working on sso support

2025-02-09 14:47:02 -05:00 · 2025-02-09 14:47:02 -05:00 · cdc7d659a0
commit cdc7d659a0
parent f58c9a2aab
6 changed files with 53 additions and 2 deletions
--- a/.env.sample
+++ b/.env.sample
@ -9,8 +9,18 @@ LETS_ENCRYPT_ENV=production
 # Secret Versions
 SECRET_POSTGRES_PASSWORD_VERSION=v1

+COMPOSE_FILE="compose.yml"
+
 # Container Settings
 ## Timezone inside the containers. The value needs to be in the form 'Europe/Berlin'.
 ## A list of these tz database names can be looked up at Wikipedia
 ## https://en.wikipedia.org/wiki/List_of_tz_database_time_zones
 TZ=UTC
+
+## SSO config
+#COMPOSE_FILE="$COMPOSE_FILE:compose.sso.yml"
+#SSO_DOMAIN=accounts.example.com
+#ORG_NAME="My Organization"
+#SSO_APP=mattermost
+#SSO_ID=
+#SECRET_MATTERMOST_SSO_SECRET_VERSION=v1
--- a/abra.sh
+++ b/abra.sh
@ -1 +1,2 @@
 export ENTRYPOINT_VERSION=v1
+export GITLAB_CONFIG_VERSION=v1
--- a/compose.sso.yml
+++ b/compose.sso.yml
@ -0,0 +1,21 @@
+version: "3.8"
+
+services:
+  app:
+    configs:
+      - source: gitlab_config_patch
+        target: /gitlab_config_patch.json
+        mode: 0555
+    secrets:
+      - mattermost_sso_secret
+
+secrets:
+  mattermost_sso_secret:
+    external: true
+    name: ${STACK_NAME}_mattermost_sso_secret_${SECRET_MATTERMOST_SSO_SECRET_VERSION}
+
+configs:
+  gitlab_config_patch:
+    name: ${STACK_NAME}_gitlab_config_${GITLAB_CONFIG_VERSION}
+    file: ./gitlab_config_patch.json.tmpl
+    template_driver: golang
--- a/compose.yml
+++ b/compose.yml
@ -59,7 +59,6 @@ services:
        backupbot.backup.post-hook: "rm -rf /var/lib/postgresql/data/postgres-backup.sql"
        backupbot.backup.path: "/var/lib/postgresql/data/"

-
 secrets:
  postgres_password:
    external: true
@ -70,6 +69,7 @@ configs:
    name: ${STACK_NAME}_entrypoint_${ENTRYPOINT_VERSION}
    file: ./entrypoint.sh

+
 networks:
  proxy:
    external: true
--- a/entrypoint.sh
+++ b/entrypoint.sh
@ -15,5 +15,12 @@ else
    exit 1
 fi

+# Patch Mattermost config to enable SSO
+if test -f "/run/secrets/mattermost_sso_secret"; then
+    export PATCH=`cat /gitlab_config_patch.json`
+    jq ".GitLabSettings = $PATCH" < mattermost/docker/volumes/app/mattermost/config/config.json > tmp.json &&
+    mv tmp.json mattermost/docker/volumes/app/mattermost/config/config.json
+fi
+
 # https://github.com/mattermost/mattermost-server/blob/master/build/Dockerfile
 /entrypoint.sh "mattermost"
--- a/gitlab_config_patch.json.tmpl
+++ b/gitlab_config_patch.json.tmpl
@ -0,0 +1,12 @@
+{
+  "Enable": true,
+  "Secret": "${MATTERMOST_SSO_SECRET}",
+  "Id": "${SSO_ID}",
+  "Scope": "",
+  "AuthEndpoint": "https://${SSO_DOMAIN}/application/o/authorize/",
+  "TokenEndpoint": "https://${SSO_DOMAIN}/application/o/token/",
+  "UserAPIEndpoint": "https://${SSO_DOMAIN}/application/o/userinfo/",
+  "DiscoveryEndpoint": "https://${SSO_DOMAIN}/application/o/${SSO_APP}/.well-known/openid-configuration",
+  "ButtonText": "${ORG_NAME}",
+  "ButtonColor": "#ff0000"
+}