From 356d8dfbfd3825f30fc6c0786551d239e1c5e02e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Thorsten=20Ro=C3=9Fner?= Date: Mon, 23 Sep 2024 09:36:18 +0200 Subject: [PATCH] feat(open-xchange): Support for email migration feature toggle enabling masterpassword authentication in Dovecot and AppSuite. Requires openDesk Enterprise. --- helmfile/apps/open-xchange/values-dovecot.yaml.gotmpl | 3 +++ .../apps/open-xchange/values-openxchange.yaml.gotmpl | 10 ++++++++++ helmfile/environments/default/charts.yaml | 2 +- helmfile/environments/default/functional.yaml | 7 +++++++ helmfile/environments/default/secrets.gotmpl | 1 + 5 files changed, 22 insertions(+), 1 deletion(-) diff --git a/helmfile/apps/open-xchange/values-dovecot.yaml.gotmpl b/helmfile/apps/open-xchange/values-dovecot.yaml.gotmpl index 5f03f28f..87365fcf 100644 --- a/helmfile/apps/open-xchange/values-dovecot.yaml.gotmpl +++ b/helmfile/apps/open-xchange/values-dovecot.yaml.gotmpl @@ -16,6 +16,9 @@ imagePullSecrets: dovecot: mailDomain: {{ .Values.global.mailDomain | default .Values.global.domain | quote }} password: {{ .Values.secrets.dovecot.doveadm | quote }} + migration: + enabled: {{ .Values.functional.migration.oxAppsuite.enabled }} + masterPassword: {{ .Values.secrets.oxAppsuite.migrationsMasterPassword | quote }} ldap: enabled: true host: {{ .Values.ldap.host | quote }} diff --git a/helmfile/apps/open-xchange/values-openxchange.yaml.gotmpl b/helmfile/apps/open-xchange/values-openxchange.yaml.gotmpl index 5df6717a..777b93ca 100644 --- a/helmfile/apps/open-xchange/values-openxchange.yaml.gotmpl +++ b/helmfile/apps/open-xchange/values-openxchange.yaml.gotmpl @@ -174,9 +174,17 @@ appsuite: chown open-xchange:open-xchange /opt/open-xchange/guard-files packages: status: + {{- if .Values.functional.migration.oxAppsuite.enabled }} + open-xchange-authentication-masterpassword: "enabled" + open-xchange-authentication-ldap: "disabled" + open-xchange-authentication-oauth: "disabled" + open-xchange-oidc: "disabled" + {{- else }} open-xchange-oidc: "enabled" open-xchange-authentication-database: "disabled" open-xchange-authentication-oauth: "enabled" + open-xchange-authentication-ldap: "disabled" + {{- end }} properties: com.openexchange.UIWebPath: "/appsuite/" com.openexchange.showAdmin: "false" @@ -282,6 +290,8 @@ appsuite: com.openexchange.share.cryptKey: {{ .Values.secrets.oxAppsuite.shareCryptKey | quote }} com.openexchange.conference.element.authToken: {{ .Values.secrets.oxAppsuite.synapseAsToken | quote }} propertiesFiles: + /opt/open-xchange/etc/masterpassword-authentication.properties: + com.openexchange.authentication.masterpassword.password: {{ .Values.secrets.oxAppsuite.migrationsMasterPassword | quote }} /opt/open-xchange/etc/AdminDaemon.properties: MASTER_ACCOUNT_OVERRIDE: "true" /opt/open-xchange/etc/AdminUser.properties: diff --git a/helmfile/environments/default/charts.yaml b/helmfile/environments/default/charts.yaml index c479e61a..e3c12ee0 100644 --- a/helmfile/environments/default/charts.yaml +++ b/helmfile/environments/default/charts.yaml @@ -80,7 +80,7 @@ charts: registry: "registry.opencode.de" repository: "bmi/opendesk/components/platform-development/charts/opendesk-dovecot" name: "dovecot" - version: "1.3.10" + version: "1.4.0" verify: true element: # providerCategory: "Platform" diff --git a/helmfile/environments/default/functional.yaml b/helmfile/environments/default/functional.yaml index 51d55d1b..9eb2eff3 100644 --- a/helmfile/environments/default/functional.yaml +++ b/helmfile/environments/default/functional.yaml @@ -98,4 +98,11 @@ functional: # If the LDAP entryUUID should be used for the localpart of user's MatrixIDs following setting must be `true`. useImmutableIdentifierForLocalpart: false + migration: + oxAppsuite: + # Note: Only available in openDesk Enterprise. + # Turn on temporary for migration purposes only. Will enable master password auth in OX AppSuite and Dovecot using + # `secrets.oxAppsuite.migrationsMasterPassword`. + enabled: false + ... diff --git a/helmfile/environments/default/secrets.gotmpl b/helmfile/environments/default/secrets.gotmpl index 6b169677..24b5c141 100644 --- a/helmfile/environments/default/secrets.gotmpl +++ b/helmfile/environments/default/secrets.gotmpl @@ -7,6 +7,7 @@ SPDX-License-Identifier: Apache-2.0 secrets: oxAppsuite: adminPassword: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "ox_appsuite" "admin_password" | sha1sum | quote }} + migrationsMasterPassword: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "opendesk") "ox_appsuite" "migrations_master_password" | sha1sum | quote }} cookieHashSalt: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "ox_appsuite" "cookie_hash_salt" | sha1sum | quote }} sessiondEncryptionKey: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "ox_appsuite" "sessiond_encryptionkey" | sha1sum | quote }} shareCryptKey: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "ox_appsuite" "share_cryptkey" | sha1sum | quote }}