From 4d1bd03543c55e564151d55e3a4763b82bc8e512 Mon Sep 17 00:00:00 2001 From: Philippe Perrin Date: Fri, 26 Aug 2022 16:51:20 +0200 Subject: [PATCH] SONAR-17231 Move DevOps platform related authentication information to the newly created authentication section --- .../analysis/bitbucket-cloud-integration.md | 21 +--------- .../src/pages/analysis/github-integration.md | 30 +------------- .../src/pages/analysis/gitlab-integration.md | 31 +-------------- .../authentication/bitbucket-cloud.md | 23 +++++++++++ .../authentication/github.md | 22 +++++++++++ .../authentication/gitlab.md | 39 +++++++++++++++++++ .../authentication/overview.md | 6 --- .../static/SonarQubeNavigationTree.json | 5 ++- .../static/StaticNavigationTree.json | 5 ++- .../authentication/Authentication.tsx | 13 +++---- 10 files changed, 101 insertions(+), 94 deletions(-) create mode 100644 server/sonar-docs/src/pages/instance-administration/authentication/bitbucket-cloud.md create mode 100644 server/sonar-docs/src/pages/instance-administration/authentication/github.md create mode 100644 server/sonar-docs/src/pages/instance-administration/authentication/gitlab.md diff --git a/server/sonar-docs/src/pages/analysis/bitbucket-cloud-integration.md b/server/sonar-docs/src/pages/analysis/bitbucket-cloud-integration.md index 74148fe21e3..7653c46c198 100644 --- a/server/sonar-docs/src/pages/analysis/bitbucket-cloud-integration.md +++ b/server/sonar-docs/src/pages/analysis/bitbucket-cloud-integration.md @@ -300,24 +300,5 @@ SonarQube can also report your Quality Gate status to Bitbucket Cloud pull reque | When adding a Quality Gate status to your pull requests, individual issues will be linked to their SonarQube counterparts automatically. For this to work correctly, you need to set the instance's **Server base URL** (**[Administration > Configuration > General Settings > General > General](/#sonarqube-admin#/admin/settings/)**) correctly. Otherwise, the links will default to `localhost`. ## Authenticating with Bitbucket Cloud -To allow users to log in with Bitbucket Cloud credentials, you need to use an [OAuth consumer](https://support.atlassian.com/bitbucket-cloud/docs/use-oauth-on-bitbucket-cloud/) and set the authentication settings in SonarQube. You can either use the OAuth consumer that you created above in the **Importing your Bitbucket Cloud repositories into SonarQube** section or create a new OAuth consumer specifically for authentication. See the following sections for more on setting up authentication. -### Setting your OAuth consumer settings -Create or update your OAuth consumer in your Bitbucket Cloud workspace settings and specify the following: - -- **Name** – the name of your OAuth consumer. -- **Callback URL** – your SonarQube instance URL. -- **Permissions**: - * **Account**: **Read** and **Email** access. - * **Workspace membership**: **Read** access. - -[[info]] -| If you're using the same OAuth consumer for authentication and importing projects/reporting status to pull requests, make sure that the **This is a private consumer** box is checked and **Read** access for the **Pull requests** permission is granted. - -### Setting your authentication settings in SonarQube -To set your global authentication settings, navigate to **Administration > Configuration > General Settings > Authentication > Bitbucket Cloud Authentication** and update the following settings: - -- **Enabled** - set to true. -- **OAuth consumer key** - enter the **Key** from your OAuth consumer page in Bitbucket. -- **OAuth consumer secret** - enter the **Secret** from your OAuth consumer page in Bitbucket. -- **Workspaces** - Only users from Bitbucket Workspaces that you add here will be able to authenticate in SonarQube. This is optional, but _highly_ recommended to ensure only the users you want to log in with Bitbucket credentials are able to. +See [Authenticating with Bitbucket Cloud](/instance-administration/authentication/bitbucket-cloud/) \ No newline at end of file diff --git a/server/sonar-docs/src/pages/analysis/github-integration.md b/server/sonar-docs/src/pages/analysis/github-integration.md index 4b5eec32948..5453500b7bf 100644 --- a/server/sonar-docs/src/pages/analysis/github-integration.md +++ b/server/sonar-docs/src/pages/analysis/github-integration.md @@ -344,33 +344,5 @@ SonarQube can also report your Quality Gate status to GitHub pull requests and b | When adding a Quality Gate status to your pull requests and branches, individual issues will be linked to their SonarQube counterparts automatically. For this to work correctly, you need to set the instance's **Server base URL** (**[Administration > Configuration > General Settings > General > General](/#sonarqube-admin#/admin/settings/)**) correctly. Otherwise, the links will default to `localhost`. ## Authenticating with GitHub -To allow users to log in with GitHub credentials, use the GitHub App that you created above (see the **Importing your GitHub repositories using a GitHub App** section for more information) and update your global SonarQube settings. -[[info]] -| If you're using Community Edition or you want to use a dedicated app for GitHub authentication, see the **Creating a dedicated app for authentication** section below. - -To update your global SonarQube settings: - -Navigate to **Administration > Configuration > General Settings > Authentication > GitHub Authentication** and update the following: - -1. **Enabled** – set the switch to `true`. -1. **Client ID** – the Client ID is found below the GitHub App ID on your GitHub App's page. -1. **Client Secret** – the Client secret is found below the Client ID on your GitHub App's page. - -Now, from the login page, your users can connect their GitHub accounts with the new "Log in with GitHub" button. - -### Creating a dedicated app for authentication -If you want to use a dedicated app for GitHub authentication, you can create a GitHub OAuth app. You'll find general instructions for creating a GitHub OAuth App [here](https://docs.github.com/en/free-pro-team@latest/developers/apps/creating-an-oauth-app). Specify the following settings in your OAuth App: - -- **Homepage URL** – the public URL of your SonarQube server. For example, `https://sonarqube.mycompany.com`. For security reasons, HTTP is not supported, and you must use HTTPS. The public URL is configured in SonarQube at **[Administration > General > Server base URL](/#sonarqube-admin#/admin/settings)**. -- **Authorization callback URL** – your instance's base URL. For example, `https://yourinstance.sonarqube.com`. - -After creating your app, update your global SonarQube settings: - -Navigate to **Administration > Configuration > General Settings > Authentication > GitHub Authentication** and update the following: - -1. **Enabled** – set the switch to `true`. -1. **Client ID** – the Client ID is found below the GitHub App ID on your GitHub App's page. -1. **Client Secret** – the Client secret is found below the Client ID on your GitHub App's page. - -Now, from the login page, your users can connect their GitHub accounts with the new "Log in with GitHub" button. +See [Authenticating with GitHub](/instance-administration/authentication/github/) \ No newline at end of file diff --git a/server/sonar-docs/src/pages/analysis/gitlab-integration.md b/server/sonar-docs/src/pages/analysis/gitlab-integration.md index 47fffb297af..a45c9ce3bde 100644 --- a/server/sonar-docs/src/pages/analysis/gitlab-integration.md +++ b/server/sonar-docs/src/pages/analysis/gitlab-integration.md @@ -19,37 +19,8 @@ Integration with GitLab Self-Managed requires at least GitLab Self-Managed versi Community Edition doesn't support the analysis of multiple branches, so you can only analyze your main branch. Starting in [Developer Edition](https://redirect.sonarsource.com/editions/developer.html), you can analyze multiple branches and merge requests. ## Authenticating with GitLab -You can delegate authentication to GitLab using a dedicated GitLab OAuth application. -### Creating a GitLab OAuth app -You can find general instructions for creating a GitLab OAuth app [here](https://docs.gitlab.com/ee/integration/oauth_provider.html). - -Specify the following settings in your OAuth app: - -- **Name** – your app's name, such as SonarQube. -- **Redirect URI** – enter your SonarQube URL with the path `/oauth2/callback/gitlab`. For example, `https://sonarqube.mycompany.com/oauth2/callback/gitlab`. -- **Scopes** – select **api** if you plan to enable group synchronization. Select **read_user** if you only plan to delegate authentication. - -After saving your application, GitLab takes you to the app's page. Here you find your **Application ID** and **Secret**. Keep these handy, open your SonarQube instance, and navigate to **Administration > Configuration > General Settings > Authentication > GitLab Authentication**. Set the following settings to finish setting up GitLab authentication: - -- **Enabled** – set to `true`. -- **Application ID** – the Application ID is found on your GitLab app's page. -- **Secret** – the Secret is found on your GitLab app's page. - -On the login form, the new "Log in with GitLab" button allows users to connect with their GitLab accounts. - -### GitLab group synchronization -Enable **Synchronize user groups** at **Administration > Configuration > General Settings > DevOps Platform Integrations > GitLab** to associate GitLab groups with existing SonarQube groups of the same name. GitLab users inherit membership to subgroups from parent groups. - -To synchronize a GitLab group or subgroup with a SonarQube group, name the SonarQube group with the full path of the GitLab group or subgroup URL. - -For example, with the following GitLab group setup: - -- GitLab group = My Group -- GitLab subgroup = My Subgroup -- GitLab subgroup URL = `https://YourGitLabURL.com/my-group/my-subgroup` - -You should name your SonarQube group `my-group` to synchronize it with your GitLab group and `my-group/my-subgroup` to synchronize it with your GitLab subgroup. +See [Authenticating with GitLab](/instance-administration/authentication/gitlab/) ## Importing your GitLab projects into SonarQube Setting up the import of GitLab projects into SonarQube allows you to easily create SonarQube projects from your GitLab projects. If you're using [Developer Edition](https://redirect.sonarsource.com/editions/developer.html) or above, this is also the first step in adding merge request decoration. diff --git a/server/sonar-docs/src/pages/instance-administration/authentication/bitbucket-cloud.md b/server/sonar-docs/src/pages/instance-administration/authentication/bitbucket-cloud.md new file mode 100644 index 00000000000..a79d8314114 --- /dev/null +++ b/server/sonar-docs/src/pages/instance-administration/authentication/bitbucket-cloud.md @@ -0,0 +1,23 @@ +--- +title: Bitbucket Cloud +url: /instance-administration/authentication/bitbucket-cloud/ +--- + +To allow users to log in with Bitbucket Cloud credentials, you need to use an [OAuth consumer](https://support.atlassian.com/bitbucket-cloud/docs/use-oauth-on-bitbucket-cloud/) and set the authentication settings in SonarQube. See the following sections for more on setting up authentication. + +## Setting your OAuth consumer settings +Create your OAuth consumer in your Bitbucket Cloud workspace settings and specify the following: + +- **Name** – the name of your OAuth consumer. +- **Callback URL** – your SonarQube instance URL. +- **Permissions**: + * **Account**: **Read** and **Email** access. + * **Workspace membership**: **Read** access. + +## Setting your authentication settings in SonarQube +To set your global authentication settings, navigate to **Administration > Configuration > General Settings > Authentication > Bitbucket Cloud Authentication** and update the following settings: + +- **Enabled** - set to true. +- **OAuth consumer key** - enter the **Key** from your OAuth consumer page in Bitbucket. +- **OAuth consumer secret** - enter the **Secret** from your OAuth consumer page in Bitbucket. +- **Workspaces** - Only users from Bitbucket Workspaces that you add here will be able to authenticate in SonarQube. This is optional, but _highly_ recommended to ensure only the users you want to log in with Bitbucket credentials are able to. diff --git a/server/sonar-docs/src/pages/instance-administration/authentication/github.md b/server/sonar-docs/src/pages/instance-administration/authentication/github.md new file mode 100644 index 00000000000..f0987f3f954 --- /dev/null +++ b/server/sonar-docs/src/pages/instance-administration/authentication/github.md @@ -0,0 +1,22 @@ +--- +title: Github +url: /instance-administration/authentication/github/ +--- + +To allow users to log in with GitHub credentials, you must rely on a GitHub App. You can reuse one that you previously created although we highly recommend to create a dedicated one. + +## Creating a dedicated app for authentication +If you want to use a dedicated app for GitHub authentication, you can create a GitHub OAuth app. You'll find general instructions for creating a GitHub OAuth App [here](https://docs.github.com/en/free-pro-team@latest/developers/apps/creating-an-oauth-app). Specify the following settings in your OAuth App: + +- **Homepage URL** – the public URL of your SonarQube server. For example, `https://sonarqube.mycompany.com`. For security reasons, HTTP is not supported, and you must use HTTPS. The public URL is configured in SonarQube at **[Administration > General > Server base URL](/#sonarqube-admin#/admin/settings)**. +- **Authorization callback URL** – your instance's base URL. For example, `https://yourinstance.sonarqube.com`. + +## Setting your authentication settings in SonarQube + +Navigate to **Administration > Configuration > General Settings > Authentication > GitHub Authentication** and update the following: + +1. **Enabled** – set the switch to `true`. +1. **Client ID** – the Client ID is found below the GitHub App ID on your GitHub App's page. +1. **Client Secret** – the Client secret is found below the Client ID on your GitHub App's page. + +Now, from the login page, your users can connect their GitHub accounts with the new "Log in with GitHub" button. diff --git a/server/sonar-docs/src/pages/instance-administration/authentication/gitlab.md b/server/sonar-docs/src/pages/instance-administration/authentication/gitlab.md new file mode 100644 index 00000000000..8661bde4e46 --- /dev/null +++ b/server/sonar-docs/src/pages/instance-administration/authentication/gitlab.md @@ -0,0 +1,39 @@ +--- +title: Gitlab +url: /instance-administration/authentication/gitlab/ +--- + +You can delegate authentication to GitLab using a dedicated GitLab OAuth application. + +## Creating a GitLab OAuth app +You can find general instructions for creating a GitLab OAuth app [here](https://docs.gitlab.com/ee/integration/oauth_provider.html). + +Specify the following settings in your OAuth app: + +- **Name** – your app's name, such as SonarQube. +- **Redirect URI** – enter your SonarQube URL with the path `/oauth2/callback/gitlab`. For example, `https://sonarqube.mycompany.com/oauth2/callback/gitlab`. +- **Scopes** – select **api** if you plan to enable group synchronization. Select **read_user** if you only plan to delegate authentication. + +After saving your application, GitLab takes you to the app's page. Here you find your **Application ID** and **Secret**. + +## Setting your authentication settings in SonarQube +Open your SonarQube instance, and navigate to **Administration > Configuration > General Settings > Authentication > GitLab Authentication**. Set the following settings to finish setting up GitLab authentication: + +- **Enabled** – set to `true`. +- **Application ID** – the Application ID is found on your GitLab app's page. +- **Secret** – the Secret is found on your GitLab app's page. + +On the login form, the new "Log in with GitLab" button allows users to connect with their GitLab accounts. + +## GitLab group synchronization +Enable **Synchronize user groups** at **Administration > Configuration > General Settings > Authentication > GitLab Authentication** to associate GitLab groups with existing SonarQube groups of the same name. GitLab users inherit membership to subgroups from parent groups. + +To synchronize a GitLab group or subgroup with a SonarQube group, name the SonarQube group with the full path of the GitLab group or subgroup URL. + +For example, with the following GitLab group setup: + +- GitLab group = My Group +- GitLab subgroup = My Subgroup +- GitLab subgroup URL = `https://YourGitLabURL.com/my-group/my-subgroup` + +You should name your SonarQube group `my-group` to synchronize it with your GitLab group and `my-group/my-subgroup` to synchronize it with your GitLab subgroup. diff --git a/server/sonar-docs/src/pages/instance-administration/authentication/overview.md b/server/sonar-docs/src/pages/instance-administration/authentication/overview.md index 8a8b0bcbc2f..04474bc9e71 100644 --- a/server/sonar-docs/src/pages/instance-administration/authentication/overview.md +++ b/server/sonar-docs/src/pages/instance-administration/authentication/overview.md @@ -14,11 +14,5 @@ When using group mapping, the following caveats apply regardless of which delega [[warning]] |When group mapping is configured, the delegated authentication source becomes the only place to manage group membership, and the user's groups are re-fetched with each log in. -## GitHub, GitLab, and Bitbucket Cloud Authentication -You can delegate authentication to GitHub, GitLab, or Bitbucket Cloud. See the corresponding DevOps Platform integration page for more information: -- [GitHub Enterprise and GitHub.com](/analysis/github-integration/) -- [GitLab Self-Managed and GitLab.com](/analysis/gitlab-integration/) -- [Bitbucket Cloud](/analysis/bitbucket-cloud-integration/) - ## Revoking tokens for deactivated users When SonarQube authentication is delegated to an external identity provider, deactivating a user on the identity provider side does not remove any tokens associated with the user on the SonarQube side. We recommend deactivating the user in SonarQube at **Administration > Security > Users** by selecting **Deactivate** from the ![Settings drop-down](/images/gear.png) drop-down menu to ensure tokens associated with that user can no longer be used. diff --git a/server/sonar-docs/static/SonarQubeNavigationTree.json b/server/sonar-docs/static/SonarQubeNavigationTree.json index f736bb9bb7d..a49f0261f58 100644 --- a/server/sonar-docs/static/SonarQubeNavigationTree.json +++ b/server/sonar-docs/static/SonarQubeNavigationTree.json @@ -170,7 +170,10 @@ "/instance-administration/authentication/overview/", "/instance-administration/authentication/http-header/", "/instance-administration/authentication/ldap/", - "/instance-administration/authentication/saml/" + "/instance-administration/authentication/saml/", + "/instance-administration/authentication/github/", + "/instance-administration/authentication/gitlab/", + "/instance-administration/authentication/bitbucket-cloud/" ] }, "/instance-administration/look-and-feel/", diff --git a/server/sonar-docs/static/StaticNavigationTree.json b/server/sonar-docs/static/StaticNavigationTree.json index 1b67ca1cd30..fec76237512 100644 --- a/server/sonar-docs/static/StaticNavigationTree.json +++ b/server/sonar-docs/static/StaticNavigationTree.json @@ -204,7 +204,10 @@ "/instance-administration/authentication/overview/", "/instance-administration/authentication/http-header/", "/instance-administration/authentication/ldap/", - "/instance-administration/authentication/saml/" + "/instance-administration/authentication/saml/", + "/instance-administration/authentication/github/", + "/instance-administration/authentication/gitlab/", + "/instance-administration/authentication/bitbucket-cloud/" ] }, "/instance-administration/look-and-feel/", diff --git a/server/sonar-web/src/main/js/apps/settings/components/authentication/Authentication.tsx b/server/sonar-web/src/main/js/apps/settings/components/authentication/Authentication.tsx index 39fae5f8e15..e6bd3a16618 100644 --- a/server/sonar-web/src/main/js/apps/settings/components/authentication/Authentication.tsx +++ b/server/sonar-web/src/main/js/apps/settings/components/authentication/Authentication.tsx @@ -45,12 +45,11 @@ export type AuthenticationTabs = | AlmKeys.GitLab | AlmKeys.BitbucketServer; -const DOCUMENTATION_LINKS = { - [SAML]: '/documentation/instance-administration/delegated-auth/#saml-authentication', - [AlmKeys.GitHub]: '/documentation/analysis/github-integration/#authenticating-with-github', - [AlmKeys.GitLab]: '/documentation/analysis/gitlab-integration/#authenticating-with-gitlab', - [AlmKeys.BitbucketServer]: - '/documentation/analysis/bitbucket-cloud-integration/#authenticating-with-bitbucket-cloud' +const DOCUMENTATION_LINK_SUFFIXES = { + [SAML]: 'saml', + [AlmKeys.GitHub]: 'github', + [AlmKeys.GitLab]: 'gitlab', + [AlmKeys.BitbucketServer]: 'bitbucket-cloud' }; function renderDevOpsIcon(key: string) { @@ -138,7 +137,7 @@ export default function Authentication(props: Props) { values={{ link: ( {translate('settings.authentication.help.link')} -- 2.39.5