From cb3ffbb09c42fb17277513fef4bc8aa1f8955140 Mon Sep 17 00:00:00 2001 From: Pierre Date: Fri, 17 Mar 2023 15:08:43 +0100 Subject: [PATCH] SONAR-18797 warn log message and truncate scim_users during upgrade --- .../migration/version/v100/DbVersion100.java | 3 + .../v100/DropScimUserProvisioning.java | 36 ++++++++ .../v100/DropSonarScimEnabledProperty.java | 39 ++++++++ ...sageIfSonarScimEnabledPresentProperty.java | 45 ++++++++++ .../v100/DropScimUserProvisioningTest.java | 63 +++++++++++++ .../DropSonarScimEnabledPropertyTest.java | 63 +++++++++++++ ...IfSonarScimEnabledPresentPropertyTest.java | 90 +++++++++++++++++++ .../DropScimUserProvisioningTest/schema.sql | 6 ++ .../schema.sql | 12 +++ .../schema.sql | 12 +++ 10 files changed, 369 insertions(+) create mode 100644 server/sonar-db-migration/src/main/java/org/sonar/server/platform/db/migration/version/v100/DropScimUserProvisioning.java create mode 100644 server/sonar-db-migration/src/main/java/org/sonar/server/platform/db/migration/version/v100/DropSonarScimEnabledProperty.java create mode 100644 server/sonar-db-migration/src/main/java/org/sonar/server/platform/db/migration/version/v100/LogMessageIfSonarScimEnabledPresentProperty.java create mode 100644 server/sonar-db-migration/src/test/java/org/sonar/server/platform/db/migration/version/v100/DropScimUserProvisioningTest.java create mode 100644 server/sonar-db-migration/src/test/java/org/sonar/server/platform/db/migration/version/v100/DropSonarScimEnabledPropertyTest.java create mode 100644 server/sonar-db-migration/src/test/java/org/sonar/server/platform/db/migration/version/v100/LogMessageIfSonarScimEnabledPresentPropertyTest.java create mode 100644 server/sonar-db-migration/src/test/resources/org/sonar/server/platform/db/migration/version/v100/DropScimUserProvisioningTest/schema.sql create mode 100644 server/sonar-db-migration/src/test/resources/org/sonar/server/platform/db/migration/version/v100/DropSonarScimEnabledPropertyTest/schema.sql create mode 100644 server/sonar-db-migration/src/test/resources/org/sonar/server/platform/db/migration/version/v100/LogMessageIfSonarScimEnabledPresentPropertyTest/schema.sql diff --git a/server/sonar-db-migration/src/main/java/org/sonar/server/platform/db/migration/version/v100/DbVersion100.java b/server/sonar-db-migration/src/main/java/org/sonar/server/platform/db/migration/version/v100/DbVersion100.java index 331d3b25b24..1217495bcc2 100644 --- a/server/sonar-db-migration/src/main/java/org/sonar/server/platform/db/migration/version/v100/DbVersion100.java +++ b/server/sonar-db-migration/src/main/java/org/sonar/server/platform/db/migration/version/v100/DbVersion100.java @@ -53,6 +53,9 @@ public class DbVersion100 implements DbVersion { .add(10_0_009, "Make column 'user_local' not nullable in the 'users' table", MakeColumnUserLocalNotNullableInUsers.class) .add(10_0_010, "Create 'scim_groups' table", CreateScimGroupsTable.class) .add(10_0_011, "Create unique index on scim_groups.group_uuid", CreateUniqueIndexForScimGroupsUuid.class) + .add(10_0_012, "Log a warning message if 'sonar.scim.enabled' is used", LogMessageIfSonarScimEnabledPresentProperty.class) + .add(10_0_013, "Drop 'sonar.scim.enabled' property", DropSonarScimEnabledProperty.class) + .add(10_0_014, "Drop any SCIM User provisioning, turning all users local", DropScimUserProvisioning.class) ; } } diff --git a/server/sonar-db-migration/src/main/java/org/sonar/server/platform/db/migration/version/v100/DropScimUserProvisioning.java b/server/sonar-db-migration/src/main/java/org/sonar/server/platform/db/migration/version/v100/DropScimUserProvisioning.java new file mode 100644 index 00000000000..f4cb12bdfe9 --- /dev/null +++ b/server/sonar-db-migration/src/main/java/org/sonar/server/platform/db/migration/version/v100/DropScimUserProvisioning.java @@ -0,0 +1,36 @@ +/* + * SonarQube + * Copyright (C) 2009-2023 SonarSource SA + * mailto:info AT sonarsource DOT com + * + * This program is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 3 of the License, or (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public License + * along with this program; if not, write to the Free Software Foundation, + * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. + */ +package org.sonar.server.platform.db.migration.version.v100; + +import java.sql.SQLException; +import org.sonar.db.Database; +import org.sonar.server.platform.db.migration.step.DataChange; + +public class DropScimUserProvisioning extends DataChange { + + public DropScimUserProvisioning(Database db) { + super(db); + } + + @Override + protected void execute(Context context) throws SQLException { + context.prepareUpsert("delete from scim_users").execute().commit(); + } +} diff --git a/server/sonar-db-migration/src/main/java/org/sonar/server/platform/db/migration/version/v100/DropSonarScimEnabledProperty.java b/server/sonar-db-migration/src/main/java/org/sonar/server/platform/db/migration/version/v100/DropSonarScimEnabledProperty.java new file mode 100644 index 00000000000..6df2a3e9994 --- /dev/null +++ b/server/sonar-db-migration/src/main/java/org/sonar/server/platform/db/migration/version/v100/DropSonarScimEnabledProperty.java @@ -0,0 +1,39 @@ +/* + * SonarQube + * Copyright (C) 2009-2023 SonarSource SA + * mailto:info AT sonarsource DOT com + * + * This program is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 3 of the License, or (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public License + * along with this program; if not, write to the Free Software Foundation, + * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. + */ +package org.sonar.server.platform.db.migration.version.v100; + +import java.sql.SQLException; +import org.sonar.db.Database; +import org.sonar.server.platform.db.migration.step.DataChange; + +public class DropSonarScimEnabledProperty extends DataChange { + + public DropSonarScimEnabledProperty(Database db) { + super(db); + } + + @Override + protected void execute(Context context) throws SQLException { + context.prepareUpsert("delete from properties where prop_key = ?") + .setString(1, "sonar.scim.enabled") + .execute() + .commit(); + } +} diff --git a/server/sonar-db-migration/src/main/java/org/sonar/server/platform/db/migration/version/v100/LogMessageIfSonarScimEnabledPresentProperty.java b/server/sonar-db-migration/src/main/java/org/sonar/server/platform/db/migration/version/v100/LogMessageIfSonarScimEnabledPresentProperty.java new file mode 100644 index 00000000000..2888982640d --- /dev/null +++ b/server/sonar-db-migration/src/main/java/org/sonar/server/platform/db/migration/version/v100/LogMessageIfSonarScimEnabledPresentProperty.java @@ -0,0 +1,45 @@ +/* + * SonarQube + * Copyright (C) 2009-2023 SonarSource SA + * mailto:info AT sonarsource DOT com + * + * This program is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 3 of the License, or (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public License + * along with this program; if not, write to the Free Software Foundation, + * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. + */ +package org.sonar.server.platform.db.migration.version.v100; + +import java.sql.SQLException; +import org.sonar.api.utils.log.Logger; +import org.sonar.api.utils.log.Loggers; +import org.sonar.db.Database; +import org.sonar.server.platform.db.migration.step.DataChange; + +public class LogMessageIfSonarScimEnabledPresentProperty extends DataChange { + + private static final Logger LOG = Loggers.get(LogMessageIfSonarScimEnabledPresentProperty.class); + public static final String SONAR_SCIM_ENABLED = "sonar.scim.enabled"; + + public LogMessageIfSonarScimEnabledPresentProperty(Database db) { + super(db); + } + + @Override + protected void execute(Context context) throws SQLException { + context.prepareSelect("select * from properties where prop_key = ?") + .setString(1, SONAR_SCIM_ENABLED) + .scroll(row -> LOG.warn("'{}' property is defined but not read anymore." + + " Please read the upgrade notes for the instruction to upgrade. User provisioning is deactivated until reactivated" + + " from the SonarQube Administration Interface (\"General->Authentication\").", SONAR_SCIM_ENABLED)); + } +} diff --git a/server/sonar-db-migration/src/test/java/org/sonar/server/platform/db/migration/version/v100/DropScimUserProvisioningTest.java b/server/sonar-db-migration/src/test/java/org/sonar/server/platform/db/migration/version/v100/DropScimUserProvisioningTest.java new file mode 100644 index 00000000000..cd3d1aedd75 --- /dev/null +++ b/server/sonar-db-migration/src/test/java/org/sonar/server/platform/db/migration/version/v100/DropScimUserProvisioningTest.java @@ -0,0 +1,63 @@ +/* + * SonarQube + * Copyright (C) 2009-2023 SonarSource SA + * mailto:info AT sonarsource DOT com + * + * This program is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 3 of the License, or (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public License + * along with this program; if not, write to the Free Software Foundation, + * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. + */ +package org.sonar.server.platform.db.migration.version.v100; + +import java.sql.SQLException; +import org.junit.Rule; +import org.junit.Test; +import org.sonar.db.CoreDbTester; +import org.sonar.server.platform.db.migration.step.DataChange; + +import static org.assertj.core.api.Assertions.assertThat; + +public class DropScimUserProvisioningTest { + + @Rule + public final CoreDbTester db = CoreDbTester.createForSchema(DropScimUserProvisioningTest.class, "schema.sql"); + private final DataChange underTest = new DropScimUserProvisioning(db.database()); + + @Test + public void migration_should_truncate_scim_users_table() throws SQLException { + insertScimUser(1); + insertScimUser(2); + + underTest.execute(); + + assertThat(db.select("select * from scim_users")).isEmpty(); + } + + private void insertScimUser(long id) { + db.executeInsert("scim_users", + "scim_uuid", "any-scim-uuid-" + id, + "user_uuid", "any-user-uuid-" + id + ); + } + + @Test + public void migration_is_reentrant() throws SQLException { + insertScimUser(1); + insertScimUser(2); + + underTest.execute(); + underTest.execute(); + assertThat(db.select("select * from scim_users")).isEmpty(); + } + +} \ No newline at end of file diff --git a/server/sonar-db-migration/src/test/java/org/sonar/server/platform/db/migration/version/v100/DropSonarScimEnabledPropertyTest.java b/server/sonar-db-migration/src/test/java/org/sonar/server/platform/db/migration/version/v100/DropSonarScimEnabledPropertyTest.java new file mode 100644 index 00000000000..c2bba8ab347 --- /dev/null +++ b/server/sonar-db-migration/src/test/java/org/sonar/server/platform/db/migration/version/v100/DropSonarScimEnabledPropertyTest.java @@ -0,0 +1,63 @@ +/* + * SonarQube + * Copyright (C) 2009-2023 SonarSource SA + * mailto:info AT sonarsource DOT com + * + * This program is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 3 of the License, or (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public License + * along with this program; if not, write to the Free Software Foundation, + * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. + */ +package org.sonar.server.platform.db.migration.version.v100; + +import java.sql.SQLException; +import org.assertj.core.api.Assertions; +import org.junit.Rule; +import org.junit.Test; +import org.sonar.db.CoreDbTester; +import org.sonar.server.platform.db.migration.step.DataChange; + +public class DropSonarScimEnabledPropertyTest { + + @Rule + public final CoreDbTester db = CoreDbTester.createForSchema(DropSonarScimEnabledPropertyTest.class, "schema.sql"); + private final DataChange underTest = new DropSonarScimEnabledProperty(db.database()); + + @Test + public void migration_should_remove_scim_property() throws SQLException { + insertScimProperty(db); + + underTest.execute(); + + Assertions.assertThat(db.select("select * from properties")).isEmpty(); + } + + @Test + public void migration_is_reentrant() throws SQLException { + insertScimProperty(db); + + underTest.execute(); + underTest.execute(); + + Assertions.assertThat(db.select("select * from properties")).isEmpty(); + } + + private void insertScimProperty(CoreDbTester db) { + db.executeInsert("properties ", + "prop_key", "sonar.scim.enabled", + "is_empty", false, + "text_value", "true", + "created_at", 100_000L, + "uuid", "some-random-uuid" + ); + } +} \ No newline at end of file diff --git a/server/sonar-db-migration/src/test/java/org/sonar/server/platform/db/migration/version/v100/LogMessageIfSonarScimEnabledPresentPropertyTest.java b/server/sonar-db-migration/src/test/java/org/sonar/server/platform/db/migration/version/v100/LogMessageIfSonarScimEnabledPresentPropertyTest.java new file mode 100644 index 00000000000..cf71c218aac --- /dev/null +++ b/server/sonar-db-migration/src/test/java/org/sonar/server/platform/db/migration/version/v100/LogMessageIfSonarScimEnabledPresentPropertyTest.java @@ -0,0 +1,90 @@ +/* + * SonarQube + * Copyright (C) 2009-2023 SonarSource SA + * mailto:info AT sonarsource DOT com + * + * This program is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 3 of the License, or (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public License + * along with this program; if not, write to the Free Software Foundation, + * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. + */ +package org.sonar.server.platform.db.migration.version.v100; + +import java.sql.SQLException; +import org.junit.Before; +import org.junit.Rule; +import org.junit.Test; +import org.sonar.api.utils.log.LogTester; +import org.sonar.api.utils.log.LoggerLevel; +import org.sonar.db.CoreDbTester; +import org.sonar.server.platform.db.migration.step.DataChange; + +import static org.assertj.core.api.Assertions.assertThat; +import static org.sonar.server.platform.db.migration.version.v100.LogMessageIfSonarScimEnabledPresentProperty.SONAR_SCIM_ENABLED; + +public class LogMessageIfSonarScimEnabledPresentPropertyTest { + + @Rule + public LogTester logger = new LogTester(); + + @Rule + public final CoreDbTester db = CoreDbTester.createForSchema(LogMessageIfSonarScimEnabledPresentPropertyTest.class, "schema.sql"); + private final DataChange underTest = new LogMessageIfSonarScimEnabledPresentProperty(db.database()); + + @Before + public void before() { + logger.clear(); + } + + @Test + public void migration_should_log_message_when_scim_property() throws SQLException { + db.executeInsert("properties ", + "prop_key", "sonar.scim.enabled", + "is_empty", false, + "text_value", "true", + "created_at", 100_000L, + "uuid", "some-random-uuid" + ); + + underTest.execute(); + + assertThat(logger.logs(LoggerLevel.WARN)) + .hasSize(1) + .containsExactly("'" + SONAR_SCIM_ENABLED + "' property is defined but not read anymore. Please read the upgrade notes" + + " for the instruction to upgrade. User provisioning is deactivated until reactivated from the SonarQube" + + " Administration Interface (\"General->Authentication\")."); + } + + @Test + public void migration_should_not_log_if_no_scim_property() throws SQLException { + + underTest.execute(); + + assertThat(logger.logs(LoggerLevel.WARN)).isEmpty(); + } + + @Test + public void migration_is_reentrant() throws SQLException { + db.executeInsert("properties ", + "prop_key", "sonar.scim.enabled", + "is_empty", false, + "text_value", "true", + "created_at", 100_000L, + "uuid", "some-random-uuid" + ); + + underTest.execute(); + underTest.execute(); + + assertThat(logger.logs(LoggerLevel.WARN)).hasSize(2); + } +} \ No newline at end of file diff --git a/server/sonar-db-migration/src/test/resources/org/sonar/server/platform/db/migration/version/v100/DropScimUserProvisioningTest/schema.sql b/server/sonar-db-migration/src/test/resources/org/sonar/server/platform/db/migration/version/v100/DropScimUserProvisioningTest/schema.sql new file mode 100644 index 00000000000..aa6b7502c27 --- /dev/null +++ b/server/sonar-db-migration/src/test/resources/org/sonar/server/platform/db/migration/version/v100/DropScimUserProvisioningTest/schema.sql @@ -0,0 +1,6 @@ +CREATE TABLE "SCIM_USERS"( + "SCIM_UUID" CHARACTER VARYING(40) NOT NULL, + "USER_UUID" CHARACTER VARYING(40) NOT NULL +); +ALTER TABLE "SCIM_USERS" ADD CONSTRAINT "PK_SCIM_USERS" PRIMARY KEY("SCIM_UUID"); +CREATE UNIQUE INDEX "UNIQ_SCIM_USERS_USER_UUID" ON "SCIM_USERS"("USER_UUID" NULLS FIRST); diff --git a/server/sonar-db-migration/src/test/resources/org/sonar/server/platform/db/migration/version/v100/DropSonarScimEnabledPropertyTest/schema.sql b/server/sonar-db-migration/src/test/resources/org/sonar/server/platform/db/migration/version/v100/DropSonarScimEnabledPropertyTest/schema.sql new file mode 100644 index 00000000000..7aef2dc569b --- /dev/null +++ b/server/sonar-db-migration/src/test/resources/org/sonar/server/platform/db/migration/version/v100/DropSonarScimEnabledPropertyTest/schema.sql @@ -0,0 +1,12 @@ +CREATE TABLE "PROPERTIES"( + "UUID" CHARACTER VARYING(40) NOT NULL, + "PROP_KEY" CHARACTER VARYING(512) NOT NULL, + "IS_EMPTY" BOOLEAN NOT NULL, + "TEXT_VALUE" CHARACTER VARYING(4000), + "CLOB_VALUE" CHARACTER LARGE OBJECT, + "CREATED_AT" BIGINT NOT NULL, + "COMPONENT_UUID" CHARACTER VARYING(40), + "USER_UUID" CHARACTER VARYING(255) +); +ALTER TABLE "PROPERTIES" ADD CONSTRAINT "PK_PROPERTIES" PRIMARY KEY("UUID"); +CREATE INDEX "PROPERTIES_KEY" ON "PROPERTIES"("PROP_KEY" NULLS FIRST); diff --git a/server/sonar-db-migration/src/test/resources/org/sonar/server/platform/db/migration/version/v100/LogMessageIfSonarScimEnabledPresentPropertyTest/schema.sql b/server/sonar-db-migration/src/test/resources/org/sonar/server/platform/db/migration/version/v100/LogMessageIfSonarScimEnabledPresentPropertyTest/schema.sql new file mode 100644 index 00000000000..7aef2dc569b --- /dev/null +++ b/server/sonar-db-migration/src/test/resources/org/sonar/server/platform/db/migration/version/v100/LogMessageIfSonarScimEnabledPresentPropertyTest/schema.sql @@ -0,0 +1,12 @@ +CREATE TABLE "PROPERTIES"( + "UUID" CHARACTER VARYING(40) NOT NULL, + "PROP_KEY" CHARACTER VARYING(512) NOT NULL, + "IS_EMPTY" BOOLEAN NOT NULL, + "TEXT_VALUE" CHARACTER VARYING(4000), + "CLOB_VALUE" CHARACTER LARGE OBJECT, + "CREATED_AT" BIGINT NOT NULL, + "COMPONENT_UUID" CHARACTER VARYING(40), + "USER_UUID" CHARACTER VARYING(255) +); +ALTER TABLE "PROPERTIES" ADD CONSTRAINT "PK_PROPERTIES" PRIMARY KEY("UUID"); +CREATE INDEX "PROPERTIES_KEY" ON "PROPERTIES"("PROP_KEY" NULLS FIRST); -- 2.39.5