bstein/titan-iac
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

comms: make guest renamer MAS-only

Browse Source
This commit is contained in:
Brad Stein 2026-01-08 05:47:21 -03:00
parent 0fc4b299da
commit c909d45fda
1 changed files with 45 additions and 69 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

28
services/comms/guest-name-job.yaml
View File

@ -32,8 +32,6 @@ spec:
env: env:
- name: SYNAPSE_BASE - name: SYNAPSE_BASE
value: http://othrys-synapse-matrix-synapse:8008 value: http://othrys-synapse-matrix-synapse:8008
- name: AUTH_BASE
value: http://matrix-authentication-service:8080
- name: MAS_ADMIN_CLIENT_ID - name: MAS_ADMIN_CLIENT_ID
value: 01KDXMVQBQ5JNY6SEJPZW6Z8BM value: 01KDXMVQBQ5JNY6SEJPZW6Z8BM
- name: MAS_ADMIN_CLIENT_SECRET_FILE - name: MAS_ADMIN_CLIENT_SECRET_FILE
@ -44,11 +42,6 @@ spec:
value: http://matrix-authentication-service:8080/oauth2/token value: http://matrix-authentication-service:8080/oauth2/token
- name: SEEDER_USER - name: SEEDER_USER
value: othrys-seeder value: othrys-seeder
- name: SEEDER_PASS
valueFrom:
secretKeyRef:
name: atlasbot-credentials-runtime
key: seeder-password
command: command:
- /bin/sh - /bin/sh
- -c - -c
@ -75,13 +68,11 @@ spec:
] ]
BASE = os.environ["SYNAPSE_BASE"] BASE = os.environ["SYNAPSE_BASE"]
AUTH_BASE = os.environ.get("AUTH_BASE", BASE)
MAS_ADMIN_CLIENT_ID = os.environ["MAS_ADMIN_CLIENT_ID"] MAS_ADMIN_CLIENT_ID = os.environ["MAS_ADMIN_CLIENT_ID"]
MAS_ADMIN_CLIENT_SECRET_FILE = os.environ["MAS_ADMIN_CLIENT_SECRET_FILE"] MAS_ADMIN_CLIENT_SECRET_FILE = os.environ["MAS_ADMIN_CLIENT_SECRET_FILE"]
MAS_ADMIN_API_BASE = os.environ["MAS_ADMIN_API_BASE"].rstrip("/") MAS_ADMIN_API_BASE = os.environ["MAS_ADMIN_API_BASE"].rstrip("/")
MAS_TOKEN_URL = os.environ["MAS_TOKEN_URL"] MAS_TOKEN_URL = os.environ["MAS_TOKEN_URL"]
SEEDER_USER = os.environ["SEEDER_USER"] SEEDER_USER = os.environ["SEEDER_USER"]
SEEDER_PASS = os.environ["SEEDER_PASS"]
ROOM_ALIAS = "#othrys:live.bstein.dev" ROOM_ALIAS = "#othrys:live.bstein.dev"
def mas_admin_token(): def mas_admin_token():
@ -137,19 +128,6 @@ spec:
timeout=30, timeout=30,
) )
def login(user, password):
r = requests.post(
f"{AUTH_BASE}/_matrix/client/v3/login",
json={
"type": "m.login.password",
"identifier": {"type": "m.id.user", "user": user},
"password": password,
},
timeout=30,
)
r.raise_for_status()
return r.json()["access_token"]
def resolve_alias(token, alias): def resolve_alias(token, alias):
headers = {"Authorization": f"Bearer {token}"} headers = {"Authorization": f"Bearer {token}"}
enc = urllib.parse.quote(alias) enc = urllib.parse.quote(alias)
@ -269,9 +247,6 @@ spec:
try: try:
room_id = resolve_alias(seeder_token, ROOM_ALIAS) room_id = resolve_alias(seeder_token, ROOM_ALIAS)
members, existing = room_members(seeder_token, room_id) members, existing = room_members(seeder_token, room_id)
finally:
mas_revoke_session(admin_token, seeder_session)
users = mas_list_users(admin_token) users = mas_list_users(admin_token)
mas_usernames = set() mas_usernames = set()
for user in users: for user in users:
@ -303,7 +278,6 @@ spec:
finally: finally:
mas_revoke_session(admin_token, session_id) mas_revoke_session(admin_token, session_id)
seeder_token = login(SEEDER_USER, SEEDER_PASS)
for entry in synapse_list_users(seeder_token): for entry in synapse_list_users(seeder_token):
user_id = entry.get("name") or "" user_id = entry.get("name") or ""
if not user_id.startswith("@"): if not user_id.startswith("@"):
@ -328,4 +302,6 @@ spec:
continue continue
if not set_displayname_admin(seeder_token, user_id, new): if not set_displayname_admin(seeder_token, user_id, new):
continue continue
finally:
mas_revoke_session(admin_token, seeder_session)
PY PY