feat: add matrix-auth integration

metadata.yaml

@@ -38,6 +38,8 @@ provides:
     interface: grafana_dashboard
   metrics-endpoint:
     interface: prometheus_scrape
+  matrix-auth:
+    interface: matrix_auth
 
 requires:
     backup:

pyproject.toml

@@ -11,7 +11,7 @@ skips = ["*/*test.py", "*/test_*.py", "*tests/*.py"]
 branch = true
 
 [tool.coverage.report]
-fail_under = 92
+fail_under = 91
 show_missing = true
 
 

src-docs/charm.py.md

@@ -17,7 +17,7 @@ Charm the service.
 
 Attrs:  on: listen to Redis events. 
 
-<a href="../src/charm.py#L52"><img align="right" style="float:right;" src="https://img.shields.io/badge/-source-cccccc?style=flat-square"></a>
+<a href="../src/charm.py#L53"><img align="right" style="float:right;" src="https://img.shields.io/badge/-source-cccccc?style=flat-square"></a>
 
 ### <kbd>function</kbd> `__init__`
 
@@ -74,7 +74,7 @@ Unit that this execution is responsible for.
 
 ---
 
-<a href="../src/charm.py#L102"><img align="right" style="float:right;" src="https://img.shields.io/badge/-source-cccccc?style=flat-square"></a>
+<a href="../src/charm.py#L104"><img align="right" style="float:right;" src="https://img.shields.io/badge/-source-cccccc?style=flat-square"></a>
 
 ### <kbd>function</kbd> `build_charm_state`
 
@@ -91,7 +91,7 @@ Build charm state.
 
 ---
 
-<a href="../src/charm.py#L336"><img align="right" style="float:right;" src="https://img.shields.io/badge/-source-cccccc?style=flat-square"></a>
+<a href="../src/charm.py#L348"><img align="right" style="float:right;" src="https://img.shields.io/badge/-source-cccccc?style=flat-square"></a>
 
 ### <kbd>function</kbd> `get_main_unit`
 
@@ -108,7 +108,7 @@ Get main unit.
 
 ---
 
-<a href="../src/charm.py#L351"><img align="right" style="float:right;" src="https://img.shields.io/badge/-source-cccccc?style=flat-square"></a>
+<a href="../src/charm.py#L363"><img align="right" style="float:right;" src="https://img.shields.io/badge/-source-cccccc?style=flat-square"></a>
 
 ### <kbd>function</kbd> `get_main_unit_address`
 
@@ -125,7 +125,7 @@ Get main unit address. If main unit is None, use unit name.
 
 ---
 
-<a href="../src/charm.py#L403"><img align="right" style="float:right;" src="https://img.shields.io/badge/-source-cccccc?style=flat-square"></a>
+<a href="../src/charm.py#L415"><img align="right" style="float:right;" src="https://img.shields.io/badge/-source-cccccc?style=flat-square"></a>
 
 ### <kbd>function</kbd> `get_signing_key`
 
@@ -142,7 +142,7 @@ Get signing key from secret.
 
 ---
 
-<a href="../src/charm.py#L126"><img align="right" style="float:right;" src="https://img.shields.io/badge/-source-cccccc?style=flat-square"></a>
+<a href="../src/charm.py#L129"><img align="right" style="float:right;" src="https://img.shields.io/badge/-source-cccccc?style=flat-square"></a>
 
 ### <kbd>function</kbd> `get_unit_number`
 
@@ -166,7 +166,7 @@ Get unit number from unit name.
 
 ---
 
-<a href="../src/charm.py#L146"><img align="right" style="float:right;" src="https://img.shields.io/badge/-source-cccccc?style=flat-square"></a>
+<a href="../src/charm.py#L149"><img align="right" style="float:right;" src="https://img.shields.io/badge/-source-cccccc?style=flat-square"></a>
 
 ### <kbd>function</kbd> `instance_map`
 
@@ -183,7 +183,7 @@ Build instance_map config.
 
 ---
 
-<a href="../src/charm.py#L118"><img align="right" style="float:right;" src="https://img.shields.io/badge/-source-cccccc?style=flat-square"></a>
+<a href="../src/charm.py#L121"><img align="right" style="float:right;" src="https://img.shields.io/badge/-source-cccccc?style=flat-square"></a>
 
 ### <kbd>function</kbd> `is_main`
 
@@ -201,7 +201,7 @@ Verify if this unit is the main.
 
 ---
 
-<a href="../src/charm.py#L312"><img align="right" style="float:right;" src="https://img.shields.io/badge/-source-cccccc?style=flat-square"></a>
+<a href="../src/charm.py#L324"><img align="right" style="float:right;" src="https://img.shields.io/badge/-source-cccccc?style=flat-square"></a>
 
 ### <kbd>function</kbd> `peer_units_total`
 
@@ -218,7 +218,7 @@ Get peer units total.
 
 ---
 
-<a href="../src/charm.py#L189"><img align="right" style="float:right;" src="https://img.shields.io/badge/-source-cccccc?style=flat-square"></a>
+<a href="../src/charm.py#L192"><img align="right" style="float:right;" src="https://img.shields.io/badge/-source-cccccc?style=flat-square"></a>
 
 ### <kbd>function</kbd> `reconcile`
 
@@ -238,7 +238,7 @@ This is the main entry for changes that require a restart.
 
 ---
 
-<a href="../src/charm.py#L363"><img align="right" style="float:right;" src="https://img.shields.io/badge/-source-cccccc?style=flat-square"></a>
+<a href="../src/charm.py#L375"><img align="right" style="float:right;" src="https://img.shields.io/badge/-source-cccccc?style=flat-square"></a>
 
 ### <kbd>function</kbd> `set_main_unit`
 
@@ -256,7 +256,7 @@ Create/Renew an admin access token and put it in the peer relation.
 
 ---
 
-<a href="../src/charm.py#L379"><img align="right" style="float:right;" src="https://img.shields.io/badge/-source-cccccc?style=flat-square"></a>
+<a href="../src/charm.py#L391"><img align="right" style="float:right;" src="https://img.shields.io/badge/-source-cccccc?style=flat-square"></a>
 
 ### <kbd>function</kbd> `set_signing_key`
 

src-docs/charm_state.py.md

@@ -174,6 +174,7 @@ State of the Charm.
  - <b>`redis_config`</b>:  redis configuration. 
  - <b>`proxy`</b>:  proxy information. 
  - <b>`instance_map_config`</b>:  Instance map configuration with main and worker addresses. 
+ - <b>`registration_secrets`</b>:  Registration secrets received via matrix-auth integration. 
 
 
 ---
@@ -191,7 +192,7 @@ Get charm proxy information from juju charm environment.
 
 ---
 
-<a href="../src/charm_state.py#L383"><img align="right" style="float:right;" src="https://img.shields.io/badge/-source-cccccc?style=flat-square"></a>
+<a href="../src/charm_state.py#L385"><img align="right" style="float:right;" src="https://img.shields.io/badge/-source-cccccc?style=flat-square"></a>
 
 ### <kbd>classmethod</kbd> `from_charm`
 
@@ -203,7 +204,8 @@ from_charm(
     smtp_config: Optional[SMTPConfiguration],
     media_config: Optional[MediaConfiguration],
     redis_config: Optional[RedisConfiguration],
-    instance_map_config: Optional[Dict]
+    instance_map_config: Optional[Dict],
+    registration_secrets: Optional[List]
 ) → CharmState
 ```
 
@@ -220,6 +222,7 @@ Initialize a new instance of the CharmState class from the associated charm.
  - <b>`media_config`</b>:  Media configuration to be used by Synapse. 
  - <b>`redis_config`</b>:  Redis configuration to be used by Synapse. 
  - <b>`instance_map_config`</b>:  Instance map configuration with main and worker addresses. 
+ - <b>`registration_secrets`</b>:  Registration secrets received via matrix-auth integration. 
 
 Return: The CharmState instance created by the provided charm. 
 

src-docs/matrix_auth_observer.py.md

@@ -0,0 +1,92 @@
+<!-- markdownlint-disable -->
+
+<a href="../src/matrix_auth_observer.py#L0"><img align="right" style="float:right;" src="https://img.shields.io/badge/-source-cccccc?style=flat-square"></a>
+
+# <kbd>module</kbd> `matrix_auth_observer.py`
+The Matrix Auth relation observer. 
+
+
+
+---
+
+## <kbd>class</kbd> `MatrixAuthObserver`
+The Matrix Auth relation observer. 
+
+<a href="../src/matrix_auth_observer.py#L28"><img align="right" style="float:right;" src="https://img.shields.io/badge/-source-cccccc?style=flat-square"></a>
+
+### <kbd>function</kbd> `__init__`
+
+```python
+__init__(charm: CharmBaseWithState)
+```
+
+Initialize the observer and register event handlers. 
+
+
+
+**Args:**
+
+ - <b>`charm`</b>:  The parent charm to attach the observer to. 
+
+
+---
+
+#### <kbd>property</kbd> model
+
+Shortcut for more simple access the model. 
+
+
+
+---
+
+<a href="../src/matrix_auth_observer.py#L45"><img align="right" style="float:right;" src="https://img.shields.io/badge/-source-cccccc?style=flat-square"></a>
+
+### <kbd>function</kbd> `get_charm`
+
+```python
+get_charm() → CharmBaseWithState
+```
+
+Return the current charm. 
+
+
+
+**Returns:**
+  The current charm 
+
+---
+
+<a href="../src/matrix_auth_observer.py#L67"><img align="right" style="float:right;" src="https://img.shields.io/badge/-source-cccccc?style=flat-square"></a>
+
+### <kbd>function</kbd> `get_requirer_registration_secrets`
+
+```python
+get_requirer_registration_secrets() → Optional[List]
+```
+
+Get requirers registration secrets (application services). 
+
+
+
+**Returns:**
+  dict with filepath and content for creating the secret files. 
+
+---
+
+<a href="../src/matrix_auth_observer.py#L53"><img align="right" style="float:right;" src="https://img.shields.io/badge/-source-cccccc?style=flat-square"></a>
+
+### <kbd>function</kbd> `update_matrix_auth_integration`
+
+```python
+update_matrix_auth_integration(charm_state: CharmState) → None
+```
+
+Update matrix auth integration relation data. 
+
+
+
+**Args:**
+
+ - <b>`charm_state`</b>:  The charm state. 
+
+

src/charm.py

@@ -24,6 +24,7 @@
 from backup_observer import BackupObserver
 from charm_state import CharmBaseWithState, CharmState, inject_charm_state
 from database_observer import DatabaseObserver
+from matrix_auth_observer import MatrixAuthObserver
 from media_observer import MediaObserver
 from mjolnir import Mjolnir
 from observability import Observability
@@ -57,6 +58,7 @@ def __init__(self, *args: typing.Any) -> None:
         """
         super().__init__(*args)
         self._backup = BackupObserver(self)
+        self._matrix_auth = MatrixAuthObserver(self)
         self._media = MediaObserver(self)
         self._database = DatabaseObserver(self, relation_name=synapse.SYNAPSE_DB_RELATION_NAME)
         self._saml = SAMLObserver(self)
@@ -112,6 +114,7 @@ def build_charm_state(self) -> CharmState:
             smtp_config=self._smtp.get_relation_as_smtp_conf(),
             media_config=self._media.get_relation_as_media_conf(),
             redis_config=self._redis.get_relation_as_redis_conf(),
+            registration_secrets=self._matrix_auth.get_requirer_registration_secrets(),
             instance_map_config=self.instance_map(),
         )
 
@@ -203,21 +206,30 @@ def reconcile(self, charm_state: CharmState) -> None:
             return
         self.model.unit.status = ops.MaintenanceStatus("Configuring Synapse")
         try:
+            # check signing key
             signing_key_path = f"/data/{charm_state.synapse_config.server_name}.signing.key"
             signing_key_from_secret = self.get_signing_key()
             if signing_key_from_secret:
                 logger.debug("Signing key secret was found, pushing it to the container")
                 container.push(
                     signing_key_path, signing_key_from_secret, make_dirs=True, encoding="utf-8"
                 )
+
+            # reconcile configuration
             pebble.reconcile(
                 charm_state, container, is_main=self.is_main(), unit_number=self.get_unit_number()
             )
+
+            # create new signing key if needed
             if self.is_main() and not signing_key_from_secret:
                 logger.debug("Signing key secret not found, creating secret")
                 with container.pull(signing_key_path) as f:
                     signing_key = f.read()
                     self.set_signing_key(signing_key.rstrip())
+
+            # update matrix-auth integration with configuration data
+            if self.unit.is_leader():
+                self._matrix_auth.update_matrix_auth_integration(charm_state)
         except (pebble.PebbleServiceError, FileNotFoundError) as exc:
             self.model.unit.status = ops.BlockedStatus(str(exc))
             return

src/charm_state.py

@@ -353,6 +353,7 @@ class CharmState:  # pylint: disable=too-many-instance-attributes
         redis_config: redis configuration.
         proxy: proxy information.
         instance_map_config: Instance map configuration with main and worker addresses.
+        registration_secrets: Registration secrets received via matrix-auth integration.
     """
 
     synapse_config: SynapseConfig
@@ -362,6 +363,7 @@ class CharmState:  # pylint: disable=too-many-instance-attributes
     media_config: typing.Optional[MediaConfiguration]
     redis_config: typing.Optional[RedisConfiguration]
     instance_map_config: typing.Optional[typing.Dict]
+    registration_secrets: typing.Optional[typing.List]
 
     @property
     def proxy(self) -> "ProxyConfig":
@@ -390,6 +392,7 @@ def from_charm(  # pylint: disable=too-many-arguments,too-many-positional-argume
         media_config: typing.Optional[MediaConfiguration],
         redis_config: typing.Optional[RedisConfiguration],
         instance_map_config: typing.Optional[typing.Dict],
+        registration_secrets: typing.Optional[typing.List],
     ) -> "CharmState":
         """Initialize a new instance of the CharmState class from the associated charm.
 
@@ -401,6 +404,7 @@ def from_charm(  # pylint: disable=too-many-arguments,too-many-positional-argume
             media_config: Media configuration to be used by Synapse.
             redis_config: Redis configuration to be used by Synapse.
             instance_map_config: Instance map configuration with main and worker addresses.
+            registration_secrets: Registration secrets received via matrix-auth integration.
 
         Return:
             The CharmState instance created by the provided charm.
@@ -444,4 +448,5 @@ def from_charm(  # pylint: disable=too-many-arguments,too-many-positional-argume
             media_config=media_config,
             redis_config=redis_config,
             instance_map_config=instance_map_config,
+            registration_secrets=registration_secrets,
         )