Add strictScope to ConfigKey to disable global fallback for domain-scoped oauth2.enabled

Author: Damans227

framework/config/src/main/java/org/apache/cloudstack/framework/config/ConfigKey.java

@@ -421,11 +421,18 @@ protected T valueInGlobalOrAvailableParentScope(Scope scope, Long id) {
     }
 
     public T valueInScope(Scope scope, Long id) {
+        return valueInScope(scope, id, false);
+    }
+
+    public T valueInScope(Scope scope, Long id, boolean strictScope) {
         if (id == null) {
             return value();
         }
         String value = s_depot != null ? s_depot.getConfigStringValue(_name, scope, id) : null;
         if (value == null) {
+            if (strictScope) {
+                return null;
+            }
             return valueInGlobalOrAvailableParentScope(scope, id);
         }
         logger.trace("Scope({}) value for config ({}): {}", scope, _name, _value);

plugins/user-authenticators/oauth2/src/main/java/org/apache/cloudstack/oauth2/OAuth2AuthManagerImpl.java

@@ -70,7 +70,7 @@ public boolean start() {
     }
 
     protected boolean isOAuthPluginEnabled(Long domainId) {
-        return OAuth2IsPluginEnabled.valueIn(domainId);
+        return Boolean.TRUE.equals(OAuth2IsPluginEnabled.valueInScope(ConfigKey.Scope.Domain, domainId, true));
     }
 
     @Override

plugins/user-authenticators/oauth2/src/main/java/org/apache/cloudstack/oauth2/OAuth2UserAuthenticator.java

@@ -27,6 +27,7 @@
 import org.apache.cloudstack.api.ApiConstants;
 import org.apache.cloudstack.auth.UserAuthenticator;
 import org.apache.cloudstack.auth.UserOAuth2Authenticator;
+import org.apache.cloudstack.framework.config.ConfigKey;
 
 import javax.inject.Inject;
 import java.util.Map;
@@ -91,6 +92,6 @@ public String encode(String password) {
     }
 
     protected boolean isOAuthPluginEnabled(Long domainId) {
-        return OAuth2IsPluginEnabled.valueIn(domainId);
+        return Boolean.TRUE.equals(OAuth2IsPluginEnabled.valueInScope(ConfigKey.Scope.Domain, domainId, true));
     }
 }

plugins/user-authenticators/oauth2/src/main/java/org/apache/cloudstack/oauth2/api/command/ListOAuthProvidersCmd.java

@@ -41,6 +41,7 @@
 import org.apache.cloudstack.api.response.DomainResponse;
 import org.apache.cloudstack.api.response.ListResponse;
 import org.apache.cloudstack.auth.UserOAuth2Authenticator;
+import org.apache.cloudstack.framework.config.ConfigKey;
 import org.apache.cloudstack.oauth2.OAuth2AuthManager;
 import org.apache.cloudstack.oauth2.api.response.OauthProviderResponse;
 import org.apache.cloudstack.oauth2.vo.OauthProviderVO;
@@ -138,7 +139,7 @@ public String authenticate(String command, Map<String, Object[]> params, HttpSes
             Domain domain = result.getDomainId() != null ? ApiDBUtils.findDomainById(result.getDomainId()) : null;
             OauthProviderResponse r = new OauthProviderResponse(result.getUuid(), result.getProvider(),
                     result.getDescription(), result.getClientId(), result.getSecretKey(), result.getRedirectUri(), domain);
-            if (OAuth2AuthManager.OAuth2IsPluginEnabled.valueIn(result.getDomainId()) && authenticatorPluginNames.contains(result.getProvider()) && result.isEnabled()) {
+            if (Boolean.TRUE.equals(OAuth2AuthManager.OAuth2IsPluginEnabled.valueInScope(ConfigKey.Scope.Domain, result.getDomainId(), true)) && authenticatorPluginNames.contains(result.getProvider()) && result.isEnabled()) {
                 r.setEnabled(true);
             } else {
                 r.setEnabled(false);

plugins/user-authenticators/oauth2/src/main/java/org/apache/cloudstack/oauth2/api/command/OauthLoginAPIAuthenticatorCmd.java

@@ -50,6 +50,8 @@
 import java.util.Map;
 import java.net.InetAddress;
 
+import org.apache.cloudstack.framework.config.ConfigKey;
+
 import static org.apache.cloudstack.oauth2.OAuth2AuthManager.OAuth2IsPluginEnabled;
 
 @APICommand(name = "oauthlogin", description = "Logs a user into the CloudStack after successful verification of OAuth secret code from the particular provider." +
@@ -142,7 +144,7 @@ public String authenticate(String command, Map<String, Object[]> params, HttpSes
             domainId = userDomain.getId();
         }
 
-        if (!OAuth2IsPluginEnabled.valueIn(domainId)) {
+        if (!Boolean.TRUE.equals(OAuth2IsPluginEnabled.valueInScope(ConfigKey.Scope.Domain, domainId, true))) {
             throw new CloudAuthenticationException("OAuth is not enabled, users cannot login using OAuth");
         }
 

plugins/user-authenticators/oauth2/src/main/java/org/apache/cloudstack/oauth2/api/command/UpdateOAuthProviderCmd.java

@@ -20,6 +20,7 @@
 import com.cloud.domain.Domain;
 import org.apache.cloudstack.api.ApiCommandResourceType;
 import org.apache.cloudstack.auth.UserOAuth2Authenticator;
+import org.apache.cloudstack.framework.config.ConfigKey;
 import org.apache.cloudstack.oauth2.OAuth2AuthManager;
 import org.apache.cloudstack.oauth2.api.response.OauthProviderResponse;
 import org.apache.cloudstack.oauth2.vo.OauthProviderVO;
@@ -126,7 +127,7 @@ public void execute() {
                 String name = authenticator.getName();
                 authenticatorPluginNames.add(name);
             }
-            if (OAuth2AuthManager.OAuth2IsPluginEnabled.valueIn(result.getDomainId()) && authenticatorPluginNames.contains(result.getProvider()) && result.isEnabled()) {
+            if (Boolean.TRUE.equals(OAuth2AuthManager.OAuth2IsPluginEnabled.valueInScope(ConfigKey.Scope.Domain, result.getDomainId(), true)) && authenticatorPluginNames.contains(result.getProvider()) && result.isEnabled()) {
                 r.setEnabled(true);
             } else {
                 r.setEnabled(false);