Page MenuHomePhabricator

Create oauth providers (and initial user) from CLI?
Closed, WontfixPublic


I'm sure I'm missing something, but I can't find it.

It would be phenomenally helpful to be able to configure OAuth providers and local admin users from the command-line rather than having to go through the UI. It's the only step to a deployment that I cannot figure out how to automate yet.

I considered directly inserting a row into auth_providerconfig, but I thought that one of the Phacility guys might be tempted to fly to chicago and slap the shit out of me.

Related Objects

Event Timeline

davidressman raised the priority of this task from to Needs Triage.
davidressman updated the task description. (Show Details)
davidressman added a project: Phabricator.
davidressman added a subscriber: davidressman.

I think you can create the initial user account with scripts/user/add_user.php, although that might be a bit out of date by now since I think it doesn't have many use cases on modern installs.

Can you walk me through the process a little more? Are you automating deployment of empty Phabricators in order to do integration testing or something like that? (If so, why does it need auth providers?)

Offhand, a reasonable approach might be to prepare a database in the correct state, dump it, and then load that before doing bin/storage upgrade? This will be slightly cumbersome to update, but will give you the general ability to configure deployments into an arbitrary state. Theoretically, this is safe against schema changes and such since you can load the dump, run bin/storage upgrade to modernize it, adjust anything you want to, then dump it again. It's safe to assume that we will always store the database state in the database itself so workflows like this work and a database dump always has enough information for Phabricator to determine how to upgrade it.

We could probably give you "real" CLI access to providers, but every one is special and different so I think the API would end up being about one step away from just running INSERT INTO ... or shipping around configuration in a database dump.

Generally, I think auth_providerconfig is pretty stable, so I promise I won't slap you if you insert into it directly unless you later complain should we slightly adjust the schema. :)

chad triaged this task as Low priority.Jun 20 2014, 6:09 PM

I didn't just see this until now. Many apologies!

Really the only use case here is that our lawyers' interpretation of some regulations require us to store a couple of groups in separate databases via storage.default-namespace (although the same host and instance of mysql is fine). We're just looking to automate the process some. It's no biggie to insert the row into the table. I just wanted to make sure it wasn't going to make anyone ANGRY.

epriestley claimed this task.

We haven't seen more requests for this in some time, and dumping the database state is a reasonable solution in the general case (running bin/storage upgrade will always bring an old dump up to date, and we try to migrate and respect settings in almost all cases). If we did see more similar requests, I'd probably favor just documenting that as the recommended approach.

We were trying to set this up today. We wanted to have a fully dockerized Phabricator setup for internal use, and need to add LDAP auth provider as the only non-automated step. It's not the end of the world though, but in case someone else wants this maybe a command line tool would be ok.