From d28c58adca95d67a073d2a4b8d142d07c3399a7e Mon Sep 17 00:00:00 2001 From: Marc 'risson' Schmitt Date: Mon, 4 Dec 2023 07:40:23 +0100 Subject: [PATCH] add ability to disable tenants api Signed-off-by: Marc 'risson' Schmitt --- authentik/lib/default.yml | 5 ++++- authentik/tenants/api.py | 6 +++--- authentik/tenants/urls.py | 13 +++++++++---- scripts/generate_config.py | 6 ++++++ 4 files changed, 22 insertions(+), 8 deletions(-) diff --git a/authentik/lib/default.yml b/authentik/lib/default.yml index 47efe59ec..24d90344c 100644 --- a/authentik/lib/default.yml +++ b/authentik/lib/default.yml @@ -110,7 +110,10 @@ geoip: "/geoip/GeoLite2-City.mmdb" cert_discovery_dir: /certs default_token_length: 60 -tenant_management_key: "" +tenants: + api: + enabled: false + key: "" blueprints_dir: /blueprints diff --git a/authentik/tenants/api.py b/authentik/tenants/api.py index 1aacbc233..f14984ff4 100644 --- a/authentik/tenants/api.py +++ b/authentik/tenants/api.py @@ -23,10 +23,10 @@ class TenantManagementKeyPermission(permissions.BasePermission): def has_permission(self, request: Request, view: View) -> bool: token = validate_auth(get_authorization_header(request)) - tenant_management_key = CONFIG.get("tenant_management_key") - if compare_digest("", tenant_management_key): + key = CONFIG.get("tenants.api.key") + if compare_digest("", key): return False - return compare_digest(token, tenant_management_key) + return compare_digest(token, key) class TenantSerializer(ModelSerializer): diff --git a/authentik/tenants/urls.py b/authentik/tenants/urls.py index 6d6768d2d..ea0cd99ba 100644 --- a/authentik/tenants/urls.py +++ b/authentik/tenants/urls.py @@ -1,12 +1,17 @@ """API URLs""" from django.urls import path +from authentik.lib.config import CONFIG from authentik.tenants.api import SettingsView, TenantViewSet api_urlpatterns = [ path("admin/settings/", SettingsView.as_view(), name="tenant_settings"), - ( - "tenants", - TenantViewSet, - ), ] + +if CONFIG.get_bool("tenants.api.enabled", False): + api_urlpatterns += [ + ( + "tenants", + TenantViewSet, + ), + ] diff --git a/scripts/generate_config.py b/scripts/generate_config.py index 187eb3ba5..7fc9245e3 100644 --- a/scripts/generate_config.py +++ b/scripts/generate_config.py @@ -18,6 +18,12 @@ with open("local.env.yml", "w", encoding="utf-8") as _config: "blueprints_dir": "./blueprints", "cert_discovery_dir": "./certs", "geoip": "tests/GeoLite2-City-Test.mmdb", + "tenants": { + "api": { + "enabled": True, + "key": generate_id(), + }, + }, }, _config, default_flow_style=False,