From 63c628f89534cf6008bc018668fe979d12b164f8 Mon Sep 17 00:00:00 2001 From: Sameer Naik Date: Fri, 22 Jan 2016 18:13:28 +0530 Subject: [PATCH 1/5] gitlab-shell: upgrade to v.2.6.10 --- Changelog.md | 3 +++ Dockerfile | 2 +- assets/runtime/config/gitlab-shell/config.yml | 2 +- 3 files changed, 5 insertions(+), 2 deletions(-) diff --git a/Changelog.md b/Changelog.md index 3eccfcd4..30bbd669 100644 --- a/Changelog.md +++ b/Changelog.md @@ -2,6 +2,9 @@ This file only reflects the changes that are made in this image. Please refer to the upstream GitLab [CHANGELOG](https://gitlab.com/gitlab-org/gitlab-ce/blob/master/CHANGELOG) for the list of changes in GitLab. +**latest** +- gitlab-shell: upgrade to v.2.6.10 + **8.3.4** - gitlab-workhorse: upgrade to v0.5.4 - gitlab: upgrade to CE v8.3.4 diff --git a/Dockerfile b/Dockerfile index a12e97f7..cba45ccc 100644 --- a/Dockerfile +++ b/Dockerfile @@ -2,7 +2,7 @@ FROM sameersbn/ubuntu:14.04.20160121 MAINTAINER sameer@damagehead.com ENV GITLAB_VERSION=8.3.4 \ - GITLAB_SHELL_VERSION=2.6.9 \ + GITLAB_SHELL_VERSION=2.6.10 \ GITLAB_WORKHORSE_VERSION=0.5.4 \ GITLAB_USER="git" \ GITLAB_HOME="/home/git" \ diff --git a/assets/runtime/config/gitlab-shell/config.yml b/assets/runtime/config/gitlab-shell/config.yml index b5ec946c..5cda3467 100644 --- a/assets/runtime/config/gitlab-shell/config.yml +++ b/assets/runtime/config/gitlab-shell/config.yml @@ -7,7 +7,7 @@ user: git # Url to gitlab instance. Used for api calls. -# Default: http://localhost:8080/ +# Default: http://localhost:8080 # You only have to change the default if you have configured Unicorn # to listen on a custom port, or if you have configured Unicorn to # only listen on a Unix domain socket. For Unix domain sockets use From 4ee524a0a287b76d4da167c11b8895895fa7dc54 Mon Sep 17 00:00:00 2001 From: Sameer Naik Date: Fri, 22 Jan 2016 18:14:00 +0530 Subject: [PATCH 2/5] gitlab-workhorse: upgrade to v0.6.1 --- Changelog.md | 1 + Dockerfile | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/Changelog.md b/Changelog.md index 30bbd669..8b0df5cd 100644 --- a/Changelog.md +++ b/Changelog.md @@ -4,6 +4,7 @@ This file only reflects the changes that are made in this image. Please refer to **latest** - gitlab-shell: upgrade to v.2.6.10 +- gitlab-workhorse: upgrade to v0.6.1 **8.3.4** - gitlab-workhorse: upgrade to v0.5.4 diff --git a/Dockerfile b/Dockerfile index cba45ccc..d7c58c66 100644 --- a/Dockerfile +++ b/Dockerfile @@ -3,7 +3,7 @@ MAINTAINER sameer@damagehead.com ENV GITLAB_VERSION=8.3.4 \ GITLAB_SHELL_VERSION=2.6.10 \ - GITLAB_WORKHORSE_VERSION=0.5.4 \ + GITLAB_WORKHORSE_VERSION=0.6.1 \ GITLAB_USER="git" \ GITLAB_HOME="/home/git" \ GITLAB_LOG_DIR="/var/log/gitlab" \ From 36d6c7eda8ef74fc5808d3f2538f8ca91528d406 Mon Sep 17 00:00:00 2001 From: Sameer Naik Date: Fri, 22 Jan 2016 18:23:07 +0530 Subject: [PATCH 3/5] moved execution of `assets:precompile` raketask to runtime GitLab 8.4.0 requires a working database connection while executing the `assets:precompile` raketask. As a result the execution of the rake task is postponed to execute at runtime with the assets cached in the data volume. This adds a noticable increase in the container startup time. --- assets/build/install.sh | 18 +++++++------- assets/runtime/config/nginx/gitlab | 33 -------------------------- assets/runtime/config/nginx/gitlab-ssl | 33 -------------------------- assets/runtime/functions | 8 +++++++ 4 files changed, 16 insertions(+), 76 deletions(-) diff --git a/assets/build/install.sh b/assets/build/install.sh index e532ff05..a0c3db06 100755 --- a/assets/build/install.sh +++ b/assets/build/install.sh @@ -84,19 +84,17 @@ exec_as_git bundle install -j$(nproc) --deployment --without development test aw # make sure everything in ${GITLAB_HOME} is owned by ${GITLAB_USER} user chown -R ${GITLAB_USER}: ${GITLAB_HOME} -# gitlab.yml and database.yml are required for `assets:precompile` -exec_as_git cp ${GITLAB_INSTALL_DIR}/config/gitlab.yml.example ${GITLAB_INSTALL_DIR}/config/gitlab.yml -exec_as_git cp ${GITLAB_INSTALL_DIR}/config/database.yml.mysql ${GITLAB_INSTALL_DIR}/config/database.yml - -echo "Compiling assets. Please be patient, this could take a while..." -exec_as_git bundle exec rake assets:clean assets:precompile >/dev/null 2>&1 - -# remove auto generated ${GITLAB_DATA_DIR}/config/secrets.yml -rm -rf ${GITLAB_DATA_DIR}/config/secrets.yml - exec_as_git mkdir -p ${GITLAB_INSTALL_DIR}/tmp/pids/ ${GITLAB_INSTALL_DIR}/tmp/sockets/ chmod -R u+rwX ${GITLAB_INSTALL_DIR}/tmp +# symlink ${GITLAB_INSTALL_DIR}/tmp/cache -> ${GITLAB_DATA_DIR}/tmp/cache +rm -rf ${GITLAB_INSTALL_DIR}/tmp/cache +exec_as_git ln -s ${GITLAB_DATA_DIR}/tmp/cache ${GITLAB_INSTALL_DIR}/tmp/cache + +# symlink ${GITLAB_INSTALL_DIR}/public/assets -> ${GITLAB_DATA_DIR}/tmp/public/assets +rm -rf ${GITLAB_INSTALL_DIR}/public/assets +exec_as_git ln -s ${GITLAB_DATA_DIR}/tmp/public/assets ${GITLAB_INSTALL_DIR}/public/assets + # symlink ${GITLAB_HOME}/.ssh -> ${GITLAB_LOG_DIR}/gitlab rm -rf ${GITLAB_HOME}/.ssh exec_as_git ln -sf ${GITLAB_DATA_DIR}/.ssh ${GITLAB_HOME}/.ssh diff --git a/assets/runtime/config/nginx/gitlab b/assets/runtime/config/nginx/gitlab index d1c50a9d..6ad86ad5 100644 --- a/assets/runtime/config/nginx/gitlab +++ b/assets/runtime/config/nginx/gitlab @@ -16,10 +16,6 @@ ## ## See installation.md#using-https for additional HTTPS configuration details. -upstream gitlab { - server unix:{{GITLAB_INSTALL_DIR}}/tmp/sockets/gitlab.socket fail_timeout=0; -} - upstream gitlab-workhorse { server unix:{{GITLAB_INSTALL_DIR}}/tmp/sockets/gitlab-workhorse.socket fail_timeout=0; } @@ -64,33 +60,4 @@ server { proxy_pass http://gitlab-workhorse; } - - ## If a static asset file is requested, then proxy passes the request to - ## the upsteam (gitlab unicorn). - ## As of 8.3.0 gitlab-workhorse does not properly generated the static assets - ## when relative_url is used - location {{GITLAB_RELATIVE_URL_ROOT__with_trailing_slash}}assets { - try_files $uri /index.html $uri.html @gitlab; - } - - location @gitlab { - ## If you use HTTPS make sure you disable gzip compression - ## to be safe against BREACH attack. - # gzip off; - - ## https://github.com/gitlabhq/gitlabhq/issues/694 - ## Some requests take more than 30 seconds. - proxy_read_timeout 300; - proxy_connect_timeout 300; - proxy_redirect off; - proxy_buffering {{NGINX_PROXY_BUFFERING}}; - - proxy_set_header Host $http_host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto {{NGINX_X_FORWARDED_PROTO}}; - proxy_set_header X-Frame-Options SAMEORIGIN; - - proxy_pass http://gitlab; - } } diff --git a/assets/runtime/config/nginx/gitlab-ssl b/assets/runtime/config/nginx/gitlab-ssl index 0c4eccfd..4122f3cf 100644 --- a/assets/runtime/config/nginx/gitlab-ssl +++ b/assets/runtime/config/nginx/gitlab-ssl @@ -20,10 +20,6 @@ ## ## See installation.md#using-https for additional HTTPS configuration details. -upstream gitlab { - server unix:{{GITLAB_INSTALL_DIR}}/tmp/sockets/gitlab.socket fail_timeout=0; -} - upstream gitlab-workhorse { server unix:{{GITLAB_INSTALL_DIR}}/tmp/sockets/gitlab-workhorse.socket fail_timeout=0; } @@ -110,33 +106,4 @@ server { proxy_set_header X-Forwarded-Proto {{NGINX_X_FORWARDED_PROTO}}; proxy_pass http://gitlab-workhorse; } - - ## If a static asset file is requested, then proxy passes the request to - ## the upsteam (gitlab unicorn). - ## As of 8.3.0 gitlab-workhorse does not properly generated the static assets - ## when relative_url is used - location {{GITLAB_RELATIVE_URL_ROOT__with_trailing_slash}}assets { - try_files $uri /index.html $uri.html @gitlab; - } - - location @gitlab { - ## If you use HTTPS make sure you disable gzip compression - ## to be safe against BREACH attack. - # gzip off; - - ## https://github.com/gitlabhq/gitlabhq/issues/694 - ## Some requests take more than 30 seconds. - proxy_read_timeout 300; - proxy_connect_timeout 300; - proxy_redirect off; - proxy_buffering {{NGINX_PROXY_BUFFERING}}; - - proxy_set_header Host $http_host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto {{NGINX_X_FORWARDED_PROTO}}; - proxy_set_header X-Frame-Options SAMEORIGIN; - - proxy_pass http://gitlab; - } } diff --git a/assets/runtime/functions b/assets/runtime/functions index 43d42d69..2acb81de 100644 --- a/assets/runtime/functions +++ b/assets/runtime/functions @@ -1127,6 +1127,14 @@ migrate_database() { # clear cache if relative_url has changed. [[ -f ${GITLAB_DATA_DIR}/tmp/GITLAB_RELATIVE_URL_ROOT ]] && CACHE_GITLAB_RELATIVE_URL_ROOT=$(cat ${GITLAB_DATA_DIR}/tmp/GITLAB_RELATIVE_URL_ROOT) if [[ ! -f ${GITLAB_DATA_DIR}/tmp/GITLAB_RELATIVE_URL_ROOT || ${GITLAB_RELATIVE_URL_ROOT} != ${CACHE_GITLAB_RELATIVE_URL_ROOT} ]]; then + # clear cached assets + rm -rf ${GITLAB_DATA_DIR}/tmp/cache ${GITLAB_DATA_DIR}/tmp/public/assets + mkdir -p ${GITLAB_DATA_DIR}/tmp/cache ${GITLAB_DATA_DIR}/tmp/public/assets + chown ${GITLAB_USER}: ${GITLAB_DATA_DIR}/tmp/cache ${GITLAB_DATA_DIR}/tmp/public/assets + + echo "Compiling assets. Please be patient, this could take a while..." + exec_as_git bundle exec rake assets:clean assets:precompile >/dev/null 2>&1 + echo "Clearing cache..." exec_as_git bundle exec rake cache:clear >/dev/null 2>&1 echo "${GITLAB_RELATIVE_URL_ROOT}" > ${GITLAB_DATA_DIR}/tmp/GITLAB_RELATIVE_URL_ROOT From df27d2cebbb6d9cf02ed0737f6ddfaddb2f123ff Mon Sep 17 00:00:00 2001 From: Sameer Naik Date: Fri, 22 Jan 2016 18:27:07 +0530 Subject: [PATCH 4/5] gitlab: upgrade to CE v8.4.0 --- Changelog.md | 1 + Dockerfile | 2 +- assets/runtime/config/gitlabhq/gitlab.yml | 16 ++++++++++++++-- assets/runtime/functions | 5 +++++ 4 files changed, 21 insertions(+), 3 deletions(-) diff --git a/Changelog.md b/Changelog.md index 8b0df5cd..2b3b2d7a 100644 --- a/Changelog.md +++ b/Changelog.md @@ -5,6 +5,7 @@ This file only reflects the changes that are made in this image. Please refer to **latest** - gitlab-shell: upgrade to v.2.6.10 - gitlab-workhorse: upgrade to v0.6.1 +- gitlab: upgrade to CE v8.4.0 **8.3.4** - gitlab-workhorse: upgrade to v0.5.4 diff --git a/Dockerfile b/Dockerfile index d7c58c66..f1a0f540 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,7 +1,7 @@ FROM sameersbn/ubuntu:14.04.20160121 MAINTAINER sameer@damagehead.com -ENV GITLAB_VERSION=8.3.4 \ +ENV GITLAB_VERSION=8.4.0 \ GITLAB_SHELL_VERSION=2.6.10 \ GITLAB_WORKHORSE_VERSION=0.6.1 \ GITLAB_USER="git" \ diff --git a/assets/runtime/config/gitlabhq/gitlab.yml b/assets/runtime/config/gitlabhq/gitlab.yml index e80aa113..fd40b003 100644 --- a/assets/runtime/config/gitlabhq/gitlab.yml +++ b/assets/runtime/config/gitlabhq/gitlab.yml @@ -4,8 +4,8 @@ # ########################### NOTE ##################################### # This file should not receive new settings. All configuration options # -# that do not require an application restart are being moved to # -# ApplicationSetting model! # +# * are being moved to ApplicationSetting model! # +# If a setting requires an application restart say so in that screen. # # If you change this file in a Merge Request, please also create # # a MR on https://gitlab.com/gitlab-org/omnibus-gitlab/merge_requests # ######################################################################## @@ -301,6 +301,15 @@ production: &base # arguments, followed by optional 'args' which can be either a hash or an array. # Documentation for this is available at http://doc.gitlab.com/ce/integration/omniauth.html providers: + # See omniauth-cas3 for more configuration details + # - { name: 'cas3', + # label: 'cas3', + # args: { + # url: 'https://sso.example.com', + # disable_ssl_verification: false, + # login_url: '/cas/login', + # service_validate_url: '/cas/p3/serviceValidate', + # logout_url: '/cas/logout'} } - { name: 'github', label: 'GitHub', app_id: '{{OAUTH_GITHUB_API_KEY}}', @@ -339,6 +348,9 @@ production: &base application_name: '{{OAUTH_CROWD_APP_NAME}}', application_password: '{{OAUTH_CROWD_APP_PASSWORD}}' } } + # SSO maximum session duration in seconds. Defaults to CAS default of 8 hours. + # cas3: + # session_duration: 28800 # Shared file storage settings shared: diff --git a/assets/runtime/functions b/assets/runtime/functions index 2acb81de..bec0d60d 100644 --- a/assets/runtime/functions +++ b/assets/runtime/functions @@ -1120,6 +1120,11 @@ migrate_database() { echo "Migrating database..." exec_as_git bundle exec rake db:migrate >/dev/null + + if [[ ${DB_ADAPTER} == mysql2 ]]; then + exec_as_git bundle exec rake add_limits_mysql >/dev/null + fi + echo "${GITLAB_VERSION}" > ${GITLAB_DATA_DIR}/tmp/VERSION rm -rf ${GITLAB_DATA_DIR}/tmp/GITLAB_RELATIVE_URL_ROOT # force cache cleanup fi From f487ea2cf10b5794041d26910bdba0973b7e905b Mon Sep 17 00:00:00 2001 From: Sameer Naik Date: Sat, 23 Jan 2016 11:41:38 +0530 Subject: [PATCH 5/5] oauth: expose cas3 oauth configuration options --- Changelog.md | 1 + README.md | 12 ++++++++++++ assets/runtime/config/gitlabhq/gitlab.yml | 16 ++++++++-------- assets/runtime/env-defaults | 8 ++++++++ assets/runtime/functions | 19 ++++++++++++++++++- 5 files changed, 47 insertions(+), 9 deletions(-) diff --git a/Changelog.md b/Changelog.md index 2b3b2d7a..1a525f22 100644 --- a/Changelog.md +++ b/Changelog.md @@ -6,6 +6,7 @@ This file only reflects the changes that are made in this image. Please refer to - gitlab-shell: upgrade to v.2.6.10 - gitlab-workhorse: upgrade to v0.6.1 - gitlab: upgrade to CE v8.4.0 +- oauth: expose cas3 oauth configuration options **8.3.4** - gitlab-workhorse: upgrade to v0.5.4 diff --git a/README.md b/README.md index dbbe93e0..70a74a47 100644 --- a/README.md +++ b/README.md @@ -638,6 +638,12 @@ GitLab leverages OmniAuth to allow users to sign in using Twitter, GitHub, and o Refer to the GitLab [documentation](http://doc.gitlab.com/ce/integration/omniauth.html) for additional information. +#### CAS3 + +To enable the CAS OmniAuth provider you must register your application with your CAS instance. This requires the service URL GitLab will supply to CAS. It should be something like: https://git.example.com:443/users/auth/cas3/callback?url. By default handling for SLO is enabled, you only need to configure CAS for backchannel logout. + +For example, if your cas server url is `https://sso.example.com`, then adding `--env 'OAUTH_CAS3_SERVER=https://sso.example.com'` to the docker run command enables support for CAS3 OAuth. Please refer to [Available Configuration Parameters](#available-configuration-parameters) for additional CAS3 configuration parameters. + #### Google To enable the Google OAuth2 OmniAuth provider you must register your application with Google. Google will generate a client ID and secret key for you to use. Please refer to the GitLab [documentation](http://doc.gitlab.com/ce/integration/google.html) for the procedure to generate the client ID and secret key with google. @@ -855,6 +861,12 @@ Below is the complete list of available options that can be used to customize yo - **OAUTH_ALLOW_SSO**: This allows users to login without having a user account first. User accounts will be created automatically when authentication was successful. Defaults to `false`. - **OAUTH_BLOCK_AUTO_CREATED_USERS**: Locks down those users until they have been cleared by the admin. Defaults to `true`. - **OAUTH_AUTO_LINK_LDAP_USER**: Look up new users in LDAP servers. If a match is found (same uid), automatically link the omniauth identity with the LDAP account. Defaults to `false`. +- **OAUTH_CAS3_LABEL**: The "Sign in with" button label. Defaults to "cas3". +- **OAUTH_CAS3_SERVER**: CAS3 server URL. No defaults. +- **OAUTH_CAS3_DISABLE_SSL_VERIFICATION**: Disable CAS3 SSL verification. Defaults to `false`. +- **OAUTH_CAS3_LOGIN_URL**: CAS3 login URL. Defaults to `/cas/login` +- **OAUTH_CAS3_VALIDATE_URL**: CAS3 validation URL. Defaults to `/cas/p3/serviceValidate` +- **OAUTH_CAS3_LOGOUT_URL**: CAS3 logout URL. Defaults to `/cas/logout` - **OAUTH_GOOGLE_API_KEY**: Google App Client ID. No defaults. - **OAUTH_GOOGLE_APP_SECRET**: Google App Client Secret. No defaults. - **OAUTH_GOOGLE_RESTRICT_DOMAIN**: Google App restricted domain. No defaults. diff --git a/assets/runtime/config/gitlabhq/gitlab.yml b/assets/runtime/config/gitlabhq/gitlab.yml index fd40b003..1927223c 100644 --- a/assets/runtime/config/gitlabhq/gitlab.yml +++ b/assets/runtime/config/gitlabhq/gitlab.yml @@ -302,14 +302,14 @@ production: &base # Documentation for this is available at http://doc.gitlab.com/ce/integration/omniauth.html providers: # See omniauth-cas3 for more configuration details - # - { name: 'cas3', - # label: 'cas3', - # args: { - # url: 'https://sso.example.com', - # disable_ssl_verification: false, - # login_url: '/cas/login', - # service_validate_url: '/cas/p3/serviceValidate', - # logout_url: '/cas/logout'} } + - { name: 'cas3', + label: '{{OAUTH_CAS3_LABEL}}', + args: { + url: '{{OAUTH_CAS3_SERVER}}', + disable_ssl_verification: {{OAUTH_CAS3_DISABLE_SSL_VERIFICATION}}, + login_url: '{{OAUTH_CAS3_LOGIN_URL}}', + service_validate_url: '{{OAUTH_CAS3_VALIDATE_URL}}', + logout_url: '{{OAUTH_CAS3_LOGOUT_URL}}'} } - { name: 'github', label: 'GitHub', app_id: '{{OAUTH_GITHUB_API_KEY}}', diff --git a/assets/runtime/env-defaults b/assets/runtime/env-defaults index 7912d42f..679f1059 100644 --- a/assets/runtime/env-defaults +++ b/assets/runtime/env-defaults @@ -264,6 +264,14 @@ OAUTH_SAML_IDP_CERT_FINGERPRINT=${OAUTH_SAML_IDP_CERT_FINGERPRINT:-} OAUTH_SAML_IDP_SSO_TARGET_URL=${OAUTH_SAML_IDP_SSO_TARGET_URL:-} OAUTH_SAML_NAME_IDENTIFIER_FORMAT=${OAUTH_SAML_NAME_IDENTIFIER_FORMAT:-urn:oasis:names:tc:SAML:2.0:nameid-format:transient} +### CAS3 +OAUTH_CAS3_LABEL=${OAUTH_CAS3_LABEL:-cas3} +OAUTH_CAS3_SERVER=${OAUTH_CAS3_SERVER:-} +OAUTH_CAS3_DISABLE_SSL_VERIFICATION=${OAUTH_CAS3_DISABLE_SSL_VERIFICATION:-false} +OAUTH_CAS3_LOGIN_URL=${OAUTH_CAS3_LOGIN_URL:-/cas/login} +OAUTH_CAS3_VALIDATE_URL=${OAUTH_CAS3_VALIDATE_URL:-/cas/p3/serviceValidate} +OAUTH_CAS3_LOGOUT_URL=${OAUTH_CAS3_LOGOUT_URL:-/cas/logout} + ## ANALYTICS ### GOOGLE diff --git a/assets/runtime/functions b/assets/runtime/functions index bec0d60d..303ef7e2 100644 --- a/assets/runtime/functions +++ b/assets/runtime/functions @@ -402,6 +402,22 @@ gitlab_configure_ldap() { LDAP_LABEL } +gitlab_configure_oauth_cas3() { + if [[ -n ${OAUTH_CAS3_SERVER} ]]; then + echo "Configuring gitlab::oauth::cas3..." + OAUTH_ENABLED=${OAUTH_ENABLED:-true} + update_template ${GITLAB_CONFIG} \ + OAUTH_CAS3_LABEL \ + OAUTH_CAS3_SERVER \ + OAUTH_CAS3_DISABLE_SSL_VERIFICATION \ + OAUTH_CAS3_LOGIN_URL \ + OAUTH_CAS3_VALIDATE_URL \ + OAUTH_CAS3_LOGOUT_URL + else + exec_as_git sed -i "/name: 'cas3'/,/{{OAUTH_CAS3_LOGOUT_URL}}/d" ${GITLAB_CONFIG} + fi +} + gitlab_configure_oauth_google() { if [[ -n ${OAUTH_GOOGLE_API_KEY} && -n ${OAUTH_GOOGLE_APP_SECRET} ]]; then echo "Configuring gitlab::oauth::google..." @@ -516,6 +532,7 @@ gitlab_configure_oauth_crowd() { gitlab_configure_oauth() { echo "Configuring gitlab::oauth..." + gitlab_configure_oauth_cas3 gitlab_configure_oauth_google gitlab_configure_oauth_facebook gitlab_configure_oauth_twitter @@ -533,7 +550,7 @@ gitlab_configure_oauth() { OAUTH_AUTO_LINK_LDAP_USER case ${OAUTH_AUTO_SIGN_IN_WITH_PROVIDER} in - google_oauth2|facebook|twitter|github|gitlab|bitbucket|saml|crowd) + cas3|google_oauth2|facebook|twitter|github|gitlab|bitbucket|saml|crowd) update_template ${GITLAB_CONFIG} OAUTH_AUTO_SIGN_IN_WITH_PROVIDER ;; *)