Make it configurable whether the first user should become admin
By default the first user that logs in to Gerrit automatically becomes administrator. This is useful to bootstrap the authentication database. However in automated server setups it should be controlled explicitly who becomes admin and then it makes sense to disable this functionality. The default behaviour (make the first user admin) is not changed. Change-Id: Ic9778824e96ce4f61d974412aaaa6b40e6b465ba Signed-off-by: Edwin Kempin <ekempin@google.com>
This commit is contained in:
Edwin Kempin
@@ -970,10 +970,10 @@ Default is the number of CPUs.
|
||||
[[capability.administrateServer]]capability.administrateServer::
|
||||
+
|
||||
Names of groups of users that are allowed to exercise the
|
||||
administrateServer capability, in addition to those listed in
|
||||
`administrateServer` capability, in addition to those listed in
|
||||
All-Projects. Configuring this option can be a useful fail-safe
|
||||
to recover a server in the event an administrator removed all
|
||||
groups from the administrateServer capability, or to ensure that
|
||||
groups from the `administrateServer` capability, or to ensure that
|
||||
specific groups always have administration capabilities.
|
||||
+
|
||||
----
|
||||
@@ -987,7 +987,16 @@ name. If a group cannot be found for the configured name a warning
|
||||
is logged and the server will continue normal startup.
|
||||
+
|
||||
If not specified (default), only the groups listed by All-Projects
|
||||
may use the administrateServer capability.
|
||||
may use the `administrateServer` capability.
|
||||
|
||||
[[capability.makeFirstUserAdmin]]capability.makeFirstUserAdmin::
|
||||
+
|
||||
Whether the first user that logs in to the Gerrit server should
|
||||
automatically be added to the administrator group and hence get the
|
||||
`administrateServer` capability assigned. This is useful to bootstrap
|
||||
the authentication database.
|
||||
+
|
||||
Default is true.
|
||||
|
||||
|
||||
[[change]]
|
||||
|
||||
@@ -30,6 +30,7 @@ import com.google.gerrit.server.IdentifiedUser;
|
||||
import com.google.gerrit.server.account.externalids.ExternalId;
|
||||
import com.google.gerrit.server.account.externalids.ExternalIds;
|
||||
import com.google.gerrit.server.account.externalids.ExternalIdsUpdate;
|
||||
import com.google.gerrit.server.config.GerritServerConfig;
|
||||
import com.google.gerrit.server.project.ProjectCache;
|
||||
import com.google.gerrit.server.query.account.InternalAccountQuery;
|
||||
import com.google.gwtorm.server.OrmException;
|
||||
@@ -43,6 +44,7 @@ import java.util.Collections;
|
||||
import java.util.Optional;
|
||||
import java.util.concurrent.atomic.AtomicBoolean;
|
||||
import org.eclipse.jgit.errors.ConfigInvalidException;
|
||||
import org.eclipse.jgit.lib.Config;
|
||||
import org.slf4j.Logger;
|
||||
import org.slf4j.LoggerFactory;
|
||||
|
||||
@@ -69,6 +71,7 @@ public class AccountManager {
|
||||
@Inject
|
||||
AccountManager(
|
||||
SchemaFactory<ReviewDb> schema,
|
||||
@GerritServerConfig Config cfg,
|
||||
Accounts accounts,
|
||||
AccountsUpdate.Server accountsUpdateFactory,
|
||||
AccountCache byIdCache,
|
||||
@@ -90,7 +93,8 @@ public class AccountManager {
|
||||
this.userFactory = userFactory;
|
||||
this.changeUserNameFactory = changeUserNameFactory;
|
||||
this.projectCache = projectCache;
|
||||
this.awaitsFirstAccountCheck = new AtomicBoolean(true);
|
||||
this.awaitsFirstAccountCheck =
|
||||
new AtomicBoolean(cfg.getBoolean("capability", "makeFirstUserAdmin", true));
|
||||
this.auditService = auditService;
|
||||
this.accountQueryProvider = accountQueryProvider;
|
||||
this.externalIds = externalIds;
|
||||
|
||||
Reference in New Issue
Block a user