKEN_URL = os.environ["MAS_TOKEN_URL"] MAS_ADMIN_API_BASE = os.environ["MAS_ADMIN_API_BASE"].rstrip("/") + AUTH_BASE = "http://matrix-authentication-service:8080" def admin_token(): with open(MAS_ADMIN_CLIENT_SECRET_FILE, "r", encoding="utf-8") as f: @@ -97,57 +98,80 @@ spec: return r.json()["data"] def create_user(token, username, password): - payload = { - "data": { - "type": "user", - "attributes": { - "username": username, - "password": password, - }, - } - } - r = requests.post( - f"{MAS_ADMIN_API_BASE}/users", - headers={"Authorization": f"Bearer {token}"}, - json=payload, - timeout=30, - ) - if r.status_code in (200, 201): - return r.json()["data"] - if r.status_code == 409: - return None - r.raise_for_status() + payloads = [ + { + "data": { + "type": "user", + "attributes": { + "username": username, + "password": password, + }, + } + }, + {"username": username, "password": password}, + ] + for payload in payloads: + r = requests.post( + f"{MAS_ADMIN_API_BASE}/users", + headers={"Authorization": f"Bearer {token}"}, + json=payload, + timeout=30, + ) + if r.status_code in (200, 201): + return r.json().get("data") or {} + if r.status_code == 409: + return None return None def update_password(token, user_id, password): - payload = { - "data": { - "type": "user", - "id": user_id, - "attributes": { - "password": password, - }, - } - } - r = requests.patch( - f"{MAS_ADMIN_API_BASE}/users/{urllib.parse.quote(user_id)}", + payloads = [ + { + "data": { + "type": "user", + "id": user_id, + "attributes": { + "password": password, + }, + } + }, + {"password": password}, + ] + for payload in payloads: + r = requests.patch( + f"{MAS_ADMIN_API_BASE}/users/{urllib.parse.quote(user_id)}", + headers={"Authorization": f"Bearer {token}"}, + json=payload, + timeout=30, + ) + if r.status_code in (200, 204): + return True + r = requests.post( + f"{MAS_ADMIN_API_BASE}/users/{urllib.parse.quote(user_id)}/password", headers={"Authorization": f"Bearer {token}"}, - json=payload, + json={"password": password}, timeout=30, ) - if r.status_code in (200, 204): - return True - return False + return r.status_code in (200, 204) def ensure_user(token, username, password): user = get_user(token, username) if user is None: user = create_user(token, username, password) - if user is None: - user = get_user(token, username) + user = get_user(token, username) if user is None: raise RuntimeError(f"failed to ensure user {username}") update_password(token, user["id"], password) + r = requests.post( + f"{AUTH_BASE}/_matrix/client/v3/login", + json={ + "type": "m.login.password", + "identifier": {"type": "m.id.user", "user": username}, + "password": password, + }, + timeout=30, + ) + if r.status_code != 200: + raise RuntimeError(f"login failed for {username}: {r.status_code} {r.text}") token = admin_token() ensure_user(token, os.environ["SEEDER_USER"], os.environ["SEEDER_PASS"])