Update matrix-registration-bot, improve authentication config (#2723)

* Adjust to new mrb docker versioning * Stabilze authentication * fix lint * Move & document mrb password usage * Add clean cache role * Document clean cache * Fix lint * Update CHANGELOG.md * Automate access tokens * Improve changelog * Make use of mrb's function to fetch API tokens * Adjust changelog * Use ansible.builtin.file to clear directory * Fix typo --------- Co-authored-by: Slavi Pantaleev <slavi@devture.com>
2023-07-24 12:57:06 +02:00
parent 856a328e96
commit 14f7eed932
9 changed files with 83 additions and 38 deletions
--- a/roles/custom/matrix-bot-matrix-registration-bot/defaults/main.yml
+++ b/roles/custom/matrix-bot-matrix-registration-bot/defaults/main.yml
@ -8,8 +8,10 @@ matrix_bot_matrix_registration_bot_docker_repo: "https://github.com/moan0s/matri
 matrix_bot_matrix_registration_bot_docker_repo_version: "{{ matrix_bot_matrix_registration_bot_version if matrix_bot_matrix_registration_bot_version != 'latest' else 'main' }}"
 matrix_bot_matrix_registration_bot_docker_src_files_path: "{{ matrix_bot_matrix_registration_bot_base_path }}/docker-src"

-matrix_bot_matrix_registration_bot_version: latest
-matrix_bot_matrix_registration_bot_docker_image: "{{ matrix_container_global_registry_prefix }}moanos/matrix-registration-bot:{{ matrix_bot_matrix_registration_bot_version }}"
+matrix_bot_matrix_registration_bot_version: 1.3.0
+matrix_bot_matrix_registration_bot_docker_iteration: 0
+matrix_bot_matrix_registration_bot_docker_tag: "{{ matrix_bot_matrix_registration_bot_version }}-{{ matrix_bot_matrix_registration_bot_docker_iteration}}"
+matrix_bot_matrix_registration_bot_docker_image: "{{ matrix_container_global_registry_prefix }}moanos/matrix-registration-bot:{{ matrix_bot_matrix_registration_bot_docker_tag }}"
 matrix_bot_matrix_registration_bot_docker_image_force_pull: "{{ matrix_bot_matrix_registration_bot_docker_image.endswith(':latest') }}"

 matrix_bot_matrix_registration_bot_base_path: "{{ matrix_base_data_path }}/matrix-registration-bot"
@ -19,15 +21,15 @@ matrix_bot_matrix_registration_bot_data_path: "{{ matrix_bot_matrix_registration
 matrix_bot_matrix_registration_bot_bot_server: "https://{{ matrix_server_fqn_matrix }}"
 matrix_bot_matrix_registration_bot_api_base_url: "https://{{ matrix_server_fqn_matrix }}"

-# The access token that the bot uses to communicate in Matrix chats
-# This does not necessarily need to be a privileged (admin) access token.
-matrix_bot_matrix_registration_bot_bot_access_token: ''

-# The access token that the bot uses to call the Matrix API for creating registration tokens.
-# This needs to be a privileged (admin) access token.
-# By default, we assume `matrix_bot_matrix_registration_bot_bot_access_token` is such a privileged token and we use it as is.
-# If necessary, you can define your own other access token here, which might even be for a different Matrix user.
-matrix_bot_matrix_registration_bot_api_token: "{{ matrix_bot_matrix_registration_bot_bot_access_token }}"
+# The bot's password (can also be used to login via a client like element)
+matrix_bot_matrix_registration_bot_bot_password: ''
+
+# Optional variable that only needs to be set if the bot account is not admin
+# Needs to be a valid access token of an admin account
+matrix_bot_matrix_registration_bot_api_token: ''
+
+matrix_bot_matrix_registration_bot_device_id: "matrix-docker-ansible-deploy"

 matrix_bot_matrix_registration_bot_logging_level: info
 matrix_bot_matrix_registration_environment_variables_extension: ''
--- a/roles/custom/matrix-bot-matrix-registration-bot/tasks/clean_cache.yml
+++ b/roles/custom/matrix-bot-matrix-registration-bot/tasks/clean_cache.yml
@ -0,0 +1,12 @@
+---
+
+- name: Delete cache files
+  ansible.builtin.file:
+    state: "{{ item }}"
+    path: "{{ matrix_bot_matrix_registration_bot_data_path }}"
+    mode: 0750
+    owner: "{{ matrix_user_username }}"
+    group: "{{ matrix_user_groupname }}"
+  with_items:
+    - absent
+    - directory
--- a/roles/custom/matrix-bot-matrix-registration-bot/tasks/main.yml
+++ b/roles/custom/matrix-bot-matrix-registration-bot/tasks/main.yml
@ -18,3 +18,9 @@
  block:
    - when: not matrix_bot_matrix_registration_bot_enabled | bool
      ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_uninstall.yml"
+
+- tags:
+    - bot-matrix-registration-bot-clean-cache
+  block:
+    - when: matrix_bot_matrix_registration_bot_enabled | bool
+      ansible.builtin.include_tasks: "{{ role_path }}/tasks/clean_cache.yml"
--- a/roles/custom/matrix-bot-matrix-registration-bot/tasks/setup_install.yml
+++ b/roles/custom/matrix-bot-matrix-registration-bot/tasks/setup_install.yml
@ -9,7 +9,7 @@
    group: "{{ matrix_user_groupname }}"
  with_items:
    - {path: "{{ matrix_bot_matrix_registration_bot_config_path }}", when: true}
-    - - {path: "{{ matrix_bot_matrix_registration_bot_data_path }}", when: true}
+    - {path: "{{ matrix_bot_matrix_registration_bot_data_path }}", when: true}
    - {path: "{{ matrix_bot_matrix_registration_bot_docker_src_files_path }}", when: true}
  when: "item.when | bool"

--- a/roles/custom/matrix-bot-matrix-registration-bot/tasks/validate_config.yml
+++ b/roles/custom/matrix-bot-matrix-registration-bot/tasks/validate_config.yml
@ -5,6 +5,13 @@
    msg: >-
      You need to define a required configuration setting (`{{ item }}`).
  when: "vars[item] == ''"
+  with_items:
+    - "matrix_bot_matrix_registration_bot_bot_password"
+
+- name: (Deprecation) Catch and report old settings
+  ansible.builtin.fail:
+    msg: >-
+      Your configuration contains a variable, which is deprecated - Please check the documentation on how to configure the matrix-registration-bot.
+  when: "item in vars"
  with_items:
    - "matrix_bot_matrix_registration_bot_bot_access_token"
-    - "matrix_bot_matrix_registration_bot_api_token"
--- a/roles/custom/matrix-bot-matrix-registration-bot/templates/config/config.yml.j2
+++ b/roles/custom/matrix-bot-matrix-registration-bot/templates/config/config.yml.j2
@ -1,12 +1,16 @@
 bot:
  server: {{ matrix_bot_matrix_registration_bot_bot_server|to_json }}
  username: {{ matrix_bot_matrix_registration_bot_matrix_user_id_localpart|to_json }}
-  access_token: {{ matrix_bot_matrix_registration_bot_bot_access_token|to_json }}
+  password: {{ matrix_bot_matrix_registration_bot_bot_password|to_json }}
+
 api:
  # API endpoint of the registration tokens
  base_url: {{ matrix_bot_matrix_registration_bot_api_base_url|to_json }}
  # Access token of an administrator on the server
+{% if matrix_bot_matrix_registration_bot_api_token | length > 0 %}
  token: {{ matrix_bot_matrix_registration_bot_api_token|to_json }}
+{% endif %}
+
 logging:
  level: {{ matrix_bot_matrix_registration_bot_logging_level|to_json }}