diff --git a/actions.json b/actions.json index e3b6513..e283eca 100644 --- a/actions.json +++ b/actions.json @@ -1,26 +1,4 @@ [ - { - "id": "public_private", - "name": "Move to public or private", - "command": "/bin/bash scripts/actions/public_private", - "user": "root", - "accepted_return_codes": [ - 0 - ], - "description": { - "en": "Change the public access of the app." - }, - "arguments": [ - { - "name": "is_public", - "type": "boolean", - "ask": { - "en": "Is it a public app ?" - }, - "default": true - } - ] - }, { "id": "web_account", "name": "External users", diff --git a/conf/gitlab.rb b/conf/gitlab.rb index fbd5051..1b85e1b 100644 --- a/conf/gitlab.rb +++ b/conf/gitlab.rb @@ -502,18 +502,25 @@ gitlab_rails['ldap_enabled'] = true gitlab_rails['ldap_servers'] = YAML.load <<-'EOS' # remember to close this block with 'EOS' below main: # 'main' is the GitLab 'provider ID' of this LDAP server - label: 'LDAP' + label: 'YunoHost LDAP' host: 'localhost' port: 389 uid: 'uid' - encryption: 'plain' # "start_tls" or "simple_tls" or "plain" - bind_dn: '' + encryption: 'plain' # 'start_tls' or 'simple_tls' or 'plain' + bind_dn: 'ou=users,dc=yunohost,dc=org' password: '' active_directory: false allow_username_or_email_login: false block_auto_created_users: false - base: 'ou=users,dc=yunohost,dc=org' - user_filter: '' + base: 'dc=yunohost,dc=org' + user_filter: '(&(objectClass=posixAccount)(permission=cn=gitlab.main,ou=permission,dc=yunohost,dc=org))' + timeout: 10 + attributes: { + username: ['uid', 'sAMAccountName'], + name: 'cn', + first_name: 'givenName', + last_name: 'sn' + } EOS ### Smartcard authentication settings diff --git a/config_panel.json b/config_panel.json index e6d4d84..9366c54 100644 --- a/config_panel.json +++ b/config_panel.json @@ -6,20 +6,6 @@ "name": "GitLab configuration", "id": "main", "sections": [ - { - "name": "Public access", - "id": "is_public", - "options": [ - { - "name": "is_public", - "ask": { - "en": "Is it a public app ?" - }, - "type": "boolean", - "default": true - } - ] - }, { "name": "Overwriting config files", "id": "overwrite_files", diff --git a/manifest.json b/manifest.json index 86f2afa..08a1335 100644 --- a/manifest.json +++ b/manifest.json @@ -14,7 +14,7 @@ "email": "pierre@kayou.io" }, "requirements": { - "yunohost": ">= 4.0.8" + "yunohost": ">= 4.1.5" }, "multi_instance": false, "services": [ diff --git a/scripts/actions/public_private b/scripts/actions/public_private deleted file mode 100644 index 5aa6f5d..0000000 --- a/scripts/actions/public_private +++ /dev/null @@ -1,74 +0,0 @@ -#!/bin/bash - -#================================================= -# GENERIC STARTING -#================================================= -# IMPORT GENERIC HELPERS -#================================================= - -source scripts/_common.sh -source /usr/share/yunohost/helpers - -#================================================= -# RETRIEVE ARGUMENTS -#================================================= - -# Get is_public -is_public=${YNH_ACTION_IS_PUBLIC} - -app=${YNH_APP_INSTANCE_NAME:-$YNH_APP_ID} - -#================================================= -# CHECK IF ARGUMENTS ARE CORRECT -#================================================= - -#================================================= -# CHECK IF AN ACTION HAS TO BE DONE -#================================================= - -is_public_old=$(ynh_app_setting_get --app=$app --key=is_public) - -if [ $is_public -eq $is_public_old ] -then - ynh_die "is_public is already set as $is_public." 0 -fi - -#================================================= -# SPECIFIC ACTION -#================================================= -# MOVE TO PUBLIC OR PRIVATE -#================================================= -if [ $is_public -eq 0 ]; then - public_private="private" -else - public_private="public" -fi -ynh_script_progression --message=--message="Moving the application to $public_private..." --weight=1 - -# Make app public if necessary -if [ $is_public -eq 0 ]; then - ynh_app_setting_delete $app unprotected_uris -else - # unprotected_uris allows SSO credentials to be passed anyway. - ynh_app_setting_set --app=$app --key=unprotected_uris --value="/" -fi - -ynh_script_progression --message=--message="Reconfiguring SSOwat..." --weight=1 -# Regen ssowat configuration -yunohost app ssowatconf - -# Update the config of the app -ynh_app_setting_set --app=$app --key=is_public --value=$is_public - -#================================================= -# RELOAD NGINX -#================================================= -ynh_script_progression --message=--message="Reloading nginx web server..." --weight=1 - -ynh_systemd_action --action=reload --service_name=nginx - -#================================================= -# END OF SCRIPT -#================================================= - -ynh_script_progression --message="Execution completed" --last \ No newline at end of file diff --git a/scripts/config b/scripts/config index 3c927b5..277cb57 100644 --- a/scripts/config +++ b/scripts/config @@ -25,10 +25,6 @@ app=${YNH_APP_INSTANCE_NAME:-$YNH_APP_ID} # If the form has a value for a variable, take the value from the form, # Otherwise, keep the value from the app config. -# is_public -old_is_public="$(ynh_app_setting_get --app=$app --key=is_public)" -is_public="${YNH_CONFIG_MAIN_IS_PUBLIC_IS_PUBLIC:-$old_is_public}" - # Overwrite nginx configuration old_overwrite_nginx="$(ynh_app_setting_get --app=$app --key=overwrite_nginx)" overwrite_nginx="${YNH_CONFIG_MAIN_OVERWRITE_FILES_OVERWRITE_NGINX:-$old_overwrite_nginx}" @@ -45,8 +41,6 @@ show_config() { # here you are supposed to read some config file/database/other then print the values # echo "YNH_CONFIG_${PANEL_ID}_${SECTION_ID}_${OPTION_ID}=value" - ynh_return "YNH_CONFIG_MAIN_IS_PUBLIC_IS_PUBLIC=$is_public" - ynh_return "YNH_CONFIG_MAIN_OVERWRITE_FILES_OVERWRITE_NGINX=$overwrite_nginx" ynh_return "YNH_CONFIG_MAIN_USERS_USE_WEB_ACCOUNT=$use_web_account" @@ -57,9 +51,6 @@ show_config() { #================================================= apply_config() { - # Change public accessibility - yunohost app action run $app public_private --args is_public=$is_public - # Change use_web_account yunohost app action run $app web_account --args use_web_account=$use_web_account diff --git a/scripts/install b/scripts/install index 3583c85..7a99f1a 100644 --- a/scripts/install +++ b/scripts/install @@ -69,7 +69,6 @@ ynh_script_progression --message="Storing installation settings..." --weight=2 ynh_app_setting_set --app=$app --key=admin --value=$admin ynh_app_setting_set --app=$app --key=path --value=$path_url -ynh_app_setting_set --app=$app --key=is_public --value=$is_public ynh_app_setting_set --app=$app --key=use_web_account --value=$use_web_account ynh_app_setting_set --app=$app --key=final_path --value=$final_path ynh_app_setting_set --app=$app --key=config_path --value=$config_path @@ -243,8 +242,7 @@ ynh_script_progression --message="Configuring SSOwat..." --weight=1 # Make app public if necessary if [ $is_public -eq 1 ]; then - # unprotected_uris allows SSO credentials to be passed anyway. - ynh_app_setting_set --app=$app --key=unprotected_uris --value="/" + ynh_permission_update --permission="main" --add "visitors" fi #================================================= diff --git a/scripts/upgrade b/scripts/upgrade index 7cd6573..45ab0ce 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -41,13 +41,9 @@ upgrade_type=$(ynh_check_app_version_changed) # ENSURE DOWNWARD COMPATIBILITY #================================================= -# Fix is_public as a boolean value -if [ "$is_public" = "Yes" ]; then - ynh_app_setting_set --app=$app --key=is_public --value=1 - is_public=1 -elif [ "$is_public" = "No" ]; then - ynh_app_setting_set --app=$app --key=is_public --value=0 - is_public=0 +# Delete is_public if it exists +if [ ! -z $is_public ]; then + ynh_app_setting_delete --app=$app --key=is_public fi # If final_path doesn't exist, create it @@ -330,16 +326,6 @@ fi yunohost service add "gitlab-runsvdir" --log "/var/log/$app/gitlab-rails/application.log" "/var/log/$app/gitlab-rails/api_json.log" "/var/log/$app/gitlab-rails/production.log" "/var/log/$app/gitlab-rails/production_json.log" "/var/log/$app/gitlab-rails/sidekiq.log" "/var/log/$app/puma/puma_stderr.log" "/var/log/$app/puma/current" "/var/log/$app/alertmanager/current" "/var/log/$app/gitaly/current" "/var/log/$app/gitlab-monitor/current" "/var/log/$app/gitlab-shell/gitlab-shell.log" "/var/log/$app/gitlab-workhorse/current" "/var/log/$app/logrotate/current" "/var/log/$app/nginx/current" "/var/log/$app/nginx/access.log" "/var/log/$app/nginx/error.log" "/var/log/$app/nginx/gitlab_access.log" "/var/log/$app/nginx/gitlab_error.log" "/var/log/$app/node-exporter/current" "/var/log/$app/postgres-exporter/current" "/var/log/$app/postgresql/current" "/var/log/$app/prometheus/current" "/var/log/$app/redis/current" "/var/log/$app/redis-exporter/current" -#================================================= -# SETUP SSOWAT -#================================================= - -# If app is public, add url to SSOWat conf as skipped_uris -if [ $is_public -eq 1 ]; then - # See install script - ynh_app_setting_set --app="$app" --key=unprotected_uris --value="/" -fi - #================================================= # WAITING GITLAB #================================================= diff --git a/upgrade-versions.sh b/upgrade-versions.sh index 235502f..0f6ea7d 100755 --- a/upgrade-versions.sh +++ b/upgrade-versions.sh @@ -82,18 +82,25 @@ from_file '/etc/gitlab/gitlab-persistent.rb'" ldap_conf=" gitlab_rails['ldap_servers'] = YAML.load <<-'EOS' # remember to close this block with 'EOS' below main: # 'main' is the GitLab 'provider ID' of this LDAP server - label: 'LDAP' + label: 'YunoHost LDAP' host: 'localhost' port: 389 uid: 'uid' - encryption: 'plain' # \"start_tls\" or \"simple_tls\" or \"plain\" - bind_dn: '' + encryption: 'plain' # 'start_tls' or 'simple_tls' or 'plain' + bind_dn: 'ou=users,dc=yunohost,dc=org' password: '' active_directory: false allow_username_or_email_login: false block_auto_created_users: false - base: 'ou=users,dc=yunohost,dc=org' - user_filter: '' + base: 'dc=yunohost,dc=org' + user_filter: '(&(objectClass=posixAccount)(permission=cn=gitlab.main,ou=permission,dc=yunohost,dc=org))' + timeout: 10 + attributes: { + username: ['uid', 'sAMAccountName'], + name: 'cn', + first_name: 'givenName', + last_name: 'sn' + } EOS" # Add ldap conf