Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

ISD-2817 Add mas to pebble plan #620

Merged
merged 104 commits into from
Jan 14, 2025
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
104 commits
Select commit Hold shift + click to select a range
091c9fb
add mas-cli to synapse rock
Thanhphan1147 Nov 23, 2024
a77fb66
build mas-cli and its assets in synapse rock
Thanhphan1147 Nov 25, 2024
3666081
Merge branch 'main' into install_mas_cli_in_synapse_rock
Thanhphan1147 Nov 25, 2024
74419c5
await coroutine
Thanhphan1147 Nov 25, 2024
faf57b4
Merge branch 'install_mas_cli_in_synapse_rock' of github.com:canonica…
Thanhphan1147 Nov 25, 2024
bd97414
update assets location
Thanhphan1147 Nov 25, 2024
a432b3b
fix missing dir
Thanhphan1147 Nov 25, 2024
033304f
fix lint
Thanhphan1147 Nov 25, 2024
09dac1f
fix broken tests
Thanhphan1147 Nov 26, 2024
0edc5f3
fix lint
Thanhphan1147 Nov 26, 2024
ae65d33
update target track
Thanhphan1147 Nov 26, 2024
68c9c89
reformat rockcraft
Thanhphan1147 Nov 27, 2024
a803b92
update mas-cli tests
Thanhphan1147 Nov 28, 2024
b166265
Merge branch '2/main' into install_mas_cli_in_synapse_rock
Thanhphan1147 Nov 28, 2024
143c5d2
update synapse tag and update tests
Thanhphan1147 Nov 28, 2024
1019432
Merge branch 'install_mas_cli_in_synapse_rock' of github.com:canonica…
Thanhphan1147 Nov 28, 2024
4dc8a2f
fix test
Thanhphan1147 Nov 28, 2024
23383db
update rockcraft with changes relating to 24.04 base
Thanhphan1147 Nov 28, 2024
392262f
remove the SAML integration and all relevant code
Thanhphan1147 Nov 26, 2024
b5dd209
remove attribute_maps part from rock
Thanhphan1147 Nov 29, 2024
53457d9
Merge remote-tracking branch 'origin/2/main' into disable_saml_integr…
Thanhphan1147 Dec 2, 2024
04a4e68
add mas-datasource state component
Thanhphan1147 Nov 27, 2024
d378498
add MAS configuration state component
Thanhphan1147 Nov 28, 2024
dac1eb2
update charmstate + decorator logic
Thanhphan1147 Nov 28, 2024
899d8d0
fix cyclic import + fix test
Thanhphan1147 Nov 29, 2024
455b985
update function signatures, update fixtures, fix tests
Thanhphan1147 Dec 2, 2024
962fd0a
fix integration test
Thanhphan1147 Dec 2, 2024
a87960d
relate to mas-database before checking for status
Thanhphan1147 Dec 2, 2024
4c65b01
fix lint
Thanhphan1147 Dec 2, 2024
16e3c53
ensure that postgresql is deployed
Thanhphan1147 Dec 3, 2024
96ebabb
Merge remote-tracking branch 'origin/2/main' into add_mas_database_in…
Thanhphan1147 Dec 4, 2024
b46f376
don't raise on blocked
Thanhphan1147 Dec 4, 2024
e95d504
fix lint
Thanhphan1147 Dec 4, 2024
a40b874
rename file
Thanhphan1147 Dec 4, 2024
c0e8225
update ref
Thanhphan1147 Dec 4, 2024
46f08fc
update integration test
Thanhphan1147 Dec 4, 2024
b8dad26
relate to postgresql-k8s as required by MAS
Thanhphan1147 Dec 4, 2024
f4a9232
add cve to trivyignore as they'll be removed with later PRs updating …
Thanhphan1147 Dec 4, 2024
184448e
Merge branch '2/main' into add_mas_database_integration
Thanhphan1147 Dec 5, 2024
3e467db
fix lint
Thanhphan1147 Dec 5, 2024
975ea01
Merge branch 'add_mas_database_integration' of github.com:canonical/s…
Thanhphan1147 Dec 5, 2024
47ab09e
add database name param to observer, fix test
Thanhphan1147 Dec 6, 2024
fe08335
remove fixed CVEs
Thanhphan1147 Dec 6, 2024
7939574
remove typing.override as it's a python3.12 feature
Thanhphan1147 Dec 6, 2024
dcc9472
Merge branch '2/main' into add_mas_database_integration
Thanhphan1147 Dec 6, 2024
39367e9
missing app name
Thanhphan1147 Dec 6, 2024
89e7bba
Merge branch 'add_mas_database_integration' of github.com:canonical/s…
Thanhphan1147 Dec 6, 2024
2edd948
add_mas_template
Thanhphan1147 Nov 29, 2024
4a8c15c
add diagram + update code
Thanhphan1147 Dec 1, 2024
544f7b6
update method prototype
Thanhphan1147 Dec 2, 2024
298cd6f
add configuration template, add mas service to manage configuration f…
Thanhphan1147 Dec 3, 2024
ced34c3
update charmcraft
Thanhphan1147 Dec 3, 2024
a1e9065
update encryption key length and template to match MAS spec
Thanhphan1147 Dec 3, 2024
82b547f
add missing policy reference
Thanhphan1147 Dec 3, 2024
4e4ff6d
fix unintended naming changes
Thanhphan1147 Dec 6, 2024
136b994
Merge remote-tracking branch 'origin/2/main' into render_mas_config_f…
Thanhphan1147 Dec 7, 2024
4eba748
fix unit test
Thanhphan1147 Dec 9, 2024
a2f73ce
remove diagram, update naming
Thanhphan1147 Dec 9, 2024
4d1fd86
fix lint
Thanhphan1147 Dec 9, 2024
b13e8c3
update integration test
Thanhphan1147 Dec 10, 2024
ad63e70
fix lint and update test ( wait for active before relating to postgre…
Thanhphan1147 Dec 10, 2024
7dc4160
add configuration template, add mas service to manage configuration f…
Thanhphan1147 Dec 3, 2024
af08dc1
start MAS with password login flow, update nginx routing logic, updat…
Thanhphan1147 Dec 5, 2024
6151841
refactor + update tests
Thanhphan1147 Dec 11, 2024
4d5de49
update mas config, restart mas before synapse
Thanhphan1147 Dec 12, 2024
c15a461
update tests
Thanhphan1147 Dec 13, 2024
cdb4912
Merge remote-tracking branch 'origin/2/main' into add_mas_to_pebble_plan
Thanhphan1147 Dec 13, 2024
9fea606
update src-docs
Thanhphan1147 Dec 13, 2024
a434d80
update integration tests
Thanhphan1147 Dec 13, 2024
585b0ca
Merge branch '2/main' into add_mas_to_pebble_plan
Thanhphan1147 Dec 16, 2024
db5b691
Merge remote-tracking branch 'origin/2/main' into add_mas_to_pebble_plan
Thanhphan1147 Dec 18, 2024
6594fe6
refactor mjolnir to add mjolnir_configuration state component, update…
Thanhphan1147 Dec 19, 2024
d6db930
fix integration test
Thanhphan1147 Dec 19, 2024
8f3e066
fix lint
Thanhphan1147 Dec 19, 2024
17911d2
Merge branch '2/main' into add_mas_to_pebble_plan
Thanhphan1147 Dec 22, 2024
e687848
fix lint
Thanhphan1147 Dec 22, 2024
0c6bc9d
wait for synapse to be blocked before continuing
Thanhphan1147 Jan 4, 2025
e347066
Merge branch 'add_mas_to_pebble_plan' of github.com:canonical/synapse…
Thanhphan1147 Jan 4, 2025
7637a05
update fixture
Thanhphan1147 Jan 5, 2025
bf9e8e0
add smtp to mas config
Thanhphan1147 Jan 5, 2025
c83bc57
update smtp test
Thanhphan1147 Jan 5, 2025
b08ae59
update licence
Thanhphan1147 Jan 5, 2025
f2bd51e
add nosec for non hardcoded password
Thanhphan1147 Jan 5, 2025
222b571
remove promote user admin action
Thanhphan1147 Jan 6, 2025
e8810f3
add CVE to triviignore
Thanhphan1147 Jan 6, 2025
aaa4da7
Merge remote-tracking branch 'origin/2/main' into add_mas_to_pebble_plan
Thanhphan1147 Jan 6, 2025
87af809
update rock
Thanhphan1147 Jan 7, 2025
3c29f2c
remove support for mjolnir
Thanhphan1147 Jan 7, 2025
6570593
Merge branch '2/main' into add_mas_to_pebble_plan
Thanhphan1147 Jan 7, 2025
e0a99e8
update tests, update docstring
Thanhphan1147 Jan 7, 2025
7d47706
Merge branch 'add_mas_to_pebble_plan' of github.com:canonical/synapse…
Thanhphan1147 Jan 7, 2025
274257e
update tests anoymize user
Thanhphan1147 Jan 7, 2025
f225f9f
validate mas datasource before doing anything
Thanhphan1147 Jan 8, 2025
95f40c3
Merge remote-tracking branch 'origin/2/main' into add_mas_to_pebble_plan
Thanhphan1147 Jan 8, 2025
f8b1d5b
remove unused code
Thanhphan1147 Jan 8, 2025
7faa222
put redis logic in reconcile loop
Thanhphan1147 Jan 8, 2025
aec4121
restart MAS at the beginning
Thanhphan1147 Jan 8, 2025
51594a0
update email template, remove unused methods
Thanhphan1147 Jan 8, 2025
fe0859c
Merge branch '2/main' into add_mas_to_pebble_plan
Thanhphan1147 Jan 8, 2025
86648cd
fix lint
Thanhphan1147 Jan 8, 2025
ef5172f
Merge branch 'add_mas_to_pebble_plan' of github.com:canonical/synapse…
Thanhphan1147 Jan 8, 2025
2d02ad7
Merge branch '2/main' into add_mas_to_pebble_plan
Thanhphan1147 Jan 9, 2025
90e4a83
Merge branch '2/main' into add_mas_to_pebble_plan
Thanhphan1147 Jan 13, 2025
67273ae
Merge branch '2/main' into add_mas_to_pebble_plan
Thanhphan1147 Jan 13, 2025
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
6 changes: 1 addition & 5 deletions .trivyignore
Original file line number Diff line number Diff line change
@@ -1,14 +1,14 @@
# Vulnerabilites related to: Pebble, Node.JS and gosu
CVE-2021-39293

Check notice on line 2 in .trivyignore

View workflow job for this annotation

GitHub Actions / integration-tests / Scan Image (ghcr.io-canonical-synapse-4142a4055d88c05ea60194be0476ca8cfcd98d90-_3.0_amd64.tar)

CVE-2021-39293 not present anymore, can be safely removed.
CVE-2021-41771

Check notice on line 3 in .trivyignore

View workflow job for this annotation

GitHub Actions / integration-tests / Scan Image (ghcr.io-canonical-synapse-4142a4055d88c05ea60194be0476ca8cfcd98d90-_3.0_amd64.tar)

CVE-2021-41771 not present anymore, can be safely removed.
CVE-2021-41772

Check notice on line 4 in .trivyignore

View workflow job for this annotation

GitHub Actions / integration-tests / Scan Image (ghcr.io-canonical-synapse-4142a4055d88c05ea60194be0476ca8cfcd98d90-_3.0_amd64.tar)

CVE-2021-41772 not present anymore, can be safely removed.
CVE-2021-44716

Check notice on line 5 in .trivyignore

View workflow job for this annotation

GitHub Actions / integration-tests / Scan Image (ghcr.io-canonical-synapse-4142a4055d88c05ea60194be0476ca8cfcd98d90-_3.0_amd64.tar)

CVE-2021-44716 not present anymore, can be safely removed.
CVE-2022-23772

Check notice on line 6 in .trivyignore

View workflow job for this annotation

GitHub Actions / integration-tests / Scan Image (ghcr.io-canonical-synapse-4142a4055d88c05ea60194be0476ca8cfcd98d90-_3.0_amd64.tar)

CVE-2022-23772 not present anymore, can be safely removed.
CVE-2022-23806

Check notice on line 7 in .trivyignore

View workflow job for this annotation

GitHub Actions / integration-tests / Scan Image (ghcr.io-canonical-synapse-4142a4055d88c05ea60194be0476ca8cfcd98d90-_3.0_amd64.tar)

CVE-2022-23806 not present anymore, can be safely removed.
CVE-2022-24675

Check notice on line 8 in .trivyignore

View workflow job for this annotation

GitHub Actions / integration-tests / Scan Image (ghcr.io-canonical-synapse-4142a4055d88c05ea60194be0476ca8cfcd98d90-_3.0_amd64.tar)

CVE-2022-24675 not present anymore, can be safely removed.
CVE-2022-24921

Check notice on line 9 in .trivyignore

View workflow job for this annotation

GitHub Actions / integration-tests / Scan Image (ghcr.io-canonical-synapse-4142a4055d88c05ea60194be0476ca8cfcd98d90-_3.0_amd64.tar)

CVE-2022-24921 not present anymore, can be safely removed.
CVE-2022-25883

Check notice on line 10 in .trivyignore

View workflow job for this annotation

GitHub Actions / integration-tests / Scan Image (ghcr.io-canonical-synapse-4142a4055d88c05ea60194be0476ca8cfcd98d90-_3.0_amd64.tar)

CVE-2022-25883 not present anymore, can be safely removed.
CVE-2022-27664

Check notice on line 11 in .trivyignore

View workflow job for this annotation

GitHub Actions / integration-tests / Scan Image (ghcr.io-canonical-synapse-4142a4055d88c05ea60194be0476ca8cfcd98d90-_3.0_amd64.tar)

CVE-2022-27664 not present anymore, can be safely removed.
CVE-2022-28131
CVE-2022-28327
CVE-2022-2879
Expand Down Expand Up @@ -53,10 +53,6 @@
# Fix ongoing:
# https://github.com/element-hq/synapse/pull/17985
CVE-2024-53981
# The 3 following CVEs will be fixed by Synapse 1.120.2
CVE-2024-52805
CVE-2024-52815
CVE-2024-53863
# This should be removed once pebble releases a new version.
# https://github.com/canonical/pebble/commit/0c134f8e0d80f4bd8f42011279c8f0737b59a673
CVE-2024-45338
CVE-2024-45338
15 changes: 10 additions & 5 deletions actions.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -27,15 +27,20 @@ register-user:
default: false
required:
- username
promote-user-admin:
verify-user-email:
description: |
Promote a user as a server administrator.
You need to supply a user name.
Verify an user's email.
You need to supply an username and the email to verify.
properties:
username:
description: |
User name to be promoted to admin.
description: The username.
type: string
email:
description: The email to verify.
type: string
required:
- username
- email
create-backup:
description: |
Creates a backup to s3 storage.
Expand Down
6 changes: 0 additions & 6 deletions config.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -22,12 +22,6 @@ options:
default: false
description: |
Configures whether to enable e-mail notifications. Requires SMTP integration.
enable_mjolnir:
type: boolean
default: false
description: |
Configures whether to enable Mjolnir - moderation tool for Matrix.
Reference: https://github.com/matrix-org/mjolnir
enable_password_config:
type: boolean
default: true
Expand Down
20 changes: 1 addition & 19 deletions docs/explanation/moderation-and-spam-control.md
Original file line number Diff line number Diff line change
Expand Up @@ -60,22 +60,4 @@ For details and implementation, visit the module’s repository: [Synapse Invite

## Mjolnir

Synapse charm also has Mjolnir in place. Mjolnir is an all-in-one moderation
tool designed to protect Synapse server from malicious invites, spam messages,
and other unwanted activities.

### Key features

- Bans and redactions: Quickly remove malicious users and their messages from
rooms.
- Anti-spam: Automatically detect and mitigate spam activity.
- Server ACLs: Manage and enforce access control lists at the server level.
- Room directory changes and alias transfers: Adjust room visibility and manage
aliases efficiently.
- Account deactivation: Disable abusive or compromised accounts.
- Room shutdown: Close problematic rooms completely.

### More information

For more details and implementation guidance, refer to the [Mjolnir GitHub repository](https://github.com/matrix-org/mjolnir).

With the arrival of MAS mjolnir has been temporary disabled.
amandahla marked this conversation as resolved.
Show resolved Hide resolved
2 changes: 1 addition & 1 deletion pyproject.toml
Original file line number Diff line number Diff line change
Expand Up @@ -32,7 +32,7 @@ extension-pkg-whitelist = "pydantic"
# Formatting tools configuration
[tool.black]
line-length = 99
target-version = ["py38"]
target-version = ["py310"]

[tool.isort]
line_length = 99
Expand Down
67 changes: 0 additions & 67 deletions src-docs/admin_access_token.py.md

This file was deleted.

14 changes: 7 additions & 7 deletions src-docs/charm.py.md
Original file line number Diff line number Diff line change
Expand Up @@ -20,7 +20,7 @@ Charm the service.

Attrs: on: listen to Redis events.

<a href="../src/charm.py#L56"><img align="right" style="float:right;" src="https://img.shields.io/badge/-source-cccccc?style=flat-square"></a>
<a href="../src/charm.py#L60"><img align="right" style="float:right;" src="https://img.shields.io/badge/-source-cccccc?style=flat-square"></a>

### <kbd>function</kbd> `__init__`

Expand Down Expand Up @@ -94,7 +94,7 @@ Build charm state.

---

<a href="../src/charm.py#L357"><img align="right" style="float:right;" src="https://img.shields.io/badge/-source-cccccc?style=flat-square"></a>
<a href="../src/charm.py#L364"><img align="right" style="float:right;" src="https://img.shields.io/badge/-source-cccccc?style=flat-square"></a>

### <kbd>function</kbd> `get_main_unit`

Expand All @@ -111,7 +111,7 @@ Get main unit.

---

<a href="../src/charm.py#L372"><img align="right" style="float:right;" src="https://img.shields.io/badge/-source-cccccc?style=flat-square"></a>
<a href="../src/charm.py#L379"><img align="right" style="float:right;" src="https://img.shields.io/badge/-source-cccccc?style=flat-square"></a>

### <kbd>function</kbd> `get_main_unit_address`

Expand All @@ -128,7 +128,7 @@ Get main unit address. If main unit is None, use unit name.

---

<a href="../src/charm.py#L424"><img align="right" style="float:right;" src="https://img.shields.io/badge/-source-cccccc?style=flat-square"></a>
<a href="../src/charm.py#L431"><img align="right" style="float:right;" src="https://img.shields.io/badge/-source-cccccc?style=flat-square"></a>

### <kbd>function</kbd> `get_signing_key`

Expand Down Expand Up @@ -204,7 +204,7 @@ Verify if this unit is the main.

---

<a href="../src/charm.py#L334"><img align="right" style="float:right;" src="https://img.shields.io/badge/-source-cccccc?style=flat-square"></a>
<a href="../src/charm.py#L341"><img align="right" style="float:right;" src="https://img.shields.io/badge/-source-cccccc?style=flat-square"></a>

### <kbd>function</kbd> `peer_units_total`

Expand Down Expand Up @@ -242,7 +242,7 @@ This is the main entry for changes that require a restart.

---

<a href="../src/charm.py#L384"><img align="right" style="float:right;" src="https://img.shields.io/badge/-source-cccccc?style=flat-square"></a>
<a href="../src/charm.py#L391"><img align="right" style="float:right;" src="https://img.shields.io/badge/-source-cccccc?style=flat-square"></a>

### <kbd>function</kbd> `set_main_unit`

Expand All @@ -260,7 +260,7 @@ Create/Renew an admin access token and put it in the peer relation.

---

<a href="../src/charm.py#L400"><img align="right" style="float:right;" src="https://img.shields.io/badge/-source-cccccc?style=flat-square"></a>
<a href="../src/charm.py#L407"><img align="right" style="float:right;" src="https://img.shields.io/badge/-source-cccccc?style=flat-square"></a>

### <kbd>function</kbd> `set_signing_key`

Expand Down
118 changes: 0 additions & 118 deletions src-docs/mjolnir.py.md

This file was deleted.

Loading
Loading