From 539df2fef8ff4b61a2e83f09e290a80a86b25142 Mon Sep 17 00:00:00 2001
From: Klaus Schwartz <klaus@eraga.net>
Date: Sat, 30 Jan 2021 06:15:19 +0300
Subject: [PATCH] reduce multilevel object to plain variable

---
 docs/configuring-playbook-synapse.md                      | 3 +--
 roles/matrix-synapse/defaults/main.yml                    | 8 ++++++--
 roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 | 2 +-
 3 files changed, 8 insertions(+), 5 deletions(-)

diff --git a/docs/configuring-playbook-synapse.md b/docs/configuring-playbook-synapse.md
index d5f126f57..54e5e6e31 100644
--- a/docs/configuring-playbook-synapse.md
+++ b/docs/configuring-playbook-synapse.md
@@ -27,8 +27,7 @@ matrix_synapse_password_config_enabled: true
 Add this to allow seamless forwarding to element web app and element android app. Without this setting matrix will ask the user if he trusts the app he tries to login.  
 
 ```yaml
-matrix_synapse_sso:
-  client_whitelist:
+matrix_synapse_sso_client_whitelist:
   - "https://element.{{ matrix_domain }}/"
   - element://element
 
diff --git a/roles/matrix-synapse/defaults/main.yml b/roles/matrix-synapse/defaults/main.yml
index 6d1b4612c..b4e711441 100644
--- a/roles/matrix-synapse/defaults/main.yml
+++ b/roles/matrix-synapse/defaults/main.yml
@@ -463,6 +463,10 @@ matrix_synapse_oidc_config:
       display_name_template: "{{ matrix_synapse_oidc_display_name_template }}"
 
 # Set trusted SSO resources, e.g. [ "https://element.matrix.domain" ]
-matrix_synapse_sso:
-  client_whitelist: []
+matrix_synapse_sso_client_whitelist: |
+  {{
+    []
+    +
+    ([matrix_server_fqn_element, "element://element"] if matrix_client_element_enabled else [])
+  }}
 
diff --git a/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 b/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2
index 5892bfa26..2505f058a 100644
--- a/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2
+++ b/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2
@@ -1852,7 +1852,7 @@ sso:
     #
     # By default, this list is empty.
     #
-    client_whitelist: {{ matrix_synapse_sso.client_whitelist|to_json }}
+    client_whitelist: {{ matrix_synapse_sso_client_whitelist|to_json }}
     #  - https://riot.im/develop
     #  - https://my.custom.client/