SONAR-20309 Fail GH sync bg task, in case user consent is needed

server/sonar-auth-github/src/main/java/org/sonar/auth/github/GitHubSettings.java

@@ -60,6 +60,8 @@ public class GitHubSettings {
   public static final String ORGANIZATIONS = "sonar.auth.github.organizations";
   @VisibleForTesting
   static final String PROVISIONING = "provisioning.github.enabled";
+  @VisibleForTesting
+  static final String USER_CONSENT_FOR_PERMISSIONS_REQUIRED_AFTER_UPGRADE = "sonar.auth.github.userConsentForPermissionProvisioningRequired";
 
   private static final String CATEGORY = "authentication";
   private static final String SUBCATEGORY = "github";
@@ -160,6 +162,10 @@ public class GitHubSettings {
     return isEnabled() && internalProperties.read(PROVISIONING).map(Boolean::parseBoolean).orElse(false);
   }
 
+  public boolean isUserConsentRequiredAfterUpgrade() {
+    return configuration.get(USER_CONSENT_FOR_PERMISSIONS_REQUIRED_AFTER_UPGRADE).isPresent();
+  }
+
   public static List<PropertyDefinition> definitions() {
     int index = 1;
     return Arrays.asList(

server/sonar-auth-github/src/test/java/org/sonar/auth/github/GitHubSettingsTest.java

@@ -36,6 +36,7 @@ import static org.assertj.core.api.Assertions.assertThatIllegalStateException;
 import static org.mockito.Mockito.mock;
 import static org.mockito.Mockito.verify;
 import static org.mockito.Mockito.when;
+import static org.sonar.auth.github.GitHubSettings.USER_CONSENT_FOR_PERMISSIONS_REQUIRED_AFTER_UPGRADE;
 
 public class GitHubSettingsTest {
   @Rule
@@ -101,6 +102,17 @@ public class GitHubSettingsTest {
     assertThat(underTest.isProvisioningEnabled()).isTrue();
   }
 
+  @Test
+  public void isUserConsentRequiredAfterUpgrade_returnsFalseByDefault() {
+    assertThat(underTest.isUserConsentRequiredAfterUpgrade()).isFalse();
+  }
+
+  @Test
+  public void isUserConsentRequiredAfterUpgrade_returnsTrueIfPropertyPresent() {
+    settings.setProperty(USER_CONSENT_FOR_PERMISSIONS_REQUIRED_AFTER_UPGRADE, "");
+    assertThat(underTest.isUserConsentRequiredAfterUpgrade()).isTrue();
+  }
+
   @Test
   public void setProvisioning_whenGitHubAuthDisabled_shouldThrow() {
     assertThatIllegalStateException()

server/sonar-db-migration/src/main/java/org/sonar/server/platform/db/migration/version/v102/AddUserConsentRequiredIfGithubAutoProvisioningEnabled.java

@@ -1,3 +1,22 @@
+/*
+ * SonarQube
+ * Copyright (C) 2009-2023 SonarSource SA
+ * mailto:info AT sonarsource DOT com
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 3 of the License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with this program; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
+ */
 package org.sonar.server.platform.db.migration.version.v102;
 
 import com.google.common.annotations.VisibleForTesting;
@@ -33,7 +52,6 @@ public class AddUserConsentRequiredIfGithubAutoProvisioningEnabled extends DataC
     this.system2 = system2;
     this.uuidFactory = uuidFactory;
   }
-
   @Override
   protected void execute(DataChange.Context context) throws SQLException {
     if (!isGithubAutoProvisioningEnabled(context)) {