Move msc2858 to an experimental config section

synapse/config/_base.pyi

@@ -9,6 +9,7 @@ from synapse.config import (
     consent_config,
     database,
     emailconfig,
+    experimental,
     groups,
     jwt_config,
     key,
@@ -48,6 +49,7 @@ def path_exists(file_path: str): ...
 
 class RootConfig:
     server: server.ServerConfig
+    experimental: experimental.ExperimentalConfig
     tls: tls.TlsConfig
     database: database.DatabaseConfig
     logging: logger.LoggingConfig

synapse/config/experimental.py

@@ -0,0 +1,33 @@
+# -*- coding: utf-8 -*-
+# Copyright 2021 The Matrix.org Foundation C.I.C.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+from synapse.config._base import Config
+from synapse.types import JsonDict
+
+
+class ExperimentalConfig(Config):
+    """Config section for enabling experimental features"""
+
+    section = "experimental"
+
+    # MSC2858 (multiple SSO identity providers)
+    msc2858_enabled = False
+
+    def read_config(self, config: JsonDict, **kwargs):
+        experimental = config.get("experimental_features")
+        if not experimental:
+            return
+
+        self.msc2858_enabled = experimental.get("msc2858_enabled", False)

synapse/config/homeserver.py

@@ -24,6 +24,7 @@
 from .consent_config import ConsentConfig
 from .database import DatabaseConfig
 from .emailconfig import EmailConfig
+from .experimental import ExperimentalConfig
 from .federation import FederationConfig
 from .groups import GroupsConfig
 from .jwt_config import JWTConfig
@@ -57,6 +58,7 @@ class HomeServerConfig(RootConfig):
 
     config_classes = [
         ServerConfig,
+        ExperimentalConfig,
         TlsConfig,
         FederationConfig,
         CacheConfig,

synapse/config/sso.py

@@ -67,11 +67,6 @@ def read_config(self, config, **kwargs):
         login_fallback_url = self.public_baseurl + "_matrix/static/client/login"
         self.sso_client_whitelist.append(login_fallback_url)
 
-        # experimental support for MSC2858 (multiple SSO identity providers)
-        self.experimental_msc2858_support_enabled = config.get(
-            "experimental_msc2858_support_enabled", False
-        )
-
     def generate_config_section(self, **kwargs):
         return """\
         # Additional settings to use with single-sign on systems such as OpenID Connect,

synapse/rest/client/v1/login.py

@@ -61,7 +61,7 @@ def __init__(self, hs: "HomeServer"):
         self.saml2_enabled = hs.config.saml2_enabled
         self.cas_enabled = hs.config.cas_enabled
         self.oidc_enabled = hs.config.oidc_enabled
-        self._msc2858_enabled = hs.config.sso.experimental_msc2858_support_enabled
+        self._msc2858_enabled = hs.config.experimental.msc2858_enabled
 
         self.auth = hs.get_auth()
 
@@ -349,7 +349,7 @@ def __init__(self, hs: "HomeServer"):
         if hs.config.oidc_enabled:
             hs.get_oidc_handler()
         self._sso_handler = hs.get_sso_handler()
-        self._msc2858_enabled = hs.config.sso.experimental_msc2858_support_enabled
+        self._msc2858_enabled = hs.config.experimental.msc2858_enabled
 
     def register(self, http_server: HttpServer) -> None:
         super().register(http_server)

tests/rest/client/v1/test_login.py

@@ -444,7 +444,7 @@ def test_get_login_flows(self):
 
         self.assertCountEqual(channel.json_body["flows"], expected_flows)
 
-    @override_config({"experimental_msc2858_support_enabled": True})
+    @override_config({"experimental_features": {"msc2858_enabled": True}})
     def test_get_msc2858_login_flows(self):
         """The SSO flow should include IdP info if MSC2858 is enabled"""
         channel = self.make_request("GET", "/_matrix/client/r0/login")
@@ -629,7 +629,7 @@ def test_client_idp_redirect_msc2858_disabled(self):
         self.assertEqual(channel.code, 400, channel.result)
         self.assertEqual(channel.json_body["errcode"], "M_UNRECOGNIZED")
 
-    @override_config({"experimental_msc2858_support_enabled": True})
+    @override_config({"experimental_features": {"msc2858_enabled": True}})
     def test_client_idp_redirect_to_unknown(self):
         """If the client tries to pick an unknown IdP, return a 404"""
         channel = self.make_request(
@@ -640,7 +640,7 @@ def test_client_idp_redirect_to_unknown(self):
         self.assertEqual(channel.code, 404, channel.result)
         self.assertEqual(channel.json_body["errcode"], "M_NOT_FOUND")
 
-    @override_config({"experimental_msc2858_support_enabled": True})
+    @override_config({"experimental_features": {"msc2858_enabled": True}})
     def test_client_idp_redirect_to_oidc(self):
         """If the client pick a known IdP, redirect to it"""
         channel = self.make_request(