Expose the ESS version and edition in an API

Author: benbz

charts/matrix-stack/configs/synapse/partial-haproxy.cfg.tpl

@@ -125,12 +125,31 @@ frontend synapse-http-in
 
   acl backend_unavailable str(),concat('synapse-',req.backend),nbsrv lt 1
 
+  acl ess_version path /_synapse/ess/version
+  use_backend ess-version-static if ess_version
+
 {{- if $hasFailoverBackend }}
   use_backend synapse-main-failover if has_failover backend_unavailable
 {{- end }}
 
   use_backend synapse-%[var(req.backend)]
 
+backend ess-version-static
+  mode http
+
+  # Set all the same headers as the well-knowns
+  http-after-response set-header X-Frame-Options SAMEORIGIN
+  http-after-response set-header X-Content-Type-Options nosniff
+  http-after-response set-header X-XSS-Protection "1; mode=block"
+  http-after-response set-header Content-Security-Policy "frame-ancestors 'self'"
+  http-after-response set-header X-Robots-Tag "noindex, nofollow, noarchive, noimageindex"
+
+  http-after-response set-header Access-Control-Allow-Origin *
+  http-after-response set-header Access-Control-Allow-Methods "GET, POST, PUT, DELETE, OPTIONS"
+  http-after-response set-header Access-Control-Allow-Headers "X-Requested-With, Content-Type, Authorization"
+
+  http-request return status 200 content-type "application/json" file /synapse/ess-version.json
+
 backend synapse-main
   default-server maxconn 250
 

charts/matrix-stack/templates/synapse/_helpers.tpl

@@ -229,6 +229,10 @@ path_map_file: |
 {{- (tpl ($root.Files.Get "configs/synapse/path_map_file.tpl") (dict "root" $root)) | nindent 2 }}
 path_map_file_get: |
 {{- (tpl ($root.Files.Get "configs/synapse/path_map_file_get.tpl") (dict "root" $root)) | nindent 2 -}}
+{{- /* We accept this means that the ConfigMap & all hash labels using this helper changes on every chart version upgrade and the HAProxy will restart as a result.
+When we have a process to watch for file changes and send a reload signal to HAProxy this can move out of this helper and into the `ConfigMap` proper. */}}
+ess-version.json: |-
+  {"version": "{{ $root.Chart.Version }}", "edition": "community"}
 {{- end -}}
 
 {{- define "element-io.synapse.render-config-container" -}}

newsfragments/715.added.md

@@ -0,0 +1 @@
+Add `/_synapse/ess/version` to the Synapse ingress exposing the chart version and edition.

tests/integration/test_synapse.py

@@ -27,6 +27,40 @@
 )
 
 
+@pytest.mark.skipif(value_file_has("synapse.enabled", False), reason="Synapse not deployed")
+@pytest.mark.asyncio_cooperative
+async def test_synapse_exposes_chart_version_edition(
+    ingress_ready,
+    ssl_context,
+    generated_data: ESSData,
+    helm_client: pyhelm3.Client,
+):
+    await ingress_ready("synapse")
+
+    revision = await helm_client.get_current_revision(
+        generated_data.release_name, namespace=generated_data.ess_namespace
+    )
+    metadata = await revision.chart_metadata()
+
+    # TODO: Dropme sometime in the future when we do not care about testing against 25.8.3 any more
+    if semver.Version.is_valid(metadata.version) and semver.VersionInfo.parse(metadata.version).compare("25.8.3") <= 0:
+        with pytest.raises(aiohttp.client_exceptions.ClientResponseError) as execinfo:
+            await aiohttp_get_json(
+                f"https://synapse.{generated_data.server_name}/_synapse/ess/version", {}, ssl_context
+            )
+        assert execinfo.value.status == 404
+        return
+
+    json_content = await aiohttp_get_json(
+        f"https://synapse.{generated_data.server_name}/_synapse/ess/version", {}, ssl_context
+    )
+    assert "edition" in json_content
+    assert json_content["edition"] == "community"
+
+    assert "version" in json_content
+    assert json_content["version"] == metadata.version
+
+
 @pytest.mark.skipif(value_file_has("synapse.enabled", False), reason="Synapse not deployed")
 @pytest.mark.asyncio_cooperative
 async def test_synapse_can_access_client_api(

tests/manifests/test_pod_idempotency.py

@@ -42,6 +42,22 @@ async def _patch_version_chart():
         )
         first_render[id]["metadata"]["labels"].pop("helm.sh/chart")
         second_render[id]["metadata"]["labels"].pop("helm.sh/chart")
+
+        # This will always vary even when we have a sidecar process to send a reload signal to HAProxy
+        if id == f"ConfigMap/{release_name}-synapse-haproxy":
+            first_render[id]["data"].pop("ess-version.json")
+            second_render[id]["data"].pop("ess-version.json")
+        # We can either remove this label as a whole or remove `ess-version.json` for the calculation for this label
+        # when we have a sidecar process to send a reload signal to HAProxy. If we have that sidecar process the
+        # rationale for the hash label disappears.
+        elif id == f"Deployment/{release_name}-haproxy":
+            first_render[id]["metadata"]["labels"].pop("k8s.element.io/synapse-haproxy-config-hash")
+            second_render[id]["metadata"]["labels"].pop("k8s.element.io/synapse-haproxy-config-hash")
+            first_render[id]["spec"]["template"]["metadata"]["labels"].pop("k8s.element.io/synapse-haproxy-config-hash")
+            second_render[id]["spec"]["template"]["metadata"]["labels"].pop(
+                "k8s.element.io/synapse-haproxy-config-hash"
+            )
+
         assert first_render[id] == second_render[id], (
             f"Error with {template_id(first_render[id])} : "
             "Templates should be the same after removing the chart version label as it should be the only difference"