switch enabled/disabled

mkleene · mkleene · commit fec65c545853 · 2024-04-19T14:37:30.000-04:00
diff --git a/service/internal/auth/config.go b/service/internal/auth/config.go
@@ -4,8 +4,8 @@ import "fmt"
 
 // AuthConfig pulls AuthN and AuthZ together
 type Config struct {
-	DeprecatedEnabled bool `yaml:"deprecatedEnabled" default:"true"`
-	AuthNConfig       `mapstructure:",squash"`
+	DeprecatedDisabled bool `yaml:"deprecatedDisabled" default:"false"`
+	AuthNConfig        `mapstructure:",squash"`
 }
 
 // AuthNConfig is the configuration need for the platform to validate tokens
diff --git a/service/internal/server/server.go b/service/internal/server/server.go
@@ -89,7 +89,9 @@ func NewOpenTDFServer(config Config, d *db.Client) (*OpenTDFServer, error) {
 
 	// Add authN interceptor
 	// TODO Remove this conditional once we move to the hardening phase (https://github.com/opentdf/platform/issues/381)
-	if config.Auth.DeprecatedEnabled {
+	if config.Auth.DeprecatedDisabled {
+		slog.Error("disabling authentication. this is deprecated and will be removed. if you are using an IdP without DPoP you can use `allowNoDPoP`")
+	} else {
 		slog.Info("authentication enabled")
 		authN, err = auth.NewAuthenticator(
 			context.Background(),
@@ -99,8 +101,6 @@ func NewOpenTDFServer(config Config, d *db.Client) (*OpenTDFServer, error) {
 		if err != nil {
 			return nil, fmt.Errorf("failed to create authentication interceptor: %w", err)
 		}
-	} else {
-		slog.Error("disabling authentication. this is deprecated and will be removed. if you are using an IdP without DPoP you can use `allowNoDPoP`")
 	}
 
 	// Try an register oidc issuer to wellknown service but don't return an error if it fails
@@ -162,10 +162,10 @@ func newHttpServer(c Config, h http.Handler, a *auth.Authentication, g *grpc.Ser
 
 	// Add authN interceptor
 	// TODO check if this is needed or if it is handled by gRPC
-	if c.Auth.DeprecatedEnabled {
-		h = a.MuxHandler(h)
-	} else {
+	if c.Auth.DeprecatedDisabled {
 		slog.Error("disabling authentication. this is deprecated and will be removed. if you are using an IdP without DPoP you can use `allowNoDPoP`")
+	} else {
+		h = a.MuxHandler(h)
 	}
 
 	// Add CORS // TODO We need to make cors configurable (https://github.com/opentdf/platform/issues/305)
@@ -222,7 +222,11 @@ func newGrpcServer(c Config, a *auth.Authentication) (*grpc.Server, error) {
 		slog.Warn("failed to create proto validator", slog.String("error", err.Error()))
 	}
 
-	i = append(i, a.UnaryServerInterceptor)
+	if c.Auth.DeprecatedDisabled {
+		slog.Error("disabling authentication. this is deprecated and will be removed. if you are using an IdP without DPoP you can use `allowNoDpop`")
+	} else {
+		i = append(i, a.UnaryServerInterceptor)
+	}
 
 	// Add tls creds if tls is not nil
 	if c.TLS.Enabled {

Original file line number	Diff line number	Diff line change
`@@ -4,8 +4,8 @@ import "fmt"`
`4`	`4`
`5`	`5`	`// AuthConfig pulls AuthN and AuthZ together`
`6`	`6`	`type Config struct {`
`7`		- DeprecatedEnabled bool `yaml:"deprecatedEnabled" default:"true"`
`8`		- AuthNConfig `mapstructure:",squash"`
	`7`	+ DeprecatedDisabled bool `yaml:"deprecatedDisabled" default:"false"`
	`8`	+ AuthNConfig `mapstructure:",squash"`
`9`	`9`	`}`
`10`	`10`
`11`	`11`	`// AuthNConfig is the configuration need for the platform to validate tokens`