Enable SCIM only if configured

512922ae · Arie Peterson · 1c4f38e0 · 512922ae · 512922ae
Commit 512922ae authored 11 months ago by Arie Peterson
--- a/backend/app.py
+++ b/backend/app.py
@@ -111,17 +111,18 @@ def init_routines():
        # Same for the list of oauthclients.
        cluster_config.populate_oauthclients()

-    # We define this wrapper because the SCIM provisioning code needs to access the
-    # database, which needs a flask app context.
-    def provision():
-        with app.app_context():
-            provisioner.reconcile()
-    # Set up a generic task scheduler (cron-like).
-    scheduler = BackgroundScheduler()
-    scheduler.start()
-    # Add a job to run the provisioning reconciliation routine regularly.
-    # TODO: decrease the frequency once development settles.
-    scheduler.add_job(provision, 'interval', minutes=1)
+    if provisioner.enabled:
+        # We define this wrapper because the SCIM provisioning code needs to access the
+        # database, which needs a flask app context.
+        def provision():
+            with app.app_context():
+                provisioner.reconcile()
+        # Set up a generic task scheduler (cron-like).
+        scheduler = BackgroundScheduler()
+        scheduler.start()
+        # Add a job to run the provisioning reconciliation routine regularly.
+        # TODO: decrease the frequency once development settles.
+        scheduler.add_job(provision, 'interval', minutes=1)

 # `init_routines` should only run once per dashboard instance. To enforce this
 # we have different behaviour for production and development mode:

--- a/backend/helpers/provision.py
+++ b/backend/helpers/provision.py
@@ -51,6 +51,17 @@ class Group:
 # do the corresponding SCIM calls to those apps to do the actual provisioning.
 class Provision:
    def __init__(self):
+        if config.SCIM_TOKEN is None:
+            logging.warn("SCIM_TOKEN is not set, so disabling SCIM")
+            self.enabled = False
+            return
+        if config.SCIM_URL is None:
+            logging.warn("SCIM_URL is not set, so disabling SCIM")
+            self.enabled = False
+            return
+        self.enabled = True
+        logging.info(f"Enabling SCIM, with URL {config.SCIM_URL}")
+
        # Set up kratos API client.
        kratos_admin_api_configuration = ory_kratos_client.Configuration(host=config.KRATOS_ADMIN_URL, discard_unknown_keys=True)
        kratos_admin_client = ory_kratos_client.ApiClient(kratos_admin_api_configuration)
@@ -61,8 +72,6 @@ class Provision:

    def reconcile(self):
        logging.info("Reconciling user provisioning")
-        # logging.info(f"SCIM URL: {config.SCIM_URL}")
-        # logging.info(f"SCIM token: {config.SCIM_TOKEN}")
        existing_users = self._get_existing_users()
        for userId, u in existing_users.items():
            logging.info(f"Existing user: {u.displayName} ({userId})")