feat: support configurable scheme for serverURL

mattermost · Jan 13, 2025 · 7c57f1d · 7c57f1d
1 parent 49fb24a
commit 7c57f1d
Show file tree

Hide file tree

Showing 8 changed files with 37 additions and 9 deletions.
diff --git a/cmd/ltkeycloak/from_mattermost.go b/cmd/ltkeycloak/from_mattermost.go
@@ -203,7 +203,7 @@ func RunSyncFromMattermostCommandF(cmd *cobra.Command, _ []string) error {
 		siteURL = mattermostHost
 	}
 
-	mmClient := model.NewAPIv4Client("http://" + siteURL)
+	mmClient := model.NewAPIv4Client(deploymentConfig.ServerScheme + "://" + siteURL)
 
 	_, _, err = mmClient.Login(cmd.Context(), deploymentConfig.AdminEmail, deploymentConfig.AdminPassword)
 	if err != nil {

diff --git a/config/deployer.sample.json b/config/deployer.sample.json
@@ -55,6 +55,8 @@
   "S3BucketDumpURI" : "",
   "DBDumpURI": "",
   "SiteURL": "",
+  "ServerURL": "",
+  "ServerScheme": "http",
   "EnableNetPeekMetrics": false,
   "TerraformDBSettings": {
     "InstanceCount": 1,

diff --git a/config/deployer.sample.toml b/config/deployer.sample.toml
@@ -13,7 +13,8 @@ MattermostDownloadURL = 'https://latest.mattermost.com/mattermost-enterprise-lin
 MattermostLicenseFile = ''
 S3BucketDumpURI = ''
 SiteURL = ''
-EnableNetPeekMetrics = false
+ServerURL = ''
+ServerScheme = 'http'
 
 # Agent configuration
 AgentInstanceCount = 2
@@ -46,6 +47,9 @@ ProxyInstanceType = 'c5.xlarge'
 ProxyInstanceCount = 1
 ProxyAllocatePublicIPAddress = true
 
+# Metrics
+EnableNetPeekMetrics = false
+
 [ClusterSubnetIDs]
 App = []
 Job = []

diff --git a/deployment/config.go b/deployment/config.go
@@ -119,6 +119,8 @@ type Config struct {
 	// Mattermost servers. This is used to override the server URL in the agent's config in case there's a
 	// proxy in front of the Mattermost server.
 	ServerURL string `default:""`
+	// ServerScheme is the scheme to use when connecting to the Mattermost server.
+	ServerScheme string `default:"http" validate:"oneof:{http,https}"`
 	// UsersFilePath specifies the path to an optional file containing a list of credentials for the controllers
 	// to use. If present, it is used to automatically upload it to the agents and override the agent's config's
 	// own UsersFilePath.

diff --git a/deployment/terraform/agent.go b/deployment/terraform/agent.go
@@ -28,8 +28,13 @@ func (t *Terraform) generateLoadtestAgentConfig() (*loadtest.Config, error) {
 
 	url := getServerURL(t.output, t.config)
 
-	cfg.ConnectionConfiguration.ServerURL = "http://" + url
-	cfg.ConnectionConfiguration.WebSocketURL = "ws://" + url
+	websocketScheme := "ws"
+	if t.config.ServerScheme == "https" {
+		websocketScheme = "wss"
+	}
+
+	cfg.ConnectionConfiguration.ServerURL = t.Config().ServerScheme + "://" + url
+	cfg.ConnectionConfiguration.WebSocketURL = websocketScheme + "://" + url
 	cfg.ConnectionConfiguration.AdminEmail = t.config.AdminEmail
 	cfg.ConnectionConfiguration.AdminPassword = t.config.AdminPassword
 

diff --git a/deployment/terraform/create.go b/deployment/terraform/create.go
@@ -213,19 +213,21 @@ func (t *Terraform) Create(extAgent *ssh.ExtAgent, initData bool) error {
 		switch {
 		// SiteURL defined, multiple app nodes: we use SiteURL, since that points to the proxy itself
 		case t.config.SiteURL != "" && t.output.HasProxy():
-			siteURL = "http://" + t.config.SiteURL
+			siteURL = t.config.ServerScheme + "://" + t.config.SiteURL
 		// SiteURL defined, single app node: we use SiteURL plus the port, since SiteURL points to the app node (which is listening in 8065)
 		case t.config.SiteURL != "":
-			siteURL = "http://" + t.config.SiteURL + ":8065"
+			siteURL = t.config.ServerScheme + "://" + t.config.SiteURL + ":8065"
 		// SiteURL not defined, multiple app nodes: we use the proxy's public DNS
 		case t.output.HasProxy():
 			// This case will only succeed if siteURL is empty.
 			// And it's an error to have siteURL empty and set multiple proxies. (see (c *Config) validateProxyConfig)
 			// So we can safely take the DNS of the first entry.
-			siteURL = "http://" + t.output.Proxies[0].PublicDNS
+			siteURL = t.config.ServerScheme + "://" + t.output.Proxies[0].PublicDNS
 		// SiteURL not defined, single app node: we use the app node's public DNS plus port
+		case t.config.ServerURL != "":
+			siteURL = t.config.ServerScheme + "://" + t.config.ServerURL
 		default:
-			siteURL = "http://" + t.output.Instances[0].PublicDNS + ":8065"
+			siteURL = t.config.ServerScheme + "://" + t.output.Instances[0].PublicDNS + ":8065"
 		}
 
 		// Updating the config.json for each instance of app server
@@ -245,6 +247,7 @@ func (t *Terraform) Create(extAgent *ssh.ExtAgent, initData bool) error {
 			pingURL = t.output.Proxies[0].PublicDNS
 		}
 
+		// Non-ssl is used for pinging the server
 		if err := pingServer("http://" + pingURL); err != nil {
 			return fmt.Errorf("error whiling pinging server: %w", err)
 		}

diff --git a/deployment/terraform/keycloak.go b/deployment/terraform/keycloak.go
@@ -374,7 +374,7 @@ func (t *Terraform) setupKeycloakAppConfig(sshc *ssh.Client, cfg *model.Config)
 	cfg.SamlSettings.IdpDescriptorURL = model.NewPointer(keycloakUrl + "/realms/" + t.config.ExternalAuthProviderSettings.KeycloakRealmName)
 	cfg.SamlSettings.IdpMetadataURL = model.NewPointer(keycloakUrl + "/realms/" + t.config.ExternalAuthProviderSettings.KeycloakRealmName + "/protocol/saml/descriptor")
 	cfg.SamlSettings.ServiceProviderIdentifier = model.NewPointer(t.config.ExternalAuthProviderSettings.KeycloakSAMLClientID)
-	cfg.SamlSettings.AssertionConsumerServiceURL = model.NewPointer("http://" + getServerURL(t.output, t.config) + "/login/sso/saml")
+	cfg.SamlSettings.AssertionConsumerServiceURL = model.NewPointer(t.config.ServerScheme + "://" + getServerURL(t.output, t.config) + "/login/sso/saml")
 	cfg.SamlSettings.SignatureAlgorithm = model.NewPointer("RSAwithSHA1")
 	cfg.SamlSettings.CanonicalAlgorithm = model.NewPointer("Canonical1.0")
 	cfg.SamlSettings.ScopingIDPProviderId = model.NewPointer("")

diff --git a/docs/config/deployer.md b/docs/config/deployer.md
@@ -581,6 +581,18 @@ The name of a host that will be used for two purposes:
 - It will populate a new entry in the /etc/hosts file of the app nodes, so that it points to the proxy private IP or, if there's no proxy, to the current app node.
 This config is used for tests that require an existing database dump that contains permalinks. These permalinks point to a specific hostname. Without this setting, that hostname is not known by the nodes of a new deployment and the permalinks cannot be resolved.
 
+## ServerURL
+
+*string*
+
+The URL of the Mattermost server. This is used to override the server's `SiteURL` setting for specific scenarios where a different URL is needed on deployments without the proxy server.
+
+## ServerScheme
+
+*string*
+
+The scheme of the Mattermost server. Defaults to `http`.
+
 ## UsersFilePath
 
 *string*