Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

gitlab auth looks broken on 7.3.0

See original GitHub issue

Issue Summary Auth via gitlab returns "Error: User freeseacher is not authorized "

Environment

OS: alpine 3.9
API version: 7.3
Deployment: self-hosted
For self-hosted, WSGI environment: nginx/uwsgi
Database:MongoDB
Server config: Auth enabled? Yes Auth provider? Gitlab OpenID Customer views? No config.json

{
    "endpoint": "/api",
    "provider": "gitlab",
    "client_id": "d7ae5171fc22638289598e3a2e65082b9c42a5a29d01056d0e3bb26300f0c218",
    "gitlab_url": "https://code.getnoc.com",
    "colors": {
        "severity": {
            "fatal": "#000000",
            "critical": "#D8122A",
            "major": "#EA680F",
            "minor": "#FFBE1E",
            "warning": "#BA2222",
            "indeterminate": "#A6ACA8",
            "cleared": "#00AA5A",
            "normal": "#00AA5A",
            "ok": "#00AA5A",
            "informational": "#00A1BC",
            "debug": "#9D006D",
            "security": "#333333",
            "unknown": "#A6ACA8"
        },
        "text": "white",
        "highlight": "lightgray"
    },
    "severity": {
        "fatal": 0
    },
    "dates": {
        "shortTime": "shortTime",
        "mediumDate": "medium",
        "longDate": "EEEE, MMMM d, yyyy h:mm:ss.sss a (Z)"
    },
    "audio": {
        "new": "/audio/Bike Horn.mp3"
    },
    "refresh_interval": 30000
}

web UI version: 7.3.0
CLI version: 7.3.0

To Reproduce Steps to reproduce the behavior:

gitlab config

cat /etc/alertad.conf 
DEBUG = True
BASE_URL = '/api'
SECRET_KEY = "xxxxx"
OAUTH2_CLIENT_ID = 'd7ae5171fc22638289598e3a2e65082b9c42a5a29d01056d0e3bb26300f0c218'
OAUTH2_CLIENT_SECRET = 'xxxx'
API_KEY_EXPIRE_DAYS = 365
ADMIN_USERS=['freeseacher']
ALLOWED_ENVIRONMENTS=['production','development','infrastructure','Production','Development','Infrastructure']
ALLOWED_GITLAB_GROUPS = ['sova']
AUTH_PROVIDER = 'gitlab'

cat /etc/nginx/conf.d/alerta.conf


server {
    listen 80 default_server;
    listen [::]:80 default_server;

    access_log /dev/stdout;
    error_log /dev/stderr;

    client_max_body_size 50m;

    root /app;

    location /api {
        proxy_pass http://alerta:8080;
        proxy_read_timeout 600;
        gzip on;
        gzip_types text/css text/x-js;
        proxy_set_header Host $http_host;
        proxy_set_header X-Scheme $scheme;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;

    }

    location / {
        try_files $uri $uri/ /index.html;
    }
}

as far as i can see https://github.com/alerta/alerta/blob/0e442dcaa5df8391eded285857c09d203bb66413/alerta/auth/oidc.py#L135 roles here evaluated to “user” user.domain to [...,'sova', ...]

gitlab 12.0.3

Issue Analytics

State:
Created 4 years ago
Comments:8 (7 by maintainers)

Top GitHub Comments

1reaction

vykulakovcommented, Aug 6, 2019

I use GitLab OAuth with recent versions of Alerta Server and Alerta WEB UI and I don’t have any problems with auth process (except it doesn’t work in Firefox). My user is also admin and the configuration is very similar. I’m experimenting now with a local server, but soon I’ll deploy upgraded Alerta on prod and may give you some information about auth there.

0reactions

satterlycommented, Aug 10, 2019

Closing due to inactivity. If you believe this issue has been closed prematurely please provide more information to help progress the issue. If you do not know what is expected you can ask on Gitter chat.