add ability to disable tenants api

Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>

authentik/lib/default.yml

@@ -110,7 +110,10 @@ geoip: "/geoip/GeoLite2-City.mmdb"
 cert_discovery_dir: /certs
 default_token_length: 60
 
-tenant_management_key: ""
+tenants:
+  api:
+    enabled: false
+    key: ""
 
 blueprints_dir: /blueprints
 

authentik/tenants/api.py

@@ -23,10 +23,10 @@ class TenantManagementKeyPermission(permissions.BasePermission):
 
     def has_permission(self, request: Request, view: View) -> bool:
         token = validate_auth(get_authorization_header(request))
-        tenant_management_key = CONFIG.get("tenant_management_key")
+        key = CONFIG.get("tenants.api.key")
-        if compare_digest("", tenant_management_key):
+        if compare_digest("", key):
             return False
-        return compare_digest(token, tenant_management_key)
+        return compare_digest(token, key)
 
 
 class TenantSerializer(ModelSerializer):

authentik/tenants/urls.py

@@ -1,12 +1,17 @@
 """API URLs"""
 from django.urls import path
 
+from authentik.lib.config import CONFIG
 from authentik.tenants.api import SettingsView, TenantViewSet
 
 api_urlpatterns = [
     path("admin/settings/", SettingsView.as_view(), name="tenant_settings"),
+]
+
+if CONFIG.get_bool("tenants.api.enabled", False):
+    api_urlpatterns += [
         (
             "tenants",
             TenantViewSet,
         ),
-]
+    ]

scripts/generate_config.py

@@ -18,6 +18,12 @@ with open("local.env.yml", "w", encoding="utf-8") as _config:
             "blueprints_dir": "./blueprints",
             "cert_discovery_dir": "./certs",
             "geoip": "tests/GeoLite2-City-Test.mmdb",
+            "tenants": {
+                "api": {
+                    "enabled": True,
+                    "key": generate_id(),
+                },
+            },
         },
         _config,
         default_flow_style=False,