Download as
Browse Code »

Commit f318b7226b726c1067bff912860ee46452a4c397

Authored by Jacob Vosmaer
2 parents 2dee7e19 ac485e30
Exists in master and in 9 other branches 7-0-stable, 7-0-stable-ee, 7-0-stable-spb, 7-1-stable, 7-1-stable-ee, 7-2-stable, 7-2-stable-ee, branch_test, nginx_ssl_tweaks

Merge branch 'omniauth' into 'master' 

Omniauth
Showing 4 changed files with 31 additions and 3 deletions   Show diff stats
CHANGELOG
  Diff comments   View file @f318b72
... ... @@ -3,6 +3,7 @@
3 3 - Support AWS S3 attachment storage
4 4 - Send application email via SMTP
5 5 - Support changing the name of the "git" user / group (Michael Fenn)
  6 +- Configure omniauth in gitlab.yml
6 7  
7 8 6.9.0
8 9 - Make SSH port in clone URLs configurable (Julien Pivotto)
... ...
README.md
  Diff comments   View file @f318b72
... ... @@ -328,6 +328,26 @@ gitlab_rails['smtp_authentication'] = "login"
328 328 gitlab_rails['smtp_enable_starttls_auto'] = true
329 329 ```
330 330  
  331 +### Omniauth (Google, Twitter, GitHub login)
  332 +
  333 +Omniauth configuration is documented on
  334 +[doc.gitlab.com](http://doc.gitlab.com/ce/integration/omniauth.html). To effect
  335 +the necessary changes in `gitlab.yml`, use the following syntax in
  336 +`/etc/gitlab/gitlab.rb`. Note that the providers are specified as an array of
  337 +Ruby hashes.
  338 +
  339 +```ruby
  340 +gitlab_rails['omniauth_enabled'] = true
  341 +gitlab_rails['omniauth_providers'] = [
  342 + {
  343 + "name" => "google_oauth2",
  344 + "app_id" => "YOUR APP ID",
  345 + "app_secret" => "YOUR APP SECRET",
  346 + "args" => { "access_type" => "offline", "approval_prompt" => "" }
  347 + }
  348 +]
  349 +```
  350 +
331 351 ## Backups
332 352  
333 353 ### Creating an application backup
... ...
files/gitlab-cookbooks/gitlab/attributes/default.rb
  Diff comments   View file @f318b72
... ... @@ -90,6 +90,10 @@ default['gitlab']['gitlab-rails']['ldap_password'] = nil
90 90 default['gitlab']['gitlab-rails']['ldap_allow_username_or_email_login'] = nil
91 91 default['gitlab']['gitlab-rails']['ldap_user_filter'] = nil
92 92 default['gitlab']['gitlab-rails']['ldap_group_base'] = nil
  93 +default['gitlab']['gitlab-rails']['omniauth_enabled'] = false
  94 +default['gitlab']['gitlab-rails']['omniauth_allow_single_sign_on'] = nil
  95 +default['gitlab']['gitlab-rails']['omniauth_block_auto_created_users'] = nil
  96 +default['gitlab']['gitlab-rails']['omniauth_providers'] = []
93 97 default['gitlab']['gitlab-rails']['satellites_path'] = "/var/opt/gitlab/git-data/gitlab-satellites"
94 98 default['gitlab']['gitlab-rails']['backup_path'] = "/var/opt/gitlab/backups"
95 99 default['gitlab']['gitlab-rails']['backup_keep_time'] = nil
... ...
files/gitlab-cookbooks/gitlab/templates/default/gitlab.yml.erb
  Diff comments   View file @f318b72
... ... @@ -167,14 +167,14 @@ production: &base
167 167 ## OmniAuth settings
168 168 omniauth:
169 169 # Allow login via Twitter, Google, etc. using OmniAuth providers
170   - enabled: false
  170 + enabled: <%= @omniauth_enabled %>
171 171  
172 172 # CAUTION!
173 173 # This allows users to login without having a user account first (default: false).
174 174 # User accounts will be created automatically when authentication was successful.
175   - allow_single_sign_on: false
  175 + allow_single_sign_on: <%= @omniauth_allow_single_sign_on %>
176 176 # Locks down those users until they have been cleared by the admin (default: true).
177   - block_auto_created_users: true
  177 + block_auto_created_users: <%= @omniauth_block_auto_created_users %>
178 178  
179 179 ## Auth providers
180 180 # Uncomment the following lines and fill in the data of the auth provider you want to use
... ... @@ -192,6 +192,9 @@ production: &amp;base
192 192 # - { name: 'github', app_id: 'YOUR APP ID',
193 193 # app_secret: 'YOUR APP SECRET',
194 194 # args: { scope: 'user:email' } }
  195 +<% @omniauth_providers.each do |provider| %>
  196 + - <%= provider.to_json %>
  197 +<% end %>
195 198  
196 199  
197 200  
... ...