search

sameersbn / docker-gitlab

Dockerized GitLab
http://www.damagehead.com/docker-gitlab/
MIT License
7.87k stars 2.14k forks source link

Need `authorize_params` in oauth2_generic #2662

Open fmiqbal opened 1 year ago

fmiqbal commented 1 year ago

Currently I am in need for authorize_params key in oauth2_generic provider, as seen in this example from https://docs.gitlab.com/ee/integration/oauth2_generic.html#configure-the-oauth-20-provider

gitlab_rails['omniauth_providers'] = [
  {
    name: "oauth2_generic",
    label: "Provider name", # optional label for login button, defaults to "Oauth2 Generic"
    app_id: "<your_app_client_id>",
    app_secret: "<your_app_client_secret>",
    args: {
      client_options: {
        site: "<your_auth_server_url>",
        user_info_url: "/oauth2/v1/userinfo",
        authorize_url: "/oauth2/v1/authorize",
        token_url: "/oauth2/v1/token"
      },
      user_response_structure: {
        root_path: [],
        id_path: ["sub"],
        attributes: {
          email: "email",
          name: "name"
        }
      },
      authorize_params: { --------------> this
        scope: "openid profile email"
      },
      strategy_class: "OmniAuth::Strategies::OAuth2Generic"
    }
  }
]

  1. I have tried to inject it using "sed inplace in specific line number" before /sbin/entrypoint.sh but I can't seems to find the key for oauth2_generic in gitlab.yaml inside container.

  2. And currently I am trying to build the image from source, but it took so long :sweat_smile: .

  3. I also tried to volume mount the gitlab.yml with

     volumes:
 - ./.dockerdata/gitlab:/home/git/data:Z
 - $PWD/gitlab.yml:/home/git/gitlab/config/gitlab.yml

    but got this sed: cannot rename /home/git/gitlab/config/sedgfJOQv: Device or resource busy

Any suggestion ?

fmiqbal commented 1 year ago

So, I end up building my own image from this repo, and modifying the gitlab.yml to my needs. Now that I've tried it, it works, but I think option 3 is a bit more viable and easier. Anyway, here's my change to the files

My name/email reside in sub node, so I remove the quote from the attributes.name 

--- a/assets/runtime/config/gitlabhq/gitlab.yml
+++ b/assets/runtime/config/gitlabhq/gitlab.yml
@@ -347,7 +347,7 @@ production: &base
         google_json_key_location: {{GITLAB_PACKAGES_OBJECT_STORE_CONNECTION_GOOGLE_JSON_KEY_LOCATION}}
         #end-packages-gcs

-  
+
   ## Dependency Proxy
   dependency_proxy:
     enabled: true
@@ -1010,13 +1010,14 @@ production: &base
               end_session_endpoint: '{{OAUTH2_GENERIC_CLIENT_END_SESSION_ENDPOINT}}',
                         },
             user_response_structure: {
-            id_path: '{{OAUTH2_GENERIC_ID_PATH}}',
+            id_path: {{OAUTH2_GENERIC_ID_PATH}},
             attributes: {
-              uid: '{{OAUTH2_GENERIC_USER_UID}}',
-              name: '{{OAUTH2_GENERIC_USER_NAME}}',
-              email: '{{OAUTH2_GENERIC_USER_EMAIL}}'
+              uid: {{OAUTH2_GENERIC_USER_UID}},
+              name: {{OAUTH2_GENERIC_USER_NAME}},
+              email: {{OAUTH2_GENERIC_USER_EMAIL}}
               }
             },
+            authorize_params: { scope: "{{OAUTH2_GENERIC_AUTHORIZE_PARAMS_SCOPE}}" },
             name: '{{OAUTH2_GENERIC_NAME}}' }}

index 787ce5c8..fd671e32 100644
--- a/assets/runtime/functions
+++ b/assets/runtime/functions
@@ -635,7 +635,8 @@ gitlab_configure_oauth2_generic() {
     OAUTH2_GENERIC_USER_UID \
     OAUTH2_GENERIC_USER_NAME \
     OAUTH2_GENERIC_USER_EMAIL \
-    OAUTH2_GENERIC_NAME
+    OAUTH2_GENERIC_NAME \
+    OAUTH2_GENERIC_AUTHORIZE_PARAMS_SCOPE

And to the env

  environment:
    - OAUTH2_GENERIC_NAME=oauth2_generic                                                                                                                                    
    - OAUTH2_GENERIC_AUTHORIZE_PARAMS_SCOPE=user.basic
    - OAUTH2_GENERIC_ID_PATH=['attributes', '********', 'attribute_value']
    - OAUTH2_GENERIC_USER_UID='***********'
    - OAUTH2_GENERIC_USER_NAME=['attributes', 'nama', 'attribute_value']
    - OAUTH2_GENERIC_USER_EMAIL=['attributes', 'email', 'attribute_value']
    - OAUTH_AUTO_LINK_USER='oauth2_generic'
kkimurak commented 1 year ago

Glad to hear it works for you. I would appreciate it if you could submit it as a pull request if you have time.

About option 3:

volumes:
- ./.dockerdata/gitlab:/home/git/data:Z
- $PWD/gitlab.yml:/home/git/gitlab/config/gitlab.yml

but got this sed: cannot rename /home/git/gitlab/config/sedgfJOQv: Device or resource busy

Correction:

- $PWD/gitlab.yml:/etc/docker-gitlab/runtime/gitlab/gitlab.yml

These configurations (assets/runtime) are:

  1. Copied from project repository to /etc/docker-gitlab/runtime/ of image on build
  2. Copied from /etc/docker-gitlab/runtime to each path on container startup.

If you mount a file to installation destination, you may face permission issue on updating template file (as you have already reported).

massej commented 11 months ago

I have the same issue, also the Label field is missing see https://github.com/sameersbn/docker-gitlab/issues/2838

massej commented 11 months ago

I did a PR https://github.com/sameersbn/docker-gitlab/pull/2841