Re: Help required for Gerrit-GithubEnterprise integration

[David Pursehouse]

On 02/10/2016 02:35 AM, Jomcy Pappachen wrote:
> Hi David,
>
> We are trying to integrate Gerrit with Github enterprise instance. Just
> happened to see your code changes in google source. Currently we are
> facing issues in the integration ( Application authentication b/w Gerrit
> & github). Signing in Gerrit using Github credentials is not working
> though we have done the required oauth configuration at github’s end.
>

I'm not actually using the Github integration (although I have done a
number of contributions to the plugin). I think you'll get more help on
this from the mailing list (added in CC).

> Do you have any pointers/materials to refer to get over this? Also
> please suggest if there is any pre built jar files for this integration
>

Prebuilt jar files can be found on Gerritforge's CI:

https://gerrit-ci.gerritforge.com/

[jomcy Pappachen]

Hi,

Could you please help me in getting the link of the gerrit plugin used for Application authentication(OAUTH) b/w  Gerrit & github enterprise (Not Github).

 

Thanks and regards

Jomcy Pappachen

[David Ostrovsky]

On Wednesday, February 10, 2016 at 9:01:25 AM UTC+1, jomcy Pappachen wrote:

Hi,

Could you please help me in getting the link of the gerrit plugin used for Application authentication(OAUTH) b/w  Gerrit & github enterprise (Not Github).

It's the same link that David posted above. The configuration would differ, not the plugin binary.

Or have I misunderstood your question?

[Luca Milanesio]

Hi Jomcy,

why don't you share your current Gerrit config and the corresponding GHE settings?

Luca.

--
--
To unsubscribe, email repo-discuss...@googlegroups.com
More info at http://groups.google.com/group/repo-discuss?hl=en

---
You received this message because you are subscribed to the Google Groups "Repo and Gerrit Discussion" group.
To unsubscribe from this group and stop receiving emails from it, send an email to repo-discuss...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[jomcy Pappachen]

GHE Config :

Application : Gerrit Local 

Home page URL :  http://SystemName:8090

Authorization callback URL : http://SystemName:8090/oauth/

[gerrit]

basePath = git

canonicalWebUrl = http://SystemName:8090/

[database]

type = h2

database = db/ReviewDB

[index]

type = LUCENE

[auth]

type = OAUTH

httpHeader = GITHUB_USER

logoutUrl = /oauth/reset

httpExternalIdHeader = GITHUB_OAUTH_TOKEN

loginUrl = /login

loginText = Sign-in with---GitHub

registerPageUrl = "/#/register"

[receive]

enableSignedPush = false

[sendemail]

smtpServer = localhost

[container]

user = muneer

javaHome = /usr/lib/jvm/java-1.8.0-openjdk-1.8.0.65-3.b17.el7.x86_64/jre

[sshd]

listenAddress = *:29418

[httpd]

listenUrl = http://*:8090/

[cache]

directory = cache

[github]

url = http://SystemName_GitHub:80

apiUrl = http://SystemName_GitHub:80/api  # Not correct (Need fix)

clientId = xxxxx

[plugin "gerrit-oauth-provider-github-oauth"]

client-id = 

xxxxx

-----------------------------------------------------

[Luca Milanesio]

See my feedback below ...

On 10 Feb 2016, at 08:59, jomcy Pappachen <jom...@gmail.com> wrote:

GHE Config :

Application : Gerrit Local 

Home page URL :  http://SystemName:8090

Authorization callback URL : http://SystemName:8090/oauth/

[gerrit]

basePath = git

canonicalWebUrl = http://SystemName:8090/

[database]

type = h2

database = db/ReviewDB

[index]

type = LUCENE

[auth]

type = OAUTH

Why type = OAuth if then you have the httpHeader?

Change it to type = HTTP

httpHeader = GITHUB_USER

logoutUrl = /oauth/reset

httpExternalIdHeader = GITHUB_OAUTH_TOKEN

loginUrl = /login

loginText = Sign-in with---GitHub

registerPageUrl = "/#/register"

[receive]

enableSignedPush = false

[sendemail]

smtpServer = localhost

[container]

user = muneer

javaHome = /usr/lib/jvm/java-1.8.0-openjdk-1.8.0.65-3.b17.el7.x86_64/jre

[sshd]

listenAddress = *:29418

[httpd]

listenUrl = http://*:8090/

[cache]

directory = cache

[github]

url = http://SystemName_GitHub:80

apiUrl = http://SystemName_GitHub:80/api  # Not correct (Need fix)

clientId = xxxxx

And did you define the clientSecret in secret.config?

[plugin "gerrit-oauth-provider-github-oauth"]

client-id = 

xxxxx

But what plugin are you using? github plugin or the gerrit-oauth-provider?

Luca.

[jomcy Pappachen]

Thanks Luca for the response.

I have tried a new installation now and as suggested, changed 'auth' type to 'HTTP'.

Yes, client secret is defined in secret.config. 

We tried gerrit-oauth-provider to see whether it helps, but in the new installation, it isn't there.

could you please suggest on github.apiUrl too? tried as "

http://SystemName_GitHub/api/v3", but didnt help.

What I did in the new installation:

-----------------------------------------------

1) installed gerrit

2) copied 'github-oauth-2.12-SNAPSHOT.jar' to $gerrit_site/lib

3) copied 'github-plugin-2.12-SNAPSHOT.jar' to $gerrit_site/plugins'

4) did 'java -jar gerrit.war' init again, and gave the inputs

The latest gerrit-config is as below;

[gerrit]

        basePath = git

        canonicalWebUrl = 

http://SystemName:8090

[database]

        type = h2

        database = db/ReviewDB

[index]

        type = LUCENE

[auth]

        type = HTTP

        httpHeader = GITHUB_USER

        logoutUrl = /oauth/reset

        httpExternalIdHeader = GITHUB_OAUTH_TOKEN

        loginUrl = /login

        loginText = Sign-in with GitHub

        registerPageUrl = "/#/register"

[receive]

        enableSignedPush = false

[sendemail]

        smtpServer = localhost

[container]

        user = muneer

        javaHome = /usr/lib/jvm/java-1.8.0-openjdk-1.8.0.65-3.b17.el7.x86_64/jre

[sshd]

        listenAddress = *:29418

[httpd]

        listenUrl = http://*:8090/

        filterClass = com.googlesource.gerrit.plugins.github.oauth.OAuthFilter

[cache]

        directory = cache

[github]

        url = 

http://SystemName_GitHub

        apiUrl = 

http://SystemName_GitHub

/api/v3

        clientId = xxxxxxxxxxxxxxx

Thanks and Regards,

Jomcy

[Luca Milanesio]

Hi Jomcy,

the GHE API URL is defined by your set-up ...

Can you ask your GHE Admin?

Luca.

[Muneer A J]

Hi Luca,

We got GHE API fixed and with the prebuilt jar + gerritconfig settings, Gerrit is now able to authorize using Github account ! :-)

Thanks to your support.

Though it is authorized, Github repositories are not visible at Gerrit side.

In Gerrit, when I click "Github" tab (beside 'Documentation') and then clicking

   i) Scope  :   redirects to .../plugins/github-plugin/static/scope.html and gives "Not Found" (eventhough gerrit.config has the entry 

                      github.scopes = USER_EMAIL,PUBLIC_REPO,READ_ORG 

   ii) Profile :  shows my profile name but on 'next', it redirects to '.../plugins/github-plugin-2.12-SNAPSHOT/static/account.gh" and says "server error"

   iii) Similar case with repository too

Seems few more settings are missing. I am searching from my side, but please let us know if you have any leads.

Thanks and Regards,

Muneer and Jomcy

[Luca Milanesio]

See below my feedback.

On 11 Feb 2016, at 10:04, Muneer A J <ajmu...@gmail.com> wrote:

Hi Luca,

We got GHE API fixed and with the prebuilt jar + gerritconfig settings, Gerrit is now able to authorize using Github account ! :-)

Thanks to your support.

Though it is authorized, Github repositories are not visible at Gerrit side.

You are possibly authenticated but NOT authorized as either OAuth or GitHub level.

Have you requested more permissions to your GHE admin?

In Gerrit, when I click "Github" tab (beside 'Documentation') and then clicking

   i) Scope  :   redirects to .../plugins/github-plugin/static/scope.html and gives "Not Found" (eventhough gerrit.config has the entry 

                      github.scopes = USER_EMAIL,PUBLIC_REPO,READ_ORG 

Known issue, just rename your github plugin jar to github-plugin.jar and it will work :-)

   ii) Profile :  shows my profile name but on 'next', it redirects to '.../plugins/github-plugin-2.12-SNAPSHOT/static/account.gh" and says "server error"

What do you see in the gerrit error_log?

[Muneer A J]

----------------------------------------------------------------------------------------------------------------------

Dear Luca,

Please find my answers regarding,

  i) You are possibly authenticated but NOT authorized as either OAuth or GitHub level.

   Have you requested more permissions to your GHE admin?

   Currently we have a trial version of GHE to complete the Proof of Concept. So we have the admin privileges to the GHE instance.

   Sorry to say that I haven't clearly understood by : possibly authenticated but NOT authorized hs. 

   During 'Sign in with Github" from Gerrit, the GHE did checked whether to authorize the application and to give access to my profile and reading Organizations and teams.

   

   ii) Known issue, just rename your github plugin jar to github-plugin.jar and it will work :-)

      Great .. Done !! Now I can see 'Login scope selection' and click on Login takes me to : ..gerrit_ip:8090/#/dashboard/self

      Possibly because of the below lines in gerrit.config ??? Please let me know if I need to modify this

         [github]

        url = http://x.x.x.x

        apiUrl = http://x.x.x.x/api/v3/

        scopes = USER_EMAIL,PUBLIC_REPO,READ_ORG

        wizardFlow = account.gh R> / #/dashboard/self

        wizardFlow = repositories-next.gh R> / #/admin/projects

        clientId = xxxxxxxxxxxxxx

   iii) With these, now I could see my GHE repos been listed under Gerrit Projects Lists. :-)

I will try some commits and pushes now, to see whether they are getting replicated as expected.

    

Thanks and Regards,

Muneer

----------------------------------------------------------------------------------------------------------------------

...