From 3cbfd8163ffdc42f89631382031dd115c0df65b6 Mon Sep 17 00:00:00 2001 From: Antoine Vigneau Date: Wed, 29 Nov 2023 16:36:40 +0100 Subject: [PATCH] SONAR-21119 Add GitLab config for provisioning --- .../org/sonar/auth/gitlab/GitLabSettings.java | 42 ++++++++++++++++ .../sonar/auth/gitlab/GitLabModuleTest.java | 2 +- .../sonar/auth/gitlab/GitLabSettingsTest.java | 48 ++++++++++++++++++- 3 files changed, 90 insertions(+), 2 deletions(-) diff --git a/server/sonar-auth-gitlab/src/main/java/org/sonar/auth/gitlab/GitLabSettings.java b/server/sonar-auth-gitlab/src/main/java/org/sonar/auth/gitlab/GitLabSettings.java index a9ecff73e67..70254202886 100644 --- a/server/sonar-auth-gitlab/src/main/java/org/sonar/auth/gitlab/GitLabSettings.java +++ b/server/sonar-auth-gitlab/src/main/java/org/sonar/auth/gitlab/GitLabSettings.java @@ -21,6 +21,7 @@ package org.sonar.auth.gitlab; import java.util.Arrays; import java.util.List; +import java.util.Set; import org.sonar.api.PropertyType; import org.sonar.api.config.Configuration; import org.sonar.api.config.PropertyDefinition; @@ -37,6 +38,9 @@ public class GitLabSettings { public static final String GITLAB_AUTH_SECRET = "sonar.auth.gitlab.secret.secured"; public static final String GITLAB_AUTH_ALLOW_USERS_TO_SIGNUP = "sonar.auth.gitlab.allowUsersToSignUp"; public static final String GITLAB_AUTH_SYNC_USER_GROUPS = "sonar.auth.gitlab.groupsSync"; + public static final String GITLAB_AUTH_PROVISIONING_TOKEN = "provisioning.gitlab.token.secured"; + public static final String GITLAB_AUTH_PROVISIONING_GROUPS = "provisioning.gitlab.groups"; + public static final String GITLAB_AUTH_PROVISIONING_ENABLED = "provisioning.gitlab.enabled"; private static final String CATEGORY = "authentication"; private static final String SUBCATEGORY = "gitlab"; @@ -75,6 +79,18 @@ public class GitLabSettings { return configuration.getBoolean(GITLAB_AUTH_SYNC_USER_GROUPS).orElse(false); } + public String provisioningToken() { + return configuration.get(GITLAB_AUTH_PROVISIONING_TOKEN).orElse(null); + } + + public Set provisioningGroups() { + return Set.of(configuration.getStringArray(GITLAB_AUTH_PROVISIONING_GROUPS)); + } + + public boolean isProvisioningEnabled() { + return isEnabled() && configuration.getBoolean(GITLAB_AUTH_PROVISIONING_ENABLED).orElse(false); + } + static List definitions() { return Arrays.asList( PropertyDefinition.builder(GITLAB_AUTH_ENABLED) @@ -128,6 +144,32 @@ public class GitLabSettings { .type(PropertyType.BOOLEAN) .defaultValue(valueOf(false)) .index(6) + .build(), + PropertyDefinition.builder(GITLAB_AUTH_PROVISIONING_TOKEN) + .name("Provisioning token") + .description("Token used for provisioning users. Both a group or a personal access token can be used as soon as it has visibility on desired groups.") + .category(CATEGORY) + .subCategory(SUBCATEGORY) + .type(PASSWORD) + .index(7) + .build(), + PropertyDefinition.builder(GITLAB_AUTH_PROVISIONING_GROUPS) + .name("Groups") + .description("Only members of these groups (and sub-groups) will be provisioned. Please enter the group slug as it appears in GitLab URL, for instance `my-gitlab-group`.") + .multiValues(true) + .category(CATEGORY) + .subCategory(SUBCATEGORY) + .index(8) + .build(), + PropertyDefinition.builder(GITLAB_AUTH_PROVISIONING_ENABLED) + .name("Provisioning enabled") + .description("Enable Gitlab provisioning for users.") + .category(CATEGORY) + .subCategory(SUBCATEGORY) + .type(BOOLEAN) + .defaultValue(valueOf(false)) + .index(9) .build()); + } } diff --git a/server/sonar-auth-gitlab/src/test/java/org/sonar/auth/gitlab/GitLabModuleTest.java b/server/sonar-auth-gitlab/src/test/java/org/sonar/auth/gitlab/GitLabModuleTest.java index 261dd728830..d6096033969 100644 --- a/server/sonar-auth-gitlab/src/test/java/org/sonar/auth/gitlab/GitLabModuleTest.java +++ b/server/sonar-auth-gitlab/src/test/java/org/sonar/auth/gitlab/GitLabModuleTest.java @@ -33,7 +33,7 @@ public class GitLabModuleTest { public void verify_count_of_added_components() { ListContainer container = new ListContainer(); new GitLabModule().configure(container); - assertThat(container.getAddedObjects()).hasSize(10); + assertThat(container.getAddedObjects()).hasSize(13); } private static class ListContainer implements Container { diff --git a/server/sonar-auth-gitlab/src/test/java/org/sonar/auth/gitlab/GitLabSettingsTest.java b/server/sonar-auth-gitlab/src/test/java/org/sonar/auth/gitlab/GitLabSettingsTest.java index 6135fa9cc11..e910eab0712 100644 --- a/server/sonar-auth-gitlab/src/test/java/org/sonar/auth/gitlab/GitLabSettingsTest.java +++ b/server/sonar-auth-gitlab/src/test/java/org/sonar/auth/gitlab/GitLabSettingsTest.java @@ -29,13 +29,15 @@ import static org.assertj.core.api.Assertions.assertThat; import static org.sonar.auth.gitlab.GitLabSettings.GITLAB_AUTH_ALLOW_USERS_TO_SIGNUP; import static org.sonar.auth.gitlab.GitLabSettings.GITLAB_AUTH_APPLICATION_ID; import static org.sonar.auth.gitlab.GitLabSettings.GITLAB_AUTH_ENABLED; +import static org.sonar.auth.gitlab.GitLabSettings.GITLAB_AUTH_PROVISIONING_ENABLED; +import static org.sonar.auth.gitlab.GitLabSettings.GITLAB_AUTH_PROVISIONING_GROUPS; +import static org.sonar.auth.gitlab.GitLabSettings.GITLAB_AUTH_PROVISIONING_TOKEN; import static org.sonar.auth.gitlab.GitLabSettings.GITLAB_AUTH_SECRET; import static org.sonar.auth.gitlab.GitLabSettings.GITLAB_AUTH_SYNC_USER_GROUPS; import static org.sonar.auth.gitlab.GitLabSettings.GITLAB_AUTH_URL; public class GitLabSettingsTest { - private MapSettings settings; private GitLabSettings config; @@ -73,5 +75,49 @@ public class GitLabSettingsTest { assertThat(config.syncUserGroups()).isFalse(); settings.setProperty(GITLAB_AUTH_SYNC_USER_GROUPS, true); assertThat(config.syncUserGroups()).isTrue(); + + settings.setProperty(GITLAB_AUTH_PROVISIONING_TOKEN, "token"); + assertThat(config.provisioningToken()).isEqualTo("token"); + + settings.setProperty(GITLAB_AUTH_PROVISIONING_GROUPS, new String[] {"Group1", "Group2"}); + assertThat(config.provisioningGroups()).containsExactlyInAnyOrder("Group1", "Group2"); + + assertThat(config.isProvisioningEnabled()).isFalse(); + settings.setProperty(GITLAB_AUTH_PROVISIONING_ENABLED, true); + assertThat(config.isProvisioningEnabled()).isTrue(); + } + + @Test + public void isProvisioningEnabled_whenNotSet_returnsFalse() { + enableGithubAuthentication(); + assertThat(config.isProvisioningEnabled()).isFalse(); + } + + @Test + public void isProvisioningEnabled_ifProvisioningDisabled_returnsFalse() { + enableGithubAuthentication(); + settings.setProperty(GITLAB_AUTH_PROVISIONING_ENABLED, false); + assertThat(config.isProvisioningEnabled()).isFalse(); } + + @Test + public void isProvisioningEnabled_ifProvisioningEnabledButGithubAuthDisabled_returnsFalse() { + settings.setProperty(GITLAB_AUTH_PROVISIONING_ENABLED, true); + assertThat(config.isProvisioningEnabled()).isFalse(); + } + + @Test + public void isProvisioningEnabled_ifProvisioningEnabledAndGithubAuthEnabled_returnsTrue() { + enableGithubAuthentication(); + settings.setProperty(GITLAB_AUTH_PROVISIONING_ENABLED, true); + assertThat(config.isProvisioningEnabled()).isTrue(); + } + + private void enableGithubAuthentication() { + settings.setProperty(GITLAB_AUTH_ENABLED, true); + settings.setProperty(GITLAB_AUTH_APPLICATION_ID, "on"); + settings.setProperty(GITLAB_AUTH_SECRET, "on"); + } + } + -- 2.39.5