public static final String GITLAB_AUTH_APPLICATION_ID = "sonar.auth.gitlab.applicationId.secured";
public static final String GITLAB_AUTH_SECRET = "sonar.auth.gitlab.secret.secured";
public static final String GITLAB_AUTH_ALLOW_USERS_TO_SIGNUP = "sonar.auth.gitlab.allowUsersToSignUp";
+ public static final String GITLAB_AUTH_ALLOWED_GROUPS = "sonar.auth.gitlab.allowedGroups";
public static final String GITLAB_AUTH_SYNC_USER_GROUPS = "sonar.auth.gitlab.groupsSync";
public static final String GITLAB_AUTH_PROVISIONING_TOKEN = "provisioning.gitlab.token.secured";
- public static final String GITLAB_AUTH_PROVISIONING_GROUPS = "provisioning.gitlab.groups";
public static final String GITLAB_AUTH_PROVISIONING_ENABLED = "provisioning.gitlab.enabled";
private static final String CATEGORY = "authentication";
return configuration.getBoolean(GITLAB_AUTH_ALLOW_USERS_TO_SIGNUP).orElse(false);
}
+ public Set<String> allowedGroups() {
+ return Set.of(configuration.getStringArray(GITLAB_AUTH_ALLOWED_GROUPS));
+ }
+
public boolean syncUserGroups() {
return configuration.getBoolean(GITLAB_AUTH_SYNC_USER_GROUPS).orElse(false);
}
return configuration.get(GITLAB_AUTH_PROVISIONING_TOKEN).map(Strings::emptyToNull).orElse(null);
}
- public Set<String> provisioningGroups() {
- return Set.of(configuration.getStringArray(GITLAB_AUTH_PROVISIONING_GROUPS));
- }
-
@Override
public String getDevOpsPlatform() {
return ALM.GITLAB.getId();
.defaultValue(valueOf(true))
.index(5)
.build(),
+ PropertyDefinition.builder(GITLAB_AUTH_ALLOWED_GROUPS)
+ .name("Groups allowed")
+ .description("Only members of these groups (and sub-groups) will be allowed to authenticate. " +
+ "Please enter the group slug as it appears in the GitLab URL, for instance `my-gitlab-group`. " +
+ "If you use Auto-provisioning, only members of these groups (and sub-groups) will be provisioned")
+ .multiValues(true)
+ .category(CATEGORY)
+ .subCategory(SUBCATEGORY)
+ .index(6)
+ .build(),
PropertyDefinition.builder(GITLAB_AUTH_SYNC_USER_GROUPS)
.deprecatedKey("sonar.auth.gitlab.sync_user_groups")
.name("Synchronize user groups")
.subCategory(SUBCATEGORY)
.type(PropertyType.BOOLEAN)
.defaultValue(valueOf(false))
- .index(6)
+ .index(7)
.build(),
PropertyDefinition.builder(GITLAB_AUTH_PROVISIONING_TOKEN)
.name("Provisioning token")
.category(CATEGORY)
.subCategory(SUBCATEGORY)
.type(PASSWORD)
- .index(7)
- .build(),
- PropertyDefinition.builder(GITLAB_AUTH_PROVISIONING_GROUPS)
- .name("Groups")
- .description("Only members of these groups (and sub-groups) will be provisioned." +
- " Please enter the group slug as it appears in the GitLab URL, for instance `my-gitlab-group`.")
- .multiValues(true)
- .category(CATEGORY)
- .subCategory(SUBCATEGORY)
.index(8)
.build(),
PropertyDefinition.builder(GITLAB_AUTH_PROVISIONING_ENABLED)
import org.sonar.api.utils.System2;
import static org.assertj.core.api.Assertions.assertThat;
+import static org.sonar.auth.gitlab.GitLabSettings.GITLAB_AUTH_ALLOWED_GROUPS;
import static org.sonar.auth.gitlab.GitLabSettings.GITLAB_AUTH_ALLOW_USERS_TO_SIGNUP;
import static org.sonar.auth.gitlab.GitLabSettings.GITLAB_AUTH_APPLICATION_ID;
import static org.sonar.auth.gitlab.GitLabSettings.GITLAB_AUTH_ENABLED;
import static org.sonar.auth.gitlab.GitLabSettings.GITLAB_AUTH_PROVISIONING_ENABLED;
-import static org.sonar.auth.gitlab.GitLabSettings.GITLAB_AUTH_PROVISIONING_GROUPS;
import static org.sonar.auth.gitlab.GitLabSettings.GITLAB_AUTH_PROVISIONING_TOKEN;
import static org.sonar.auth.gitlab.GitLabSettings.GITLAB_AUTH_SECRET;
import static org.sonar.auth.gitlab.GitLabSettings.GITLAB_AUTH_SYNC_USER_GROUPS;
settings.setProperty(GITLAB_AUTH_PROVISIONING_TOKEN, "token");
assertThat(config.provisioningToken()).isEqualTo("token");
- settings.setProperty(GITLAB_AUTH_PROVISIONING_GROUPS, new String[] {"Group1", "Group2"});
- assertThat(config.provisioningGroups()).containsExactlyInAnyOrder("Group1", "Group2");
+ settings.setProperty(GITLAB_AUTH_ALLOWED_GROUPS, new String[] {"Group1", "Group2"});
+ assertThat(config.allowedGroups()).containsExactlyInAnyOrder("Group1", "Group2");
assertThat(config.isProvisioningEnabled()).isFalse();
settings.setProperty(GITLAB_AUTH_PROVISIONING_ENABLED, true);
import static org.mockito.Mockito.when;
import static org.sonar.alm.client.gitlab.GitlabGlobalSettingsValidator.ValidationMode.AUTH_ONLY;
import static org.sonar.alm.client.gitlab.GitlabGlobalSettingsValidator.ValidationMode.COMPLETE;
+import static org.sonar.auth.gitlab.GitLabSettings.GITLAB_AUTH_ALLOWED_GROUPS;
import static org.sonar.auth.gitlab.GitLabSettings.GITLAB_AUTH_ALLOW_USERS_TO_SIGNUP;
import static org.sonar.auth.gitlab.GitLabSettings.GITLAB_AUTH_APPLICATION_ID;
import static org.sonar.auth.gitlab.GitLabSettings.GITLAB_AUTH_ENABLED;
import static org.sonar.auth.gitlab.GitLabSettings.GITLAB_AUTH_PROVISIONING_ENABLED;
-import static org.sonar.auth.gitlab.GitLabSettings.GITLAB_AUTH_PROVISIONING_GROUPS;
import static org.sonar.auth.gitlab.GitLabSettings.GITLAB_AUTH_PROVISIONING_TOKEN;
import static org.sonar.auth.gitlab.GitLabSettings.GITLAB_AUTH_SECRET;
import static org.sonar.auth.gitlab.GitLabSettings.GITLAB_AUTH_SYNC_USER_GROUPS;
@Test
public void getConfiguration_whenConfigurationSetAndEmpty_returnsConfig() {
dbTester.properties().insertProperty(GITLAB_AUTH_ENABLED, "true", null);
- dbTester.properties().insertProperty(GITLAB_AUTH_PROVISIONING_GROUPS, "", null);
+ dbTester.properties().insertProperty(GITLAB_AUTH_ALLOWED_GROUPS, "", null);
GitlabConfiguration configuration = gitlabConfigurationService.getConfiguration("gitlab-configuration");
assertThat(configuration.url()).isEmpty();
assertThat(configuration.secret()).isEmpty();
assertThat(configuration.synchronizeGroups()).isFalse();
+ assertThat(configuration.allowedGroups()).isEmpty();
assertThat(configuration.provisioningType()).isEqualTo(JIT);
assertThat(configuration.allowUsersToSignUp()).isFalse();
assertThat(configuration.provisioningToken()).isNull();
- assertThat(configuration.provisioningGroups()).isEmpty();
}
@Test
.url(withValueOrThrow("url"))
.secret(withValueOrThrow("secret"))
.synchronizeGroups(withValueOrThrow(true))
+ .allowedGroups(withValueOrThrow(new LinkedHashSet<>(List.of("group1", "group2", "group3"))))
.provisioningType(withValueOrThrow(AUTO_PROVISIONING))
.allowUserToSignUp(withValueOrThrow(true))
.provisioningToken(withValueOrThrow("provisioningToken"))
- .provisioningGroups(withValueOrThrow(new LinkedHashSet<>(List.of("group1", "group2", "group3"))))
.build();
GitlabConfiguration gitlabConfiguration = gitlabConfigurationService.updateConfiguration(updateRequest);
verifySettingWasSet(GITLAB_AUTH_URL, "url");
verifySettingWasSet(GITLAB_AUTH_SECRET, "secret");
verifySettingWasSet(GITLAB_AUTH_SYNC_USER_GROUPS, "true");
+ verifySettingWasSet(GITLAB_AUTH_ALLOWED_GROUPS, "group1,group2,group3");
verifySettingWasSet(GITLAB_AUTH_PROVISIONING_ENABLED, "true");
verifySettingWasSet(GITLAB_AUTH_ALLOW_USERS_TO_SIGNUP, "true");
verifySettingWasSet(GITLAB_AUTH_PROVISIONING_TOKEN, "provisioningToken");
- verifySettingWasSet(GITLAB_AUTH_PROVISIONING_GROUPS, "group1,group2,group3");
verify(managedInstanceService).queueSynchronisationTask();
assertConfigurationFields(gitlabConfiguration);
assertThat(configuration.url()).isEqualTo("url");
assertThat(configuration.secret()).isEqualTo("secret");
assertThat(configuration.synchronizeGroups()).isTrue();
+ assertThat(configuration.allowedGroups()).containsExactlyInAnyOrder("group1", "group2", "group3");
assertThat(configuration.provisioningType()).isEqualTo(AUTO_PROVISIONING);
assertThat(configuration.allowUsersToSignUp()).isTrue();
assertThat(configuration.provisioningToken()).isEqualTo("provisioningToken");
- assertThat(configuration.provisioningGroups()).containsExactlyInAnyOrder("group1", "group2", "group3");
}
@Test
"url",
"secret",
true,
- AUTO_PROVISIONING,
+ Set.of("group1", "group2", "group3"),
true,
- null,
- Set.of("group1", "group2", "group3"));
+ AUTO_PROVISIONING,
+ null
+ );
assertThatThrownBy(() -> gitlabConfigurationService.createConfiguration(configuration))
.isInstanceOf(IllegalStateException.class)
"url",
"secret",
true,
- JIT,
+ Set.of("group1", "group2", "group3"),
true,
- null,
- Set.of("group1", "group2", "group3"));
+ JIT,
+ null
+ );
GitlabConfiguration createdConfiguration = gitlabConfigurationService.createConfiguration(configuration);
verifySettingWasSet(GITLAB_AUTH_URL, configuration.url());
verifySettingWasSet(GITLAB_AUTH_SECRET, configuration.secret());
verifySettingWasSet(GITLAB_AUTH_SYNC_USER_GROUPS, String.valueOf(configuration.synchronizeGroups()));
+ verifySettingWasSet(GITLAB_AUTH_ALLOWED_GROUPS, String.join(",", configuration.allowedGroups()));
verifySettingWasSet(GITLAB_AUTH_ALLOW_USERS_TO_SIGNUP, String.valueOf(configuration.allowUsersToSignUp()));
verifySettingWasSet(GITLAB_AUTH_PROVISIONING_TOKEN, Strings.nullToEmpty(configuration.provisioningToken()));
- verifySettingWasSet(GITLAB_AUTH_PROVISIONING_GROUPS, String.join(",", configuration.provisioningGroups()));
- verifySettingWasSet(GITLAB_AUTH_PROVISIONING_ENABLED,
- String.valueOf(configuration.provisioningType().equals(AUTO_PROVISIONING)));
+ verifySettingWasSet(GITLAB_AUTH_PROVISIONING_ENABLED, String.valueOf(configuration.provisioningType().equals(AUTO_PROVISIONING)));
}
private void verifySettingWasSet(String setting, @Nullable String value) {
assertPropertyIsDeleted(GITLAB_AUTH_URL);
assertPropertyIsDeleted(GITLAB_AUTH_SECRET);
assertPropertyIsDeleted(GITLAB_AUTH_SYNC_USER_GROUPS);
+ assertPropertyIsDeleted(GITLAB_AUTH_ALLOWED_GROUPS);
assertPropertyIsDeleted(GITLAB_AUTH_PROVISIONING_ENABLED);
assertPropertyIsDeleted(GITLAB_AUTH_ALLOW_USERS_TO_SIGNUP);
assertPropertyIsDeleted(GITLAB_AUTH_PROVISIONING_TOKEN);
- assertPropertyIsDeleted(GITLAB_AUTH_PROVISIONING_GROUPS);
assertThat(dbTester.getDbClient().externalGroupDao().selectByIdentityProvider(dbTester.getSession(), GitLabIdentityProvider.KEY)).isEmpty();
}
when(gitlabConfiguration.url()).thenReturn("url");
when(gitlabConfiguration.secret()).thenReturn("secret");
when(gitlabConfiguration.synchronizeGroups()).thenReturn(true);
+ when(gitlabConfiguration.allowedGroups()).thenReturn(new LinkedHashSet<>(Set.of("group1", "group2", "group3")));
when(gitlabConfiguration.provisioningType()).thenReturn(provisioningType);
when(gitlabConfiguration.allowUsersToSignUp()).thenReturn(true);
when(gitlabConfiguration.provisioningToken()).thenReturn("provisioningToken");
- when(gitlabConfiguration.provisioningGroups()).thenReturn(new LinkedHashSet<>(Set.of("group1", "group2", "group3")));
return gitlabConfiguration;
}
assertThat(actualConfiguration.url()).isEqualTo(expectedConfiguration.url());
assertThat(actualConfiguration.secret()).isEqualTo(expectedConfiguration.secret());
assertThat(actualConfiguration.synchronizeGroups()).isEqualTo(expectedConfiguration.synchronizeGroups());
+ assertThat(actualConfiguration.allowedGroups()).containsExactlyInAnyOrderElementsOf(expectedConfiguration.allowedGroups());
assertThat(actualConfiguration.provisioningType()).isEqualTo(expectedConfiguration.provisioningType());
assertThat(actualConfiguration.allowUsersToSignUp()).isEqualTo(expectedConfiguration.allowUsersToSignUp());
assertThat(actualConfiguration.provisioningToken()).isEqualTo(expectedConfiguration.provisioningToken());
- assertThat(actualConfiguration.provisioningGroups()).containsExactlyInAnyOrderElementsOf(expectedConfiguration.provisioningGroups());
}
}
boolean synchronizeGroups,
- ProvisioningType provisioningType,
+ Set<String> allowedGroups,
boolean allowUsersToSignUp,
+ ProvisioningType provisioningType,
+
@Nullable
- String provisioningToken,
+ String provisioningToken
- Set<String> provisioningGroups
) {
}
import static org.sonar.alm.client.gitlab.GitlabGlobalSettingsValidator.ValidationMode.AUTH_ONLY;
import static org.sonar.alm.client.gitlab.GitlabGlobalSettingsValidator.ValidationMode.COMPLETE;
import static org.sonar.api.utils.Preconditions.checkState;
+import static org.sonar.auth.gitlab.GitLabSettings.GITLAB_AUTH_ALLOWED_GROUPS;
import static org.sonar.auth.gitlab.GitLabSettings.GITLAB_AUTH_ALLOW_USERS_TO_SIGNUP;
import static org.sonar.auth.gitlab.GitLabSettings.GITLAB_AUTH_APPLICATION_ID;
import static org.sonar.auth.gitlab.GitLabSettings.GITLAB_AUTH_ENABLED;
import static org.sonar.auth.gitlab.GitLabSettings.GITLAB_AUTH_PROVISIONING_ENABLED;
-import static org.sonar.auth.gitlab.GitLabSettings.GITLAB_AUTH_PROVISIONING_GROUPS;
import static org.sonar.auth.gitlab.GitLabSettings.GITLAB_AUTH_PROVISIONING_TOKEN;
import static org.sonar.auth.gitlab.GitLabSettings.GITLAB_AUTH_SECRET;
import static org.sonar.auth.gitlab.GitLabSettings.GITLAB_AUTH_SYNC_USER_GROUPS;
GITLAB_AUTH_URL,
GITLAB_AUTH_SECRET,
GITLAB_AUTH_SYNC_USER_GROUPS,
+ GITLAB_AUTH_ALLOWED_GROUPS,
GITLAB_AUTH_PROVISIONING_ENABLED,
GITLAB_AUTH_ALLOW_USERS_TO_SIGNUP,
- GITLAB_AUTH_PROVISIONING_TOKEN,
- GITLAB_AUTH_PROVISIONING_GROUPS);
+ GITLAB_AUTH_PROVISIONING_TOKEN);
public static final String UNIQUE_GITLAB_CONFIGURATION_ID = "gitlab-configuration";
private final DbClient dbClient;
setIfDefined(dbSession, GITLAB_AUTH_URL, updateRequest.url());
setIfDefined(dbSession, GITLAB_AUTH_SECRET, updateRequest.secret());
setIfDefined(dbSession, GITLAB_AUTH_SYNC_USER_GROUPS, updateRequest.synchronizeGroups().map(String::valueOf));
+ setIfDefined(dbSession, GITLAB_AUTH_ALLOWED_GROUPS, updateRequest.allowedGroups().map(groups -> String.join(",", groups)));
setIfDefined(dbSession, GITLAB_AUTH_PROVISIONING_ENABLED, provisioningEnabled.map(String::valueOf));
setIfDefined(dbSession, GITLAB_AUTH_ALLOW_USERS_TO_SIGNUP, updateRequest.allowUsersToSignUp().map(String::valueOf));
setIfDefined(dbSession, GITLAB_AUTH_PROVISIONING_TOKEN, updateRequest.provisioningToken());
- setIfDefined(dbSession, GITLAB_AUTH_PROVISIONING_GROUPS, updateRequest.provisioningGroups().map(groups -> String.join(",", groups)));
boolean shouldTriggerProvisioning =
provisioningEnabled.orElse(false) && !currentConfiguration.provisioningType().equals(AUTO_PROVISIONING);
deleteExternalGroupsWhenDisablingAutoProvisioning(dbSession, currentConfiguration, updateRequest.provisioningType());
setProperty(dbSession, GITLAB_AUTH_URL, configuration.url());
setProperty(dbSession, GITLAB_AUTH_SECRET, configuration.secret());
setProperty(dbSession, GITLAB_AUTH_SYNC_USER_GROUPS, String.valueOf(configuration.synchronizeGroups()));
+ setProperty(dbSession, GITLAB_AUTH_ALLOWED_GROUPS, String.join(",", configuration.allowedGroups()));
setProperty(dbSession, GITLAB_AUTH_PROVISIONING_ENABLED, String.valueOf(enableAutoProvisioning));
setProperty(dbSession, GITLAB_AUTH_ALLOW_USERS_TO_SIGNUP, String.valueOf(configuration.allowUsersToSignUp()));
setProperty(dbSession, GITLAB_AUTH_PROVISIONING_TOKEN, configuration.provisioningToken());
- setProperty(dbSession, GITLAB_AUTH_PROVISIONING_GROUPS, String.join(",", configuration.provisioningGroups()));
if (enableAutoProvisioning) {
triggerRun(configuration);
}
getStringPropertyOrEmpty(dbSession, GITLAB_AUTH_URL),
getStringPropertyOrEmpty(dbSession, GITLAB_AUTH_SECRET),
getBooleanOrFalse(dbSession, GITLAB_AUTH_SYNC_USER_GROUPS),
- toProvisioningType(getBooleanOrFalse(dbSession, GITLAB_AUTH_PROVISIONING_ENABLED)),
+ getAllowedGroups(dbSession),
getBooleanOrFalse(dbSession, GITLAB_AUTH_ALLOW_USERS_TO_SIGNUP),
- getStringPropertyOrNull(dbSession, GITLAB_AUTH_PROVISIONING_TOKEN),
- getProvisioningGroups(dbSession)
+ toProvisioningType(getBooleanOrFalse(dbSession, GITLAB_AUTH_PROVISIONING_ENABLED)),
+ getStringPropertyOrNull(dbSession, GITLAB_AUTH_PROVISIONING_TOKEN)
);
}
- private Set<String> getProvisioningGroups(DbSession dbSession) {
- return Optional.ofNullable(dbClient.propertiesDao().selectGlobalProperty(dbSession, GITLAB_AUTH_PROVISIONING_GROUPS))
+ private Set<String> getAllowedGroups(DbSession dbSession) {
+ return Optional.ofNullable(dbClient.propertiesDao().selectGlobalProperty(dbSession, GITLAB_AUTH_ALLOWED_GROUPS))
.map(dto -> Arrays.stream(dto.getValue().split(","))
.filter(s -> !s.isEmpty())
.collect(Collectors.toSet())
NonNullUpdatedValue<String> url,
NonNullUpdatedValue<String> secret,
NonNullUpdatedValue<Boolean> synchronizeGroups,
- NonNullUpdatedValue<ProvisioningType> provisioningType,
+ NonNullUpdatedValue<Set<String>> allowedGroups,
NonNullUpdatedValue<Boolean> allowUsersToSignUp,
UpdatedValue<String> provisioningToken,
- NonNullUpdatedValue<Set<String>> provisioningGroups
+ NonNullUpdatedValue<ProvisioningType> provisioningType
) {
public static Builder builder() {
private NonNullUpdatedValue<String> url = NonNullUpdatedValue.undefined();
private NonNullUpdatedValue<String> secret = NonNullUpdatedValue.undefined();
private NonNullUpdatedValue<Boolean> synchronizeGroups = NonNullUpdatedValue.undefined();
+ private NonNullUpdatedValue<Set<String>> allowedGroups = NonNullUpdatedValue.undefined();
private NonNullUpdatedValue<ProvisioningType> provisioningType = NonNullUpdatedValue.undefined();
private NonNullUpdatedValue<Boolean> allowUserToSignUp = NonNullUpdatedValue.undefined();
private UpdatedValue<String> provisioningToken = UpdatedValue.undefined();
- private NonNullUpdatedValue<Set<String>> provisioningGroups = NonNullUpdatedValue.undefined();
private Builder() {
}
return this;
}
+ public Builder allowedGroups(NonNullUpdatedValue<Set<String>> allowedGroups) {
+ this.allowedGroups = allowedGroups;
+ return this;
+ }
+
public Builder provisioningType(NonNullUpdatedValue<ProvisioningType> provisioningType) {
this.provisioningType = provisioningType;
return this;
return this;
}
- public Builder provisioningGroups(NonNullUpdatedValue<Set<String>> provisioningGroups) {
- this.provisioningGroups = provisioningGroups;
- return this;
- }
-
public UpdateGitlabConfigurationRequest build() {
- return new UpdateGitlabConfigurationRequest(gitlabConfigurationId, enabled, applicationId, url, secret, synchronizeGroups, provisioningType, allowUserToSignUp,
- provisioningToken, provisioningGroups);
+ return new UpdateGitlabConfigurationRequest(gitlabConfigurationId, enabled, applicationId, url, secret, synchronizeGroups, allowedGroups, allowUserToSignUp,
+ provisioningToken, provisioningType
+ );
}
}
}
createRestRequest.url(),
createRestRequest.secret(),
createRestRequest.synchronizeGroups(),
- toProvisioningType(createRestRequest.provisioningType()),
+ Set.copyOf(createRestRequest.allowedGroups()),
createRestRequest.allowUsersToSignUp() != null && createRestRequest.allowUsersToSignUp(),
- createRestRequest.provisioningToken(),
- createRestRequest.provisioningGroups() == null ? Set.of() : Set.copyOf(createRestRequest.provisioningGroups()));
+ toProvisioningType(createRestRequest.provisioningType()),
+ createRestRequest.provisioningToken()
+ );
}
private GitlabConfigurationResource getGitlabConfigurationResource(String id) {
.url(updateRequest.getUrl().toNonNullUpdatedValue())
.secret(updateRequest.getSecret().toNonNullUpdatedValue())
.synchronizeGroups(updateRequest.getSynchronizeGroups().toNonNullUpdatedValue())
+ .allowedGroups(updateRequest.getAllowedGroups().map(DefaultGitlabConfigurationController::getGroups).toNonNullUpdatedValue())
.provisioningType(updateRequest.getProvisioningType().map(DefaultGitlabConfigurationController::toProvisioningType).toNonNullUpdatedValue())
.allowUserToSignUp(updateRequest.getAllowUsersToSignUp().toNonNullUpdatedValue())
.provisioningToken(updateRequest.getProvisioningToken().toUpdatedValue())
- .provisioningGroups(updateRequest.getProvisioningGroups().map(DefaultGitlabConfigurationController::getGroups).toNonNullUpdatedValue())
.build();
}
configuration.applicationId(),
configuration.url(),
configuration.synchronizeGroups(),
- toRestProvisioningType(configuration),
+ sortGroups(configuration.allowedGroups()),
configuration.allowUsersToSignUp(),
- sortGroups(configuration.provisioningGroups()),
+ toRestProvisioningType(configuration),
configurationError.orElse(null)
);
}
@NotEmpty
@Schema(description = "Gitlab Application id")
String applicationId,
+
@NotEmpty
@Schema(description = "Url of Gitlab instance for authentication (for instance https://gitlab.com)")
String url,
+
@NotEmpty
@Schema(accessMode = Schema.AccessMode.WRITE_ONLY, description = "Secret of the application")
String secret,
@Schema(description = "Set whether to synchronize groups")
Boolean synchronizeGroups,
+ @NotEmpty
+ @ArraySchema(arraySchema = @Schema(description = "GitLab groups allowed to authenticate and provisioned (for Auto-Provisioning only). Subgroups will automatically be included"))
+ List<String> allowedGroups,
+
@NotNull
@Schema(description = "Type of synchronization")
ProvisioningType provisioningType,
@Schema(description = "Allow user to sign up")
@Nullable
- Boolean allowUsersToSignUp,
-
- @ArraySchema(arraySchema = @Schema(description = "Root GitLab groups to provision."))
- @Nullable
- List<String> provisioningGroups
+ Boolean allowUsersToSignUp
) {
}
private UpdateField<String> url = UpdateField.undefined();
private UpdateField<String> secret = UpdateField.undefined();
private UpdateField<Boolean> synchronizeGroups = UpdateField.undefined();
+ private UpdateField<List<String>> allowedGroups = UpdateField.undefined();
private UpdateField<ProvisioningType> provisioningType = UpdateField.undefined();
private UpdateField<Boolean> allowUsersToSignUp = UpdateField.undefined();
private UpdateField<String> provisioningToken = UpdateField.undefined();
- private UpdateField<List<String>> provisioningGroups = UpdateField.undefined();
@Schema(implementation = Boolean.class, description = "Enable Gitlab authentication")
public UpdateField<Boolean> getEnabled() {
this.synchronizeGroups = UpdateField.withValue(synchronizeGroups);
}
+ @ArraySchema(arraySchema = @Schema(description = "Root Gitlab groups allowed to authenticate and provisioned"), schema = @Schema(implementation = String.class))
+ public UpdateField<List<String>> getAllowedGroups() {
+ return allowedGroups;
+ }
+
+ public void setAllowedGroups(List<String> allowedGroups) {
+ this.allowedGroups = UpdateField.withValue(allowedGroups);
+ }
+
@Schema(implementation = ProvisioningType.class, description = "Type of synchronization")
public UpdateField<ProvisioningType> getProvisioningType() {
return provisioningType;
public void setProvisioningToken(String provisioningToken) {
this.provisioningToken = UpdateField.withValue(provisioningToken);
}
-
- @ArraySchema(arraySchema = @Schema(description = "Root gitlab groups to provision."), schema = @Schema(implementation = String.class))
- public UpdateField<List<String>> getProvisioningGroups() {
- return provisioningGroups;
- }
-
- public void setProvisioningGroups(List<String> provisioningGroups) {
- this.provisioningGroups = UpdateField.withValue(provisioningGroups);
- }
}
boolean synchronizeGroups,
- ProvisioningType provisioningType,
+ @Schema(description = "Root Gitlab groups allowed to authenticate and provisioned")
+ List<String> allowedGroups,
boolean allowUsersToSignUp,
- @Schema(description = "Root Gitlab groups to provision")
- List<String> provisioningGroups,
+ ProvisioningType provisioningType,
@Schema(accessMode = Schema.AccessMode.READ_ONLY, description = "In case the GitLab configuration is incorrect, error message")
@Nullable
"www.url.com",
"secret",
true,
- AUTO_PROVISIONING,
+ Set.of("group1", "group2"),
true,
- "provisioning-token",
- Set.of("provisioning-group2", "provisioning-group1"));
+ AUTO_PROVISIONING,
+ "provisioning-token"
+ );
+
private static final GitlabConfigurationResource EXPECTED_GITLAB_CONF_RESOURCE = new GitlabConfigurationResource(
GITLAB_CONFIGURATION.id(),
GITLAB_CONFIGURATION.enabled(),
GITLAB_CONFIGURATION.applicationId(),
GITLAB_CONFIGURATION.url(),
GITLAB_CONFIGURATION.synchronizeGroups(),
- org.sonar.server.v2.api.gitlab.config.resource.ProvisioningType.valueOf(GITLAB_CONFIGURATION.provisioningType().name()),
+ List.of("group1", "group2"),
GITLAB_CONFIGURATION.allowUsersToSignUp(),
- List.of("provisioning-group1", "provisioning-group2"),
+ org.sonar.server.v2.api.gitlab.config.resource.ProvisioningType.valueOf(GITLAB_CONFIGURATION.provisioningType().name()),
"error-message");
+
private static final String EXPECTED_CONFIGURATION = """
{
"id": "existing-id",
"applicationId": "application-id",
"url": "www.url.com",
"synchronizeGroups": true,
+ "allowedGroups": [
+ "group1",
+ "group2"
+ ],
"provisioningType": "AUTO_PROVISIONING",
"allowUsersToSignUp": true,
- "provisioningGroups": [
- "provisioning-group2",
- "provisioning-group1"
- ],
"errorMessage": "error-message"
}
""";
"url": "www.url.com",
"secret": "newSecret",
"synchronizeGroups": true,
+ "allowedGroups": [
+ "group1",
+ "group2"
+ ],
"provisioningType": "AUTO_PROVISIONING",
"allowUsersToSignUp": true,
- "provisioningToken": "token",
- "provisioningGroups": [
- "provisioning-group2",
- "provisioning-group1"
- ]
+ "provisioningToken": "token"
}
""";
NonNullUpdatedValue.withValueOrThrow("www.url.com"),
NonNullUpdatedValue.withValueOrThrow("newSecret"),
NonNullUpdatedValue.withValueOrThrow(true),
- NonNullUpdatedValue.withValueOrThrow(AUTO_PROVISIONING),
+ NonNullUpdatedValue.withValueOrThrow(Set.of("group1", "group2")),
NonNullUpdatedValue.withValueOrThrow(true),
UpdatedValue.withValue("token"),
- NonNullUpdatedValue.withValueOrThrow(Set.of("provisioning-group2", "provisioning-group1"))));
+ NonNullUpdatedValue.withValueOrThrow(AUTO_PROVISIONING)
+ ));
}
@Test
NonNullUpdatedValue.undefined(),
NonNullUpdatedValue.undefined(),
NonNullUpdatedValue.undefined(),
- NonNullUpdatedValue.withValueOrThrow(JIT),
- NonNullUpdatedValue.withValueOrThrow(false),
- UpdatedValue.withValue(null),
- NonNullUpdatedValue.undefined()));
+ NonNullUpdatedValue.undefined(), NonNullUpdatedValue.withValueOrThrow(false), UpdatedValue.withValue(null), NonNullUpdatedValue.withValueOrThrow(JIT)
+ ));
}
@Test
"url": "www.url.com",
"secret": "123",
"synchronizeGroups": true,
+ "allowedGroups": [
+ "group1",
+ "group2"
+ ],
"provisioningType": "AUTO_PROVISIONING",
- "allowUsersToSignUp": true,
- "provisioningGroups": [
- "provisioning-group2",
- "provisioning-group1"
- ]
+ "allowUsersToSignUp": true
}
"""))
.andExpectAll(
"secret": "123",
"url": "www.url.com",
"synchronizeGroups": true,
+ "allowedGroups": [
+ "group1",
+ "group2"
+ ],
"provisioningType": "AUTO_PROVISIONING",
- "allowUsersToSignUp": true,
- "provisioningGroups": [
- "provisioning-group2",
- "provisioning-group1"
- ]
+ "allowUsersToSignUp": true
}
"""))
"applicationId": "application-id",
"url": "www.url.com",
"synchronizeGroups": true,
+ "allowedGroups": [
+ "group1",
+ "group2"
+ ],
"provisioningType": "AUTO_PROVISIONING",
- "allowUsersToSignUp": true,
- "provisioningGroups": [
- "provisioning-group2",
- "provisioning-group1"
- ]
+ "allowUsersToSignUp": true
}
"""));
"secret": "123",
"url": "www.url.com",
"synchronizeGroups": true,
+ "allowedGroups": [
+ "group1",
+ "group2"
+ ],
"provisioningType": "AUTO_PROVISIONING"
}
"applicationId": "application-id",
"url": "www.url.com",
"synchronizeGroups": true,
+ "allowedGroups": [
+ "group1",
+ "group2"
+ ],
"provisioningType": "AUTO_PROVISIONING",
- "allowUsersToSignUp": true,
- "provisioningGroups": [
- "provisioning-group2",
- "provisioning-group1"
- ]
+ "allowUsersToSignUp": true
}
"""));
"applicationId": "application-id",
"url": "www.url.com",
"synchronizeGroups": true,
+ "allowedGroups": [
+ "group1",
+ "group2"
+ ],
"provisioningType": "AUTO_PROVISIONING",
- "allowUsersToSignUp": true,
- "provisioningGroups": [
- "provisioning-group2",
- "provisioning-group1"
- ]
+ "allowUsersToSignUp": true
}
"""))
.andExpectAll(
public record GitlabConfiguration(boolean enabled, String applicationId, String url, String secret, boolean synchronizeGroups,
String provisioningType, boolean allowUsersToSignUp, String provisioningToken,
- String singleProvisioningGroup) {
+ String singleAllowedGroup) {
}
"provisioningType": "%s",
"allowUsersToSignUp": "%s",
"provisioningToken": "%s",
- "provisioningGroups": ["%s"]
+ "allowedGroups": ["%s"]
}
""", gitlabConfiguration.enabled(), gitlabConfiguration.applicationId(), gitlabConfiguration.url(), gitlabConfiguration.secret(),
gitlabConfiguration.synchronizeGroups(), gitlabConfiguration.provisioningType(), gitlabConfiguration.allowUsersToSignUp(),
- gitlabConfiguration.provisioningToken(), gitlabConfiguration.singleProvisioningGroup());
+ gitlabConfiguration.provisioningToken(), gitlabConfiguration.singleAllowedGroup());
WsResponse response = call(
new PostRequest(path()).setBody(body)
);
projects / sonarqube.git / commitdiff