YunoHost-Apps/gitlab_ynh
1
0
Fork 0
mirror of https://github.com/YunoHost-Apps/gitlab_ynh.git synced 2024-09-03 18:36:35 +02:00
Code Issues Activity Actions

Merge pull request #86 from YunoHost-Apps/new-permissions-system

Browse source 
Use new permission system
This commit is contained in:
Kayou 2021-01-19 11:31:44 +01:00 committed by GitHub
commit 22fdef325c
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
9 changed files with 29 additions and 150 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

22
actions.json
View file

@ -1,26 +1,4 @@
[ [
{
"id": "public_private",
"name": "Move to public or private",
"command": "/bin/bash scripts/actions/public_private",
"user": "root",
"accepted_return_codes": [
0
],
"description": {
"en": "Change the public access of the app."
},
"arguments": [
{
"name": "is_public",
"type": "boolean",
"ask": {
"en": "Is it a public app ?"
},
"default": true
}
]
},
{ {
"id": "web_account", "id": "web_account",
"name": "External users", "name": "External users",

17
conf/gitlab.rb
View file

@ -502,18 +502,25 @@ gitlab_rails['ldap_enabled'] = true
gitlab_rails['ldap_servers'] = YAML.load <<-'EOS' # remember to close this block with 'EOS' below gitlab_rails['ldap_servers'] = YAML.load <<-'EOS' # remember to close this block with 'EOS' below
main: # 'main' is the GitLab 'provider ID' of this LDAP server main: # 'main' is the GitLab 'provider ID' of this LDAP server
label: 'LDAP' label: 'YunoHost LDAP'
host: 'localhost' host: 'localhost'
port: 389 port: 389
uid: 'uid' uid: 'uid'
encryption: 'plain' # "start_tls" or "simple_tls" or "plain" encryption: 'plain' # 'start_tls' or 'simple_tls' or 'plain'
bind_dn: '' bind_dn: 'ou=users,dc=yunohost,dc=org'
password: '' password: ''
active_directory: false active_directory: false
allow_username_or_email_login: false allow_username_or_email_login: false
block_auto_created_users: false block_auto_created_users: false
base: 'ou=users,dc=yunohost,dc=org' base: 'dc=yunohost,dc=org'
user_filter: '' user_filter: '(&(objectClass=posixAccount)(permission=cn=gitlab.main,ou=permission,dc=yunohost,dc=org))'
timeout: 10
attributes: {
username: ['uid', 'sAMAccountName'],
name: 'cn',
first_name: 'givenName',
last_name: 'sn'
}
EOS EOS
### Smartcard authentication settings ### Smartcard authentication settings

14
config_panel.json
View file

@ -6,20 +6,6 @@
"name": "GitLab configuration", "name": "GitLab configuration",
"id": "main", "id": "main",
"sections": [ "sections": [
{
"name": "Public access",
"id": "is_public",
"options": [
{
"name": "is_public",
"ask": {
"en": "Is it a public app ?"
},
"type": "boolean",
"default": true
}
]
},
{ {
"name": "Overwriting config files", "name": "Overwriting config files",
"id": "overwrite_files", "id": "overwrite_files",

2
manifest.json
View file

@ -14,7 +14,7 @@
"email": "pierre@kayou.io" "email": "pierre@kayou.io"
}, },
"requirements": { "requirements": {
"yunohost": ">= 4.0.8" "yunohost": ">= 4.1.5"
}, },
"multi_instance": false, "multi_instance": false,
"services": [ "services": [

74
scripts/actions/public_private
View file

@ -1,74 +0,0 @@
#!/bin/bash
#=================================================
# GENERIC STARTING
#=================================================
# IMPORT GENERIC HELPERS
#=================================================
source scripts/_common.sh
source /usr/share/yunohost/helpers
#=================================================
# RETRIEVE ARGUMENTS
#=================================================
# Get is_public
is_public=${YNH_ACTION_IS_PUBLIC}
app=${YNH_APP_INSTANCE_NAME:-$YNH_APP_ID}
#=================================================
# CHECK IF ARGUMENTS ARE CORRECT
#=================================================
#=================================================
# CHECK IF AN ACTION HAS TO BE DONE
#=================================================
is_public_old=$(ynh_app_setting_get --app=$app --key=is_public)
if [ $is_public -eq $is_public_old ]
then
ynh_die "is_public is already set as $is_public." 0
fi
#=================================================
# SPECIFIC ACTION
#=================================================
# MOVE TO PUBLIC OR PRIVATE
#=================================================
if [ $is_public -eq 0 ]; then
public_private="private"
else
public_private="public"
fi
ynh_script_progression --message=--message="Moving the application to $public_private..." --weight=1
# Make app public if necessary
if [ $is_public -eq 0 ]; then
ynh_app_setting_delete $app unprotected_uris
else
# unprotected_uris allows SSO credentials to be passed anyway.
ynh_app_setting_set --app=$app --key=unprotected_uris --value="/"
fi
ynh_script_progression --message=--message="Reconfiguring SSOwat..." --weight=1
# Regen ssowat configuration
yunohost app ssowatconf
# Update the config of the app
ynh_app_setting_set --app=$app --key=is_public --value=$is_public
#=================================================
# RELOAD NGINX
#=================================================
ynh_script_progression --message=--message="Reloading nginx web server..." --weight=1
ynh_systemd_action --action=reload --service_name=nginx
#=================================================
# END OF SCRIPT
#=================================================
ynh_script_progression --message="Execution completed" --last

9
scripts/config
View file

@ -25,10 +25,6 @@ app=${YNH_APP_INSTANCE_NAME:-$YNH_APP_ID}
# If the form has a value for a variable, take the value from the form, # If the form has a value for a variable, take the value from the form,
# Otherwise, keep the value from the app config. # Otherwise, keep the value from the app config.
# is_public
old_is_public="$(ynh_app_setting_get --app=$app --key=is_public)"
is_public="${YNH_CONFIG_MAIN_IS_PUBLIC_IS_PUBLIC:-$old_is_public}"
# Overwrite nginx configuration # Overwrite nginx configuration
old_overwrite_nginx="$(ynh_app_setting_get --app=$app --key=overwrite_nginx)" old_overwrite_nginx="$(ynh_app_setting_get --app=$app --key=overwrite_nginx)"
overwrite_nginx="${YNH_CONFIG_MAIN_OVERWRITE_FILES_OVERWRITE_NGINX:-$old_overwrite_nginx}" overwrite_nginx="${YNH_CONFIG_MAIN_OVERWRITE_FILES_OVERWRITE_NGINX:-$old_overwrite_nginx}"
@ -45,8 +41,6 @@ show_config() {
# here you are supposed to read some config file/database/other then print the values # here you are supposed to read some config file/database/other then print the values
# echo "YNH_CONFIG_${PANEL_ID}_${SECTION_ID}_${OPTION_ID}=value" # echo "YNH_CONFIG_${PANEL_ID}_${SECTION_ID}_${OPTION_ID}=value"
ynh_return "YNH_CONFIG_MAIN_IS_PUBLIC_IS_PUBLIC=$is_public"
ynh_return "YNH_CONFIG_MAIN_OVERWRITE_FILES_OVERWRITE_NGINX=$overwrite_nginx" ynh_return "YNH_CONFIG_MAIN_OVERWRITE_FILES_OVERWRITE_NGINX=$overwrite_nginx"
ynh_return "YNH_CONFIG_MAIN_USERS_USE_WEB_ACCOUNT=$use_web_account" ynh_return "YNH_CONFIG_MAIN_USERS_USE_WEB_ACCOUNT=$use_web_account"
@ -57,9 +51,6 @@ show_config() {
#================================================= #=================================================
apply_config() { apply_config() {
# Change public accessibility
yunohost app action run $app public_private --args is_public=$is_public
# Change use_web_account # Change use_web_account
yunohost app action run $app web_account --args use_web_account=$use_web_account yunohost app action run $app web_account --args use_web_account=$use_web_account

4
scripts/install
View file

@ -69,7 +69,6 @@ ynh_script_progression --message="Storing installation settings..." --weight=2
ynh_app_setting_set --app=$app --key=admin --value=$admin ynh_app_setting_set --app=$app --key=admin --value=$admin
ynh_app_setting_set --app=$app --key=path --value=$path_url ynh_app_setting_set --app=$app --key=path --value=$path_url
ynh_app_setting_set --app=$app --key=is_public --value=$is_public
ynh_app_setting_set --app=$app --key=use_web_account --value=$use_web_account ynh_app_setting_set --app=$app --key=use_web_account --value=$use_web_account
ynh_app_setting_set --app=$app --key=final_path --value=$final_path ynh_app_setting_set --app=$app --key=final_path --value=$final_path
ynh_app_setting_set --app=$app --key=config_path --value=$config_path ynh_app_setting_set --app=$app --key=config_path --value=$config_path
@ -243,8 +242,7 @@ ynh_script_progression --message="Configuring SSOwat..." --weight=1
# Make app public if necessary # Make app public if necessary
if [ $is_public -eq 1 ]; then if [ $is_public -eq 1 ]; then
# unprotected_uris allows SSO credentials to be passed anyway. ynh_permission_update --permission="main" --add "visitors"
ynh_app_setting_set --app=$app --key=unprotected_uris --value="/"
fi fi
#================================================= #=================================================

20
scripts/upgrade
View file

@ -41,13 +41,9 @@ upgrade_type=$(ynh_check_app_version_changed)
# ENSURE DOWNWARD COMPATIBILITY # ENSURE DOWNWARD COMPATIBILITY
#================================================= #=================================================
# Fix is_public as a boolean value # Delete is_public if it exists
if [ "$is_public" = "Yes" ]; then if [ ! -z $is_public ]; then
ynh_app_setting_set --app=$app --key=is_public --value=1 ynh_app_setting_delete --app=$app --key=is_public
is_public=1
elif [ "$is_public" = "No" ]; then
ynh_app_setting_set --app=$app --key=is_public --value=0
is_public=0
fi fi
# If final_path doesn't exist, create it # If final_path doesn't exist, create it
@ -330,16 +326,6 @@ fi
yunohost service add "gitlab-runsvdir" --log "/var/log/$app/gitlab-rails/application.log" "/var/log/$app/gitlab-rails/api_json.log" "/var/log/$app/gitlab-rails/production.log" "/var/log/$app/gitlab-rails/production_json.log" "/var/log/$app/gitlab-rails/sidekiq.log" "/var/log/$app/puma/puma_stderr.log" "/var/log/$app/puma/current" "/var/log/$app/alertmanager/current" "/var/log/$app/gitaly/current" "/var/log/$app/gitlab-monitor/current" "/var/log/$app/gitlab-shell/gitlab-shell.log" "/var/log/$app/gitlab-workhorse/current" "/var/log/$app/logrotate/current" "/var/log/$app/nginx/current" "/var/log/$app/nginx/access.log" "/var/log/$app/nginx/error.log" "/var/log/$app/nginx/gitlab_access.log" "/var/log/$app/nginx/gitlab_error.log" "/var/log/$app/node-exporter/current" "/var/log/$app/postgres-exporter/current" "/var/log/$app/postgresql/current" "/var/log/$app/prometheus/current" "/var/log/$app/redis/current" "/var/log/$app/redis-exporter/current" yunohost service add "gitlab-runsvdir" --log "/var/log/$app/gitlab-rails/application.log" "/var/log/$app/gitlab-rails/api_json.log" "/var/log/$app/gitlab-rails/production.log" "/var/log/$app/gitlab-rails/production_json.log" "/var/log/$app/gitlab-rails/sidekiq.log" "/var/log/$app/puma/puma_stderr.log" "/var/log/$app/puma/current" "/var/log/$app/alertmanager/current" "/var/log/$app/gitaly/current" "/var/log/$app/gitlab-monitor/current" "/var/log/$app/gitlab-shell/gitlab-shell.log" "/var/log/$app/gitlab-workhorse/current" "/var/log/$app/logrotate/current" "/var/log/$app/nginx/current" "/var/log/$app/nginx/access.log" "/var/log/$app/nginx/error.log" "/var/log/$app/nginx/gitlab_access.log" "/var/log/$app/nginx/gitlab_error.log" "/var/log/$app/node-exporter/current" "/var/log/$app/postgres-exporter/current" "/var/log/$app/postgresql/current" "/var/log/$app/prometheus/current" "/var/log/$app/redis/current" "/var/log/$app/redis-exporter/current"
#=================================================
# SETUP SSOWAT
#=================================================
# If app is public, add url to SSOWat conf as skipped_uris
if [ $is_public -eq 1 ]; then
# See install script
ynh_app_setting_set --app="$app" --key=unprotected_uris --value="/"
fi
#================================================= #=================================================
# WAITING GITLAB # WAITING GITLAB
#================================================= #=================================================

17
upgrade-versions.sh
View file

@ -82,18 +82,25 @@ from_file '/etc/gitlab/gitlab-persistent.rb'"
ldap_conf=" ldap_conf="
gitlab_rails['ldap_servers'] = YAML.load <<-'EOS' # remember to close this block with 'EOS' below gitlab_rails['ldap_servers'] = YAML.load <<-'EOS' # remember to close this block with 'EOS' below
main: # 'main' is the GitLab 'provider ID' of this LDAP server main: # 'main' is the GitLab 'provider ID' of this LDAP server
label: 'LDAP' label: 'YunoHost LDAP'
host: 'localhost' host: 'localhost'
port: 389 port: 389
uid: 'uid' uid: 'uid'
encryption: 'plain' # \"start_tls\" or \"simple_tls\" or \"plain\" encryption: 'plain' # 'start_tls' or 'simple_tls' or 'plain'
bind_dn: '' bind_dn: 'ou=users,dc=yunohost,dc=org'
password: '' password: ''
active_directory: false active_directory: false
allow_username_or_email_login: false allow_username_or_email_login: false
block_auto_created_users: false block_auto_created_users: false
base: 'ou=users,dc=yunohost,dc=org' base: 'dc=yunohost,dc=org'
user_filter: '' user_filter: '(&(objectClass=posixAccount)(permission=cn=gitlab.main,ou=permission,dc=yunohost,dc=org))'
timeout: 10
attributes: {
username: ['uid', 'sAMAccountName'],
name: 'cn',
first_name: 'givenName',
last_name: 'sn'
}
EOS" EOS"
# Add ldap conf # Add ldap conf