mirror of
https://github.com/element-hq/synapse.git
synced 2024-11-24 18:45:52 +03:00
Add config option turn_shared_secret_path (#17690)
Co-authored-by: Andrew Morgan <1342360+anoadragon453@users.noreply.github.com>
This commit is contained in:
parent
60441059a3
commit
e06e3c4004
3 changed files with 30 additions and 1 deletions
1
changelog.d/17690.feature
Normal file
1
changelog.d/17690.feature
Normal file
|
@ -0,0 +1 @@
|
||||||
|
Add config option `turn_shared_secret_path`.
|
|
@ -2315,6 +2315,22 @@ Example configuration:
|
||||||
```yaml
|
```yaml
|
||||||
turn_shared_secret: "YOUR_SHARED_SECRET"
|
turn_shared_secret: "YOUR_SHARED_SECRET"
|
||||||
```
|
```
|
||||||
|
---
|
||||||
|
### `turn_shared_secret_path`
|
||||||
|
|
||||||
|
An alternative to [`turn_shared_secret`](#turn_shared_secret):
|
||||||
|
allows the shared secret to be specified in an external file.
|
||||||
|
|
||||||
|
The file should be a plain text file, containing only the shared secret.
|
||||||
|
Synapse reads the shared secret from the given file once at startup.
|
||||||
|
|
||||||
|
Example configuration:
|
||||||
|
```yaml
|
||||||
|
turn_shared_secret_path: /path/to/secrets/file
|
||||||
|
```
|
||||||
|
|
||||||
|
_Added in Synapse 1.116.0._
|
||||||
|
|
||||||
---
|
---
|
||||||
### `turn_username` and `turn_password`
|
### `turn_username` and `turn_password`
|
||||||
|
|
||||||
|
|
|
@ -23,7 +23,12 @@ from typing import Any
|
||||||
|
|
||||||
from synapse.types import JsonDict
|
from synapse.types import JsonDict
|
||||||
|
|
||||||
from ._base import Config
|
from ._base import Config, ConfigError, read_file
|
||||||
|
|
||||||
|
CONFLICTING_SHARED_SECRET_OPTS_ERROR = """\
|
||||||
|
You have configured both `turn_shared_secret` and `turn_shared_secret_path`.
|
||||||
|
These are mutually incompatible.
|
||||||
|
"""
|
||||||
|
|
||||||
|
|
||||||
class VoipConfig(Config):
|
class VoipConfig(Config):
|
||||||
|
@ -32,6 +37,13 @@ class VoipConfig(Config):
|
||||||
def read_config(self, config: JsonDict, **kwargs: Any) -> None:
|
def read_config(self, config: JsonDict, **kwargs: Any) -> None:
|
||||||
self.turn_uris = config.get("turn_uris", [])
|
self.turn_uris = config.get("turn_uris", [])
|
||||||
self.turn_shared_secret = config.get("turn_shared_secret")
|
self.turn_shared_secret = config.get("turn_shared_secret")
|
||||||
|
turn_shared_secret_path = config.get("turn_shared_secret_path")
|
||||||
|
if turn_shared_secret_path:
|
||||||
|
if self.turn_shared_secret:
|
||||||
|
raise ConfigError(CONFLICTING_SHARED_SECRET_OPTS_ERROR)
|
||||||
|
self.turn_shared_secret = read_file(
|
||||||
|
turn_shared_secret_path, ("turn_shared_secret_path",)
|
||||||
|
).strip()
|
||||||
self.turn_username = config.get("turn_username")
|
self.turn_username = config.get("turn_username")
|
||||||
self.turn_password = config.get("turn_password")
|
self.turn_password = config.get("turn_password")
|
||||||
self.turn_user_lifetime = self.parse_duration(
|
self.turn_user_lifetime = self.parse_duration(
|
||||||
|
|
Loading…
Reference in a new issue