From 872e308bc2cf76e8a0b27dfb42ee5611127a8035 Mon Sep 17 00:00:00 2001 From: Kay0u Date: Wed, 6 Nov 2019 21:39:26 +0900 Subject: [PATCH 1/6] Use new permission system --- actions.json | 22 ---------- config_panel.json | 14 ------- manifest.json | 2 +- scripts/actions/public_private | 74 ---------------------------------- scripts/config | 9 ----- scripts/install | 3 +- scripts/upgrade | 5 +-- 7 files changed, 4 insertions(+), 125 deletions(-) delete mode 100644 scripts/actions/public_private diff --git a/actions.json b/actions.json index e3b6513..e283eca 100644 --- a/actions.json +++ b/actions.json @@ -1,26 +1,4 @@ [ - { - "id": "public_private", - "name": "Move to public or private", - "command": "/bin/bash scripts/actions/public_private", - "user": "root", - "accepted_return_codes": [ - 0 - ], - "description": { - "en": "Change the public access of the app." - }, - "arguments": [ - { - "name": "is_public", - "type": "boolean", - "ask": { - "en": "Is it a public app ?" - }, - "default": true - } - ] - }, { "id": "web_account", "name": "External users", diff --git a/config_panel.json b/config_panel.json index 965a554..67fef52 100644 --- a/config_panel.json +++ b/config_panel.json @@ -6,20 +6,6 @@ "name": "GitLab configuration", "id": "main", "sections": [ - { - "name": "Public access", - "id": "is_public", - "options": [ - { - "name": "is_public", - "ask": { - "en": "Is it a public app ?" - }, - "type": "boolean", - "default": true - } - ] - }, { "name": "Overwriting config files", "id": "overwrite_files", diff --git a/manifest.json b/manifest.json index 26f5bab..c0fcad1 100644 --- a/manifest.json +++ b/manifest.json @@ -14,7 +14,7 @@ "email": "pierre@kayou.io" }, "requirements": { - "yunohost": ">= 3.6.0" + "yunohost": ">= 3.7.0" }, "multi_instance": false, "services": [ diff --git a/scripts/actions/public_private b/scripts/actions/public_private deleted file mode 100644 index 5aa6f5d..0000000 --- a/scripts/actions/public_private +++ /dev/null @@ -1,74 +0,0 @@ -#!/bin/bash - -#================================================= -# GENERIC STARTING -#================================================= -# IMPORT GENERIC HELPERS -#================================================= - -source scripts/_common.sh -source /usr/share/yunohost/helpers - -#================================================= -# RETRIEVE ARGUMENTS -#================================================= - -# Get is_public -is_public=${YNH_ACTION_IS_PUBLIC} - -app=${YNH_APP_INSTANCE_NAME:-$YNH_APP_ID} - -#================================================= -# CHECK IF ARGUMENTS ARE CORRECT -#================================================= - -#================================================= -# CHECK IF AN ACTION HAS TO BE DONE -#================================================= - -is_public_old=$(ynh_app_setting_get --app=$app --key=is_public) - -if [ $is_public -eq $is_public_old ] -then - ynh_die "is_public is already set as $is_public." 0 -fi - -#================================================= -# SPECIFIC ACTION -#================================================= -# MOVE TO PUBLIC OR PRIVATE -#================================================= -if [ $is_public -eq 0 ]; then - public_private="private" -else - public_private="public" -fi -ynh_script_progression --message=--message="Moving the application to $public_private..." --weight=1 - -# Make app public if necessary -if [ $is_public -eq 0 ]; then - ynh_app_setting_delete $app unprotected_uris -else - # unprotected_uris allows SSO credentials to be passed anyway. - ynh_app_setting_set --app=$app --key=unprotected_uris --value="/" -fi - -ynh_script_progression --message=--message="Reconfiguring SSOwat..." --weight=1 -# Regen ssowat configuration -yunohost app ssowatconf - -# Update the config of the app -ynh_app_setting_set --app=$app --key=is_public --value=$is_public - -#================================================= -# RELOAD NGINX -#================================================= -ynh_script_progression --message=--message="Reloading nginx web server..." --weight=1 - -ynh_systemd_action --action=reload --service_name=nginx - -#================================================= -# END OF SCRIPT -#================================================= - -ynh_script_progression --message="Execution completed" --last \ No newline at end of file diff --git a/scripts/config b/scripts/config index efaa386..35a0416 100644 --- a/scripts/config +++ b/scripts/config @@ -25,10 +25,6 @@ app=${YNH_APP_INSTANCE_NAME:-$YNH_APP_ID} # If the form has a value for a variable, take the value from the form, # Otherwise, keep the value from the app config. -# is_public -old_is_public="$(ynh_app_setting_get --app=$app --key=is_public)" -is_public="${YNH_CONFIG_MAIN_IS_PUBLIC_IS_PUBLIC:-$old_is_public}" - # Overwrite nginx configuration old_overwrite_nginx="$(ynh_app_setting_get --app=$app --key=overwrite_nginx)" overwrite_nginx="${YNH_CONFIG_MAIN_OVERWRITE_FILES_OVERWRITE_NGINX:-$old_overwrite_nginx}" @@ -70,8 +66,6 @@ show_config() { # here you are supposed to read some config file/database/other then print the values # echo "YNH_CONFIG_${PANEL_ID}_${SECTION_ID}_${OPTION_ID}=value" - ynh_return "YNH_CONFIG_MAIN_IS_PUBLIC_IS_PUBLIC=$is_public" - ynh_return "YNH_CONFIG_MAIN_OVERWRITE_FILES_OVERWRITE_NGINX=$overwrite_nginx" ynh_return "YNH_CONFIG_MAIN_USERS_USE_WEB_ACCOUNT=$use_web_account" @@ -98,9 +92,6 @@ show_config() { #================================================= apply_config() { - # Change public accessibility - yunohost app action run $app public_private --args is_public=$is_public - # Change use_web_account yunohost app action run $app web_account --args use_web_account=$use_web_account diff --git a/scripts/install b/scripts/install index bdf5ae8..4cc23d2 100644 --- a/scripts/install +++ b/scripts/install @@ -253,8 +253,7 @@ ynh_script_progression --message="Configuring SSOwat..." --weight=1 # Make app public if necessary if [ $is_public -eq 1 ]; then - # unprotected_uris allows SSO credentials to be passed anyway. - ynh_app_setting_set --app=$app --key=unprotected_uris --value="/" + ynh_permission_update --permission "main" --remove "all_users" --add "visitors" fi #================================================= diff --git a/scripts/upgrade b/scripts/upgrade index 7d9df73..b02ce09 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -356,10 +356,9 @@ yunohost service add "gitlab-runsvdir" --log "/var/log/$app/gitlab-rails/applica # SETUP SSOWAT #================================================= -# If app is public, add url to SSOWat conf as skipped_uris +# Make app public if necessary if [ $is_public -eq 1 ]; then - # See install script - ynh_app_setting_set --app="$app" --key=unprotected_uris --value="/" + ynh_permission_update --permission "main" --remove "all_users" --add "visitors" fi #================================================= From 0f493a1dafbd92242ed4f2397357beba0e8b524b Mon Sep 17 00:00:00 2001 From: Kay0u Date: Thu, 7 Nov 2019 18:55:15 +0900 Subject: [PATCH 2/6] Don't store is_public --- scripts/install | 1 - scripts/upgrade | 17 ++--------------- 2 files changed, 2 insertions(+), 16 deletions(-) diff --git a/scripts/install b/scripts/install index 4cc23d2..1c498ef 100644 --- a/scripts/install +++ b/scripts/install @@ -67,7 +67,6 @@ ynh_script_progression --message="Storing installation settings..." --weight=2 ynh_app_setting_set --app=$app --key=admin --value=$admin ynh_app_setting_set --app=$app --key=path --value=$path_url -ynh_app_setting_set --app=$app --key=is_public --value=$is_public ynh_app_setting_set --app=$app --key=use_web_account --value=$use_web_account ynh_app_setting_set --app=$app --key=final_path --value=$final_path ynh_app_setting_set --app=$app --key=config_path --value=$config_path diff --git a/scripts/upgrade b/scripts/upgrade index b02ce09..a42a100 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -53,12 +53,8 @@ upgrade_type=$(ynh_check_app_version_changed) #================================================= # Fix is_public as a boolean value -if [ "$is_public" = "Yes" ]; then - ynh_app_setting_set --app=$app --key=is_public --value=1 - is_public=1 -elif [ "$is_public" = "No" ]; then - ynh_app_setting_set --app=$app --key=is_public --value=0 - is_public=0 +if [ ! -z $is_public ]; then + ynh_app_setting_delete --app=$app --key=is_public fi # If final_path doesn't exist, create it @@ -352,15 +348,6 @@ fi yunohost service add "gitlab-runsvdir" --log "/var/log/$app/gitlab-rails/application.log" "/var/log/$app/gitlab-rails/api_json.log" "/var/log/$app/gitlab-rails/production.log" "/var/log/$app/gitlab-rails/production_json.log" "/var/log/$app/gitlab-rails/sidekiq.log" "/var/log/$app/unicorn/unicorn_stderr.log" "/var/log/$app/unicorn/current" "/var/log/$app/alertmanager/current" "/var/log/$app/gitaly/current" "/var/log/$app/gitlab-monitor/current" "/var/log/$app/gitlab-shell/gitlab-shell.log" "/var/log/$app/gitlab-workhorse/current" "/var/log/$app/logrotate/current" "/var/log/$app/nginx/current" "/var/log/$app/nginx/access.log" "/var/log/$app/nginx/error.log" "/var/log/$app/nginx/gitlab_access.log" "/var/log/$app/nginx/gitlab_error.log" "/var/log/$app/node-exporter/current" "/var/log/$app/postgres-exporter/current" "/var/log/$app/postgresql/current" "/var/log/$app/prometheus/current" "/var/log/$app/redis/current" "/var/log/$app/redis-exporter/current" -#================================================= -# SETUP SSOWAT -#================================================= - -# Make app public if necessary -if [ $is_public -eq 1 ]; then - ynh_permission_update --permission "main" --remove "all_users" --add "visitors" -fi - #================================================= # WAITING GITLAB #================================================= From d5ab49e68e5c88d3ebc7f8f53cf805439cac7283 Mon Sep 17 00:00:00 2001 From: Kay0u Date: Thu, 7 Nov 2019 18:55:30 +0900 Subject: [PATCH 3/6] Update LDAP conf --- conf/gitlab.rb | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/conf/gitlab.rb b/conf/gitlab.rb index b81c81e..7574900 100644 --- a/conf/gitlab.rb +++ b/conf/gitlab.rb @@ -359,18 +359,18 @@ gitlab_rails['ldap_enabled'] = true gitlab_rails['ldap_servers'] = YAML.load <<-'EOS' # remember to close this block with 'EOS' below main: # 'main' is the GitLab 'provider ID' of this LDAP server - label: 'LDAP' + label: 'YunoHost LDAP' host: 'localhost' port: 389 uid: 'uid' encryption: 'plain' # "start_tls" or "simple_tls" or "plain" - bind_dn: '' + bind_dn: 'ou=users,dc=yunohost,dc=org' password: '' active_directory: false allow_username_or_email_login: false block_auto_created_users: false - base: 'ou=users,dc=yunohost,dc=org' - user_filter: '' + base: 'dc=yunohost,dc=org' + user_filter: '(&(objectClass=posixAccount))' # group_base is only available in GitLab Enterprise Edition, so I can't add (permission=cn=gitlab.main,ou=permission,dc=yunohost,dc=org) EOS ### Smartcard authentication settings From f7e915b9bd585234e59a8b51ca359899bf6f267d Mon Sep 17 00:00:00 2001 From: Kay0u Date: Thu, 7 Nov 2019 19:22:54 +0900 Subject: [PATCH 4/6] Update comment --- scripts/upgrade | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/upgrade b/scripts/upgrade index a42a100..b434476 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -52,7 +52,7 @@ upgrade_type=$(ynh_check_app_version_changed) # ENSURE DOWNWARD COMPATIBILITY #================================================= -# Fix is_public as a boolean value +# Delete is_public if it exists if [ ! -z $is_public ]; then ynh_app_setting_delete --app=$app --key=is_public fi From b1878109ffb84dfa6b9d5693f353a4569e27e61d Mon Sep 17 00:00:00 2001 From: Kay0u Date: Fri, 22 Nov 2019 22:18:28 +0900 Subject: [PATCH 5/6] Fix LDAP --- conf/gitlab.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/conf/gitlab.rb b/conf/gitlab.rb index 7574900..e721325 100644 --- a/conf/gitlab.rb +++ b/conf/gitlab.rb @@ -370,7 +370,7 @@ gitlab_rails['ldap_servers'] = YAML.load <<-'EOS' # remember to close this block allow_username_or_email_login: false block_auto_created_users: false base: 'dc=yunohost,dc=org' - user_filter: '(&(objectClass=posixAccount))' # group_base is only available in GitLab Enterprise Edition, so I can't add (permission=cn=gitlab.main,ou=permission,dc=yunohost,dc=org) + user_filter: '(&(objectClass=posixAccount)(permission=cn=gitlab.main,ou=permission,dc=yunohost,dc=org))' EOS ### Smartcard authentication settings From 403cda1dcf295101d5c59187f0b51fe03b11223b Mon Sep 17 00:00:00 2001 From: Kay0u Date: Tue, 19 Jan 2021 01:59:31 +0100 Subject: [PATCH 6/6] add attributes to ldap config --- conf/gitlab.rb | 9 ++++++++- scripts/install | 2 +- upgrade-versions.sh | 7 +++++++ 3 files changed, 16 insertions(+), 2 deletions(-) diff --git a/conf/gitlab.rb b/conf/gitlab.rb index e3e9317..1b85e1b 100644 --- a/conf/gitlab.rb +++ b/conf/gitlab.rb @@ -506,7 +506,7 @@ gitlab_rails['ldap_servers'] = YAML.load <<-'EOS' # remember to close this block host: 'localhost' port: 389 uid: 'uid' - encryption: 'plain' # "start_tls" or "simple_tls" or "plain" + encryption: 'plain' # 'start_tls' or 'simple_tls' or 'plain' bind_dn: 'ou=users,dc=yunohost,dc=org' password: '' active_directory: false @@ -514,6 +514,13 @@ gitlab_rails['ldap_servers'] = YAML.load <<-'EOS' # remember to close this block block_auto_created_users: false base: 'dc=yunohost,dc=org' user_filter: '(&(objectClass=posixAccount)(permission=cn=gitlab.main,ou=permission,dc=yunohost,dc=org))' + timeout: 10 + attributes: { + username: ['uid', 'sAMAccountName'], + name: 'cn', + first_name: 'givenName', + last_name: 'sn' + } EOS ### Smartcard authentication settings diff --git a/scripts/install b/scripts/install index e4ff8cf..7a99f1a 100644 --- a/scripts/install +++ b/scripts/install @@ -242,7 +242,7 @@ ynh_script_progression --message="Configuring SSOwat..." --weight=1 # Make app public if necessary if [ $is_public -eq 1 ]; then - ynh_permission_update --permission "main" --remove "all_users" --add "visitors" + ynh_permission_update --permission="main" --add "visitors" fi #================================================= diff --git a/upgrade-versions.sh b/upgrade-versions.sh index 468e33a..0f6ea7d 100755 --- a/upgrade-versions.sh +++ b/upgrade-versions.sh @@ -94,6 +94,13 @@ gitlab_rails['ldap_servers'] = YAML.load <<-'EOS' # remember to close this block block_auto_created_users: false base: 'dc=yunohost,dc=org' user_filter: '(&(objectClass=posixAccount)(permission=cn=gitlab.main,ou=permission,dc=yunohost,dc=org))' + timeout: 10 + attributes: { + username: ['uid', 'sAMAccountName'], + name: 'cn', + first_name: 'givenName', + last_name: 'sn' + } EOS" # Add ldap conf