openvidu-deployment: azure - single node - add parameters for initial Meet admin user and API key with validation

2025-09-16 13:25:05 +02:00 · 2025-09-16 13:25:05 +02:00 · bb5c7d4e39
parent 4fef8d73d4
commit bb5c7d4e39
3 changed files with 91 additions and 11 deletions
--- a/openvidu-deployment/community/singlenode/azure/cf-openvidu-singlenode.bicep
+++ b/openvidu-deployment/community/singlenode/azure/cf-openvidu-singlenode.bicep
@ -34,6 +34,16 @@ param turnOwnPublicCertificate string = ''
@description('(Optional) This setting is applicable if the certificate type is set to \'owncert\' and the TurnDomainName is specified.')
 param turnOwnPrivateCertificate string = ''

+@description('Initial password for the \'admin\' user in OpenVidu Meet. If not provided, a random password will be generated.')
+@secure()
+param initialMeetAdminPassword string = ''
+
+@description('Initial API key for OpenVidu Meet. If not provided, no API key will be set and the user can set it later from Meet Console.')
+@secure()
+param initialMeetApiKey string = ''
+
+
+
 // Azure instance config
@description('Specifies the azure vm size for your OpenVidu instance')
@allowed([
@ -257,6 +267,8 @@ var stringInterpolationParams = {
  ownPrivateCertificate: ownPrivateCertificate
  turnOwnPublicCertificate: turnOwnPublicCertificate
  turnOwnPrivateCertificate: turnOwnPrivateCertificate
+  initialMeetAdminPassword: initialMeetAdminPassword
+  initialMeetApiKey: initialMeetApiKey
  keyVaultName: keyVaultName
  additionalInstallFlags: additionalInstallFlags
 }
@ -291,6 +303,19 @@ fi

 DOMAIN="$(/usr/local/bin/store_secret.sh save DOMAIN-NAME "$DOMAIN")"

+# Meet initial admin user and password
+MEET_INITIAL_ADMIN_USER="$(/usr/local/bin/store_secret.sh save MEET_INITIAL_ADMIN_USER "admin")"
+if [[ "${initialMeetAdminPassword}" != '' ]]; then
+  MEET_INITIAL_ADMIN_PASSWORD="$(/usr/local/bin/store_secret.sh save MEET_INITIAL_ADMIN_PASSWORD "${initialMeetAdminPassword}")"
+else
+  MEET_INITIAL_ADMIN_PASSWORD="$(/usr/local/bin/store_secret.sh generate MEET_INITIAL_ADMIN_PASSWORD)"
+fi
+if [[ "${initialMeetApiKey}" != '' ]]; then
+  MEET_INITIAL_API_KEY="$(/usr/local/bin/store_secret.sh save MEET_INITIAL_API_KEY "${initialMeetApiKey}")"
+else
+  MEET_INITIAL_API_KEY="$(/usr/local/bin/store_secret.sh save MEET_INITIAL_API_KEY "")"
+fi
+
 REDIS_PASSWORD="$(/usr/local/bin/store_secret.sh generate REDIS-PASSWORD)"
 MONGO_ADMIN_USERNAME="$(/usr/local/bin/store_secret.sh save MONGO-ADMIN-USERNAME "mongoadmin")"
 MONGO_ADMIN_PASSWORD="$(/usr/local/bin/store_secret.sh generate MONGO-ADMIN-PASSWORD)"
@ -302,8 +327,6 @@ DASHBOARD_ADMIN_PASSWORD="$(/usr/local/bin/store_secret.sh generate DASHBOARD-AD
 GRAFANA_ADMIN_USERNAME="$(/usr/local/bin/store_secret.sh save GRAFANA-ADMIN-USERNAME "grafanaadmin")"
 GRAFANA_ADMIN_PASSWORD="$(/usr/local/bin/store_secret.sh generate GRAFANA-ADMIN-PASSWORD)"
 MEET_INITIAL_ADMIN_USER="$(/usr/local/bin/store_secret.sh save MEET-INITIAL-ADMIN-USER "admin")"
-MEET_INITIAL_ADMIN_PASSWORD="$(/usr/local/bin/store_secret.sh generate MEET-INITIAL-ADMIN-PASSWORD)"
-MEET_INITIAL_API_KEY="$(/usr/local/bin/store_secret.sh generate MEET-INITIAL-API-KEY)"
 LIVEKIT_API_KEY="$(/usr/local/bin/store_secret.sh generate LIVEKIT-API-KEY "API" 12)"
 LIVEKIT_API_SECRET="$(/usr/local/bin/store_secret.sh generate LIVEKIT-API-SECRET)"
 ENABLED_MODULES="$(/usr/local/bin/store_secret.sh save ENABLED-MODULES "observability,openviduMeet")"
@ -329,7 +352,6 @@ COMMON_ARGS=(
  "--dashboard-admin-password=$DASHBOARD_ADMIN_PASSWORD"
  "--grafana-admin-user=$GRAFANA_ADMIN_USERNAME"
  "--grafana-admin-password=$GRAFANA_ADMIN_PASSWORD"
-  "--meet-initial-admin-user=$MEET_INITIAL_ADMIN_USER"
  "--meet-initial-admin-password=$MEET_INITIAL_ADMIN_PASSWORD"
  "--meet-initial-api-key=$MEET_INITIAL_API_KEY"
  "--livekit-api-key=$LIVEKIT_API_KEY"
@ -481,7 +503,9 @@ export LIVEKIT_API_KEY=$(az keyvault secret show --vault-name ${keyVaultName} --
 export LIVEKIT_API_SECRET=$(az keyvault secret show --vault-name ${keyVaultName} --name LIVEKIT-API-SECRET --query value -o tsv)
 export MEET_INITIAL_ADMIN_USER=$(az keyvault secret show --vault-name ${keyVaultName} --name MEET-INITIAL-ADMIN-USER --query value -o tsv)
 export MEET_INITIAL_ADMIN_PASSWORD=$(az keyvault secret show --vault-name ${keyVaultName} --name MEET-INITIAL-ADMIN-PASSWORD --query value -o tsv)
-export MEET_INITIAL_API_KEY=$(az keyvault secret show --vault-name ${keyVaultName} --name MEET-INITIAL-API-KEY --query value -o tsv)
+if [[ "${initialMeetApiKey}" != '' ]]; then
+  export MEET_INITIAL_API_KEY=$(az keyvault secret show --vault-name ${keyVaultName} --name MEET-INITIAL-API-KEY --query value -o tsv)
+fi
 export ENABLED_MODULES=$(az keyvault secret show --vault-name ${keyVaultName} --name ENABLED-MODULES --query value -o tsv)


@ -500,7 +524,9 @@ sed -i "s/LIVEKIT_API_KEY=.*/LIVEKIT_API_KEY=$LIVEKIT_API_KEY/" "${CONFIG_DIR}/o
 sed -i "s/LIVEKIT_API_SECRET=.*/LIVEKIT_API_SECRET=$LIVEKIT_API_SECRET/" "${CONFIG_DIR}/openvidu.env"
 sed -i "s/MEET_INITIAL_ADMIN_USER=.*/MEET_INITIAL_ADMIN_USER=$MEET_INITIAL_ADMIN_USER/" "${CONFIG_DIR}/meet.env"
 sed -i "s/MEET_INITIAL_ADMIN_PASSWORD=.*/MEET_INITIAL_ADMIN_PASSWORD=$MEET_INITIAL_ADMIN_PASSWORD/" "${CONFIG_DIR}/meet.env"
-sed -i "s/MEET_INITIAL_API_KEY=.*/MEET_INITIAL_API_KEY=$MEET_INITIAL_API_KEY/" "${CONFIG_DIR}/meet.env"
+if [[ "${initialMeetApiKey}" != '' ]]; then
+  sed -i "s/MEET_INITIAL_API_KEY=.*/MEET_INITIAL_API_KEY=$MEET_INITIAL_API_KEY/" "${CONFIG_DIR}/meet.env"
+fi
 sed -i "s/ENABLED_MODULES=.*/ENABLED_MODULES=$ENABLED_MODULES/" "${CONFIG_DIR}/openvidu.env"


@ -548,7 +574,9 @@ LIVEKIT_API_KEY="$(/usr/local/bin/get_value_from_config.sh LIVEKIT_API_KEY "${CO
 LIVEKIT_API_SECRET="$(/usr/local/bin/get_value_from_config.sh LIVEKIT_API_SECRET "${CONFIG_DIR}/openvidu.env")"
 MEET_INITIAL_ADMIN_USER="$(/usr/local/bin/get_value_from_config.sh MEET_INITIAL_ADMIN_USER "${CONFIG_DIR}/meet.env")"
 MEET_INITIAL_ADMIN_PASSWORD="$(/usr/local/bin/get_value_from_config.sh MEET_INITIAL_ADMIN_PASSWORD "${CONFIG_DIR}/meet.env")"
-MEET_INITIAL_API_KEY="$(/usr/local/bin/get_value_from_config.sh MEET_INITIAL_API_KEY "${CONFIG_DIR}/meet.env")"
+if [[ "${initialMeetApiKey}" != '' ]]; then
+  MEET_INITIAL_API_KEY="$(/usr/local/bin/get_value_from_config.sh MEET_INITIAL_API_KEY "${CONFIG_DIR}/meet.env")"
+fi
 ENABLED_MODULES="$(/usr/local/bin/get_value_from_config.sh ENABLED_MODULES "${CONFIG_DIR}/openvidu.env")"


@ -569,7 +597,9 @@ az keyvault secret set --vault-name ${keyVaultName} --name LIVEKIT-API-KEY --val
 az keyvault secret set --vault-name ${keyVaultName} --name LIVEKIT-API-SECRET --value $LIVEKIT_API_SECRET
 az keyvault secret set --vault-name ${keyVaultName} --name MEET-INITIAL-ADMIN-USER --value $MEET_INITIAL_ADMIN_USER
 az keyvault secret set --vault-name ${keyVaultName} --name MEET-INITIAL-ADMIN-PASSWORD --value $MEET_INITIAL_ADMIN_PASSWORD
-az keyvault secret set --vault-name ${keyVaultName} --name MEET-INITIAL-API-KEY --value $MEET_INITIAL_API_KEY
+if [[ "${initialMeetApiKey}" != '' ]]; then
+  az keyvault secret set --vault-name ${keyVaultName} --name MEET-INITIAL-API-KEY --value $MEET_INITIAL_API_KEY
+fi
 az keyvault secret set --vault-name ${keyVaultName} --name ENABLED-MODULES --value $ENABLED_MODULES
 '''

--- a/openvidu-deployment/community/singlenode/azure/cf-openvidu-singlenode.json
+++ b/openvidu-deployment/community/singlenode/azure/cf-openvidu-singlenode.json
--- a/openvidu-deployment/community/singlenode/azure/createUiDefinition.json
+++ b/openvidu-deployment/community/singlenode/azure/createUiDefinition.json
@ -153,6 +153,40 @@
                        }
                    ]
                },
+                {
+                    "name": "parameters OpenVidu Meet",
+                    "label": "OpenVidu Meet configuration",
+                    "elements": [
+                        {
+                            "name": "initialMeetAdminPassword",
+                            "type": "Microsoft.Common.PasswordBox",
+                            "label": "Initial Meet Admin Password",
+                            "toolTip": "Initial password for the 'admin' user in OpenVidu Meet. If not provided, a random password will be generated.",
+                            "constraints": {
+                                "required": false,
+                                "regex": "^[A-Za-z0-9_-]*$",
+                                "validationMessage": "Password can only contain letters, numbers, underscores and hyphens.",
+                                "validations": []
+                            },
+                            "infoMessages": [],
+                            "visible": true
+                        },
+                        {
+                            "name": "initialMeetApiKey",
+                            "type": "Microsoft.Common.PasswordBox",
+                            "label": "Initial Meet API Key",
+                            "toolTip": "Initial API key for OpenVidu Meet. If not provided, no API key will be set and the user can set it later from Meet Console.",
+                            "constraints": {
+                                "required": false,
+                                "regex": "^[A-Za-z0-9_-]*$",
+                                "validationMessage": "API key can only contain letters, numbers, underscores and hyphens.",
+                                "validations": []
+                            },
+                            "infoMessages": [],
+                            "visible": true
+                        }
+                    ]
+                },
                {
                    "name": "parameters INSTANCE",
                    "label": "OpenVidu instance configuration",