feat(open-xchange): Support for email migration feature toggle enabling masterpassword authentication in Dovecot and AppSuite. Requires openDesk Enterprise.

helmfile/apps/open-xchange/values-dovecot.yaml.gotmpl

@@ -16,6 +16,9 @@ imagePullSecrets:
 dovecot:
   mailDomain: {{ .Values.global.mailDomain | default .Values.global.domain | quote }}
   password: {{ .Values.secrets.dovecot.doveadm | quote }}
+  migration:
+    enabled: {{ .Values.functional.migration.oxAppsuite.enabled }}
+    masterPassword: {{ .Values.secrets.oxAppsuite.migrationsMasterPassword | quote }}
   ldap:
     enabled: true
     host: {{ .Values.ldap.host | quote }}

helmfile/apps/open-xchange/values-openxchange.yaml.gotmpl

@@ -174,9 +174,17 @@ appsuite:
           chown open-xchange:open-xchange /opt/open-xchange/guard-files
     packages:
       status:
+        {{- if .Values.functional.migration.oxAppsuite.enabled }}
+        open-xchange-authentication-masterpassword: "enabled"
+        open-xchange-authentication-ldap: "disabled"
+        open-xchange-authentication-oauth: "disabled"
+        open-xchange-oidc: "disabled"
+        {{- else }}
         open-xchange-oidc: "enabled"
         open-xchange-authentication-database: "disabled"
         open-xchange-authentication-oauth: "enabled"
+        open-xchange-authentication-ldap: "disabled"
+        {{- end }}
     properties:
       com.openexchange.UIWebPath: "/appsuite/"
       com.openexchange.showAdmin: "false"
@@ -282,6 +290,8 @@ appsuite:
       com.openexchange.share.cryptKey: {{ .Values.secrets.oxAppsuite.shareCryptKey | quote }}
       com.openexchange.conference.element.authToken: {{ .Values.secrets.oxAppsuite.synapseAsToken | quote }}
     propertiesFiles:
+      /opt/open-xchange/etc/masterpassword-authentication.properties:
+        com.openexchange.authentication.masterpassword.password: {{ .Values.secrets.oxAppsuite.migrationsMasterPassword | quote }}
       /opt/open-xchange/etc/AdminDaemon.properties:
         MASTER_ACCOUNT_OVERRIDE: "true"
       /opt/open-xchange/etc/AdminUser.properties:

helmfile/environments/default/charts.yaml

@@ -80,7 +80,7 @@ charts:
     registry: "registry.opencode.de"
     repository: "bmi/opendesk/components/platform-development/charts/opendesk-dovecot"
     name: "dovecot"
-    version: "1.3.10"
+    version: "1.4.0"
     verify: true
   element:
     # providerCategory: "Platform"

helmfile/environments/default/functional.yaml

@@ -98,4 +98,11 @@ functional:
         # If the LDAP entryUUID should be used for the localpart of user's MatrixIDs following setting must be `true`.
         useImmutableIdentifierForLocalpart: false
 
+  migration:
+    oxAppsuite:
+      # Note: Only available in openDesk Enterprise.
+      # Turn on temporary for migration purposes only. Will enable master password auth in OX AppSuite and Dovecot using
+      # `secrets.oxAppsuite.migrationsMasterPassword`.
+      enabled: false
+
 ...

helmfile/environments/default/secrets.gotmpl

@@ -7,6 +7,7 @@ SPDX-License-Identifier: Apache-2.0
 secrets:
   oxAppsuite:
     adminPassword: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "ox_appsuite" "admin_password" | sha1sum | quote }}
+    migrationsMasterPassword: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "opendesk") "ox_appsuite" "migrations_master_password" | sha1sum | quote }}
     cookieHashSalt: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "ox_appsuite" "cookie_hash_salt" | sha1sum | quote }}
     sessiondEncryptionKey: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "ox_appsuite" "sessiond_encryptionkey" | sha1sum | quote }}
     shareCryptKey: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "ox_appsuite" "share_cryptkey" | sha1sum | quote }}