Add enable_password_config

config.yaml

@@ -8,6 +8,13 @@ options:
     description: |
       Configures whether to enable Mjolnir - moderation tool for Matrix.
       Reference: https://github.com/matrix-org/mjolnir
+  enable_password_config:
+    type: boolean
+    default: true
+    description: |
+      Defaults to true. If Synapse uses a single sign-on provider for
+      authentication, this option can be used to disable the regular login
+      flow.
   public_baseurl:
     type: string
     description: |

src-docs/charm_state.py.md

@@ -17,7 +17,7 @@ Exception raised when a charm configuration is found to be invalid.
 
 Attrs:  msg (str): Explanation of the error. 
 
-<a href="../src/charm_state.py#L48"><img align="right" style="float:right;" src="https://img.shields.io/badge/-source-cccccc?style=flat-square"></a>
+<a href="../src/charm_state.py#L49"><img align="right" style="float:right;" src="https://img.shields.io/badge/-source-cccccc?style=flat-square"></a>
 
 ### <kbd>function</kbd> `__init__`
 
@@ -67,7 +67,7 @@ Get charm proxy information from juju charm environment.
 
 ---
 
-<a href="../src/charm_state.py#L173"><img align="right" style="float:right;" src="https://img.shields.io/badge/-source-cccccc?style=flat-square"></a>
+<a href="../src/charm_state.py#L176"><img align="right" style="float:right;" src="https://img.shields.io/badge/-source-cccccc?style=flat-square"></a>
 
 ### <kbd>classmethod</kbd> `from_charm`
 
@@ -128,6 +128,7 @@ Represent Synapse builtin configuration values.
  - <b>`report_stats`</b>:  report_stats config. 
  - <b>`public_baseurl`</b>:  public_baseurl config. 
  - <b>`enable_mjolnir`</b>:  enable_mjolnir config. 
+ - <b>`enable_password_config`</b>:  enable_password_config config. 
  - <b>`smtp_enable_tls`</b>:  enable tls while connecting to SMTP server. 
  - <b>`smtp_host`</b>:  SMTP host. 
  - <b>`smtp_notif_from`</b>:  defines the "From" address to use when sending emails. 
@@ -140,7 +141,7 @@ Represent Synapse builtin configuration values.
 
 ---
 
-<a href="../src/charm_state.py#L107"><img align="right" style="float:right;" src="https://img.shields.io/badge/-source-cccccc?style=flat-square"></a>
+<a href="../src/charm_state.py#L110"><img align="right" style="float:right;" src="https://img.shields.io/badge/-source-cccccc?style=flat-square"></a>
 
 ### <kbd>classmethod</kbd> `set_default_smtp_notif_from`
 
@@ -167,7 +168,7 @@ Set server_name as default value to smtp_notif_from.
 
 ---
 
-<a href="../src/charm_state.py#L126"><img align="right" style="float:right;" src="https://img.shields.io/badge/-source-cccccc?style=flat-square"></a>
+<a href="../src/charm_state.py#L129"><img align="right" style="float:right;" src="https://img.shields.io/badge/-source-cccccc?style=flat-square"></a>
 
 ### <kbd>classmethod</kbd> `to_yes_or_no`
 

src-docs/pebble.py.md

@@ -57,7 +57,7 @@ Change the configuration.
 
 ---
 
-<a href="../src/pebble.py#L98"><img align="right" style="float:right;" src="https://img.shields.io/badge/-source-cccccc?style=flat-square"></a>
+<a href="../src/pebble.py#L100"><img align="right" style="float:right;" src="https://img.shields.io/badge/-source-cccccc?style=flat-square"></a>
 
 ### <kbd>function</kbd> `enable_saml`
 
@@ -117,7 +117,7 @@ Replan Synapse NGINX service.
 
 ---
 
-<a href="../src/pebble.py#L114"><img align="right" style="float:right;" src="https://img.shields.io/badge/-source-cccccc?style=flat-square"></a>
+<a href="../src/pebble.py#L116"><img align="right" style="float:right;" src="https://img.shields.io/badge/-source-cccccc?style=flat-square"></a>
 
 ### <kbd>function</kbd> `reset_instance`
 

src/charm_state.py

@@ -26,6 +26,7 @@
 
 KNOWN_CHARM_CONFIG = (
     "enable_mjolnir",
+    "enable_password_config",
     "public_baseurl",
     "report_stats",
     "server_name",
@@ -76,6 +77,7 @@ class SynapseConfig(BaseModel):  # pylint: disable=too-few-public-methods
         report_stats: report_stats config.
         public_baseurl: public_baseurl config.
         enable_mjolnir: enable_mjolnir config.
+        enable_password_config: enable_password_config config.
         smtp_enable_tls: enable tls while connecting to SMTP server.
         smtp_host: SMTP host.
         smtp_notif_from: defines the "From" address to use when sending emails.
@@ -88,6 +90,7 @@ class SynapseConfig(BaseModel):  # pylint: disable=too-few-public-methods
     report_stats: str | None = Field(None)
     public_baseurl: str | None = Field(None)
     enable_mjolnir: bool = False
+    enable_password_config: bool = True
     smtp_enable_tls: bool = True
     smtp_host: str | None = Field(None)
     smtp_notif_from: str | None = Field(None)

src/pebble.py

@@ -91,6 +91,8 @@ def change_config(self, container: ops.model.Container) -> None:
                 synapse.enable_saml(container=container, charm_state=self._charm_state)
             if self._charm_state.synapse_config.smtp_host:
                 synapse.enable_smtp(container=container, charm_state=self._charm_state)
+            if not self._charm_state.synapse_config.enable_password_config:
+                synapse.disable_password_config(container=container)
             self.restart_synapse(container)
         except (synapse.WorkloadError, ops.pebble.PathError) as exc:
             raise PebbleServiceError(str(exc)) from exc

src/synapse/__init__.py

@@ -53,6 +53,7 @@
     check_nginx_ready,
     check_ready,
     create_mjolnir_config,
+    disable_password_config,
     enable_metrics,
     enable_saml,
     enable_serve_server_wellknown,

src/synapse/workload.py

@@ -289,6 +289,24 @@ def enable_metrics(container: ops.Container) -> None:
         raise EnableMetricsError(str(exc)) from exc
 
 
+def disable_password_config(container: ops.Container) -> None:
+    """Change the Synapse configuration to disable password config.
+
+    Args:
+        container: Container of the charm.
+
+    Raises:
+        WorkloadError: something went wrong disabling password config.
+    """
+    try:
+        config = container.pull(SYNAPSE_CONFIG_PATH).read()
+        current_yaml = yaml.safe_load(config)
+        current_yaml["password_config"] = {"enabled": False}
+        container.push(SYNAPSE_CONFIG_PATH, yaml.safe_dump(current_yaml))
+    except ops.pebble.PathError as exc:
+        raise WorkloadError(str(exc)) from exc
+
+
 def enable_serve_server_wellknown(container: ops.Container) -> None:
     """Change the Synapse configuration to enable server wellknown file.
 

tests/unit/test_synapse_workload.py

@@ -377,6 +377,51 @@ def test_enable_serve_server_wellknown_error(monkeypatch: pytest.MonkeyPatch):
         synapse.enable_serve_server_wellknown(container_mock)
 
 
+def test_disable_password_config_success(monkeypatch: pytest.MonkeyPatch):
+    """
+    arrange: set mock container with file.
+    act: call disable_password_config.
+    assert: new configuration file is pushed and password_config is disabled.
+    """
+    config_content = """
+    password_config:
+        enabled: true
+    """
+    text_io_mock = io.StringIO(config_content)
+    pull_mock = Mock(return_value=text_io_mock)
+    push_mock = MagicMock()
+    container_mock = MagicMock()
+    monkeypatch.setattr(container_mock, "pull", pull_mock)
+    monkeypatch.setattr(container_mock, "push", push_mock)
+
+    synapse.disable_password_config(container_mock)
+
+    assert pull_mock.call_args[0][0] == synapse.SYNAPSE_CONFIG_PATH
+    assert push_mock.call_args[0][0] == synapse.SYNAPSE_CONFIG_PATH
+    expected_config_content = {
+        "password_config": {
+            "enabled": False,
+        },
+    }
+    assert push_mock.call_args[0][1] == yaml.safe_dump(expected_config_content)
+
+
+def test_disable_password_config_error(monkeypatch: pytest.MonkeyPatch):
+    """
+    arrange: set mock container with file.
+    act: call disable_password_config.
+    assert: raise WorkloadError.
+    """
+    error_message = "Error pulling file"
+    path_error = ops.pebble.PathError(kind="fake", message=error_message)
+    pull_mock = MagicMock(side_effect=path_error)
+    container_mock = MagicMock()
+    monkeypatch.setattr(container_mock, "pull", pull_mock)
+
+    with pytest.raises(synapse.WorkloadError, match=error_message):
+        synapse.disable_password_config(container_mock)
+
+
 def test_get_registration_shared_secret_success(monkeypatch: pytest.MonkeyPatch):
     """
     arrange: set mock container with file.