Make email addresses optional in external auth if email feature is turned off

Before this change, external auth such as Keystone would fail if a user without an email address tried to login, even if the email feature was disabled.

util/config/validator.py

@@ -354,9 +354,10 @@ def _validate_ldap(config, password):
   user_rdn = config.get('LDAP_USER_RDN', [])
   uid_attr = config.get('LDAP_UID_ATTR', 'uid')
   email_attr = config.get('LDAP_EMAIL_ATTR', 'mail')
+  requires_email = config.get('FEATURE_MAILING', True)
 
   users = LDAPUsers(ldap_uri, base_dn, admin_dn, admin_passwd, user_rdn, uid_attr, email_attr,
-                    allow_tls_fallback)
+                    allow_tls_fallback, requires_email=requires_email)
 
   username = get_authenticated_user().username
   (result, err_msg) = users.verify_credentials(username, password)
@@ -388,7 +389,8 @@ def _validate_jwt(config, password):
   users = ExternalJWTAuthN(verify_endpoint, query_endpoint, getuser_endpoint, issuer,
                            OVERRIDE_CONFIG_DIRECTORY,
                            app.config['HTTPCLIENT'],
-                           app.config.get('JWT_AUTH_MAX_FRESH_S', 300))
+                           app.config.get('JWT_AUTH_MAX_FRESH_S', 300),
+                           requires_email=config.get('FEATURE_MAILING', True))
 
   # Verify that the superuser exists. If not, raise an exception.
   username = get_authenticated_user().username
@@ -439,7 +441,9 @@ def _validate_keystone(config, password):
   if not admin_tenant:
     raise Exception('Missing admin tenant')
 
-  users = get_keystone_users(auth_version, auth_url, admin_username, admin_password, admin_tenant)
+  requires_email = config.get('FEATURE_MAILING', True)
+  users = get_keystone_users(auth_version, auth_url, admin_username, admin_password, admin_tenant,
+                             requires_email)
 
   # Verify that the superuser exists. If not, raise an exception.
   username = get_authenticated_user().username