[#2563] Fix disable setup configuration

    - set config_step_enable variables to False by default
    - skip configuration steps if config_step_enable var is
      not set to True

src/open_inwoner/conf/app/setup_configuration.py

@@ -25,7 +25,7 @@
 OIP_ORGANIZATION = config("OIP_ORGANIZATION", "")
 
 # ZGW configuration variables
-ZGW_CONFIG_ENABLE = config("ZGW_ENABLE", default=True)
+ZGW_CONFIG_ENABLE = config("ZGW_CONFIG_ENABLE", default=False)
 ZGW_SERVER_CERTIFICATE_LABEL = config("ZGW_SERVER_CERTIFICATE_LABEL", "")
 ZGW_SERVER_CERTIFICATE_TYPE = config("ZGW_SERVER_CERTIFICATE_TYPE", "")
 ZGW_SERVER_CERTIFICATE_PUBLIC_CERTIFICATE = (
@@ -80,7 +80,7 @@
 )
 
 # KIC configuration variables
-KIC_ENABLE = config("KIC_ENABLE", default=True)
+KIC_CONFIG_ENABLE = config("KIC_CONFIG_ENABLE", default=False)
 KIC_SERVER_CERTIFICATE_LABEL = config("KIC_SERVER_CERTIFICATE_LABEL", "")
 KIC_SERVER_CERTIFICATE_TYPE = config("KIC_SERVER_CERTIFICATE_TYPE", "")
 KIC_SERVER_CERTIFICATE_PUBLIC_CERTIFICATE = config(
@@ -124,7 +124,7 @@
 #
 # SiteConfiguration variables
 #
-SITE_CONFIG_ENABLE = config("SITE_CONFIG_ENABLE", True)
+SITE_CONFIG_ENABLE = config("SITE_CONFIG_ENABLE", False)
 SITE_NAME = config("SITE_NAME", None)
 SITE_PRIMARY_COLOR = config("SITE_PRIMARY_COLOR", None)
 SITE_SECONDARY_COLOR = config("SITE_SECONDARY_COLOR", None)
@@ -212,7 +212,7 @@
 
 # Authentication configuration variables
 # NOTE variables are namespaced with `DIGID_OIDC`, but some model field names also have `oidc_...` in them
-DIGID_OIDC_CONFIG_ENABLE = config("DIGID_OIDC_CONFIG_ENABLE", True)
+DIGID_OIDC_CONFIG_ENABLE = config("DIGID_OIDC_CONFIG_ENABLE", False)
 DIGID_OIDC_IDENTIFIER_CLAIM_NAME = config("DIGID_OIDC_IDENTIFIER_CLAIM_NAME", None)
 DIGID_OIDC_OIDC_RP_CLIENT_ID = config("DIGID_OIDC_OIDC_RP_CLIENT_ID", None)
 DIGID_OIDC_OIDC_RP_CLIENT_SECRET = config("DIGID_OIDC_OIDC_RP_CLIENT_SECRET", None)
@@ -238,7 +238,7 @@
 DIGID_OIDC_OIDC_EXEMPT_URLS = config("DIGID_OIDC_OIDC_EXEMPT_URLS", None)
 
 # NOTE variables are namespaced with `EHERKENNING_OIDC`, but some model field names also have `oidc_...` in them
-EHERKENNING_OIDC_CONFIG_ENABLE = config("EHERKENNING_OIDC_CONFIG_ENABLE", True)
+EHERKENNING_OIDC_CONFIG_ENABLE = config("EHERKENNING_OIDC_CONFIG_ENABLE", False)
 EHERKENNING_OIDC_IDENTIFIER_CLAIM_NAME = config(
     "EHERKENNING_OIDC_IDENTIFIER_CLAIM_NAME", None
 )
@@ -286,7 +286,7 @@
 EHERKENNING_OIDC_OIDC_EXEMPT_URLS = config("EHERKENNING_OIDC_OIDC_EXEMPT_URLS", None)
 
 # NOTE variables are namespaced with `ADMIN_OIDC`, but some model field names also have `oidc_...` in them
-ADMIN_OIDC_CONFIG_ENABLE = config("ADMIN_OIDC_CONFIG_ENABLE", default=True)
+ADMIN_OIDC_CONFIG_ENABLE = config("ADMIN_OIDC_CONFIG_ENABLE", default=False)
 ADMIN_OIDC_OIDC_RP_CLIENT_ID = config("ADMIN_OIDC_OIDC_RP_CLIENT_ID", None)
 ADMIN_OIDC_OIDC_RP_CLIENT_SECRET = config("ADMIN_OIDC_OIDC_RP_CLIENT_SECRET", None)
 ADMIN_OIDC_OIDC_RP_SCOPES_LIST = config("ADMIN_OIDC_OIDC_RP_SCOPES_LIST", None)
@@ -320,7 +320,7 @@
 #
 # DigiD SAML
 #
-DIGID_SAML_CONFIG_ENABLE = config("DIGID_SAML_SAML_CONFIG_ENABLE", default=True)
+DIGID_SAML_CONFIG_ENABLE = config("DIGID_SAML_SAML_CONFIG_ENABLE", default=False)
 DIGID_SAML_CERTIFICATE_LABEL = config("DIGID_SAML_CERTIFICATE_LABEL", None)
 DIGID_SAML_CERTIFICATE_TYPE = config("DIGID_SAML_CERTIFICATE_TYPE", None)
 DIGID_SAML_CERTIFICATE_PUBLIC_CERTIFICATE = config(
@@ -359,7 +359,7 @@
 #
 # Eherkenning SAML
 #
-EHERKENNING_SAML_CONFIG_ENABLE = config("EHERKENNING_SAML_CONFIG_ENABLE", default=True)
+EHERKENNING_SAML_CONFIG_ENABLE = config("EHERKENNING_SAML_CONFIG_ENABLE", default=False)
 EHERKENNING_SAML_CERTIFICATE_LABEL = config("EHERKENNING_SAML_CERTIFICATE_LABEL", None)
 EHERKENNING_SAML_CERTIFICATE_TYPE = config("EHERKENNING_SAML_CERTIFICATE_TYPE", None)
 EHERKENNING_SAML_CERTIFICATE_PUBLIC_CERTIFICATE = config(

src/open_inwoner/configurations/bootstrap/auth.py

@@ -72,6 +72,9 @@ def is_configured(self) -> bool:
         return OpenIDConnectDigiDConfig.get_solo().enabled
 
     def configure(self):
+        if not getattr(settings, self.config_settings.enable_setting, None):
+            return
+
         config = OpenIDConnectDigiDConfig.get_solo()
 
         # Use the model defaults
@@ -159,6 +162,9 @@ def is_configured(self) -> bool:
         return OpenIDConnectEHerkenningConfig.get_solo().enabled
 
     def configure(self):
+        if not getattr(settings, self.config_settings.enable_setting, None):
+            return
+
         config = OpenIDConnectEHerkenningConfig.get_solo()
 
         # Use the model defaults
@@ -250,6 +256,9 @@ def is_configured(self) -> bool:
         return OpenIDConnectConfig.get_solo().enabled
 
     def configure(self):
+        if not getattr(settings, self.config_settings.enable_setting, None):
+            return
+
         config = OpenIDConnectConfig.get_solo()
 
         # Use the model defaults
@@ -353,6 +362,9 @@ def is_configured(self) -> bool:
         )
 
     def configure(self):
+        if not getattr(settings, self.config_settings.enable_setting, None):
+            return
+
         config = DigidConfiguration.get_solo()
 
         # Use the model defaults
@@ -494,6 +506,9 @@ def is_configured(self) -> bool:
         )
 
     def configure(self):
+        if not getattr(settings, self.config_settings.enable_setting, None):
+            return
+
         config = EherkenningConfiguration.get_solo()
 
         # Use the model defaults

src/open_inwoner/configurations/bootstrap/cms.py

@@ -39,9 +39,8 @@ def is_configured(self):
 
         Pattern for enable setting: CMS_CONFIG_APPNAME_ENABLE
         """
-        return (
+        return bool(
             getattr(settings, f"CMS_CONFIG_{self.app_name.upper()}_ENABLE", None)
-            is not None
         )
 
     def configure(self):
@@ -52,6 +51,12 @@ def configure(self):
         configuration beyond the commonextension. Override to provide additional
         arguments to :func:`create_apphook_page`.
         """
+        enable_setting = getattr(
+            settings, f"CMS_CONFIG_{self.app_name.upper()}_ENABLE", None
+        )
+        if not enable_setting:
+            return
+
         extension_args = create_apphook_page_args(
             self.config_settings.extension_settings_mapping
         )
@@ -255,6 +260,9 @@ def __init__(self):
         self.app_name = "profile"
 
     def configure(self):
+        if not getattr(settings, self.config_settings.enable_setting, None):
+            return
+
         extension_settings = [
             "CMS_PROFILE_REQUIRES_AUTH",
             "CMS_PROFILE_REQUIRES_AUTH_BSN_OR_KVK",

src/open_inwoner/configurations/bootstrap/kic.py

@@ -59,6 +59,9 @@ def is_configured(self) -> bool:
         ).exists()
 
     def configure(self):
+        if not getattr(settings, self.config_settings.enable_setting, None):
+            return
+
         organization = settings.OIP_ORGANIZATION or settings.ENVIRONMENT
         org_label = f"Open Inwoner {organization}".strip()
 
@@ -136,6 +139,9 @@ def is_configured(self) -> bool:
         ).exists()
 
     def configure(self):
+        if not getattr(settings, self.config_settings.enable_setting, None):
+            return
+
         organization = settings.OIP_ORGANIZATION or settings.ENVIRONMENT
         org_label = f"Open Inwoner {organization}".strip()
 
@@ -206,6 +212,9 @@ def is_configured(self) -> bool:
         )
 
     def configure(self):
+        if not getattr(settings, self.config_settings.enable_setting, None):
+            return
+
         config = OpenKlantConfig.get_solo()
         config.klanten_service = Service.objects.get(
             api_root=settings.KIC_KLANTEN_SERVICE_API_ROOT

src/open_inwoner/configurations/bootstrap/siteconfig.py

@@ -111,6 +111,9 @@ def is_configured(self):
         return True
 
     def configure(self):
+        if not getattr(settings, self.config_settings.enable_setting, None):
+            return
+
         config = SiteConfiguration.get_solo()
 
         all_settings = (

src/open_inwoner/configurations/bootstrap/zgw.py

@@ -61,6 +61,9 @@ def is_configured(self) -> bool:
         ).exists()
 
     def configure(self):
+        if not getattr(settings, self.config_settings.enable_setting, None):
+            return
+
         organization = settings.OIP_ORGANIZATION or settings.ENVIRONMENT
         org_label = f"Open Inwoner {organization}".strip()
 
@@ -142,6 +145,9 @@ def is_configured(self) -> bool:
         ).exists()
 
     def configure(self):
+        if not getattr(settings, self.config_settings.enable_setting, None):
+            return
+
         organization = settings.OIP_ORGANIZATION or settings.ENVIRONMENT
         org_label = f"Open Inwoner {organization}".strip()
 
@@ -223,6 +229,9 @@ def is_configured(self) -> bool:
         ).exists()
 
     def configure(self):
+        if not getattr(settings, self.config_settings.enable_setting, None):
+            return
+
         organization = settings.OIP_ORGANIZATION or settings.ENVIRONMENT
         org_label = f"Open Inwoner {organization}".strip()
 
@@ -304,6 +313,9 @@ def is_configured(self) -> bool:
         ).exists()
 
     def configure(self):
+        if not getattr(settings, self.config_settings.enable_setting, None):
+            return
+
         organization = settings.OIP_ORGANIZATION or settings.ENVIRONMENT
         org_label = f"Open Inwoner {organization}".strip()
 
@@ -379,6 +391,9 @@ def is_configured(self) -> bool:
         return ZGWApiGroupConfig.objects.filter(open_zaak_config=zgw_config).exists()
 
     def configure(self):
+        if not getattr(settings, self.config_settings.enable_setting, None):
+            return
+
         config = OpenZaakConfig.get_solo()
         ZGWApiGroupConfig.objects.create(
             open_zaak_config=config,

src/open_inwoner/configurations/tests/bootstrap/test_setup_auth_config.py

@@ -64,6 +64,7 @@
 
 
 @override_settings(
+    DIGID_OIDC_CONFIG_ENABLE=True,
     DIGID_OIDC_OIDC_RP_CLIENT_ID="client-id",
     DIGID_OIDC_OIDC_RP_CLIENT_SECRET="secret",
     DIGID_OIDC_IDENTIFIER_CLAIM_NAME="claim_name",
@@ -277,8 +278,17 @@ def test_is_configured(self):
 
         self.assertTrue(config.is_configured())
 
+    @override_settings(DIGID_OIDC_CONFIG_ENABLE=False)
+    def test_disable_digid_oidc_config(self):
+        config = DigiDOIDCConfigurationStep()
+
+        config.configure()
+
+        self.assertFalse(config.is_configured())
+
 
 @override_settings(
+    EHERKENNING_OIDC_CONFIG_ENABLE=True,
     EHERKENNING_OIDC_OIDC_RP_CLIENT_ID="client-id",
     EHERKENNING_OIDC_OIDC_RP_CLIENT_SECRET="secret",
     EHERKENNING_OIDC_IDENTIFIER_CLAIM_NAME="claim_name",
@@ -492,8 +502,17 @@ def test_is_configured(self):
 
         self.assertTrue(config.is_configured())
 
+    @override_settings(EHERKENNING_OIDC_CONFIG_ENABLE=False)
+    def test_disable_eherkenning_oidc_config(self):
+        config = eHerkenningOIDCConfigurationStep()
+
+        config.configure()
+
+        self.assertFalse(config.is_configured())
+
 
 @override_settings(
+    ADMIN_OIDC_CONFIG_ENABLE=True,
     ADMIN_OIDC_OIDC_RP_CLIENT_ID="client-id",
     ADMIN_OIDC_OIDC_RP_CLIENT_SECRET="secret",
     ADMIN_OIDC_OIDC_RP_SCOPES_LIST=["open_id", "email", "profile", "extra_scope"],
@@ -718,9 +737,18 @@ def test_is_configured(self):
 
         self.assertTrue(config.is_configured())
 
+    @override_settings(ADMIN_OIDC_CONFIG_ENABLE=False)
+    def test_disable_admin_oidc_config(self):
+        config = AdminOIDCConfigurationStep()
+
+        config.configure()
+
+        self.assertFalse(config.is_configured())
+
 
 @temp_private_root()
 @override_settings(
+    DIGID_SAML_CONFIG_ENABLE=True,
     DIGID_SAML_CERTIFICATE_LABEL="DigiD certificate",
     DIGID_SAML_CERTIFICATE_TYPE=CertificateTypes.key_pair,
     DIGID_SAML_CERTIFICATE_PUBLIC_CERTIFICATE=PUBLIC_CERT_FILE.name,
@@ -863,9 +891,18 @@ def test_is_configured(self, m):
 
         self.assertTrue(config.is_configured())
 
+    @override_settings(DIGID_SAML_CONFIG_ENABLE=False)
+    def test_disable_digid_saml_config(self):
+        config = DigiDSAMLConfigurationStep()
+
+        config.configure()
+
+        self.assertFalse(config.is_configured())
+
 
 @temp_private_root()
 @override_settings(
+    EHERKENNING_SAML_CONFIG_ENABLE=True,
     EHERKENNING_SAML_CERTIFICATE_LABEL="eHerkenning certificate",
     EHERKENNING_SAML_CERTIFICATE_TYPE=CertificateTypes.key_pair,
     EHERKENNING_SAML_CERTIFICATE_PUBLIC_CERTIFICATE=PUBLIC_CERT_FILE.name,
@@ -1051,3 +1088,11 @@ def test_is_configured(self, m):
             config.configure()
 
         self.assertTrue(config.is_configured())
+
+    @override_settings(EHERKENNING_SAML_CONFIG_ENABLE=False)
+    def test_disable_eherkenning_saml_config(self):
+        config = eHerkenningSAMLConfigurationStep()
+
+        config.configure()
+
+        self.assertFalse(config.is_configured())