Add configuration parameters for Azure OAuth2

Allow configuration of Omniauth OAuth2 via Microsoft Azure using
https://github.com/KonaTeam/omniauth-azure-oauth2
Will be available with GitLab 8.4, merge request at
https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/2187

README.md

@@ -704,6 +704,14 @@ To enable the Crowd server OAuth2 OmniAuth provider you must register your appli
 
 Configure GitLab to enable access the Crowd server by specifying the `OAUTH_CROWD_SERVER_URL`, `OAUTH_CROWD_APP_NAME` and `OAUTH_CROWD_APP_PASSWORD` environment variables.
 
+#### Microsoft Azure
+
+To enable the Microsoft Azure OAuth2 OmniAuth provider you must register your application with Azure. Azure will generate a Client ID, Client secret and Tenant ID for you to use. Please refer to the GitLab [documentation](http://doc.gitlab.com/ce/integration/azure.html) for the procedure.
+
+Once you have the Client ID, Client secret and Tenant ID generated, configure them using the `OAUTH_AZURE_API_KEY`, `OAUTH_AZURE_API_SECRET` and `OAUTH_AZURE_TENANT_ID` environment variables respectively.
+
+For example, if your Client ID is `xxx`, the Client secret is `yyy` and the Tenant ID is `zzz`, then adding `--env 'OAUTH_AZURE_API_KEY=xxx' --env 'OAUTH_AZURE_API_SECRET=yyy' --env 'OAUTH_AZURE_TENANT_ID=zzz'` to the docker run command enables support for Microsoft Azure OAuth.
+
 ### External Issue Trackers
 
 Since version `7.10.0` support for external issue trackers can be enabled in the "Service Templates" section of the settings panel.
@@ -876,6 +884,9 @@ Below is the complete list of available options that can be used to customize yo
 - **OAUTH_CROWD_SERVER_URL**: Crowd server url. No defaults.
 - **OAUTH_CROWD_APP_NAME**: Crowd server application name. No defaults.
 - **OAUTH_CROWD_APP_PASSWORD**: Crowd server application password. No defaults.
+- **OAUTH_AZURE_API_KEY**: Azure Client ID. No defaults.
+- **OAUTH_AZURE_API_SECRET**: Azure Client secret. No defaults.
+- **OAUTH_AZURE_TENANT_ID**: Azure Tenant ID. No defaults.
 - **GITLAB_GRAVATAR_ENABLED**: Enables gravatar integration. Defaults to `true`.
 - **GITLAB_GRAVATAR_HTTP_URL**: Sets a custom gravatar url. Defaults to `http://www.gravatar.com/avatar/%{hash}?s=%{size}&d=identicon`. This can be used for [Libravatar integration](http://doc.gitlab.com/ce/customization/libravatar.html).
 - **GITLAB_GRAVATAR_HTTPS_URL**: Same as above, but for https. Defaults to `https://secure.gravatar.com/avatar/%{hash}?s=%{size}&d=identicon`.

assets/runtime/config/gitlabhq/gitlab.yml

@@ -333,6 +333,11 @@ production: &base
             crowd_server_url: '{{OAUTH_CROWD_SERVER_URL}}',
             application_name: '{{OAUTH_CROWD_APP_NAME}}',
             application_password: '{{OAUTH_CROWD_APP_PASSWORD}}' } }
+      - { name: 'azure_oauth2',
+          args: {
+            client_id: '{{OAUTH_AZURE_API_KEY}}',
+            client_secret: '{{OAUTH_AZURE_API_SECRET}}',
+            tenant_id: '{{OAUTH_AZURE_TENANT_ID}}' } }
 
 
   # Shared file storage settings

assets/runtime/env-defaults

@@ -247,6 +247,11 @@ OAUTH_CROWD_SERVER_URL=${OAUTH_CROWD_SERVER_URL:-}
 OAUTH_CROWD_APP_NAME=${OAUTH_CROWD_APP_NAME:-}
 OAUTH_CROWD_APP_PASSWORD=${OAUTH_CROWD_APP_PASSWORD:-}
 
+## AZURE
+OAUTH_AZURE_API_KEY=${OAUTH_AZURE_API_KEY:-}
+OAUTH_AZURE_API_SECRET=${OAUTH_AZURE_API_SECRET:-}
+OAUTH_AZURE_TENANT_ID=${OAUTH_AZURE_TENANT_ID:-}
+
 ### SAML
 case $GITLAB_HTTPS in
   true)

assets/runtime/functions

@@ -511,6 +511,21 @@ gitlab_configure_oauth_crowd() {
   fi
 }
 
+gitlab_configure_oauth_azure() {
+  if [[ -n ${OAUTH_AZURE_API_KEY} && \
+        -n ${OAUTH_AZURE_API_SECRET} && \
+        -n ${OAUTH_AZURE_TENANT_ID} ]]; then
+    echo "Configuring gitlab::oauth::azure..."
+    OAUTH_ENABLED=${OAUTH_ENABLED:-true}
+    update_template ${GITLAB_CONFIG} \
+      OAUTH_AZURE_API_KEY \
+      OAUTH_AZURE_API_SECRET \
+      OAUTH_AZURE_TENANT_ID
+  else
+    exec_as_git sed -i "/name: 'azure_oauth2'/,/{{OAUTH_AZURE_API_SECRET}}/d" ${GITLAB_CONFIG}
+  fi
+}
+
 gitlab_configure_oauth() {
   echo "Configuring gitlab::oauth..."
 
@@ -522,6 +537,7 @@ gitlab_configure_oauth() {
   gitlab_configure_oauth_bitbucket
   gitlab_configure_oauth_saml
   gitlab_configure_oauth_crowd
+  gitlab_configure_oauth_azure
 
   OAUTH_ENABLED=${OAUTH_ENABLED:-false}
   update_template ${GITLAB_CONFIG} \
@@ -531,7 +547,7 @@ gitlab_configure_oauth() {
     OAUTH_AUTO_LINK_LDAP_USER
 
   case ${OAUTH_AUTO_SIGN_IN_WITH_PROVIDER} in
-    google_oauth2|facebook|twitter|github|gitlab|bitbucket|saml|crowd)
+    google_oauth2|facebook|twitter|github|gitlab|bitbucket|saml|crowd|azure_oauth2)
       update_template ${GITLAB_CONFIG} OAUTH_AUTO_SIGN_IN_WITH_PROVIDER
       ;;
     *)