2024-09-03 18:36:35 +02:00 · 2021-01-19 11:31:44 +01:00 · 2021-01-19 11:31:44 +01:00 · 22fdef325c
commit 22fdef325c
parent 7682c12036 403cda1dcf
9 changed files with 29 additions and 150 deletions
--- a/actions.json
+++ b/actions.json
@ -1,26 +1,4 @@
 [
-    {
-        "id": "public_private",
-        "name": "Move to public or private",
-        "command": "/bin/bash scripts/actions/public_private",
-        "user": "root",
-        "accepted_return_codes": [
-            0
-        ],
-        "description": {
-            "en": "Change the public access of the app."
-        },
-        "arguments": [
-            {
-                "name": "is_public",
-                "type": "boolean",
-                "ask": {
-                    "en": "Is it a public app ?"
-                },
-                "default": true
-            }
-        ]
-    },
    {
        "id": "web_account",
        "name": "External users",
--- a/conf/gitlab.rb
+++ b/conf/gitlab.rb
@ -502,18 +502,25 @@ gitlab_rails['ldap_enabled'] = true

 gitlab_rails['ldap_servers'] = YAML.load <<-'EOS' # remember to close this block with 'EOS' below
  main: # 'main' is the GitLab 'provider ID' of this LDAP server
-    label: 'LDAP'
+    label: 'YunoHost LDAP'
    host: 'localhost'
    port: 389
    uid: 'uid'
-    encryption: 'plain' # "start_tls" or "simple_tls" or "plain"
-    bind_dn: ''
+    encryption: 'plain' # 'start_tls' or 'simple_tls' or 'plain'
+    bind_dn: 'ou=users,dc=yunohost,dc=org'
    password: ''
    active_directory: false
    allow_username_or_email_login: false
    block_auto_created_users: false
-    base: 'ou=users,dc=yunohost,dc=org'
-    user_filter: ''
+    base: 'dc=yunohost,dc=org'
+    user_filter: '(&(objectClass=posixAccount)(permission=cn=gitlab.main,ou=permission,dc=yunohost,dc=org))'
+    timeout: 10
+    attributes: {
+      username: ['uid', 'sAMAccountName'],
+      name: 'cn',
+      first_name: 'givenName',
+      last_name: 'sn'
+    }
 EOS

 ### Smartcard authentication settings
--- a/config_panel.json
+++ b/config_panel.json
@ -6,20 +6,6 @@
            "name": "GitLab configuration",
            "id": "main",
            "sections": [
-                {
-                    "name": "Public access",
-                    "id": "is_public",
-                    "options": [
-                        {
-                            "name": "is_public",
-                            "ask": {
-                                "en": "Is it a public app ?"
-                            },
-                            "type": "boolean",
-                            "default": true
-                        }
-                    ]
-                },
                {
                    "name": "Overwriting config files",
                    "id": "overwrite_files",
--- a/manifest.json
+++ b/manifest.json
@ -14,7 +14,7 @@
        "email": "pierre@kayou.io"
    },
    "requirements": {
-        "yunohost": ">= 4.0.8"
+        "yunohost": ">= 4.1.5"
    },
    "multi_instance": false,
    "services": [
--- a/scripts/actions/public_private
+++ b/scripts/actions/public_private
@ -1,74 +0,0 @@
-#!/bin/bash
-
-#=================================================
-# GENERIC STARTING
-#=================================================
-# IMPORT GENERIC HELPERS
-#=================================================
-
-source scripts/_common.sh
-source /usr/share/yunohost/helpers
-
-#=================================================
-# RETRIEVE ARGUMENTS
-#=================================================
-
-# Get is_public
-is_public=${YNH_ACTION_IS_PUBLIC}
-
-app=${YNH_APP_INSTANCE_NAME:-$YNH_APP_ID}
-
-#=================================================
-# CHECK IF ARGUMENTS ARE CORRECT
-#=================================================
-
-#=================================================
-# CHECK IF AN ACTION HAS TO BE DONE
-#=================================================
-
-is_public_old=$(ynh_app_setting_get --app=$app --key=is_public)
-
-if [ $is_public -eq $is_public_old ]
-then
-	ynh_die "is_public is already set as $is_public." 0
-fi
-
-#=================================================
-# SPECIFIC ACTION
-#=================================================
-# MOVE TO PUBLIC OR PRIVATE
-#=================================================
-if [ $is_public -eq 0 ]; then
-	public_private="private"
-else
-	public_private="public"
-fi
-ynh_script_progression --message=--message="Moving the application to $public_private..." --weight=1
-
-# Make app public if necessary
-if [ $is_public -eq 0 ]; then
-	ynh_app_setting_delete $app unprotected_uris
-else
-	# unprotected_uris allows SSO credentials to be passed anyway.
-	ynh_app_setting_set --app=$app --key=unprotected_uris --value="/"
-fi
-
-ynh_script_progression --message=--message="Reconfiguring SSOwat..." --weight=1
-# Regen ssowat configuration
-yunohost app ssowatconf
-
-# Update the config of the app
-ynh_app_setting_set --app=$app --key=is_public --value=$is_public
-
-#=================================================
-# RELOAD NGINX
-#=================================================
-ynh_script_progression --message=--message="Reloading nginx web server..." --weight=1
-
-ynh_systemd_action --action=reload --service_name=nginx
-
-#=================================================
-# END OF SCRIPT
-#=================================================
-
-ynh_script_progression --message="Execution completed" --last
--- a/scripts/config
+++ b/scripts/config
@ -25,10 +25,6 @@ app=${YNH_APP_INSTANCE_NAME:-$YNH_APP_ID}
 # If the form has a value for a variable, take the value from the form,
 # Otherwise, keep the value from the app config.

-# is_public
-old_is_public="$(ynh_app_setting_get --app=$app --key=is_public)"
-is_public="${YNH_CONFIG_MAIN_IS_PUBLIC_IS_PUBLIC:-$old_is_public}"
-
 # Overwrite nginx configuration
 old_overwrite_nginx="$(ynh_app_setting_get --app=$app --key=overwrite_nginx)"
 overwrite_nginx="${YNH_CONFIG_MAIN_OVERWRITE_FILES_OVERWRITE_NGINX:-$old_overwrite_nginx}"
@ -45,8 +41,6 @@ show_config() {
 	# here you are supposed to read some config file/database/other then print the values
 	# echo "YNH_CONFIG_${PANEL_ID}_${SECTION_ID}_${OPTION_ID}=value"

-	ynh_return "YNH_CONFIG_MAIN_IS_PUBLIC_IS_PUBLIC=$is_public"
-
 	ynh_return "YNH_CONFIG_MAIN_OVERWRITE_FILES_OVERWRITE_NGINX=$overwrite_nginx"

 	ynh_return "YNH_CONFIG_MAIN_USERS_USE_WEB_ACCOUNT=$use_web_account"
@ -57,9 +51,6 @@ show_config() {
 #=================================================

 apply_config() {
-	# Change public accessibility
-	yunohost app action run $app public_private --args is_public=$is_public
-
 	# Change use_web_account
 	yunohost app action run $app web_account --args use_web_account=$use_web_account

--- a/scripts/install
+++ b/scripts/install
@ -69,7 +69,6 @@ ynh_script_progression --message="Storing installation settings..." --weight=2

 ynh_app_setting_set --app=$app --key=admin --value=$admin
 ynh_app_setting_set --app=$app --key=path --value=$path_url
-ynh_app_setting_set --app=$app --key=is_public --value=$is_public
 ynh_app_setting_set --app=$app --key=use_web_account --value=$use_web_account
 ynh_app_setting_set --app=$app --key=final_path --value=$final_path
 ynh_app_setting_set --app=$app --key=config_path --value=$config_path
@ -243,8 +242,7 @@ ynh_script_progression --message="Configuring SSOwat..." --weight=1

 # Make app public if necessary
 if [ $is_public -eq 1 ]; then
-	# unprotected_uris allows SSO credentials to be passed anyway.
-	ynh_app_setting_set --app=$app --key=unprotected_uris --value="/"
+	ynh_permission_update --permission="main" --add "visitors"
 fi

 #=================================================
--- a/scripts/upgrade
+++ b/scripts/upgrade
@ -41,13 +41,9 @@ upgrade_type=$(ynh_check_app_version_changed)
 # ENSURE DOWNWARD COMPATIBILITY
 #=================================================

-# Fix is_public as a boolean value
-if [ "$is_public" = "Yes" ]; then
-	ynh_app_setting_set --app=$app --key=is_public --value=1
-	is_public=1
-elif [ "$is_public" = "No" ]; then
-	ynh_app_setting_set --app=$app --key=is_public --value=0
-	is_public=0
+# Delete is_public if it exists
+if [ ! -z $is_public ]; then
+	ynh_app_setting_delete --app=$app --key=is_public
 fi

 # If final_path doesn't exist, create it
@ -330,16 +326,6 @@ fi

 yunohost service add "gitlab-runsvdir" --log "/var/log/$app/gitlab-rails/application.log" "/var/log/$app/gitlab-rails/api_json.log" "/var/log/$app/gitlab-rails/production.log" "/var/log/$app/gitlab-rails/production_json.log" "/var/log/$app/gitlab-rails/sidekiq.log" "/var/log/$app/puma/puma_stderr.log" "/var/log/$app/puma/current" "/var/log/$app/alertmanager/current" "/var/log/$app/gitaly/current" "/var/log/$app/gitlab-monitor/current" "/var/log/$app/gitlab-shell/gitlab-shell.log" "/var/log/$app/gitlab-workhorse/current" "/var/log/$app/logrotate/current" "/var/log/$app/nginx/current" "/var/log/$app/nginx/access.log" "/var/log/$app/nginx/error.log" "/var/log/$app/nginx/gitlab_access.log" "/var/log/$app/nginx/gitlab_error.log" "/var/log/$app/node-exporter/current" "/var/log/$app/postgres-exporter/current" "/var/log/$app/postgresql/current" "/var/log/$app/prometheus/current" "/var/log/$app/redis/current" "/var/log/$app/redis-exporter/current"

-#=================================================
-# SETUP SSOWAT
-#=================================================
-
-# If app is public, add url to SSOWat conf as skipped_uris
-if [ $is_public -eq 1 ]; then
-	# See install script
-	ynh_app_setting_set --app="$app" --key=unprotected_uris --value="/"
-fi
-
 #=================================================
 # WAITING GITLAB
 #=================================================
--- a/upgrade-versions.sh
+++ b/upgrade-versions.sh
@ -82,18 +82,25 @@ from_file '/etc/gitlab/gitlab-persistent.rb'"
    ldap_conf="
 gitlab_rails['ldap_servers'] = YAML.load <<-'EOS' # remember to close this block with 'EOS' below
  main: # 'main' is the GitLab 'provider ID' of this LDAP server
-    label: 'LDAP'
+    label: 'YunoHost LDAP'
    host: 'localhost'
    port: 389
    uid: 'uid'
-    encryption: 'plain' # \"start_tls\" or \"simple_tls\" or \"plain\"
-    bind_dn: ''
+    encryption: 'plain' # 'start_tls' or 'simple_tls' or 'plain'
+    bind_dn: 'ou=users,dc=yunohost,dc=org'
    password: ''
    active_directory: false
    allow_username_or_email_login: false
    block_auto_created_users: false
-    base: 'ou=users,dc=yunohost,dc=org'
-    user_filter: ''
+    base: 'dc=yunohost,dc=org'
+    user_filter: '(&(objectClass=posixAccount)(permission=cn=gitlab.main,ou=permission,dc=yunohost,dc=org))'
+    timeout: 10
+    attributes: {
+      username: ['uid', 'sAMAccountName'],
+      name: 'cn',
+      first_name: 'givenName',
+      last_name: 'sn'
+    }
 EOS"

    # Add ldap conf