Merge "Make it configurable whether the first user should become admin"
diff --git a/Documentation/config-gerrit.txt b/Documentation/config-gerrit.txt
index aca1586..185af15 100644
--- a/Documentation/config-gerrit.txt
+++ b/Documentation/config-gerrit.txt
@@ -970,10 +970,10 @@
[[capability.administrateServer]]capability.administrateServer::
+
Names of groups of users that are allowed to exercise the
-administrateServer capability, in addition to those listed in
+`administrateServer` capability, in addition to those listed in
All-Projects. Configuring this option can be a useful fail-safe
to recover a server in the event an administrator removed all
-groups from the administrateServer capability, or to ensure that
+groups from the `administrateServer` capability, or to ensure that
specific groups always have administration capabilities.
+
----
@@ -987,7 +987,16 @@
is logged and the server will continue normal startup.
+
If not specified (default), only the groups listed by All-Projects
-may use the administrateServer capability.
+may use the `administrateServer` capability.
+
+[[capability.makeFirstUserAdmin]]capability.makeFirstUserAdmin::
++
+Whether the first user that logs in to the Gerrit server should
+automatically be added to the administrator group and hence get the
+`administrateServer` capability assigned. This is useful to bootstrap
+the authentication database.
++
+Default is true.
[[change]]
diff --git a/gerrit-server/src/main/java/com/google/gerrit/server/account/AccountManager.java b/gerrit-server/src/main/java/com/google/gerrit/server/account/AccountManager.java
index 9f2b869..3ff35b3 100644
--- a/gerrit-server/src/main/java/com/google/gerrit/server/account/AccountManager.java
+++ b/gerrit-server/src/main/java/com/google/gerrit/server/account/AccountManager.java
@@ -30,6 +30,7 @@
import com.google.gerrit.server.account.externalids.ExternalId;
import com.google.gerrit.server.account.externalids.ExternalIds;
import com.google.gerrit.server.account.externalids.ExternalIdsUpdate;
+import com.google.gerrit.server.config.GerritServerConfig;
import com.google.gerrit.server.project.ProjectCache;
import com.google.gerrit.server.query.account.InternalAccountQuery;
import com.google.gwtorm.server.OrmException;
@@ -43,6 +44,7 @@
import java.util.Optional;
import java.util.concurrent.atomic.AtomicBoolean;
import org.eclipse.jgit.errors.ConfigInvalidException;
+import org.eclipse.jgit.lib.Config;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
@@ -69,6 +71,7 @@
@Inject
AccountManager(
SchemaFactory<ReviewDb> schema,
+ @GerritServerConfig Config cfg,
Accounts accounts,
AccountsUpdate.Server accountsUpdateFactory,
AccountCache byIdCache,
@@ -90,7 +93,8 @@
this.userFactory = userFactory;
this.changeUserNameFactory = changeUserNameFactory;
this.projectCache = projectCache;
- this.awaitsFirstAccountCheck = new AtomicBoolean(true);
+ this.awaitsFirstAccountCheck =
+ new AtomicBoolean(cfg.getBoolean("capability", "makeFirstUserAdmin", true));
this.auditService = auditService;
this.accountQueryProvider = accountQueryProvider;
this.externalIds = externalIds;
