From bde533a9c7d2cb53b61fe2ec031691d3b0f0dbc9 Mon Sep 17 00:00:00 2001
From: Aditya Manthramurthy <donatello@users.noreply.github.com>
Date: Thu, 29 Jun 2023 23:38:26 -0700
Subject: [PATCH] fix: OpenID config initialization (#17544)

This is due to a regression in the handling of the enable key in OpenID
configuration.
---
 cmd/admin-handlers-idp-config.go          |  4 ++--
 internal/config/identity/openid/openid.go | 23 ++++++++++++-----------
 2 files changed, 14 insertions(+), 13 deletions(-)

diff --git a/cmd/admin-handlers-idp-config.go b/cmd/admin-handlers-idp-config.go
index dc9ccf572..4d5f14988 100644
--- a/cmd/admin-handlers-idp-config.go
+++ b/cmd/admin-handlers-idp-config.go
@@ -206,9 +206,9 @@ func (a adminAPIHandlers) AddIdentityProviderCfg(w http.ResponseWriter, r *http.
 
 // UpdateIdentityProviderCfg: updates an existing IDP config for openid/ldap.
 //
-// PATCH <admin-prefix>/idp-cfg/openid/dex1 -> update named config `dex1`
+// POST <admin-prefix>/idp-cfg/openid/dex1 -> update named config `dex1`
 //
-// PATCH <admin-prefix>/idp-cfg/openid/_ -> update (default) named config `_`
+// POST <admin-prefix>/idp-cfg/openid/_ -> update (default) named config `_`
 func (a adminAPIHandlers) UpdateIdentityProviderCfg(w http.ResponseWriter, r *http.Request) {
 	ctx := newContext(r, w, "UpdateIdentityProviderCfg")
 	defer logger.AuditLog(ctx, w, r, mustGetClaimsFromToken(r))
diff --git a/internal/config/identity/openid/openid.go b/internal/config/identity/openid/openid.go
index f5e0c3b67..4ef5ad99f 100644
--- a/internal/config/identity/openid/openid.go
+++ b/internal/config/identity/openid/openid.go
@@ -243,11 +243,8 @@ func LookupConfig(s config.Config, transport http.RoundTripper, closeRespFn func
 		// parameters are non-empty.
 		var (
 			cfgEnableVal        = getCfgVal(config.Enable)
-			isExplicitlyEnabled = false
+			isExplicitlyEnabled = cfgEnableVal != ""
 		)
-		if cfgEnableVal != "" {
-			isExplicitlyEnabled = true
-		}
 
 		var enabled bool
 		if isExplicitlyEnabled {
@@ -423,17 +420,21 @@ func (r *Config) GetConfigInfo(s config.Config, cfgName string) ([]madmin.IDPCfg
 
 	res := make([]madmin.IDPCfgInfo, 0, len(kvsrcs)+1)
 	for _, kvsrc := range kvsrcs {
-		// skip default values.
+		// skip returning default config values.
 		if kvsrc.Src == config.ValueSourceDef {
 			if kvsrc.Key != madmin.EnableKey {
 				continue
 			}
-			// set an explicit on/off from live configuration.
-			kvsrc.Value = "off"
-			if _, ok := r.ProviderCfgs[cfgName]; ok {
-				if r.Enabled {
-					kvsrc.Value = "on"
-				}
+			// for EnableKey we set an explicit on/off from live configuration
+			// if it is present.
+			if _, ok := r.ProviderCfgs[cfgName]; !ok {
+				// No live config is present
+				continue
+			}
+			if r.Enabled {
+				kvsrc.Value = "on"
+			} else {
+				kvsrc.Value = "off"
 			}
 		}
 		res = append(res, madmin.IDPCfgInfo{