An federation whitelist query endpoint extension

docs/usage/configuration/config_documentation.md

@@ -1232,6 +1232,31 @@ federation_domain_whitelist:
   - syd.example.com
 ```
 ---
+### `federation_whitelist_endpoint_enabled`
+
+Enables an endpoint for fetching the federation whitelist config.
+
+The request method and path is `GET /_synapse/client/config/federation_whitelist`, and the
+response format is:
+
+```json
+{
+    "whitelist_enabled": true,  // Whether the federation whitelist is being enforced
+    "whitelist": [  // Which server names are allowed by the whitelist
+        "example.com"
+    ]
+}
+```
+
+If `whitelist_enabled` is `false` then the server is permitted to federate with all others.
+
+The endpoint requires authentication.
+
+Example configuration:
+```yaml
+federation_whitelist_endpoint_enabled: true
+```
+---
 ### `federation_metrics_domains`
 
 Report prometheus metrics on the age of PDUs being sent to and received from
@@ -4546,34 +4571,3 @@ background_updates:
     min_batch_size: 10
     default_batch_size: 50
 ```
-
-
----
-## Extension features
-Configuration for extension features for Synapse
-
----
-### `extension_federation_whitelist_endpoint`
-
-Enables an endpoint for fetching the federation whitelist config.
-
-The request method and path is `GET /_synapse/client/config/federation_whitelist`, and the
-response format is:
-
-```json
-{
-    "whitelist_enabled": true,  // Whether the federation whitelist is being enforced
-    "whitelist": [  // Which server names are allowed by the whitelist
-        "example.com"
-    ]
-}
-```
-
-If `whitelist_enabled` is `false` then the server is permitted to federate with all others.
-
-The endpoint requires authentication.
-
-Example configuration:
-```yaml
-extension_federation_whitelist_endpoint: true
-```

synapse/config/_base.pyi

@@ -31,7 +31,6 @@ from synapse.config import (  # noqa: F401
     database,
     emailconfig,
     experimental,
-    extensions,
     federation,
     jwt,
     key,
@@ -121,7 +120,6 @@ class RootConfig:
     federation: federation.FederationConfig
     retention: retention.RetentionConfig
     background_updates: background_updates.BackgroundUpdateConfig
-    extensions: extensions.ExtensionsConfig
 
     config_classes: List[Type["Config"]] = ...
     config_files: List[str]

synapse/config/federation.py

@@ -42,6 +42,10 @@ def read_config(self, config: JsonDict, **kwargs: Any) -> None:
             for domain in federation_domain_whitelist:
                 self.federation_domain_whitelist[domain] = True
 
+        self.federation_whitelist_endpoint_enabled = config.get(
+            "federation_whitelist_endpoint_enabled", False
+        )
+
         federation_metrics_domains = config.get("federation_metrics_domains") or []
         validate_config(
             _METRICS_FOR_DOMAINS_SCHEMA,

synapse/config/homeserver.py

@@ -31,7 +31,6 @@
 from .database import DatabaseConfig
 from .emailconfig import EmailConfig
 from .experimental import ExperimentalConfig
-from .extensions import ExtensionsConfig
 from .federation import FederationConfig
 from .jwt import JWTConfig
 from .key import KeyConfig
@@ -106,5 +105,4 @@ class HomeServerConfig(RootConfig):
         RedisConfig,
         ExperimentalConfig,
         BackgroundUpdateConfig,
-        ExtensionsConfig,
     ]

synapse/rest/synapse/client/__init__.py

@@ -78,7 +78,7 @@ def build_synapse_client_resource_tree(hs: "HomeServer") -> Mapping[str, Resourc
         # To be removed in Synapse v1.32.0.
         resources["/_matrix/saml2"] = res
 
-    if hs.config.extensions.federation_whitelist_endpoint:
+    if hs.config.federation.federation_whitelist_endpoint_enabled:
         resources[FederationWhitelistResource.PATH] = FederationWhitelistResource(hs)
 
     if hs.config.experimental.msc4108_enabled:

tests/rest/synapse/client/test_federation_whitelist.py

@@ -41,7 +41,7 @@ def test_default(self) -> None:
 
         self.assertEqual(channel.code, 404)
 
-    @unittest.override_config({"extension_federation_whitelist_endpoint": True})
+    @unittest.override_config({"federation_whitelist_endpoint_enabled": True})
     def test_no_auth(self) -> None:
         "Endpoint requires auth when enabled"
 
@@ -51,7 +51,7 @@ def test_no_auth(self) -> None:
 
         self.assertEqual(channel.code, 401)
 
-    @unittest.override_config({"extension_federation_whitelist_endpoint": True})
+    @unittest.override_config({"federation_whitelist_endpoint_enabled": True})
     def test_no_whitelist(self) -> None:
         "Test when there is no whitelist configured"
 
@@ -72,7 +72,7 @@ def test_no_whitelist(self) -> None:
 
     @unittest.override_config(
         {
-            "extension_federation_whitelist_endpoint": True,
+            "federation_whitelist_endpoint_enabled": True,
             "federation_domain_whitelist": ["example.com"],
         }
     )
@@ -96,7 +96,7 @@ def test_whitelist(self) -> None:
 
     @unittest.override_config(
         {
-            "extension_federation_whitelist_endpoint": True,
+            "federation_whitelist_endpoint_enabled": True,
             "federation_domain_whitelist": ["example.com", "example.com"],
         }
     )