From aa193702de842769be72c69d1986c0648df16ed7 Mon Sep 17 00:00:00 2001 From: Aurelien Poscia Date: Mon, 11 Sep 2023 11:35:03 +0200 Subject: [PATCH] SONAR-20392 Add events to audit logs when GH permissions mapping change --- .../GithubPermissionsMappingDaoIT.java | 16 +++++- .../org/sonar/db/audit/AuditPersister.java | 5 ++ .../sonar/db/audit/NoOpAuditPersister.java | 11 ++++ .../GithubPermissionsMappingNewValue.java | 52 +++++++++++++++++++ .../GithubPermissionsMappingDao.java | 19 +++++++ 5 files changed, 102 insertions(+), 1 deletion(-) create mode 100644 server/sonar-db-dao/src/main/java/org/sonar/db/audit/model/GithubPermissionsMappingNewValue.java diff --git a/server/sonar-db-dao/src/it/java/org/sonar/db/provisioning/GithubPermissionsMappingDaoIT.java b/server/sonar-db-dao/src/it/java/org/sonar/db/provisioning/GithubPermissionsMappingDaoIT.java index 0eb588de39d..33839955dd7 100644 --- a/server/sonar-db-dao/src/it/java/org/sonar/db/provisioning/GithubPermissionsMappingDaoIT.java +++ b/server/sonar-db-dao/src/it/java/org/sonar/db/provisioning/GithubPermissionsMappingDaoIT.java @@ -22,17 +22,27 @@ package org.sonar.db.provisioning; import java.util.Set; import org.junit.Rule; import org.junit.Test; +import org.mockito.ArgumentCaptor; import org.sonar.db.DbSession; import org.sonar.db.DbTester; +import org.sonar.db.audit.AuditPersister; +import org.sonar.db.audit.model.GithubPermissionsMappingNewValue; import static org.assertj.core.api.Assertions.assertThat; +import static org.mockito.ArgumentMatchers.eq; +import static org.mockito.Mockito.mock; +import static org.mockito.Mockito.verify; public class GithubPermissionsMappingDaoIT { private static final String MAPPING_UUID = "uuid"; + private final AuditPersister auditPersister = mock(); + @Rule - public final DbTester db = DbTester.create(); + public final DbTester db = DbTester.create(auditPersister); + + private final ArgumentCaptor newValueCaptor = ArgumentCaptor.forClass(GithubPermissionsMappingNewValue.class); private final DbSession dbSession = db.getSession(); @@ -50,6 +60,10 @@ public class GithubPermissionsMappingDaoIT { assertThat(savedMapping.uuid()).isEqualTo(githubPermissionsMappingDto.uuid()); assertThat(savedMapping.githubRole()).isEqualTo(githubPermissionsMappingDto.githubRole()); assertThat(savedMapping.sonarqubePermission()).isEqualTo(githubPermissionsMappingDto.sonarqubePermission()); + + verify(auditPersister).addGithubPermissionsMapping(eq(dbSession), newValueCaptor.capture()); + assertThat(newValueCaptor.getValue().getGithubRole()).isEqualTo(githubPermissionsMappingDto.githubRole()); + assertThat(newValueCaptor.getValue().getSonarqubePermission()).isEqualTo(githubPermissionsMappingDto.sonarqubePermission()); } @Test diff --git a/server/sonar-db-dao/src/main/java/org/sonar/db/audit/AuditPersister.java b/server/sonar-db-dao/src/main/java/org/sonar/db/audit/AuditPersister.java index 870701b4237..401a51a80e1 100644 --- a/server/sonar-db-dao/src/main/java/org/sonar/db/audit/AuditPersister.java +++ b/server/sonar-db-dao/src/main/java/org/sonar/db/audit/AuditPersister.java @@ -25,6 +25,7 @@ import org.sonar.db.audit.model.AbstractEditorNewValue; import org.sonar.db.audit.model.ComponentKeyNewValue; import org.sonar.db.audit.model.ComponentNewValue; import org.sonar.db.audit.model.DevOpsPlatformSettingNewValue; +import org.sonar.db.audit.model.GithubPermissionsMappingNewValue; import org.sonar.db.audit.model.GroupPermissionNewValue; import org.sonar.db.audit.model.LicenseNewValue; import org.sonar.db.audit.model.PermissionTemplateNewValue; @@ -102,6 +103,10 @@ public interface AuditPersister { void deleteGroupFromPermissionTemplate(DbSession dbSession, PermissionTemplateNewValue newValue); + void addGithubPermissionsMapping(DbSession dbSession, GithubPermissionsMappingNewValue newValue); + + void deleteGithubPermissionsMapping(DbSession dbSession, GithubPermissionsMappingNewValue deletedValue); + void addQualityGateEditor(DbSession dbSession, AbstractEditorNewValue newValue); void deleteQualityGateEditor(DbSession dbSession, AbstractEditorNewValue newValue); diff --git a/server/sonar-db-dao/src/main/java/org/sonar/db/audit/NoOpAuditPersister.java b/server/sonar-db-dao/src/main/java/org/sonar/db/audit/NoOpAuditPersister.java index eefd5f7ca15..755478ad72a 100644 --- a/server/sonar-db-dao/src/main/java/org/sonar/db/audit/NoOpAuditPersister.java +++ b/server/sonar-db-dao/src/main/java/org/sonar/db/audit/NoOpAuditPersister.java @@ -25,6 +25,7 @@ import org.sonar.db.audit.model.ComponentKeyNewValue; import org.sonar.db.audit.model.ComponentNewValue; import org.sonar.db.audit.model.DevOpsPlatformSettingNewValue; import org.sonar.db.audit.model.AbstractEditorNewValue; +import org.sonar.db.audit.model.GithubPermissionsMappingNewValue; import org.sonar.db.audit.model.GroupPermissionNewValue; import org.sonar.db.audit.model.LicenseNewValue; import org.sonar.db.audit.model.PermissionTemplateNewValue; @@ -191,6 +192,16 @@ public class NoOpAuditPersister implements AuditPersister { // no op } + @Override + public void addGithubPermissionsMapping(DbSession dbSession, GithubPermissionsMappingNewValue newValue) { + // no op + } + + @Override + public void deleteGithubPermissionsMapping(DbSession dbSession, GithubPermissionsMappingNewValue deletedValue) { + // no op + } + @Override public void addQualityGateEditor(DbSession dbSession, AbstractEditorNewValue newValue) { // no op diff --git a/server/sonar-db-dao/src/main/java/org/sonar/db/audit/model/GithubPermissionsMappingNewValue.java b/server/sonar-db-dao/src/main/java/org/sonar/db/audit/model/GithubPermissionsMappingNewValue.java new file mode 100644 index 00000000000..9764e63b7ff --- /dev/null +++ b/server/sonar-db-dao/src/main/java/org/sonar/db/audit/model/GithubPermissionsMappingNewValue.java @@ -0,0 +1,52 @@ +/* + * SonarQube + * Copyright (C) 2009-2023 SonarSource SA + * mailto:info AT sonarsource DOT com + * + * This program is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 3 of the License, or (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public License + * along with this program; if not, write to the Free Software Foundation, + * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. + */ +package org.sonar.db.audit.model; + +import com.google.common.annotations.VisibleForTesting; + +public class GithubPermissionsMappingNewValue extends NewValue { + + private final String githubRole; + private final String sonarqubePermission; + + public GithubPermissionsMappingNewValue(String githubRole, String sonarqubePermission) { + this.githubRole = githubRole; + this.sonarqubePermission = sonarqubePermission; + } + + @VisibleForTesting + public String getGithubRole() { + return githubRole; + } + + public String getSonarqubePermission() { + return sonarqubePermission; + } + + @Override + public String toString() { + StringBuilder sb = new StringBuilder("{"); + addField(sb, "\"githubRole\": ", this.githubRole, true); + addField(sb, "\"sonarqubePermissions\": ", this.sonarqubePermission, true); + endString(sb); + return sb.toString(); + } + +} diff --git a/server/sonar-db-dao/src/main/java/org/sonar/db/provisioning/GithubPermissionsMappingDao.java b/server/sonar-db-dao/src/main/java/org/sonar/db/provisioning/GithubPermissionsMappingDao.java index fad64ad92c1..b97b3ea421d 100644 --- a/server/sonar-db-dao/src/main/java/org/sonar/db/provisioning/GithubPermissionsMappingDao.java +++ b/server/sonar-db-dao/src/main/java/org/sonar/db/provisioning/GithubPermissionsMappingDao.java @@ -22,15 +22,34 @@ package org.sonar.db.provisioning; import java.util.Set; import org.sonar.db.Dao; import org.sonar.db.DbSession; +import org.sonar.db.audit.AuditPersister; +import org.sonar.db.audit.model.GithubPermissionsMappingNewValue; public class GithubPermissionsMappingDao implements Dao { + private final AuditPersister auditPersister; + + public GithubPermissionsMappingDao(AuditPersister auditPersister) { + this.auditPersister = auditPersister; + } + public Set findAll(DbSession dbSession) { return mapper(dbSession).selectAll(); } public void insert(DbSession dbSession, GithubPermissionsMappingDto githubPermissionsMappingDto) { mapper(dbSession).insert(githubPermissionsMappingDto); + auditPersister.addGithubPermissionsMapping(dbSession, toNewValueForAuditLogs(githubPermissionsMappingDto)); + } + + public void delete(DbSession dbSession, GithubPermissionsMappingDto githubPermissionsMappingDto) { + // TODO SONAR-20397 + auditPersister.deleteGithubPermissionsMapping(dbSession, toNewValueForAuditLogs(githubPermissionsMappingDto)); + } + + private static GithubPermissionsMappingNewValue toNewValueForAuditLogs(GithubPermissionsMappingDto githubPermissionsMappingDto) { + return new GithubPermissionsMappingNewValue(githubPermissionsMappingDto.githubRole(), + githubPermissionsMappingDto.sonarqubePermission()); } private static GithubPermissionsMappingMapper mapper(DbSession session) { -- 2.39.5