@cbjartli this looks pretty good without testing it personally.

I think this would accommodate gitlab self-hosted, is that right?

@bnfinet, it should, by providing the AuthURL, TokenURL and UserInfoURL for the self-hosted instance. I haven't tried it out myself yet, but I'll see if I can verify it.

@bnfinet I've tested it against a self-hosted instance, and it seems to work as expected. I modified the example config so that it contains the relevant configuration details for the case of self-hosted instances too.

@cbjartli thanks for testing self hosted!

@cbjartli sorry for the delay in reviewing. Thank you for the contribution to VP.

I have setup a self hosted instance of GitLab and I have tested VP with GitLab. The basic login functionality works well.

It does not appear that any logic has been added in order to validate that a user's group is present on the configured vouch.teamWhitelist. The user's group is never checked. Any logged in user can pass.

Something similar to the check in pkg/providers/github/github.go should be present.

Also it could use some tests.

@cbjartli also please follow conventions for log.Infof(..) instead of using cfg.Logging.Logger.Infof(...) etc

@bnfinet Thank you for the review, will go through the issues raised asap.

It does not appear that any logic has been added in order to validate that a user's group is present on the configured vouch.teamWhitelist. The user's group is never checked. Any logged in user can pass.

This is strange, we have this in internal use, and it certainly only allows users whose group belongs to the whitelist through. I distinctly remember adding a check for this. I am not in front of my computer now, but I'll have to get back to you. (Could simply be an issue of a missing push.)

Hi. Why pr was closed?

@nrukavkov please see conversation in #514

There does not appear to be any conversation with the author after opening the PR

@puttehi that's just not the case. Please take a closer look.

This PR doesn't work, it's incomplete, it's missing code that the author used in his environment.

@cbjartli asked his colleague to submit an alternate solution (see #514). I'm still hopeful that will result in a working solution.

If anyone else would care to submit a working PR I'll happily test it out. GitLab group based auth would be a nice addition to VP.

Apologies for being away due to life and work events. Will try to give this matter some attention asap.

I just want to note that @ritmanda is not a colleague of mine as far as I know, so we have not communicated about a solution to this issue.