From 26a3ba61e51a34bfa6fa59b35f2539aceda61644 Mon Sep 17 00:00:00 2001
From: Alan Rominger <arominge@redhat.com>
Date: Tue, 3 Sep 2024 12:14:02 -0400
Subject: [PATCH 1/3] Add some nuance to the on-off logic for RESOURCE_SERVER

---
 ansible_base/resource_registry/apps.py | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/ansible_base/resource_registry/apps.py b/ansible_base/resource_registry/apps.py
index daf74399d..c6321b750 100644
--- a/ansible_base/resource_registry/apps.py
+++ b/ansible_base/resource_registry/apps.py
@@ -101,10 +101,11 @@ def proxies_of_model(cls):
 
 def _should_reverse_sync():
     enabled = getattr(settings, 'RESOURCE_SERVER_SYNC_ENABLED', False)
-    if not getattr(settings, 'RESOURCE_SERVER', False):
+    resource_server_defined = bool(getattr(settings, 'RESOURCE_SERVER', {}).get('URL', {}))
+    if enabled and (not resource_server_defined):
         logger.error("RESOURCE_SERVER is not configured. Reverse sync will not be enabled.")
         enabled = False
-    if hasattr(settings, 'RESOURCE_SERVER') and ('SECRET_KEY' not in settings.RESOURCE_SERVER or not settings.RESOURCE_SERVER['SECRET_KEY']):
+    if enabled and resource_server_defined and ('SECRET_KEY' not in settings.RESOURCE_SERVER or not settings.RESOURCE_SERVER['SECRET_KEY']):
         logger.error("RESOURCE_SERVER['SECRET_KEY'] is not configured. Reverse sync will not be enabled.")
         enabled = False
     return enabled

From 08b1c1c2d89460f15a7226f16f4513280f9623d0 Mon Sep 17 00:00:00 2001
From: Alan Rominger <arominge@redhat.com>
Date: Wed, 4 Sep 2024 10:09:03 -0400
Subject: [PATCH 2/3] Update tests to expect capital URL

---
 ansible_base/resource_registry/apps.py         | 2 +-
 test_app/tests/resource_registry/test_utils.py | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/ansible_base/resource_registry/apps.py b/ansible_base/resource_registry/apps.py
index c6321b750..0def881f6 100644
--- a/ansible_base/resource_registry/apps.py
+++ b/ansible_base/resource_registry/apps.py
@@ -101,7 +101,7 @@ def proxies_of_model(cls):
 
 def _should_reverse_sync():
     enabled = getattr(settings, 'RESOURCE_SERVER_SYNC_ENABLED', False)
-    resource_server_defined = bool(getattr(settings, 'RESOURCE_SERVER', {}).get('URL', {}))
+    resource_server_defined = bool(getattr(settings, 'RESOURCE_SERVER', {}).get('URL', ''))
     if enabled and (not resource_server_defined):
         logger.error("RESOURCE_SERVER is not configured. Reverse sync will not be enabled.")
         enabled = False
diff --git a/test_app/tests/resource_registry/test_utils.py b/test_app/tests/resource_registry/test_utils.py
index 631e848ae..a7ea5eecf 100644
--- a/test_app/tests/resource_registry/test_utils.py
+++ b/test_app/tests/resource_registry/test_utils.py
@@ -214,7 +214,7 @@ def test_sync_to_resource_server_create_update_and_ansible_id_given(self, organi
             (
                 {
                     'RESOURCE_SERVER_SYNC_ENABLED': True,
-                    'RESOURCE_SERVER': {'url': 'http://localhost:8000', 'SECRET_KEY': 'foo'},
+                    'RESOURCE_SERVER': {'URL': 'http://localhost:8000', 'SECRET_KEY': 'foo'},
                     'RESOURCE_SERVICE_PATH': "/foo",
                 },
                 True,
@@ -223,7 +223,7 @@ def test_sync_to_resource_server_create_update_and_ansible_id_given(self, organi
             (
                 {
                     'RESOURCE_SERVER_SYNC_ENABLED': False,
-                    'RESOURCE_SERVER': {'url': 'http://localhost:8000', 'SECRET_KEY': 'foo'},
+                    'RESOURCE_SERVER': {'URL': 'http://localhost:8000', 'SECRET_KEY': 'foo'},
                     'RESOURCE_SERVICE_PATH': "/foo",
                 },
                 False,

From 469e59c8137cf8128a099e0366e6e0ffac135111 Mon Sep 17 00:00:00 2001
From: Alan Rominger <arominge@redhat.com>
Date: Wed, 4 Sep 2024 10:15:22 -0400
Subject: [PATCH 3/3] Add shared utility, also skip auth class thing

---
 ansible_base/resource_registry/apps.py                      | 6 +++---
 .../resource_registry/utils/service_backed_sso_pipeline.py  | 5 ++++-
 ansible_base/resource_registry/utils/settings.py            | 5 +++++
 3 files changed, 12 insertions(+), 4 deletions(-)
 create mode 100644 ansible_base/resource_registry/utils/settings.py

diff --git a/ansible_base/resource_registry/apps.py b/ansible_base/resource_registry/apps.py
index 0def881f6..2162b8912 100644
--- a/ansible_base/resource_registry/apps.py
+++ b/ansible_base/resource_registry/apps.py
@@ -8,6 +8,7 @@
 
 import ansible_base.lib.checks  # noqa: F401 - register checks
 from ansible_base.lib.utils.db import ensure_transaction, migrations_are_complete
+from ansible_base.resource_registry.utils.settings import resource_server_defined
 
 logger = logging.getLogger('ansible_base.resource_registry.apps')
 
@@ -101,11 +102,10 @@ def proxies_of_model(cls):
 
 def _should_reverse_sync():
     enabled = getattr(settings, 'RESOURCE_SERVER_SYNC_ENABLED', False)
-    resource_server_defined = bool(getattr(settings, 'RESOURCE_SERVER', {}).get('URL', ''))
-    if enabled and (not resource_server_defined):
+    if enabled and (not resource_server_defined()):
         logger.error("RESOURCE_SERVER is not configured. Reverse sync will not be enabled.")
         enabled = False
-    if enabled and resource_server_defined and ('SECRET_KEY' not in settings.RESOURCE_SERVER or not settings.RESOURCE_SERVER['SECRET_KEY']):
+    if enabled and resource_server_defined() and ('SECRET_KEY' not in settings.RESOURCE_SERVER or not settings.RESOURCE_SERVER['SECRET_KEY']):
         logger.error("RESOURCE_SERVER['SECRET_KEY'] is not configured. Reverse sync will not be enabled.")
         enabled = False
     return enabled
diff --git a/ansible_base/resource_registry/utils/service_backed_sso_pipeline.py b/ansible_base/resource_registry/utils/service_backed_sso_pipeline.py
index be3a090f8..06a80ab6b 100644
--- a/ansible_base/resource_registry/utils/service_backed_sso_pipeline.py
+++ b/ansible_base/resource_registry/utils/service_backed_sso_pipeline.py
@@ -3,6 +3,7 @@
 
 from ansible_base.resource_registry.resource_server import get_resource_server_config
 from ansible_base.resource_registry.utils.auth_code import get_user_auth_code
+from ansible_base.resource_registry.utils.settings import resource_server_defined
 
 
 def redirect_to_resource_server(*args, social=None, user=None, **kwargs):
@@ -11,7 +12,9 @@ def redirect_to_resource_server(*args, social=None, user=None, **kwargs):
     """
 
     # Allow for disabling this pipeline without removing it from the settings.
-    if not getattr(settings, 'ENABLE_SERVICE_BACKED_SSO', False):
+    # If resource server is defined, also silently quit
+    # for ease of connected vs disconnected configs
+    if (not getattr(settings, 'ENABLE_SERVICE_BACKED_SSO', False)) or (not resource_server_defined()):
         return None
 
     oidc_alt_key = None
diff --git a/ansible_base/resource_registry/utils/settings.py b/ansible_base/resource_registry/utils/settings.py
new file mode 100644
index 000000000..95f4f0a9f
--- /dev/null
+++ b/ansible_base/resource_registry/utils/settings.py
@@ -0,0 +1,5 @@
+from django.conf import settings
+
+
+def resource_server_defined() -> bool:
+    return bool(getattr(settings, 'RESOURCE_SERVER', {}).get('URL', ''))