Gerrit
======
|image0|
Presentation
------------
`Gerrit `__ allows to review commits before they are integrated into a target branch.
With the `OAuth2 provider plugin `__ Gerrit can use OAuth2 protocol for authentication.
Configuration
-------------
Gerrit
------
`Install `__ the OAuth Provider plugin. A prebuilt package of the plugin can be found on the `Gerrit CI `__.
Then, configure Gerrit:
In ``/var/gerrit/etc/gerrit.config``
::
...
[auth]
type = OAUTH
gitBasicAuthPolicy = HTTP
...
[plugin "gerrit-oauth-provider-lemonldap-oauth"]
root-url = https://auth.
client-id =
In ``/var/gerrit/etc/secret.config``
::
...
[plugin "gerrit-oauth-provider-lemonldap-oauth"]
client-secret =
LL::NG
------
Add an Open ID Connect Relying Party for Gerrit
.. code-block:: bash
# Exported attributes (the values must fit your LDAP schema)
lemonldap-ng-cli -yes 1 \
addKey \
oidcRPMetaDataExportedVars/gerrit preferred_username uid \
oidcRPMetaDataExportedVars/gerrit name cn \
oidcRPMetaDataExportedVars/gerrit email mail \
oidcRPMetaDataExportedVars/gerrit sub email
# Options > Basic > Allowed redirection addresses for login
# > Logout > Allowed redirection addresses for logout
lemonldap-ng-cli -yes 1 \
addKey \
oidcRPMetaDataOptions/gerrit oidcRPMetaDataOptionsRedirectUris 'http:///oauth' \
oidcRPMetaDataOptions/gerrit oidcRPMetaDataOptionsPostLogoutRedirectUris 'https:///'
# Options > Basic > Client ID
# > Basic > Client Secret
lemonldap-ng-cli -yes 1 \
addKey \
oidcRPMetaDataOptions/gerrit oidcRPMetaDataOptionsClientID '' \
oidcRPMetaDataOptions/gerrit oidcRPMetaDataOptionsClientSecret ''
# Timeout > ID Token expiration
# > Access Token expiration
# Security > ID Token signature algorithm
lemonldap-ng-cli -yes 1 \
addKey \
oidcRPMetaDataOptions/gerrit oidcRPMetaDataOptionsIDTokenExpiration 3600 \
oidcRPMetaDataOptions/gerrit oidcRPMetaDataOptionsAccessTokenExpiration 3600 \
oidcRPMetaDataOptions/gerrit oidcRPMetaDataOptionsIDTokenSignAlg RS512
.. |image0| image:: /applications/gerrit_logo.png
:class: align-center