__matrix_synapse:add --smal2-idp-metadata-uri flag

type/__matrix_synapse/files/homeserver.yaml.sh

@@ -1175,14 +1175,26 @@ fi
 cat << EOF
 # The shared secret used to compute passwords for the TURN server
 #
-turn_shared_secret: "$TURN_SHARED_SECRET"
+EOF
 
+if [ -n "$TURN_SHARED_SECRET" ]; then
+	echo "turn_shared_secret: \"$TURN_SHARED_SECRET\""
+fi
+
+cat << EOF
 # The Username and password if the TURN server needs them and
 # does not use a token
 #
-#turn_username: "TURNSERVER_USERNAME"
+EOF
-#turn_password: "TURNSERVER_PASSWORD"
 
+if [ -n "$TURN_USERNAME" ] || [ "$TURN_PASSWORD" ]; then
+	cat <<- EOF
+	turn_username: "$TURN_USERNAME"
+	turn_password: "$TURN_PASSWORD"
+	EOF
+fi
+
+cat << EOF
 # How long generated TURN credentials last
 #
 turn_user_lifetime: ${TURN_USER_LIFETIME:?}
@@ -1699,7 +1711,17 @@ saml2_config:
     #  local: ["saml2/idp.xml"]
     #  remote:
     #    - url: https://our_idp/metadata.xml
+EOF
 
+if [ -n "$SAML2_IDP_METADATA_URL" ]; then
+	cat << EOF
+    metadata:
+      remote:
+        - url: "$SAML2_IDP_METADATA_URL"
+EOF
+fi
+
+cat << EOF
     # Allowed clock difference in seconds between the homeserver and IdP.
     #
     # Uncomment the below to increase the accepted time difference from 0 to 3 seconds.

type/__matrix_synapse/man.rst

@@ -133,6 +133,14 @@ turn-uri
 turn-shared-secret
   Shared secret used to access the TURN REST API.
 
+turn-username
+  Username used to authenticate against the TURN server if needed / a shared
+  secret token is not used.
+
+turn-password
+  Password used to authenticate against the TURN server if needed / a shared
+  secret token is not used.
+
 turn-user-lifetime
   Lifetime of TURN credentials. Defaults to 1h.
 

type/__matrix_synapse/manifest

@@ -191,6 +191,15 @@ if [ -f "$__object/parameter/registration-allows-email-pattern" ]; then
     export RESGISTRATION_ALLOWS_EMAIL_PATTERN
 fi
 
+if [ -f "$__object/parameter/saml2-idp-metadata-url" ]; then
+    # Synapse fails to start while trying to parse IDP metadata if this package
+    # is not installed.
+    __package xmlsec1
+
+    SAML2_IDP_METADATA_URL=$(cat "$__object/parameter/saml2-idp-metadata-url")
+    export SAML2_IDP_METADATA_URL
+fi
+
 # Federation.
 ALLOW_PUBLIC_ROOMS_OVER_FEDERATION=$(get_boolean_for 'allow-public-room-over-federation')
 ALLOW_PUBLIC_ROOMS_WITHOUT_AUTH=$(get_boolean_for 'allow-public-rooms-without-auth')
@@ -246,6 +255,16 @@ if [ -f "$__object/parameter/turn-uri" ]; then
 	export TURN_URIS
 fi
 
+if [ -f "$__object/parameter/turn-username" ]; then
+	TURN_USERNAME=$(cat "$__object/parameter/turn-username")
+	export TURN_USERNAME
+fi
+
+if [ -f "$__object/parameter/turn-password" ]; then
+	TURN_PASSWORD=$(cat "$__object/parameter/turn-password")
+	export TURN_PASSWORD
+fi
+
 # Worker-mode configuration.
 export MAIN_LISTENER_PORT=8008
 export ENABLE_MEDIA_REPO='true'

type/__matrix_synapse/parameter/optional

@@ -13,6 +13,8 @@ ldap-bind-password
 ldap-filter
 turn-shared-secret
 turn-user-lifetime
+turn-username
+turn-password
 max-upload-size
 smtp-host
 smtp-port
@@ -34,3 +36,4 @@ background-tasks-worker
 tls-cert
 tls-private-key
 registration-shared-secret
+saml2-idp-metadata-url