commit e9b58f7e8b8c94106efd1b06eb5de6b6241b7c28
author Luca Milanesio <luca.milanesio@gmail.com> Wed Apr 19 20:57:59 2017 +0100
committer Luca Milanesio <luca.milanesio@gmail.com> Thu Apr 20 09:40:42 2017 +0100
tree 65471ca6cf101e4ffda34964cbcba84793854897
parent 99cc791e8ad9d304a0cce81d84e4b166f7be9f85

Set Git/HTTP auth policy at init for LDAP, OAUTH

When migrating to Gerrit 2.14, users on LDAP and OAuth want to be
aware that a decision needs to be made on whether the Gerrit HTTP
password should be used or not during Git/HTTP authentication.

Not making any choice during upgrade, would have the effect of
just using the default value, which may not be compatible with the
user's needs and expectations, leading to failures after upgrade.

This is what happened to early adopter of Gerrit 2.14 + OAuth:
https://github.com/davido/gerrit-oauth-provider/issues/88

Bug: Issue 6034
Change-Id: Iaa6677e95cc1a3e88e9987fc226abefe26603587

gerrit-pgm/src/main/java/com/google/gerrit/pgm/init/InitAuth.java

diff --git a/gerrit-pgm/src/main/java/com/google/gerrit/pgm/init/InitAuth.java b/gerrit-pgm/src/main/java/com/google/gerrit/pgm/init/InitAuth.java
index 368cf7f..a52d8ba 100644
--- a/gerrit-pgm/src/main/java/com/google/gerrit/pgm/init/InitAuth.java
+++ b/gerrit-pgm/src/main/java/com/google/gerrit/pgm/init/InitAuth.java
@@ -14,9 +14,14 @@
 
 package com.google.gerrit.pgm.init;
 
+import static com.google.gerrit.extensions.client.GitBasicAuthPolicy.HTTP;
+import static com.google.gerrit.extensions.client.GitBasicAuthPolicy.HTTP_LDAP;
+import static com.google.gerrit.extensions.client.GitBasicAuthPolicy.LDAP;
+import static com.google.gerrit.extensions.client.GitBasicAuthPolicy.OAUTH;
 import static com.google.gerrit.pgm.init.api.InitUtil.dnOf;
 
 import com.google.gerrit.extensions.client.AuthType;
+import com.google.gerrit.extensions.client.GitBasicAuthPolicy;
 import com.google.gerrit.pgm.init.api.ConsoleUI;
 import com.google.gerrit.pgm.init.api.InitFlags;
 import com.google.gerrit.pgm.init.api.InitStep;
@@ -24,6 +29,7 @@
 import com.google.gwtjsonrpc.server.SignedToken;
 import com.google.inject.Inject;
 import com.google.inject.Singleton;
+import java.util.EnumSet;
 
 /** Initialize the {@code auth} configuration section. */
 @Singleton
@@ -78,12 +84,32 @@
           break;
         }
 
+      case LDAP:
+        {
+          auth.select(
+              "Git/HTTP authentication",
+              "gitBasicAuthPolicy",
+              HTTP,
+              EnumSet.of(HTTP, HTTP_LDAP, LDAP));
+          break;
+        }
+      case OAUTH:
+        {
+          GitBasicAuthPolicy gitBasicAuth =
+              auth.select(
+                  "Git/HTTP authentication", "gitBasicAuthPolicy", HTTP, EnumSet.of(HTTP, OAUTH));
+
+          if (gitBasicAuth == OAUTH) {
+            ui.message(
+                "*WARNING* Please make sure that your chosen OAuth provider\n"
+                    + "supports Git token authentication.\n");
+          }
+          break;
+        }
       case CLIENT_SSL_CERT_LDAP:
       case CUSTOM_EXTENSION:
       case DEVELOPMENT_BECOME_ANY_ACCOUNT:
-      case LDAP:
       case LDAP_BIND:
-      case OAUTH:
       case OPENID:
       case OPENID_SSO:
         break;