Opened 5 years ago
Closed 7 months ago
#15204 closed bug (fixed)
Allow logins to gerrit without github accounts
Reported by: | nephele | Owned by: | haiku-web |
---|---|---|---|
Priority: | low | Milestone: | R1/beta5 |
Component: | Website/Gerrit | Version: | |
Keywords: | ldap, gerrit, trac | Cc: | |
Blocked By: | #12750 | Blocking: | |
Platform: | All |
Description
Personally i simply do not have a github account, and neither do i wish to have one,
I'd think that allowing my dev.haiku-os.org account to be used would be perfect.
Change History (10)
comment:1 by , 5 years ago
Component: | Website/Gerrit → Sys-Admin |
---|---|
Keywords: | ldap gerrit trac added |
Owner: | changed from | to
Priority: | normal → low |
comment:2 by , 5 years ago
It is unfortunate that the reporter brought up single sign-on in this ticket as that's a quite orthogonal issue, already tracked in ticket:12750.
comment:3 by , 5 years ago
Blocked By: | 12750 added |
---|---|
Resolution: | → duplicate |
Status: | new → closed |
Good point! This one is indeed a duplicate of #12750
comment:4 by , 5 years ago
I brought it up as a potential path to go to, not as a problem in and of itself, I don't know whether it is a good idea to have the same account for i.e haikudepot and tracker as that other issue mentions though.
comment:5 by , 5 years ago
Resolution: | duplicate |
---|---|
Status: | closed → reopened |
I would prefer we keep this open, even if indeed single sign-on is one way to solve this (unless all other services switch to "login with github"...).
comment:6 by , 5 years ago
So, I looked into our auth configuration.
We are using this plugin: https://review.haiku-os.org/plugins/gerrit-oauth-provider/Documentation/config.md which already supports some alternate methods.
And the entrypoint script (https://github.com/haiku/infrastructure/blob/master/docker/gerrit/gerrit-entrypoint.sh) already handles Google, Gitlab and Bitbucket (lines 149-168).
So, it seems enabling these is just a matter of setting some variables? (and allowing Gerrit to connect to our respective accounts on these services).
We would still depend on 3rd parties for login but at least we would give a little more choice to our users/contributors as to which provider they use.
comment:7 by , 4 years ago
Milestone: | → Unscheduled |
---|
comment:8 by , 3 years ago
Component: | Sys-Admin → Website/Gerrit |
---|
comment:9 by , 7 months ago
AFAICT one can login to gerrit without a github account. Is it correct? Can this be closed?
comment:10 by , 7 months ago
Milestone: | Unscheduled → R1/beta5 |
---|---|
Resolution: | → fixed |
Status: | reopened → closed |
Yes, single-sign on with a Haiku specific authentication provider has been set up.
While rolling out Gerrit, I did consider going with a locally hosted unified auth solution. However our resources are limited and github had a low bar to entry (all of our developers had github accounts)
I don't see an easy way to "use trac accounts" given the way trac works. (I also don't trust Trac to hold all of our sensitive user data). We might be able to deploy an ldap server and migrate to it as a common data source for user accounts, however "moving existing accounts over to ldap" is a tricky procedure, we would need to import the accounts and offer some kind of self-service to reset passwords. We would also need to fill GDPR requirements while we're at it.
With all of that said, we have quite a few other *large* projects in flight (builbot repairs / replacement, online.net iSCSI being sketchy) which have the potential of blocking R1 / R1 Beta 2 if not done. The priority of this one is low at the moment.