This small app allows internal users to create new external users (introduced in GitLab 8.6). For example in our research group we want to invite external collaborators without the need to be a system administrator.
GitLab itself does not (not yet) allow for fine-grained administration permissions, but thanks to the REST API and the GitLab OAuth we can write small apps like this one to meet our needs.
It is common to work in a Python virtualenv. There the basic steps to install all dependencies would be:
virtualenv venv
. ./venv/bin/activate
pip install -r requirements.txtThe app expects a file settings.cfg containing the following parameters.
| Parameter | Description |
|---|---|
| GITLAB_BASE | Base URL to the GitLab installation (without the /api/v3 part) |
| GITLAB_CONSUMER_KEY | Application Id provided by GitLab |
| GITLAB_CONSUMER_SECRET | Secret provided by GitLab |
| GITLAB_ADMIN_TOKEN | Private token of a GitLab administrator |
| CSRF_SECRET | Some long string which will be used to secure the html forms |
| ... | More Flask parameters can also be provided in this configuration |
An example configuration is provided in settings.example.cfg.
- Register the application for GitLab OAuth.
- In the GitLab Admin area, enter the Applications settings.
- Start a New Application with the corresponding button.
- Enter some name, e.g. "External User Creator".
- Enter the Redirect URI. This must be "DOMAIN/oauth-authorized", where DOMAIN depends on your installation. In development setups you can use "http://localhost:5000/oauth-authorized".
- Confirm and copy the Application Id and Secret generated by GitLab in your
settings.cfg.
- Obtain an administrator private token.
- Login as an admin and navigate to Profile settings > Account. There you will find the Private token which is needed to create users via the API.
For development purposes one can use the built-in Flask/Werkzeug webserver:
python run.pyFor this setup the Redirect URI in the GitLab settings should contain something like http://localhost:5000/oauth-authorized.
In production it is adviced to use some production WSGI server. Read more on the Flask deployment documentation.
Example for a deployment on the same server running our local GitLab installation is in DEPLOY.md.
Copyright on the application belongs to the Institute for Theoretical Physics, ETH Zurich.
This project ships copies of the Bootstrap framework and the jQuery library, which contain their own copyright.
Distributed under the Apache License, Version 2.0. (See accompanying file LICENSE.txt or copy at http://www.apache.org/licenses/LICENSE-2.0)