diff --git a/synapse/config/workers.py b/synapse/config/workers.py
index 7ecf349e4a..1685468773 100644
--- a/synapse/config/workers.py
+++ b/synapse/config/workers.py
@@ -22,26 +22,26 @@
import argparse
import logging
-from typing import TYPE_CHECKING, Any, Dict, List, Optional, Union
+from typing import Any, Dict, List, Optional, Union
import attr
-from synapse._pydantic_compat import HAS_PYDANTIC_V2
-
-if TYPE_CHECKING or HAS_PYDANTIC_V2:
- from pydantic.v1 import BaseModel, Extra, StrictBool, StrictInt, StrictStr
-else:
- from pydantic import BaseModel, Extra, StrictBool, StrictInt, StrictStr
-
+from synapse._pydantic_compat import (
+ BaseModel,
+ Extra,
+ StrictBool,
+ StrictInt,
+ StrictStr,
+)
from synapse.config._base import (
Config,
ConfigError,
RoutableShardedWorkerHandlingConfig,
ShardedWorkerHandlingConfig,
+ read_file,
)
from synapse.config._util import parse_and_validate_mapping
from synapse.config.server import (
- DIRECT_TCP_ERROR,
TCPListenerConfig,
parse_listener_def,
)
@@ -65,6 +65,11 @@ configuration under `main` inside the `instance_map`. See workers documentation
`https://element-hq.github.io/synapse/latest/workers.html#worker-configuration`
"""
+CONFLICTING_WORKER_REPLICATION_SECRET_OPTS_ERROR = """\
+Conflicting options 'worker_replication_secret' and
+'worker_replication_secret_path' are both defined in config file.
+"""
+
# This allows for a handy knob when it's time to change from 'master' to
# something with less 'history'
MAIN_PROCESS_INSTANCE_NAME = "master"
@@ -218,7 +223,9 @@ class WorkerConfig(Config):
section = "worker"
- def read_config(self, config: JsonDict, **kwargs: Any) -> None:
+ def read_config(
+ self, config: JsonDict, allow_secrets_in_config: bool, **kwargs: Any
+ ) -> None:
self.worker_app = config.get("worker_app")
# Canonicalise worker_app so that master always has None
@@ -237,12 +244,24 @@ class WorkerConfig(Config):
raise ConfigError("worker_log_config must be a string")
self.worker_log_config = worker_log_config
- # The port on the main synapse for TCP replication
- if "worker_replication_port" in config:
- raise ConfigError(DIRECT_TCP_ERROR, ("worker_replication_port",))
-
# The shared secret used for authentication when connecting to the main synapse.
- self.worker_replication_secret = config.get("worker_replication_secret", None)
+ worker_replication_secret = config.get("worker_replication_secret", None)
+ if worker_replication_secret and not allow_secrets_in_config:
+ raise ConfigError(
+ "Config options that expect an in-line secret as value are disabled",
+ ("worker_replication_secret",),
+ )
+ worker_replication_secret_path = config.get(
+ "worker_replication_secret_path", None
+ )
+ if worker_replication_secret_path:
+ if worker_replication_secret:
+ raise ConfigError(CONFLICTING_WORKER_REPLICATION_SECRET_OPTS_ERROR)
+ self.worker_replication_secret = read_file(
+ worker_replication_secret_path, ("worker_replication_secret_path",)
+ ).strip()
+ else:
+ self.worker_replication_secret = worker_replication_secret
self.worker_name = config.get("worker_name", self.worker_app)
self.instance_name = self.worker_name or MAIN_PROCESS_INSTANCE_NAME
@@ -328,10 +347,11 @@ class WorkerConfig(Config):
)
# type-ignore: the expression `Union[A, B]` is not a Type[Union[A, B]] currently
- self.instance_map: Dict[
- str, InstanceLocationConfig
- ] = parse_and_validate_mapping(
- instance_map, InstanceLocationConfig # type: ignore[arg-type]
+ self.instance_map: Dict[str, InstanceLocationConfig] = (
+ parse_and_validate_mapping(
+ instance_map,
+ InstanceLocationConfig, # type: ignore[arg-type]
+ )
)
# Map from type of streams to source, c.f. WriterLocations.
|
