Set Git/HTTP auth policy at init for LDAP, OAUTH

When migrating to Gerrit 2.14, users on LDAP and OAuth want to be
aware that a decision needs to be made on whether the Gerrit HTTP
password should be used or not during Git/HTTP authentication.

Not making any choice during upgrade, would have the effect of
just using the default value, which may not be compatible with the
user's needs and expectations, leading to failures after upgrade.

This is what happened to early adopter of Gerrit 2.14 + OAuth:
https://github.com/davido/gerrit-oauth-provider/issues/88

Bug: Issue 6034
Change-Id: Iaa6677e95cc1a3e88e9987fc226abefe26603587

1 files changed, 28 insertions, 2 deletions

diff --git a/gerrit-pgm/src/main/java/com/google/gerrit/pgm/init/InitAuth.java b/gerrit-pgm/src/main/java/com/google/gerrit/pgm/init/InitAuth.java
index 368cf7fa8a..a52d8ba096 100644
--- a/gerrit-pgm/src/main/java/com/google/gerrit/pgm/init/InitAuth.java
+++ b/gerrit-pgm/src/main/java/com/google/gerrit/pgm/init/InitAuth.java
@@ -14,9 +14,14 @@
 
 package com.google.gerrit.pgm.init;
 
+import static com.google.gerrit.extensions.client.GitBasicAuthPolicy.HTTP;
+import static com.google.gerrit.extensions.client.GitBasicAuthPolicy.HTTP_LDAP;
+import static com.google.gerrit.extensions.client.GitBasicAuthPolicy.LDAP;
+import static com.google.gerrit.extensions.client.GitBasicAuthPolicy.OAUTH;
 import static com.google.gerrit.pgm.init.api.InitUtil.dnOf;
 
 import com.google.gerrit.extensions.client.AuthType;
+import com.google.gerrit.extensions.client.GitBasicAuthPolicy;
 import com.google.gerrit.pgm.init.api.ConsoleUI;
 import com.google.gerrit.pgm.init.api.InitFlags;
 import com.google.gerrit.pgm.init.api.InitStep;
@@ -24,6 +29,7 @@ import com.google.gerrit.pgm.init.api.Section;
 import com.google.gwtjsonrpc.server.SignedToken;
 import com.google.inject.Inject;
 import com.google.inject.Singleton;
+import java.util.EnumSet;
 
 /** Initialize the {@code auth} configuration section. */
 @Singleton
@@ -78,12 +84,32 @@ class InitAuth implements InitStep {
           break;
         }
 
+      case LDAP:
+        {
+          auth.select(
+              "Git/HTTP authentication",
+              "gitBasicAuthPolicy",
+              HTTP,
+              EnumSet.of(HTTP, HTTP_LDAP, LDAP));
+          break;
+        }
+      case OAUTH:
+        {
+          GitBasicAuthPolicy gitBasicAuth =
+              auth.select(
+                  "Git/HTTP authentication", "gitBasicAuthPolicy", HTTP, EnumSet.of(HTTP, OAUTH));
+
+          if (gitBasicAuth == OAUTH) {
+            ui.message(
+                "*WARNING* Please make sure that your chosen OAuth provider\n"
+                    + "supports Git token authentication.\n");
+          }
+          break;
+        }
       case CLIENT_SSL_CERT_LDAP:
       case CUSTOM_EXTENSION:
       case DEVELOPMENT_BECOME_ANY_ACCOUNT:
-      case LDAP:
       case LDAP_BIND:
-      case OAUTH:
       case OPENID:
       case OPENID_SSO:
         break;