feat: Adds New App Configuration Field for Disabling API Keys. BED-7133

[RaymondLaubert]

Description

Adds a new application configuration property DisableAPIKeys.

Motivation and Context

Resolves BED-7133

Why is this change required? What problem does it solve?

The change adds the DisableAPIKeys to the Application Configuration properties; default this is turned off. This will allow a new option to be added to the configuration file to override the default value and ultimately allow for disabling the use of API Keys; this will help fulfill contractual obligations for an on-prem client.

How Has This Been Tested?

Modified the build.config.json file and ran it locally using breakpoints to observe and verify the new configuration property was being added, the DisableAPIKeys was defaulting to false, and overwritten when the build.config.json file contained the override "disable_api_keys": true.

Screenshots (optional):

Types of changes

• New feature (non-breaking change which adds functionality)

Checklist:

• I have met the contributing prerequisites
  • Assigned myself to this PR
  • Added the appropriate labels
  • Associated an issue: Issues and Pull Requests README #672
  • Read the Contributing guide: https://github.com/SpecterOps/BloodHound/wiki/Contributing
• I have ensured that related documentation is up-to-date
  • Open API docs
  • Code comments (GoDocs / JSDocs)
• I have followed proper test practices
  • Added/updated tests to cover my changes
  • All new and existing tests passed

Summary by CodeRabbit

• New Features
  • Added a new configurable setting to manage API keys availability across the application.

_{✏️ Tip: You can customize this high-level summary in your review settings.}

[coderabbitai]

Walkthrough

This PR adds a new DisableAPIKeys boolean configuration field to the Configuration struct and its default initializer, enabling API key functionality to be toggled via configuration without introducing any behavioral changes.

Changes

Cohort / File(s)	Summary
Configuration field addition cmd/api/src/config/config.go, cmd/api/src/config/default.go	Added new public DisableAPIKeys boolean field to Configuration struct with JSON tag disable_api_keys, initialized to false in default configuration.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~2 minutes

Possibly related PRs

• feat: Adds property/field to application configuration (DisableTimeoutLimit). BED-6989 #2217 — Both PRs modify the Configuration struct and default initializer by adding new boolean flag fields to the same configuration package.

Suggested reviewers

• stephanieslamb
• Useinovski

Poem

🐰 A config field hops into place,
DisableAPIKeys sets the pace,
Boolean flags, so neat and clean,
Default false—the safest scene! ✨

🚥 Pre-merge checks | ✅ 3

✅ Passed checks (3 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title clearly and specifically describes the main change: adding a new configuration field for disabling API keys.
Description check	✅ Passed	The description covers all required sections: clear description of changes, motivation/context with ticket reference, testing approach, and completed checklist items.
Docstring Coverage	✅ Passed	Docstring coverage is 100.00% which is sufficient. The required threshold is 80.00%.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing touches

• 📝 Generate docstrings

---

🧹 Recent nitpick comments

cmd/api/src/config/config.go (1)

162-162: Minor formatting inconsistency with whitespace alignment.

The new field uses tabs for alignment while surrounding fields (lines 159-166) use spaces. This doesn't affect functionality but creates visual inconsistency in the struct definition.

🔧 Suggested fix to match surrounding formatting

-	DisableAPIKeys					bool					  `json:"disable_api_keys"`
+	DisableAPIKeys                  bool                      `json:"disable_api_keys"`

cmd/api/src/config/default.go (1)

64-66: Default value is correct; minor formatting inconsistency.

The default of false correctly enables API keys by default, requiring explicit opt-in to disable them. This aligns with the PR objectives for on-prem client configuration.

Same whitespace alignment issue as in config.go - tabs used instead of spaces for consistency with surrounding lines.

🔧 Suggested fix to match surrounding formatting

-			DisableAPIKeys: 				 false,
+			DisableAPIKeys:                  false,

---

📜 Recent review details

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between b9501e2 and 46668a8.

📒 Files selected for processing (2)

• cmd/api/src/config/config.go
• cmd/api/src/config/default.go

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (4)

• GitHub Check: Build BloodHound Container Image / Build and Package Container
• GitHub Check: run-tests
• GitHub Check: build-ui
• GitHub Check: run-analysis

_{✏️ Tip: You can disable this entire section by setting review_details to false in your review settings.}

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}