Add config option turn_shared_secret_path (#17690)

Co-authored-by: Andrew Morgan <1342360+anoadragon453@users.noreply.github.com>
This commit is contained in:
V02460 2024-09-10 19:27:46 +02:00 committed by GitHub
parent 60441059a3
commit e06e3c4004
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
3 changed files with 30 additions and 1 deletions

View file

@ -0,0 +1 @@
Add config option `turn_shared_secret_path`.

View file

@ -2315,6 +2315,22 @@ Example configuration:
```yaml ```yaml
turn_shared_secret: "YOUR_SHARED_SECRET" turn_shared_secret: "YOUR_SHARED_SECRET"
``` ```
---
### `turn_shared_secret_path`
An alternative to [`turn_shared_secret`](#turn_shared_secret):
allows the shared secret to be specified in an external file.
The file should be a plain text file, containing only the shared secret.
Synapse reads the shared secret from the given file once at startup.
Example configuration:
```yaml
turn_shared_secret_path: /path/to/secrets/file
```
_Added in Synapse 1.116.0._
--- ---
### `turn_username` and `turn_password` ### `turn_username` and `turn_password`

View file

@ -23,7 +23,12 @@ from typing import Any
from synapse.types import JsonDict from synapse.types import JsonDict
from ._base import Config from ._base import Config, ConfigError, read_file
CONFLICTING_SHARED_SECRET_OPTS_ERROR = """\
You have configured both `turn_shared_secret` and `turn_shared_secret_path`.
These are mutually incompatible.
"""
class VoipConfig(Config): class VoipConfig(Config):
@ -32,6 +37,13 @@ class VoipConfig(Config):
def read_config(self, config: JsonDict, **kwargs: Any) -> None: def read_config(self, config: JsonDict, **kwargs: Any) -> None:
self.turn_uris = config.get("turn_uris", []) self.turn_uris = config.get("turn_uris", [])
self.turn_shared_secret = config.get("turn_shared_secret") self.turn_shared_secret = config.get("turn_shared_secret")
turn_shared_secret_path = config.get("turn_shared_secret_path")
if turn_shared_secret_path:
if self.turn_shared_secret:
raise ConfigError(CONFLICTING_SHARED_SECRET_OPTS_ERROR)
self.turn_shared_secret = read_file(
turn_shared_secret_path, ("turn_shared_secret_path",)
).strip()
self.turn_username = config.get("turn_username") self.turn_username = config.get("turn_username")
self.turn_password = config.get("turn_password") self.turn_password = config.get("turn_password")
self.turn_user_lifetime = self.parse_duration( self.turn_user_lifetime = self.parse_duration(