Commit f318b7226b726c1067bff912860ee46452a4c397
Exists in
master
and in
9 other branches
Merge branch 'omniauth' into 'master'
Omniauth
Showing
4 changed files
with
31 additions
and
3 deletions
Show diff stats
CHANGELOG
| @@ -3,6 +3,7 @@ | @@ -3,6 +3,7 @@ | ||
| 3 | - Support AWS S3 attachment storage | 3 | - Support AWS S3 attachment storage |
| 4 | - Send application email via SMTP | 4 | - Send application email via SMTP |
| 5 | - Support changing the name of the "git" user / group (Michael Fenn) | 5 | - Support changing the name of the "git" user / group (Michael Fenn) |
| 6 | +- Configure omniauth in gitlab.yml | ||
| 6 | 7 | ||
| 7 | 6.9.0 | 8 | 6.9.0 |
| 8 | - Make SSH port in clone URLs configurable (Julien Pivotto) | 9 | - Make SSH port in clone URLs configurable (Julien Pivotto) |
README.md
| @@ -328,6 +328,26 @@ gitlab_rails['smtp_authentication'] = "login" | @@ -328,6 +328,26 @@ gitlab_rails['smtp_authentication'] = "login" | ||
| 328 | gitlab_rails['smtp_enable_starttls_auto'] = true | 328 | gitlab_rails['smtp_enable_starttls_auto'] = true |
| 329 | ``` | 329 | ``` |
| 330 | 330 | ||
| 331 | +### Omniauth (Google, Twitter, GitHub login) | ||
| 332 | + | ||
| 333 | +Omniauth configuration is documented on | ||
| 334 | +[doc.gitlab.com](http://doc.gitlab.com/ce/integration/omniauth.html). To effect | ||
| 335 | +the necessary changes in `gitlab.yml`, use the following syntax in | ||
| 336 | +`/etc/gitlab/gitlab.rb`. Note that the providers are specified as an array of | ||
| 337 | +Ruby hashes. | ||
| 338 | + | ||
| 339 | +```ruby | ||
| 340 | +gitlab_rails['omniauth_enabled'] = true | ||
| 341 | +gitlab_rails['omniauth_providers'] = [ | ||
| 342 | + { | ||
| 343 | + "name" => "google_oauth2", | ||
| 344 | + "app_id" => "YOUR APP ID", | ||
| 345 | + "app_secret" => "YOUR APP SECRET", | ||
| 346 | + "args" => { "access_type" => "offline", "approval_prompt" => "" } | ||
| 347 | + } | ||
| 348 | +] | ||
| 349 | +``` | ||
| 350 | + | ||
| 331 | ## Backups | 351 | ## Backups |
| 332 | 352 | ||
| 333 | ### Creating an application backup | 353 | ### Creating an application backup |
files/gitlab-cookbooks/gitlab/attributes/default.rb
| @@ -90,6 +90,10 @@ default['gitlab']['gitlab-rails']['ldap_password'] = nil | @@ -90,6 +90,10 @@ default['gitlab']['gitlab-rails']['ldap_password'] = nil | ||
| 90 | default['gitlab']['gitlab-rails']['ldap_allow_username_or_email_login'] = nil | 90 | default['gitlab']['gitlab-rails']['ldap_allow_username_or_email_login'] = nil |
| 91 | default['gitlab']['gitlab-rails']['ldap_user_filter'] = nil | 91 | default['gitlab']['gitlab-rails']['ldap_user_filter'] = nil |
| 92 | default['gitlab']['gitlab-rails']['ldap_group_base'] = nil | 92 | default['gitlab']['gitlab-rails']['ldap_group_base'] = nil |
| 93 | +default['gitlab']['gitlab-rails']['omniauth_enabled'] = false | ||
| 94 | +default['gitlab']['gitlab-rails']['omniauth_allow_single_sign_on'] = nil | ||
| 95 | +default['gitlab']['gitlab-rails']['omniauth_block_auto_created_users'] = nil | ||
| 96 | +default['gitlab']['gitlab-rails']['omniauth_providers'] = [] | ||
| 93 | default['gitlab']['gitlab-rails']['satellites_path'] = "/var/opt/gitlab/git-data/gitlab-satellites" | 97 | default['gitlab']['gitlab-rails']['satellites_path'] = "/var/opt/gitlab/git-data/gitlab-satellites" |
| 94 | default['gitlab']['gitlab-rails']['backup_path'] = "/var/opt/gitlab/backups" | 98 | default['gitlab']['gitlab-rails']['backup_path'] = "/var/opt/gitlab/backups" |
| 95 | default['gitlab']['gitlab-rails']['backup_keep_time'] = nil | 99 | default['gitlab']['gitlab-rails']['backup_keep_time'] = nil |
files/gitlab-cookbooks/gitlab/templates/default/gitlab.yml.erb
| @@ -167,14 +167,14 @@ production: &base | @@ -167,14 +167,14 @@ production: &base | ||
| 167 | ## OmniAuth settings | 167 | ## OmniAuth settings |
| 168 | omniauth: | 168 | omniauth: |
| 169 | # Allow login via Twitter, Google, etc. using OmniAuth providers | 169 | # Allow login via Twitter, Google, etc. using OmniAuth providers |
| 170 | - enabled: false | 170 | + enabled: <%= @omniauth_enabled %> |
| 171 | 171 | ||
| 172 | # CAUTION! | 172 | # CAUTION! |
| 173 | # This allows users to login without having a user account first (default: false). | 173 | # This allows users to login without having a user account first (default: false). |
| 174 | # User accounts will be created automatically when authentication was successful. | 174 | # User accounts will be created automatically when authentication was successful. |
| 175 | - allow_single_sign_on: false | 175 | + allow_single_sign_on: <%= @omniauth_allow_single_sign_on %> |
| 176 | # Locks down those users until they have been cleared by the admin (default: true). | 176 | # Locks down those users until they have been cleared by the admin (default: true). |
| 177 | - block_auto_created_users: true | 177 | + block_auto_created_users: <%= @omniauth_block_auto_created_users %> |
| 178 | 178 | ||
| 179 | ## Auth providers | 179 | ## Auth providers |
| 180 | # Uncomment the following lines and fill in the data of the auth provider you want to use | 180 | # Uncomment the following lines and fill in the data of the auth provider you want to use |
| @@ -192,6 +192,9 @@ production: &base | @@ -192,6 +192,9 @@ production: &base | ||
| 192 | # - { name: 'github', app_id: 'YOUR APP ID', | 192 | # - { name: 'github', app_id: 'YOUR APP ID', |
| 193 | # app_secret: 'YOUR APP SECRET', | 193 | # app_secret: 'YOUR APP SECRET', |
| 194 | # args: { scope: 'user:email' } } | 194 | # args: { scope: 'user:email' } } |
| 195 | +<% @omniauth_providers.each do |provider| %> | ||
| 196 | + - <%= provider.to_json %> | ||
| 197 | +<% end %> | ||
| 195 | 198 | ||
| 196 | 199 | ||
| 197 | 200 |