Commit 0c7ce0fe authored by Brennen Bearnes's avatar Brennen Bearnes
Browse files

add --settings-file option and stub out settings file for replica

Uses click's ability to create a file handle from an option, adds a
settings-replica.yaml.

See README.md for an example.
parent 88e0b0f3
......@@ -33,6 +33,12 @@ Update instance settings from `settings.yaml`:
./settings update
```
Update replica instance from `settings-replica.yaml`:
```sh
./settings --instance https://gitlab-replica.wikimedia.org --settings-file ./settings-replica.yaml update
```
Apply project settings (at the moment, this disables wikis and issue tracking
for any projects that have turned it on):
......
......@@ -26,7 +26,7 @@ from gitlab_settings.util import diffsettings
@click.option(
'--instance',
default='https://gitlab.wikimedia.org',
help='Instance to configure.'
help='URL of instance to configure.'
)
@click.option(
......@@ -36,9 +36,19 @@ from gitlab_settings.util import diffsettings
'Better idea: Set GITLAB_TOKEN in environment.'
)
@click.option(
'--settings-file',
default='settings.yaml',
type=click.File(),
help='Path to YAML file containing settings.'
)
@click.pass_context
def cli(ctx, instance, token):
def cli(ctx, instance, token, settings_file):
"""
Configure a GitLab instance from settings.yaml
"""
ctx.obj['instance'] = instance
ctx.obj['url'] = ctx.obj['instance'] + '/api/v4/application/settings'
ctx.obj['token'] = token
......@@ -47,6 +57,8 @@ def cli(ctx, instance, token):
'PRIVATE-TOKEN': ctx.obj['token']
}
ctx.obj['settings_file'] = settings_file
@click.command()
@click.pass_context
def view(ctx):
......@@ -69,9 +81,8 @@ def diff(ctx):
req.raise_for_status()
original_instance_settings = req.json()
# Get the settings we want to apply from YAML file in the repo:
with open('settings.yaml') as f:
local_settings = yaml.safe_load(f)
# Get the settings we want to apply from specified YAML file:
local_settings = yaml.safe_load(ctx.obj['settings_file'])
click.echo("Difference between local settings file and instance settings:")
......@@ -91,9 +102,8 @@ def update(ctx):
sys.exit()
original_instance_settings = req.json()
# Get the settings we want to apply from YAML file in the repo:
with open('settings.yaml') as f:
local_settings = yaml.safe_load(f)
# Get the settings we want to apply from specified YAML file:
local_settings = yaml.safe_load(ctx.obj['settings_file'])
click.echo()
click.echo("Difference between local settings file and instance settings:")
......
# Settings for backup Wikimedia production GitLab instance, gitlab2001,
# at https://gitlab-replica.wikimedia.org/
#
# Settings reference: https://docs.gitlab.com/ce/api/settings.html
#
# True / false values here should be booleans - necessary type juggling to turn
# these into strings for the API is handled in the script.
#
# Settings not modeled here:
#
# - Accept Let's Encrypt ToS: Admin Area, Settings, Preferences, Pages, I have
# read and agree to the Let's Encrypt Terms of Service: checked
# Disable public sign up: Admin Area, Settings, General, Sign-up restrictions,
# Sign-up enabled: unchecked
signup_enabled: false
# Set up logout redirection: Admin Area, Settings, General, Sign-in
# restrictions, After sign-out path: https://<IDP server>/logout, where <IDP
# server> is the base URL of the CAS server, like idp.wmcloud.org or
# idp.wikimedia.org
after_sign_out_path: "https://idp.wikimedia.org/logout"
# Set up private commit emails hostname: Admin Area, Settings, Preferences,
# Email, Custom hostname (for private commit emails):
# users.noreply.<gitlab.domain>, where <gitlab domain> is the base URL of the
# GitLab server, like gitlab.wikimedia.org
commit_email_hostname: "users.noreply.gitlab.wikimedia.org"
# Set up Password authentication: Admin Area, Settings, Sign-in restrictions,
# Password authentication enabled for web interface: unchecked
password_authentication_enabled_for_web: false
# Set up Git over https Password authentication: Admin Area, Settings, Sign-in
# restrictions, Password authentication enabled for Git over HTTP(S): unchecked
password_authentication_enabled_for_git: false
# Disable third party offers: Admin Area, Settings, General, Third party
# offers, Do not display offers from third parties within GitLab: checked
hide_third_party_offers: true
# Default branch name: Admin Area, Settings, Repository, Default initial branch name: set to main
default_branch_name: "main"
# Restrict unauthenticated requests: Admin Area, Settings, Network, User and IP
# Rate Limits, Enable unauthenticated request rate limit: checked
throttle_unauthenticated_enabled: false
throttle_unauthenticated_period_in_seconds: 3600
throttle_unauthenticated_requests_per_period: 3600
# Restrict outbound requests: Admin Area, Settings, Network, Outbound requests,
# Allow requests to the local network from web hooks and services: unchecked
allow_local_requests_from_hooks_and_services: false
# Restrict outbound requests: Admin Area, Settings, Network, Outbound requests,
# Allow requests to the local network from system hooks: unchecked
allow_local_requests_from_system_hooks: false
# Restrict protected paths: Admin Area, Settings, Network, Protected Paths,
# Enable protected paths rate limit: checked
throttle_protected_paths_enabled: true
# Enable Prometheus metrics: Admin Area, Settings, Metrics and profiling,
# Metrics - Prometheus, Enable Prometheus Metrics: checked
prometheus_metrics_enabled: true
# Disable Auto DevOps pipeline: Admin Area, Settings, CI/CD, Continuous
# Integration and Deployment, Default to Auto DevOps pipeline for all projects:
# unchecked
auto_devops_enabled: false
# Set abuse reports email: Admin Area, Settings, Reporting, Abuse reports,
# Abuse reports notification email: set to external abuse reports email
abuse_notification_email: "bbearnes@wikimedia.org"
# Set up RSA SSH keys: Admin Area, Settings, General, Visibility and access
# controls, RSA SSH keys: select must be at least 2048 bits
rsa_key_restriction: 2048
# Forbid DSA SSH keys: Admin Area, Settings, General, Visibility and access
# controls, DSA SSH keys: select are forbidden
dsa_key_restriction: -1
# Disable being OAuth provider: Admin Area, Settings, General, Account and
# limit, Allow users to register any application to use GitLab as an OAuth
# provider: unchecked
user_oauth_applications: false
# Turn off Gravatar for privacy / data exfiltration reasons:
# Admin Area, Settings, Account and Limit, Gravatar enabled unchecked
gravatar_enabled: false
# Set /explore as the default landing page for non-signed-in users - a better
# experience than being immediately sent to a login form:
home_page_url: "https://gitlab-replica.wikimedia.org/explore"
# Restrict available visibility levels for new projection creation to public:
restricted_visibility_levels:
- internal
- private
# Set default project & group visibility to public:
# Admin area, Settings, Visibility and access controls
default_project_visibility: "public"
default_group_visibility: "public"
# List of accepted import sources: Admin Area, Settings, General, Visibility
# and access controls, Import sources:
import_sources:
- github
- bitbucket
- bitbucket_server
- gitlab
- google_code
- fogbugz
- git
- gitlab_project
- gitea
- manifest
- phabricator
# Settings for primary Wikimedia production GitLab instance, gitlab1001,
# at https://gitlab.wikimedia.org/
#
# Settings reference: https://docs.gitlab.com/ce/api/settings.html
#
# True / false values here should be booleans - necessary type juggling to turn
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment