From 35e9c174254745fbe01d6aeb24f6ae97a368ecf2 Mon Sep 17 00:00:00 2001
From: Stefan Matting <stefan@wire.com>
Date: Thu, 9 Dec 2021 18:23:54 +0100
Subject: [PATCH 1/2] Add multiSFT args, remove additionalArgs

---
 charts/sftd/templates/statefulset.yaml | 57 +++++++++++++++++++++++++-
 charts/sftd/values.yaml                | 10 +++--
 2 files changed, 63 insertions(+), 4 deletions(-)

diff --git a/charts/sftd/templates/statefulset.yaml b/charts/sftd/templates/statefulset.yaml
index 2c5d52fce4..8345b6bc1c 100644
--- a/charts/sftd/templates/statefulset.yaml
+++ b/charts/sftd/templates/statefulset.yaml
@@ -30,10 +30,13 @@ spec:
         {{- toYaml .Values.podSecurityContext | nindent 8 }}
       terminationGracePeriodSeconds: {{ .Values.terminationGracePeriodSeconds }}
       hostNetwork: true
+      dnsPolicy: ClusterFirstWithHostNet
       serviceAccountName: {{ include "sftd.fullname" . }}
       volumes:
         - name: external-ip
           emptyDir: {}
+        - name: multi-sft-config
+          emptyDir: {}
       initContainers:
         - name: get-external-ip
           image: bitnami/kubectl:1.19.7
@@ -54,6 +57,47 @@ spec:
                 addr=$(kubectl get node $HOSTNAME -ojsonpath='{.metadata.annotations.wire\.com/external-ip}')
               fi
               echo -n "$addr" | tee /dev/stderr > /external-ip/ip
+        - name: get-multi-sft-config
+          image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
+
+          volumeMounts:
+            - name: multi-sft-config
+              mountPath: /multi-sft-config
+
+          command:
+            - /bin/sh
+            - -c
+            - |
+              set -e
+
+              {{- if .Values.multiSFT.enabled }}
+
+              response=$(curl "{{ .Values.multiSFT.turnDiscoveryURL }}")
+              if [ -z "$response" ]; then
+                 echo "No response from restund server."
+                 exit 1
+              fi
+
+              echo "$response" | jq -r '.username' > /multi-sft-config/username
+              if [ ! -s /multi-sft-config/username ]; then
+                echo "Response does not contain a username"
+                exit 1
+              fi
+
+              echo "$response" | jq -r '.password' > /multi-sft-config/password
+              if [ ! -s /multi-sft-config/password ]; then
+                echo "Response does not contain a password"
+                exit 1
+              fi
+
+              echo "$response" | jq -r '.uris[0]' > /multi-sft-config/turn_server
+              if [ ! -s /multi-sft-config/turn_server ]; then
+                echo "Response does not contain a turn server"
+                exit 1
+              fi
+
+              {{- end }}
+
       containers:
         - name: {{ .Chart.Name }}
           securityContext:
@@ -72,6 +116,8 @@ spec:
           volumeMounts:
             - name: external-ip
               mountPath: /external-ip
+            - name: multi-sft-config
+              mountPath: /multi-sft-config
           command:
             - /bin/sh
             - -c
@@ -83,11 +129,20 @@ spec:
               else
                 ACCESS_ARGS="-A ${EXTERNAL_IP}"
               fi
+
+              {{- if .Values.multiSFT.enabled }}
+              MULTI_SFT_ARGS="-t \"$(cat /multi-sft-config/turn_server)\" \
+              -x \"$(cat /multi-sft-config/username)\" \
+              -c \"$(cat /multi-sft-config/password)\""
+              {{- else }}
+              MULTI_SFT_ARGS=""
+              {{- end }}
+
               exec sftd \
                       -I "${POD_IP}" \
                       -M "${POD_IP}" \
                       ${ACCESS_ARGS} \
-                      {{ .Values.additionalArgs }} \
+                      ${MULTI_SFT_ARGS} \
                       {{ if .Values.turnDiscoveryEnabled }}-T{{ end }} \
                       -u "https://{{ required "must specify host" .Values.host }}/sfts/${POD_NAME}"
           ports:
diff --git a/charts/sftd/values.yaml b/charts/sftd/values.yaml
index a34ae17589..5e90388b66 100644
--- a/charts/sftd/values.yaml
+++ b/charts/sftd/values.yaml
@@ -86,6 +86,10 @@ joinCall:
 # DOCS: https://docs.wire.com/understand/sft.html#prerequisites
 turnDiscoveryEnabled: false
 
-# Additional arguments to be passed to `sftd`
-# Note: this might be removed in the future.
-additionalArgs: ""
+# Allow establishing calls involving remote SFT servers (e.g. for Federation)
+# Requires appVersion 3.0.9 or later
+multiSFT:
+  enabled: False
+  # Required. URL that provides TURN connection configuration. These configured
+  # TURN servers will be used to connect to remote SFT servers.
+  turnDiscoveryURL: ""

From 03c15273f4bb72b6d35f2e0f5c994efa57145d2c Mon Sep 17 00:00:00 2001
From: Stefan Matting <stefan@wire.com>
Date: Tue, 14 Dec 2021 14:49:07 +0100
Subject: [PATCH 2/2] changelog

---
 changelog.d/5-internal/sftd-multi-sft | 1 +
 1 file changed, 1 insertion(+)
 create mode 100644 changelog.d/5-internal/sftd-multi-sft

diff --git a/changelog.d/5-internal/sftd-multi-sft b/changelog.d/5-internal/sftd-multi-sft
new file mode 100644
index 0000000000..a0324fe749
--- /dev/null
+++ b/changelog.d/5-internal/sftd-multi-sft
@@ -0,0 +1 @@
+sftd chart: Add multiSFT option, remove additionalArgs option