Commit d5977e27 authored by Imre (Admin)'s avatar Imre (Admin)
Browse files

Add FortiAuthenticator configuration to gitlab.rb

parent 73718929
---
title: Add FortiAuthenticator configuration to gitlab.rb
merge_request: 4645
author:
type: added
......@@ -492,6 +492,13 @@ gitlab_rails['object_store']['objects']['terraform_state']['bucket'] = nil
# }
# ]
 
### FortiAuthenticator authentication settings
# gitlab_rails['forti_authenticator_enabled'] = false
# gitlab_rails['forti_authenticator_host'] = 'forti_authenticator.example.com'
# gitlab_rails['forti_authenticator_port'] = 443
# gitlab_rails['forti_authenticator_username'] = 'admin'
# gitlab_rails['forti_authenticator_access_token'] = 's3cr3t'
### Backup Settings
###! Docs: https://docs.gitlab.com/omnibus/settings/backups.html
 
......
......@@ -331,6 +331,12 @@ default['gitlab']['gitlab-rails']['omniauth_external_providers'] = nil
default['gitlab']['gitlab-rails']['omniauth_providers'] = []
default['gitlab']['gitlab-rails']['omniauth_allow_bypass_two_factor'] = nil
 
default['gitlab']['gitlab-rails']['forti_authenticator_enabled'] = false
default['gitlab']['gitlab-rails']['forti_authenticator_host'] = nil
default['gitlab']['gitlab-rails']['forti_authenticator_port'] = 443
default['gitlab']['gitlab-rails']['forti_authenticator_username'] = nil
default['gitlab']['gitlab-rails']['forti_authenticator_access_token'] = nil
default['gitlab']['gitlab-rails']['shared_path'] = "/var/opt/gitlab/gitlab-rails/shared"
 
default['gitlab']['gitlab-rails']['backup_path'] = "/var/opt/gitlab/backups"
......
......@@ -720,6 +720,21 @@ production: &base
- <%= provider.to_json %>
<% end %>
 
# FortiAuthenticator settings
forti_authenticator:
# Allow using FortiAuthenticator as OTP provider
enabled: <%= @forti_authenticator_enabled %>
# Host and port of FortiAuthenticator instance
host: <%= @forti_authenticator_host %>
port: <%= @forti_authenticator_port %>
# Username for accessing FortiAuthenticator API
username: <%= quote(@forti_authenticator_username) %>
# Access token for FortiAuthenticator API
access_token: <%= quote(@forti_authenticator_access_token) %>
# Shared file storage settings
shared:
path: <%= @shared_path %>
......
......@@ -1386,6 +1386,44 @@ RSpec.describe 'gitlab::gitlab-rails' do
end
end
 
context 'FortiAuthenticator settings' do
context 'FortiAuthenticator is configured' do
it 'exposes the FortiAuthenticator settings' do
stub_gitlab_rb(
gitlab_rails: {
forti_authenticator_enabled: true,
forti_authenticator_host: 'forti_authenticator.example.com',
forti_authenticator_port: 444,
forti_authenticator_username: 'janedoe',
forti_authenticator_access_token: '123s3cr3t456'
}
)
expect(chef_run).to create_templatesymlink('Create a gitlab.yml and create a symlink to Rails root').with_variables(
hash_including(
'forti_authenticator_enabled' => true,
'forti_authenticator_host' => 'forti_authenticator.example.com',
'forti_authenticator_port' => 444,
'forti_authenticator_username' => 'janedoe',
'forti_authenticator_access_token' => '123s3cr3t456'
)
)
end
end
context 'FortiAuthenticator is disabled' do
context 'FortiAuthenticator is not configured' do
it 'does not expose FortiAuthenticator settings' do
expect(chef_run).to create_templatesymlink('Create a gitlab.yml and create a symlink to Rails root').with_variables(
hash_including(
'forti_authenticator_enabled' => false
)
)
end
end
end
end
context 'Sidekiq log_format' do
context 'json' do
it 'sets the Sidekiq log_format to json' do
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment