(9.4) support for gitaly token authentication in config files
In 9.4 we are adding authentication options to Gitaly. To be able to deploy / ship this we need the following new features in omnibus:
gitlab-rails gitlab.yml
- new parameter in
git_data_dirs
:gitaly_token
. Renders to gitlab.yml:
gitlab:
repositories:
storages: { bla storage hash, gitaly_token: <quoted token> }
Depending on the implementation, this gitaly_token
thing might already work (if we just do JSON.dump
in the gitlab.yml template). It's a feature either way, this has to work.
- new parameter
gitlab_rails['gitaly_token']
, renders to gitlab.yml:
gitlab:
gitaly:
token: <quoted token>
gitaly config.toml
-
gitaly['auth_token']
string -
gitaly['auth_unenforced']
TOML boolean
[auth]
token = '<%= @auth_token %>' # don't render this line if @auth_token is nil
# don't render the following line if @auth_unenforced is nil
unenforced = <%= @auth_unenforced %> # <- I don't know what the omnibus way to handle booleans is, do what's right :)
There are no logical dependencies between these parameters. It is up to the administrator to put the right values in gitlab.rb.
The default behavior should be not to render any of these new options.
Documentation for the 'gitaly server' feature is in https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/12381
Edited by Jacob Vosmaer