Add the ability to bootstrap the internal IDP with an active flag

[#102287774] https://www.pivotaltracker.com/story/show/102287774

Signed-off-by: Madhura Bhave <mbhave@pivotal.io>

common/src/main/java/org/cloudfoundry/identity/uaa/config/IdentityProviderBootstrap.java

@@ -146,7 +146,7 @@ public void afterPropertiesSet() throws Exception {
                 provisioning.update(provider);
             }
         }
-        addPoliciesToDefaultZoneUaaIDP();
+        updateDefaultZoneUaaIDP();
     }
 
     private void deactivateUnusedProviders(String zoneId) {
@@ -162,10 +162,14 @@ private void deactivateUnusedProviders(String zoneId) {
         }
     }
 
-    protected void addPoliciesToDefaultZoneUaaIDP() throws JSONException {
+    protected void updateDefaultZoneUaaIDP() throws JSONException {
         IdentityProvider internalIDP = provisioning.retrieveByOrigin(Origin.UAA, IdentityZone.getUaa().getId());
         UaaIdentityProviderDefinition identityProviderDefinition = new UaaIdentityProviderDefinition(defaultPasswordPolicy, defaultLockoutPolicy);
         internalIDP.setConfig(JsonUtils.writeValueAsString(identityProviderDefinition));
+        String internalAuthenticationEnabled = environment.getProperty("disableInternalAuth");
+        if (internalAuthenticationEnabled != null && internalAuthenticationEnabled.equals("false")) {
+            internalIDP.setActive(false);
+        }
         provisioning.update(internalIDP);
     }
 

common/src/test/java/org/cloudfoundry/identity/uaa/config/IdentityProviderBootstrapTest.java

@@ -393,4 +393,27 @@ public void setLockoutPolicyToInternalIDP() throws Exception {
         assertEquals(3, lockoutPolicy.getLockoutAfterFailures());
         assertEquals(343, lockoutPolicy.getCountFailuresWithin());
     }
+
+    @Test
+    public void setActiveFlagOnInternalIDP() throws Exception {
+        MockEnvironment environment = new MockEnvironment();
+        environment.setProperty("disableInternalAuth", "false");
+        IdentityProviderProvisioning provisioning = new JdbcIdentityProviderProvisioning(jdbcTemplate);
+        IdentityProviderBootstrap bootstrap = new IdentityProviderBootstrap(provisioning, environment);
+        bootstrap.afterPropertiesSet();
+
+        IdentityProvider internalIdp =  provisioning.retrieveByOrigin(Origin.UAA, IdentityZone.getUaa().getId());
+        assertFalse(internalIdp.isActive());
+    }
+
+    @Test
+    public void defaultActiveFlagOnInternalIDP() throws Exception {
+        MockEnvironment environment = new MockEnvironment();
+        IdentityProviderProvisioning provisioning = new JdbcIdentityProviderProvisioning(jdbcTemplate);
+        IdentityProviderBootstrap bootstrap = new IdentityProviderBootstrap(provisioning, environment);
+        bootstrap.afterPropertiesSet();
+
+        IdentityProvider internalIdp =  provisioning.retrieveByOrigin(Origin.UAA, IdentityZone.getUaa().getId());
+        assertTrue(internalIdp.isActive());
+    }
 }

uaa/src/main/resources/uaa.yml

@@ -60,6 +60,9 @@
 #    countFailuresWithinSeconds: 3600
 #    lockoutPeriodSeconds: 600
 
+# Set this property to false for disabling authentication via the internal IDP. Defaults to true.
+#disableInternalAuth: false
+
 #keystone:
 #  authentication:
 #    url: http://localhost:35357/v2.0/tokens

uaa/src/test/java/org/cloudfoundry/identity/uaa/login/BootstrapTests.java

@@ -18,6 +18,7 @@
 import org.cloudfoundry.identity.uaa.authentication.Origin;
 import org.cloudfoundry.identity.uaa.authentication.login.Prompt;
 import org.cloudfoundry.identity.uaa.authentication.manager.PeriodLockoutPolicy;
+import org.cloudfoundry.identity.uaa.config.IdentityProviderBootstrap;
 import org.cloudfoundry.identity.uaa.config.LockoutPolicy;
 import org.cloudfoundry.identity.uaa.config.PasswordPolicy;
 import org.cloudfoundry.identity.uaa.config.YamlServletProfileInitializer;