Add API permissions for akkounts VMs

Using the zerotier IP, which is the same as the knife-zero host.
2020-12-08 20:00:31 +01:00 · 2020-12-08 20:00:31 +01:00 · 239b6aed51
parent 8e0a66184c
commit 239b6aed51
2 changed files with 15 additions and 1 deletions
--- a/site-cookbooks/kosmos-ejabberd/recipes/default.rb
+++ b/site-cookbooks/kosmos-ejabberd/recipes/default.rb
@ -169,6 +169,11 @@ hosts.each do |host|
  end
 end

+akkounts_ip_addresses = []
+search(:node, "role:akkounts").each do |node|
+  akkounts_ip_addresses << node["knife_zero"]["host"]
+end
+
 template "/opt/ejabberd/conf/ejabberd.yml" do
  source    "ejabberd.yml.erb"
  mode      0640
@ -178,7 +183,8 @@ template "/opt/ejabberd/conf/ejabberd.yml" do
            stun_auth_realm: "kosmos.org",
            turn_ip_address: node['ipaddress'],
            turn_min_port: node["kosmos-ejabberd"]["turn_min_port"],
-            turn_max_port: node["kosmos-ejabberd"]["turn_max_port"]
+            turn_max_port: node["kosmos-ejabberd"]["turn_max_port"],
+            akkounts_ip_addresses: akkounts_ip_addresses
  notifies :run, "execute[ejabberdctl reload_config]", :delayed
 end

--- a/site-cookbooks/kosmos-ejabberd/templates/ejabberd.yml.erb
+++ b/site-cookbooks/kosmos-ejabberd/templates/ejabberd.yml.erb
@ -174,6 +174,14 @@ api_permissions:
    what:
      - "status"
      - "connected_users_number"
+  "akkounts":
+    who:
+<% @akkounts_ip_addresses.each do |ip| -%>
+      - ip: "<%= ip %>/8"
+<% end -%>
+    what:
+      - "add_rosteritem"
+      - "delete_rosteritem"

 language: "en"