@@ -1352,7 +1352,7 @@ private function deployGitlabUsersAndGroups(array $config, string $gitlabInstanc
13521352 continue ;
13531353 }
13541354
1355- if ($ this ->in_array_i ($ gitlabUserName , $ this -> getBuiltInUserNames ())) {
1355+ if ($ this ->in_array_i ($ gitlabUserName , self :: getBuiltInUserNames ())) {
13561356 $ this ->logger ?->info(sprintf ("User \"%s \" in built in ignore list. " , $ gitlabUserName ));
13571357 continue ;
13581358 }
@@ -1373,7 +1373,7 @@ private function deployGitlabUsersAndGroups(array $config, string $gitlabInstanc
13731373 // Create directory users of which don't exist in Gitlab
13741374 $ this ->logger ?->notice("Creating directory users of which don't exist in Gitlab... " );
13751375 foreach ($ ldapUsers as $ ldapUserName => $ ldapUserDetails ) {
1376- if ($ this ->in_array_i ($ ldapUserName , $ this -> getBuiltInUserNames ())) {
1376+ if ($ this ->in_array_i ($ ldapUserName , self :: getBuiltInUserNames ())) {
13771377 $ this ->logger ?->info(sprintf ("User \"%s \" in built in ignore list. " , $ ldapUserName ));
13781378 continue ;
13791379 }
@@ -1470,7 +1470,7 @@ private function deployGitlabUsersAndGroups(array $config, string $gitlabInstanc
14701470 continue ;
14711471 }
14721472
1473- if ($ this ->in_array_i ($ gitlabUserName , $ this -> getBuiltInUserNames ())) {
1473+ if ($ this ->in_array_i ($ gitlabUserName , self :: getBuiltInUserNames ())) {
14741474 $ this ->logger ?->info(sprintf ("User \"%s \" in built in ignore list. " , $ gitlabUserName ));
14751475 continue ;
14761476 }
@@ -1616,11 +1616,16 @@ private function deployGitlabUsersAndGroups(array $config, string $gitlabInstanc
16161616 continue ;
16171617 }
16181618
1619- if ($ this ->in_array_i ($ gitlabGroupName , $ this -> getBuiltInGroups ())) {
1619+ if ($ this ->in_array_i ($ gitlabGroupName , static :: getBuiltInGroups ())) {
16201620 $ this ->logger ?->info(sprintf ("Group \"%s \" in built-in ignore list. " , $ gitlabGroupName ));
16211621 continue ;
16221622 }
16231623
1624+ if ($ this ->in_array_i ($ gitlabGroupName , static ::getReservedGroups ())) {
1625+ $ this ->logger ?->warning(sprintf ("Group \"%s \" in built-in reserved list. " , $ gitlabGroupName ));
1626+ continue ;
1627+ }
1628+
16241629 $ this ->logger ?->info(sprintf ("Found Gitlab group #%d \"%s \" [%s]. " , $ gitlabGroupId , $ gitlabGroupName , $ gitlabGroupPath ));
16251630 if (isset ($ groupsSync ["found " ][$ gitlabGroupId ]) || $ this ->in_array_i ($ gitlabGroupName , $ groupsSync ["found " ])) {
16261631 $ this ->logger ?->warning(sprintf ("Duplicate Gitlab group %d \"%s \" [%s]. " , $ gitlabGroupId , $ gitlabGroupName , $ gitlabGroupPath ));
@@ -1637,11 +1642,16 @@ private function deployGitlabUsersAndGroups(array $config, string $gitlabInstanc
16371642 // Create directory groups of which don't exist in Gitlab
16381643 $ this ->logger ?->notice("Creating directory groups of which don't exist in Gitlab... " );
16391644 foreach ($ ldapGroupsSafe as $ ldapGroupName => $ ldapGroupMembers ) {
1640- if ($ this ->in_array_i ($ ldapGroupName , $ this -> getBuiltInGroups ())) {
1645+ if ($ this ->in_array_i ($ ldapGroupName , static :: getBuiltInGroups ())) {
16411646 $ this ->logger ?->info(sprintf ("Group \"%s \" in built-in ignore list. " , $ ldapGroupName ));
16421647 continue ;
16431648 }
16441649
1650+ if ($ this ->in_array_i ($ ldapGroupName , static ::getReservedGroups ())) {
1651+ $ this ->logger ?->warning(sprintf ("Group \"%s \" in built-in reserved list. " , $ ldapGroupName ));
1652+ continue ;
1653+ }
1654+
16451655 if ($ this ->in_array_i ($ ldapGroupName , $ config ["gitlab " ]["options " ]["groupNamesToIgnore " ])) {
16461656 $ this ->logger ?->info(sprintf ("Group \"%s \" in ignore list. " , $ ldapGroupName ));
16471657 continue ;
@@ -1676,11 +1686,16 @@ private function deployGitlabUsersAndGroups(array $config, string $gitlabInstanc
16761686 // Delete Gitlab groups of which don't exist in directory
16771687 $ this ->logger ?->notice("Deleting Gitlab groups of which don't exist in directory... " );
16781688 foreach ($ groupsSync ["found " ] as $ gitlabGroupId => $ gitlabGroupName ) {
1679- if ($ this ->in_array_i ($ gitlabGroupName , $ this -> getBuiltInGroups ())) {
1689+ if ($ this ->in_array_i ($ gitlabGroupName , static :: getBuiltInGroups ())) {
16801690 $ this ->logger ?->info(sprintf ("Group \"%s \" in built-in ignore list. " , $ gitlabGroupName ));
16811691 continue ;
16821692 }
16831693
1694+ if ($ this ->in_array_i ($ gitlabGroupName , static ::getReservedGroups ())) {
1695+ $ this ->logger ?->warning(sprintf ("Group \"%s \" in built-in reserved list. " , $ gitlabGroupName ));
1696+ continue ;
1697+ }
1698+
16841699 if ($ this ->in_array_i ($ gitlabGroupName , $ config ["gitlab " ]["options " ]["groupNamesToIgnore " ])) {
16851700 $ this ->logger ?->info(sprintf ("Group \"%s \" in ignore list. " , $ gitlabGroupName ));
16861701 continue ;
@@ -1728,11 +1743,16 @@ private function deployGitlabUsersAndGroups(array $config, string $gitlabInstanc
17281743 continue ;
17291744 }
17301745
1731- if ($ this ->in_array_i ($ gitlabGroupName , $ this -> getBuiltInGroups ())) {
1746+ if ($ this ->in_array_i ($ gitlabGroupName , static :: getBuiltInGroups ())) {
17321747 $ this ->logger ?->info(sprintf ("Group \"%s \" in built-in ignore list. " , $ gitlabGroupName ));
17331748 continue ;
17341749 }
17351750
1751+ if ($ this ->in_array_i ($ gitlabGroupName , static ::getReservedGroups ())) {
1752+ $ this ->logger ?->warning(sprintf ("Group \"%s \" in built-in reserved list. " , $ gitlabGroupName ));
1753+ continue ;
1754+ }
1755+
17361756 if ($ this ->in_array_i ($ gitlabGroupName , $ config ["gitlab " ]["options " ]["groupNamesToIgnore " ])) {
17371757 $ this ->logger ?->info(sprintf ("Group \"%s \" in ignore list. " , $ gitlabGroupName ));
17381758 continue ;
@@ -1780,11 +1800,16 @@ private function deployGitlabUsersAndGroups(array $config, string $gitlabInstanc
17801800
17811801 $ this ->logger ?->notice("Synchronising Gitlab group members with directory group members... " );
17821802 foreach ($ groupsToSyncMembership as $ gitlabGroupId => $ gitlabGroupName ) {
1783- if ($ this ->in_array_i ($ gitlabGroupName , $ this -> getBuiltInGroups ())) {
1803+ if ($ this ->in_array_i ($ gitlabGroupName , static :: getBuiltInGroups ())) {
17841804 $ this ->logger ?->info(sprintf ("Group \"%s \" in built-in ignore list. " , $ gitlabGroupName ));
17851805 continue ;
17861806 }
17871807
1808+ if ($ this ->in_array_i ($ gitlabGroupName , static ::getReservedGroups ())) {
1809+ $ this ->logger ?->warning(sprintf ("Group \"%s \" in built-in reserved list. " , $ gitlabGroupName ));
1810+ continue ;
1811+ }
1812+
17881813 if ($ this ->in_array_i ($ gitlabGroupName , $ config ["gitlab " ]["options " ]["groupNamesToIgnore " ])) {
17891814 $ this ->logger ?->info(sprintf ("Group \"%s \" in ignore list. " , $ gitlabGroupName ));
17901815 continue ;
@@ -1866,11 +1891,16 @@ private function deployGitlabUsersAndGroups(array $config, string $gitlabInstanc
18661891 continue ;
18671892 }
18681893
1869- if ($ this ->in_array_i ($ gitlabUserName , $ this -> getBuiltInUserNames ())) {
1894+ if ($ this ->in_array_i ($ gitlabUserName , self :: getBuiltInUserNames ())) {
18701895 $ this ->logger ?->info(sprintf ("User \"%s \" in built in ignore list. " , $ gitlabUserName ));
18711896 continue ;
18721897 }
18731898
1899+ if ($ this ->in_array_i ($ gitlabUserName , $ config ["gitlab " ]["options " ]["userNamesToIgnore " ])) {
1900+ $ this ->logger ?->info(sprintf ("User \"%s \" in ignore list. " , $ gitlabUserName ));
1901+ continue ;
1902+ }
1903+
18741904 $ this ->logger ?->info(sprintf ("Found Gitlab group member #%d \"%s \". " , $ gitlabUserId , $ gitlabUserName ));
18751905 if (isset ($ userGroupMembersSync ["found " ][$ gitlabUserId ]) || $ this ->in_array_i ($ gitlabUserName , $ userGroupMembersSync ["found " ])) {
18761906 $ this ->logger ?->warning(sprintf ("Duplicate Gitlab group member #%d \"%s \". " , $ gitlabUserId , $ gitlabUserName ));
@@ -2028,7 +2058,7 @@ private function generateRandomPassword(int $length): string
20282058 * Get a list of built-in user names, of which should be ignored by this application.
20292059 * @return string[]
20302060 */
2031- private function getBuiltInUserNames (): array
2061+ private static function getBuiltInUserNames (): array
20322062 {
20332063 return ["root " , "ghost " , "support-bot " , "alert-bot " ];
20342064 }
@@ -2037,11 +2067,66 @@ private function getBuiltInUserNames(): array
20372067 * Get a list of built-in group names, of which should be ignored by this application.
20382068 * @return string[]
20392069 */
2040- private function getBuiltInGroups (): array
2070+ private static function getBuiltInGroups (): array
20412071 {
20422072 return ["root " , "lost-and-found " , "Users " ];
20432073 }
20442074
2075+ /**
2076+ * Get a list of reserved group names, of which must be ignored by this application.
2077+ * (The list is different for root and sub groups.)
2078+ * @see https://docs.gitlab.com/ee/user/reserved_names.html
2079+ * @param bool $isRootGroup Get the list
2080+ * @return string[]
2081+ */
2082+ private static function getReservedGroups (bool $ isRootGroup = true ): array
2083+ {
2084+ return $ isRootGroup
2085+ ? [
2086+ "\\- " ,
2087+ ".well-known " ,
2088+ "404.html " ,
2089+ "422.html " ,
2090+ "500.html " ,
2091+ "502.html " ,
2092+ "503.html " ,
2093+ "admin " ,
2094+ "api " ,
2095+ "apple-touch-icon.png " ,
2096+ "assets " ,
2097+ "dashboard " ,
2098+ "deploy.html " ,
2099+ "explore " ,
2100+ "favicon.ico " ,
2101+ "favicon.png " ,
2102+ "files " ,
2103+ "groups " ,
2104+ "health_check " ,
2105+ "help " ,
2106+ "import " ,
2107+ "jwt " ,
2108+ "login " ,
2109+ "oauth " ,
2110+ "profile " ,
2111+ "projects " ,
2112+ "public " ,
2113+ "robots.txt " ,
2114+ "s " ,
2115+ "search " ,
2116+ "sitemap " ,
2117+ "sitemap.xml " ,
2118+ "sitemap.xml.gz " ,
2119+ "slash-command-logo.png " ,
2120+ "snippets " ,
2121+ "unsubscribes " ,
2122+ "uploads " ,
2123+ "users " ,
2124+ "v2 " ,
2125+ ]
2126+ : ["\\- " ]
2127+ ;
2128+ }
2129+
20452130 /**
20462131 * Wait a bit of time between each Gitlab API request to avoid HTTP 500 errors when doing too many requests in a short time.
20472132 * @return void
0 commit comments