Changing omniauth_providers in gitlab.rb causes multiple configuration lines in gitlab.yml
With my omnibus installation of 7.10, if I modify my single omniauth provider in gitlab.rb
, instead of replacing the previous content in gitlab.yml
, a new provider is added.
You can reproduce this easily by configuring a provider in /etc/gitlab/gitlab.rb
:
gitlab_rails['omniauth_enabled'] = true
gitlab_rails['omniauth_allow_single_sign_on'] = false
gitlab_rails['block_auto_created_users'] = false
gitlab_rails['omniauth_providers'] = [
{
"name" => "google_oauth2",
"app_id" => "asdf.apps.googleusercontent.com",
"app_secret" => "12345678",
"args" => { "access_type" => "offline", "approval_prompt" => "auto", "hd" => "example.com" }
}
]
After running gitlab-ctl reconfigure
, we can see the correct result in /var/opt/gitlab/gitlab-rails/etc/gitlab.yml
:
## OmniAuth settings
omniauth:
# Allow login via Twitter, Google, etc. using OmniAuth providers
enabled: true
# CAUTION!
# This allows users to login without having a user account first (default: false).
# User accounts will be created automatically when authentication was successful.
allow_single_sign_on: false
# Locks down those users until they have been cleared by the admin (default: true).
block_auto_created_users:
## Auth providers
# Uncomment the following lines and fill in the data of the auth provider you want to use
# If your favorite auth provider is not listed you can use others:
# see https://github.com/gitlabhq/gitlab-public-wiki/wiki/Custom-omniauth-provider-configurations
# The 'app_id' and 'app_secret' parameters are always passed as the first two
# arguments, followed by optional 'args' which can be either a hash or an array.
# Documentation for this is available at http://doc.gitlab.com/ce/integration/omniauth.html
providers:
# - { name: 'google_oauth2', app_id: 'YOUR APP ID',
# app_secret: 'YOUR APP SECRET',
# args: { access_type: 'offline', approval_prompt: '' } }
# - { name: 'twitter', app_id: 'YOUR APP ID',
# app_secret: 'YOUR APP SECRET'}
# - { name: 'github', app_id: 'YOUR APP ID',
# app_secret: 'YOUR APP SECRET',
# args: { scope: 'user:email' } }
- {"name":"google_oauth2","app_id":"asdf.apps.googleusercontent.com","app_secret":"12345678","args":{"access_type":"offline","approval_prompt":"auto","hd":"example.com"}}
However, if I then go back and change any part of the provider details in gitlab.rb
:
gitlab_rails['omniauth_enabled'] = true
gitlab_rails['omniauth_allow_single_sign_on'] = false
gitlab_rails['block_auto_created_users'] = false
gitlab_rails['omniauth_providers'] = [
{
"name" => "google_oauth2",
"app_id" => "asdfMODIFIED.apps.googleusercontent.com",
"app_secret" => "12345678NEW",
"args" => { "access_type" => "offline", "approval_prompt" => "auto", "hd" => "gitlab.com" }
}
]
The expected result in gitlab.yml
after running gitlab-ctl reconfigure
would be that the values are updated. However, instead, a new provider is added with the new details, and the old one remains:
## OmniAuth settings
omniauth:
# Allow login via Twitter, Google, etc. using OmniAuth providers
enabled: true
# CAUTION!
# This allows users to login without having a user account first (default: false).
# User accounts will be created automatically when authentication was successful.
allow_single_sign_on: false
# Locks down those users until they have been cleared by the admin (default: true).
block_auto_created_users:
## Auth providers
# Uncomment the following lines and fill in the data of the auth provider you want to use
# If your favorite auth provider is not listed you can use others:
# see https://github.com/gitlabhq/gitlab-public-wiki/wiki/Custom-omniauth-provider-configurations
# The 'app_id' and 'app_secret' parameters are always passed as the first two
# arguments, followed by optional 'args' which can be either a hash or an array.
# Documentation for this is available at http://doc.gitlab.com/ce/integration/omniauth.html
providers:
# - { name: 'google_oauth2', app_id: 'YOUR APP ID',
# app_secret: 'YOUR APP SECRET',
# args: { access_type: 'offline', approval_prompt: '' } }
# - { name: 'twitter', app_id: 'YOUR APP ID',
# app_secret: 'YOUR APP SECRET'}
# - { name: 'github', app_id: 'YOUR APP ID',
# app_secret: 'YOUR APP SECRET',
# args: { scope: 'user:email' } }
- {"name":"google_oauth2","app_id":"asdf.apps.googleusercontent.com","app_secret":"12345678","args":{"access_type":"offline","approval_prompt":"auto","hd":"example.com"}}
- {"name":"google_oauth2","app_id":"asdfMODIFIED.apps.googleusercontent.com","app_secret":"12345678NEW","args":{"access_type":"offline","approval_prompt":"auto","hd":"gitlab.com"}}
I'm currently stuck with a bunch of incorrectly configured providers in my gitlab.yml
, and I don't know how to get rid of them. If i simply modify gitlab.yml
and remove the incorrect providers, they re-appear after gitlab-ctl reconfigure
(I'm guessing the Chef Cookbook render is cached somewhere, I haven't gotten that far in understanding the entire configuration)