Skip to content

Latest commit

 

History

History
62 lines (45 loc) · 3.15 KB

README.md

File metadata and controls

62 lines (45 loc) · 3.15 KB

GitLab external user creator

This small app allows internal users to create new external users (introduced in GitLab 8.6). For example in our research group we want to invite external collaborators without the need to be a system administrator.

GitLab itself does not (not yet) allow for fine-grained administration permissions, but thanks to the REST API and the GitLab OAuth we can write small apps like this one to meet our needs.

Setup and installation

Dependencies

It is common to work in a Python virtualenv. There the basic steps to install all dependencies would be:

virtualenv venv
. ./venv/bin/activate
pip install -r requirements.txt

Configuration

The app expects a file settings.cfg containing the following parameters.

Parameter Description
GITLAB_BASE Base URL to the GitLab installation (without the /api/v3 part)
GITLAB_CONSUMER_KEY Application Id provided by GitLab
GITLAB_CONSUMER_SECRET Secret provided by GitLab
GITLAB_ADMIN_TOKEN Private token of a GitLab administrator
CSRF_SECRET Some long string which will be used to secure the html forms
... More Flask parameters can also be provided in this configuration

An example configuration is provided in settings.example.cfg.

GitLab configuration

  1. Register the application for GitLab OAuth.
    1. In the GitLab Admin area, enter the Applications settings.
    2. Start a New Application with the corresponding button.
    3. Enter some name, e.g. "External User Creator".
    4. Enter the Redirect URI. This must be "DOMAIN/oauth-authorized", where DOMAIN depends on your installation. In development setups you can use "http://localhost:5000/oauth-authorized".
    5. Confirm and copy the Application Id and Secret generated by GitLab in your settings.cfg.
  2. Obtain an administrator private token.
    1. Login as an admin and navigate to Profile settings > Account. There you will find the Private token which is needed to create users via the API.

Launching the app

For development purposes one can use the built-in Flask/Werkzeug webserver:

python run.py

For this setup the Redirect URI in the GitLab settings should contain something like http://localhost:5000/oauth-authorized.

In production it is adviced to use some production WSGI server. Read more on the Flask deployment documentation.

Deployment

Example for a deployment on the same server running our local GitLab installation is in DEPLOY.md.

Copyright

Copyright on the application belongs to the Institute for Theoretical Physics, ETH Zurich.

This project ships copies of the Bootstrap framework and the jQuery library, which contain their own copyright.

License

Distributed under the Apache License, Version 2.0. (See accompanying file LICENSE.txt or copy at http://www.apache.org/licenses/LICENSE-2.0)