@@ -42,9 +42,9 @@ public class GitLabSettings implements DevOpsPlatformSettings { | |||
public static final String GITLAB_AUTH_APPLICATION_ID = "sonar.auth.gitlab.applicationId.secured"; | |||
public static final String GITLAB_AUTH_SECRET = "sonar.auth.gitlab.secret.secured"; | |||
public static final String GITLAB_AUTH_ALLOW_USERS_TO_SIGNUP = "sonar.auth.gitlab.allowUsersToSignUp"; | |||
public static final String GITLAB_AUTH_ALLOWED_GROUPS = "sonar.auth.gitlab.allowedGroups"; | |||
public static final String GITLAB_AUTH_SYNC_USER_GROUPS = "sonar.auth.gitlab.groupsSync"; | |||
public static final String GITLAB_AUTH_PROVISIONING_TOKEN = "provisioning.gitlab.token.secured"; | |||
public static final String GITLAB_AUTH_PROVISIONING_GROUPS = "provisioning.gitlab.groups"; | |||
public static final String GITLAB_AUTH_PROVISIONING_ENABLED = "provisioning.gitlab.enabled"; | |||
private static final String CATEGORY = "authentication"; | |||
@@ -84,6 +84,10 @@ public class GitLabSettings implements DevOpsPlatformSettings { | |||
return configuration.getBoolean(GITLAB_AUTH_ALLOW_USERS_TO_SIGNUP).orElse(false); | |||
} | |||
public Set<String> allowedGroups() { | |||
return Set.of(configuration.getStringArray(GITLAB_AUTH_ALLOWED_GROUPS)); | |||
} | |||
public boolean syncUserGroups() { | |||
return configuration.getBoolean(GITLAB_AUTH_SYNC_USER_GROUPS).orElse(false); | |||
} | |||
@@ -92,10 +96,6 @@ public class GitLabSettings implements DevOpsPlatformSettings { | |||
return configuration.get(GITLAB_AUTH_PROVISIONING_TOKEN).map(Strings::emptyToNull).orElse(null); | |||
} | |||
public Set<String> provisioningGroups() { | |||
return Set.of(configuration.getStringArray(GITLAB_AUTH_PROVISIONING_GROUPS)); | |||
} | |||
@Override | |||
public String getDevOpsPlatform() { | |||
return ALM.GITLAB.getId(); | |||
@@ -154,6 +154,16 @@ public class GitLabSettings implements DevOpsPlatformSettings { | |||
.defaultValue(valueOf(true)) | |||
.index(5) | |||
.build(), | |||
PropertyDefinition.builder(GITLAB_AUTH_ALLOWED_GROUPS) | |||
.name("Groups allowed") | |||
.description("Only members of these groups (and sub-groups) will be allowed to authenticate. " + | |||
"Please enter the group slug as it appears in the GitLab URL, for instance `my-gitlab-group`. " + | |||
"If you use Auto-provisioning, only members of these groups (and sub-groups) will be provisioned") | |||
.multiValues(true) | |||
.category(CATEGORY) | |||
.subCategory(SUBCATEGORY) | |||
.index(6) | |||
.build(), | |||
PropertyDefinition.builder(GITLAB_AUTH_SYNC_USER_GROUPS) | |||
.deprecatedKey("sonar.auth.gitlab.sync_user_groups") | |||
.name("Synchronize user groups") | |||
@@ -163,7 +173,7 @@ public class GitLabSettings implements DevOpsPlatformSettings { | |||
.subCategory(SUBCATEGORY) | |||
.type(PropertyType.BOOLEAN) | |||
.defaultValue(valueOf(false)) | |||
.index(6) | |||
.index(7) | |||
.build(), | |||
PropertyDefinition.builder(GITLAB_AUTH_PROVISIONING_TOKEN) | |||
.name("Provisioning token") | |||
@@ -172,15 +182,6 @@ public class GitLabSettings implements DevOpsPlatformSettings { | |||
.category(CATEGORY) | |||
.subCategory(SUBCATEGORY) | |||
.type(PASSWORD) | |||
.index(7) | |||
.build(), | |||
PropertyDefinition.builder(GITLAB_AUTH_PROVISIONING_GROUPS) | |||
.name("Groups") | |||
.description("Only members of these groups (and sub-groups) will be provisioned." + | |||
" Please enter the group slug as it appears in the GitLab URL, for instance `my-gitlab-group`.") | |||
.multiValues(true) | |||
.category(CATEGORY) | |||
.subCategory(SUBCATEGORY) | |||
.index(8) | |||
.build(), | |||
PropertyDefinition.builder(GITLAB_AUTH_PROVISIONING_ENABLED) |
@@ -26,11 +26,11 @@ import org.sonar.api.config.internal.MapSettings; | |||
import org.sonar.api.utils.System2; | |||
import static org.assertj.core.api.Assertions.assertThat; | |||
import static org.sonar.auth.gitlab.GitLabSettings.GITLAB_AUTH_ALLOWED_GROUPS; | |||
import static org.sonar.auth.gitlab.GitLabSettings.GITLAB_AUTH_ALLOW_USERS_TO_SIGNUP; | |||
import static org.sonar.auth.gitlab.GitLabSettings.GITLAB_AUTH_APPLICATION_ID; | |||
import static org.sonar.auth.gitlab.GitLabSettings.GITLAB_AUTH_ENABLED; | |||
import static org.sonar.auth.gitlab.GitLabSettings.GITLAB_AUTH_PROVISIONING_ENABLED; | |||
import static org.sonar.auth.gitlab.GitLabSettings.GITLAB_AUTH_PROVISIONING_GROUPS; | |||
import static org.sonar.auth.gitlab.GitLabSettings.GITLAB_AUTH_PROVISIONING_TOKEN; | |||
import static org.sonar.auth.gitlab.GitLabSettings.GITLAB_AUTH_SECRET; | |||
import static org.sonar.auth.gitlab.GitLabSettings.GITLAB_AUTH_SYNC_USER_GROUPS; | |||
@@ -83,8 +83,8 @@ public class GitLabSettingsTest { | |||
settings.setProperty(GITLAB_AUTH_PROVISIONING_TOKEN, "token"); | |||
assertThat(config.provisioningToken()).isEqualTo("token"); | |||
settings.setProperty(GITLAB_AUTH_PROVISIONING_GROUPS, new String[] {"Group1", "Group2"}); | |||
assertThat(config.provisioningGroups()).containsExactlyInAnyOrder("Group1", "Group2"); | |||
settings.setProperty(GITLAB_AUTH_ALLOWED_GROUPS, new String[] {"Group1", "Group2"}); | |||
assertThat(config.allowedGroups()).containsExactlyInAnyOrder("Group1", "Group2"); | |||
assertThat(config.isProvisioningEnabled()).isFalse(); | |||
settings.setProperty(GITLAB_AUTH_PROVISIONING_ENABLED, true); |
@@ -55,11 +55,11 @@ import static org.mockito.Mockito.verifyNoMoreInteractions; | |||
import static org.mockito.Mockito.when; | |||
import static org.sonar.alm.client.gitlab.GitlabGlobalSettingsValidator.ValidationMode.AUTH_ONLY; | |||
import static org.sonar.alm.client.gitlab.GitlabGlobalSettingsValidator.ValidationMode.COMPLETE; | |||
import static org.sonar.auth.gitlab.GitLabSettings.GITLAB_AUTH_ALLOWED_GROUPS; | |||
import static org.sonar.auth.gitlab.GitLabSettings.GITLAB_AUTH_ALLOW_USERS_TO_SIGNUP; | |||
import static org.sonar.auth.gitlab.GitLabSettings.GITLAB_AUTH_APPLICATION_ID; | |||
import static org.sonar.auth.gitlab.GitLabSettings.GITLAB_AUTH_ENABLED; | |||
import static org.sonar.auth.gitlab.GitLabSettings.GITLAB_AUTH_PROVISIONING_ENABLED; | |||
import static org.sonar.auth.gitlab.GitLabSettings.GITLAB_AUTH_PROVISIONING_GROUPS; | |||
import static org.sonar.auth.gitlab.GitLabSettings.GITLAB_AUTH_PROVISIONING_TOKEN; | |||
import static org.sonar.auth.gitlab.GitLabSettings.GITLAB_AUTH_SECRET; | |||
import static org.sonar.auth.gitlab.GitLabSettings.GITLAB_AUTH_SYNC_USER_GROUPS; | |||
@@ -125,7 +125,7 @@ public class GitlabConfigurationServiceIT { | |||
@Test | |||
public void getConfiguration_whenConfigurationSetAndEmpty_returnsConfig() { | |||
dbTester.properties().insertProperty(GITLAB_AUTH_ENABLED, "true", null); | |||
dbTester.properties().insertProperty(GITLAB_AUTH_PROVISIONING_GROUPS, "", null); | |||
dbTester.properties().insertProperty(GITLAB_AUTH_ALLOWED_GROUPS, "", null); | |||
GitlabConfiguration configuration = gitlabConfigurationService.getConfiguration("gitlab-configuration"); | |||
@@ -135,10 +135,10 @@ public class GitlabConfigurationServiceIT { | |||
assertThat(configuration.url()).isEmpty(); | |||
assertThat(configuration.secret()).isEmpty(); | |||
assertThat(configuration.synchronizeGroups()).isFalse(); | |||
assertThat(configuration.allowedGroups()).isEmpty(); | |||
assertThat(configuration.provisioningType()).isEqualTo(JIT); | |||
assertThat(configuration.allowUsersToSignUp()).isFalse(); | |||
assertThat(configuration.provisioningToken()).isNull(); | |||
assertThat(configuration.provisioningGroups()).isEmpty(); | |||
} | |||
@Test | |||
@@ -169,10 +169,10 @@ public class GitlabConfigurationServiceIT { | |||
.url(withValueOrThrow("url")) | |||
.secret(withValueOrThrow("secret")) | |||
.synchronizeGroups(withValueOrThrow(true)) | |||
.allowedGroups(withValueOrThrow(new LinkedHashSet<>(List.of("group1", "group2", "group3")))) | |||
.provisioningType(withValueOrThrow(AUTO_PROVISIONING)) | |||
.allowUserToSignUp(withValueOrThrow(true)) | |||
.provisioningToken(withValueOrThrow("provisioningToken")) | |||
.provisioningGroups(withValueOrThrow(new LinkedHashSet<>(List.of("group1", "group2", "group3")))) | |||
.build(); | |||
GitlabConfiguration gitlabConfiguration = gitlabConfigurationService.updateConfiguration(updateRequest); | |||
@@ -182,10 +182,10 @@ public class GitlabConfigurationServiceIT { | |||
verifySettingWasSet(GITLAB_AUTH_URL, "url"); | |||
verifySettingWasSet(GITLAB_AUTH_SECRET, "secret"); | |||
verifySettingWasSet(GITLAB_AUTH_SYNC_USER_GROUPS, "true"); | |||
verifySettingWasSet(GITLAB_AUTH_ALLOWED_GROUPS, "group1,group2,group3"); | |||
verifySettingWasSet(GITLAB_AUTH_PROVISIONING_ENABLED, "true"); | |||
verifySettingWasSet(GITLAB_AUTH_ALLOW_USERS_TO_SIGNUP, "true"); | |||
verifySettingWasSet(GITLAB_AUTH_PROVISIONING_TOKEN, "provisioningToken"); | |||
verifySettingWasSet(GITLAB_AUTH_PROVISIONING_GROUPS, "group1,group2,group3"); | |||
verify(managedInstanceService).queueSynchronisationTask(); | |||
assertConfigurationFields(gitlabConfiguration); | |||
@@ -290,10 +290,10 @@ public class GitlabConfigurationServiceIT { | |||
assertThat(configuration.url()).isEqualTo("url"); | |||
assertThat(configuration.secret()).isEqualTo("secret"); | |||
assertThat(configuration.synchronizeGroups()).isTrue(); | |||
assertThat(configuration.allowedGroups()).containsExactlyInAnyOrder("group1", "group2", "group3"); | |||
assertThat(configuration.provisioningType()).isEqualTo(AUTO_PROVISIONING); | |||
assertThat(configuration.allowUsersToSignUp()).isTrue(); | |||
assertThat(configuration.provisioningToken()).isEqualTo("provisioningToken"); | |||
assertThat(configuration.provisioningGroups()).containsExactlyInAnyOrder("group1", "group2", "group3"); | |||
} | |||
@Test | |||
@@ -329,10 +329,11 @@ public class GitlabConfigurationServiceIT { | |||
"url", | |||
"secret", | |||
true, | |||
AUTO_PROVISIONING, | |||
Set.of("group1", "group2", "group3"), | |||
true, | |||
null, | |||
Set.of("group1", "group2", "group3")); | |||
AUTO_PROVISIONING, | |||
null | |||
); | |||
assertThatThrownBy(() -> gitlabConfigurationService.createConfiguration(configuration)) | |||
.isInstanceOf(IllegalStateException.class) | |||
@@ -375,10 +376,11 @@ public class GitlabConfigurationServiceIT { | |||
"url", | |||
"secret", | |||
true, | |||
JIT, | |||
Set.of("group1", "group2", "group3"), | |||
true, | |||
null, | |||
Set.of("group1", "group2", "group3")); | |||
JIT, | |||
null | |||
); | |||
GitlabConfiguration createdConfiguration = gitlabConfigurationService.createConfiguration(configuration); | |||
@@ -395,11 +397,10 @@ public class GitlabConfigurationServiceIT { | |||
verifySettingWasSet(GITLAB_AUTH_URL, configuration.url()); | |||
verifySettingWasSet(GITLAB_AUTH_SECRET, configuration.secret()); | |||
verifySettingWasSet(GITLAB_AUTH_SYNC_USER_GROUPS, String.valueOf(configuration.synchronizeGroups())); | |||
verifySettingWasSet(GITLAB_AUTH_ALLOWED_GROUPS, String.join(",", configuration.allowedGroups())); | |||
verifySettingWasSet(GITLAB_AUTH_ALLOW_USERS_TO_SIGNUP, String.valueOf(configuration.allowUsersToSignUp())); | |||
verifySettingWasSet(GITLAB_AUTH_PROVISIONING_TOKEN, Strings.nullToEmpty(configuration.provisioningToken())); | |||
verifySettingWasSet(GITLAB_AUTH_PROVISIONING_GROUPS, String.join(",", configuration.provisioningGroups())); | |||
verifySettingWasSet(GITLAB_AUTH_PROVISIONING_ENABLED, | |||
String.valueOf(configuration.provisioningType().equals(AUTO_PROVISIONING))); | |||
verifySettingWasSet(GITLAB_AUTH_PROVISIONING_ENABLED, String.valueOf(configuration.provisioningType().equals(AUTO_PROVISIONING))); | |||
} | |||
private void verifySettingWasSet(String setting, @Nullable String value) { | |||
@@ -434,10 +435,10 @@ public class GitlabConfigurationServiceIT { | |||
assertPropertyIsDeleted(GITLAB_AUTH_URL); | |||
assertPropertyIsDeleted(GITLAB_AUTH_SECRET); | |||
assertPropertyIsDeleted(GITLAB_AUTH_SYNC_USER_GROUPS); | |||
assertPropertyIsDeleted(GITLAB_AUTH_ALLOWED_GROUPS); | |||
assertPropertyIsDeleted(GITLAB_AUTH_PROVISIONING_ENABLED); | |||
assertPropertyIsDeleted(GITLAB_AUTH_ALLOW_USERS_TO_SIGNUP); | |||
assertPropertyIsDeleted(GITLAB_AUTH_PROVISIONING_TOKEN); | |||
assertPropertyIsDeleted(GITLAB_AUTH_PROVISIONING_GROUPS); | |||
assertThat(dbTester.getDbClient().externalGroupDao().selectByIdentityProvider(dbTester.getSession(), GitLabIdentityProvider.KEY)).isEmpty(); | |||
} | |||
@@ -538,10 +539,10 @@ public class GitlabConfigurationServiceIT { | |||
when(gitlabConfiguration.url()).thenReturn("url"); | |||
when(gitlabConfiguration.secret()).thenReturn("secret"); | |||
when(gitlabConfiguration.synchronizeGroups()).thenReturn(true); | |||
when(gitlabConfiguration.allowedGroups()).thenReturn(new LinkedHashSet<>(Set.of("group1", "group2", "group3"))); | |||
when(gitlabConfiguration.provisioningType()).thenReturn(provisioningType); | |||
when(gitlabConfiguration.allowUsersToSignUp()).thenReturn(true); | |||
when(gitlabConfiguration.provisioningToken()).thenReturn("provisioningToken"); | |||
when(gitlabConfiguration.provisioningGroups()).thenReturn(new LinkedHashSet<>(Set.of("group1", "group2", "group3"))); | |||
return gitlabConfiguration; | |||
} | |||
@@ -552,9 +553,9 @@ public class GitlabConfigurationServiceIT { | |||
assertThat(actualConfiguration.url()).isEqualTo(expectedConfiguration.url()); | |||
assertThat(actualConfiguration.secret()).isEqualTo(expectedConfiguration.secret()); | |||
assertThat(actualConfiguration.synchronizeGroups()).isEqualTo(expectedConfiguration.synchronizeGroups()); | |||
assertThat(actualConfiguration.allowedGroups()).containsExactlyInAnyOrderElementsOf(expectedConfiguration.allowedGroups()); | |||
assertThat(actualConfiguration.provisioningType()).isEqualTo(expectedConfiguration.provisioningType()); | |||
assertThat(actualConfiguration.allowUsersToSignUp()).isEqualTo(expectedConfiguration.allowUsersToSignUp()); | |||
assertThat(actualConfiguration.provisioningToken()).isEqualTo(expectedConfiguration.provisioningToken()); | |||
assertThat(actualConfiguration.provisioningGroups()).containsExactlyInAnyOrderElementsOf(expectedConfiguration.provisioningGroups()); | |||
} | |||
} |
@@ -35,13 +35,14 @@ public record GitlabConfiguration( | |||
boolean synchronizeGroups, | |||
ProvisioningType provisioningType, | |||
Set<String> allowedGroups, | |||
boolean allowUsersToSignUp, | |||
ProvisioningType provisioningType, | |||
@Nullable | |||
String provisioningToken, | |||
String provisioningToken | |||
Set<String> provisioningGroups | |||
) { | |||
} |
@@ -43,11 +43,11 @@ import static org.apache.commons.lang.StringUtils.isNotBlank; | |||
import static org.sonar.alm.client.gitlab.GitlabGlobalSettingsValidator.ValidationMode.AUTH_ONLY; | |||
import static org.sonar.alm.client.gitlab.GitlabGlobalSettingsValidator.ValidationMode.COMPLETE; | |||
import static org.sonar.api.utils.Preconditions.checkState; | |||
import static org.sonar.auth.gitlab.GitLabSettings.GITLAB_AUTH_ALLOWED_GROUPS; | |||
import static org.sonar.auth.gitlab.GitLabSettings.GITLAB_AUTH_ALLOW_USERS_TO_SIGNUP; | |||
import static org.sonar.auth.gitlab.GitLabSettings.GITLAB_AUTH_APPLICATION_ID; | |||
import static org.sonar.auth.gitlab.GitLabSettings.GITLAB_AUTH_ENABLED; | |||
import static org.sonar.auth.gitlab.GitLabSettings.GITLAB_AUTH_PROVISIONING_ENABLED; | |||
import static org.sonar.auth.gitlab.GitLabSettings.GITLAB_AUTH_PROVISIONING_GROUPS; | |||
import static org.sonar.auth.gitlab.GitLabSettings.GITLAB_AUTH_PROVISIONING_TOKEN; | |||
import static org.sonar.auth.gitlab.GitLabSettings.GITLAB_AUTH_SECRET; | |||
import static org.sonar.auth.gitlab.GitLabSettings.GITLAB_AUTH_SYNC_USER_GROUPS; | |||
@@ -65,10 +65,10 @@ public class GitlabConfigurationService { | |||
GITLAB_AUTH_URL, | |||
GITLAB_AUTH_SECRET, | |||
GITLAB_AUTH_SYNC_USER_GROUPS, | |||
GITLAB_AUTH_ALLOWED_GROUPS, | |||
GITLAB_AUTH_PROVISIONING_ENABLED, | |||
GITLAB_AUTH_ALLOW_USERS_TO_SIGNUP, | |||
GITLAB_AUTH_PROVISIONING_TOKEN, | |||
GITLAB_AUTH_PROVISIONING_GROUPS); | |||
GITLAB_AUTH_PROVISIONING_TOKEN); | |||
public static final String UNIQUE_GITLAB_CONFIGURATION_ID = "gitlab-configuration"; | |||
private final DbClient dbClient; | |||
@@ -95,10 +95,10 @@ public class GitlabConfigurationService { | |||
setIfDefined(dbSession, GITLAB_AUTH_URL, updateRequest.url()); | |||
setIfDefined(dbSession, GITLAB_AUTH_SECRET, updateRequest.secret()); | |||
setIfDefined(dbSession, GITLAB_AUTH_SYNC_USER_GROUPS, updateRequest.synchronizeGroups().map(String::valueOf)); | |||
setIfDefined(dbSession, GITLAB_AUTH_ALLOWED_GROUPS, updateRequest.allowedGroups().map(groups -> String.join(",", groups))); | |||
setIfDefined(dbSession, GITLAB_AUTH_PROVISIONING_ENABLED, provisioningEnabled.map(String::valueOf)); | |||
setIfDefined(dbSession, GITLAB_AUTH_ALLOW_USERS_TO_SIGNUP, updateRequest.allowUsersToSignUp().map(String::valueOf)); | |||
setIfDefined(dbSession, GITLAB_AUTH_PROVISIONING_TOKEN, updateRequest.provisioningToken()); | |||
setIfDefined(dbSession, GITLAB_AUTH_PROVISIONING_GROUPS, updateRequest.provisioningGroups().map(groups -> String.join(",", groups))); | |||
boolean shouldTriggerProvisioning = | |||
provisioningEnabled.orElse(false) && !currentConfiguration.provisioningType().equals(AUTO_PROVISIONING); | |||
deleteExternalGroupsWhenDisablingAutoProvisioning(dbSession, currentConfiguration, updateRequest.provisioningType()); | |||
@@ -196,10 +196,10 @@ public class GitlabConfigurationService { | |||
setProperty(dbSession, GITLAB_AUTH_URL, configuration.url()); | |||
setProperty(dbSession, GITLAB_AUTH_SECRET, configuration.secret()); | |||
setProperty(dbSession, GITLAB_AUTH_SYNC_USER_GROUPS, String.valueOf(configuration.synchronizeGroups())); | |||
setProperty(dbSession, GITLAB_AUTH_ALLOWED_GROUPS, String.join(",", configuration.allowedGroups())); | |||
setProperty(dbSession, GITLAB_AUTH_PROVISIONING_ENABLED, String.valueOf(enableAutoProvisioning)); | |||
setProperty(dbSession, GITLAB_AUTH_ALLOW_USERS_TO_SIGNUP, String.valueOf(configuration.allowUsersToSignUp())); | |||
setProperty(dbSession, GITLAB_AUTH_PROVISIONING_TOKEN, configuration.provisioningToken()); | |||
setProperty(dbSession, GITLAB_AUTH_PROVISIONING_GROUPS, String.join(",", configuration.provisioningGroups())); | |||
if (enableAutoProvisioning) { | |||
triggerRun(configuration); | |||
} | |||
@@ -234,15 +234,15 @@ public class GitlabConfigurationService { | |||
getStringPropertyOrEmpty(dbSession, GITLAB_AUTH_URL), | |||
getStringPropertyOrEmpty(dbSession, GITLAB_AUTH_SECRET), | |||
getBooleanOrFalse(dbSession, GITLAB_AUTH_SYNC_USER_GROUPS), | |||
toProvisioningType(getBooleanOrFalse(dbSession, GITLAB_AUTH_PROVISIONING_ENABLED)), | |||
getAllowedGroups(dbSession), | |||
getBooleanOrFalse(dbSession, GITLAB_AUTH_ALLOW_USERS_TO_SIGNUP), | |||
getStringPropertyOrNull(dbSession, GITLAB_AUTH_PROVISIONING_TOKEN), | |||
getProvisioningGroups(dbSession) | |||
toProvisioningType(getBooleanOrFalse(dbSession, GITLAB_AUTH_PROVISIONING_ENABLED)), | |||
getStringPropertyOrNull(dbSession, GITLAB_AUTH_PROVISIONING_TOKEN) | |||
); | |||
} | |||
private Set<String> getProvisioningGroups(DbSession dbSession) { | |||
return Optional.ofNullable(dbClient.propertiesDao().selectGlobalProperty(dbSession, GITLAB_AUTH_PROVISIONING_GROUPS)) | |||
private Set<String> getAllowedGroups(DbSession dbSession) { | |||
return Optional.ofNullable(dbClient.propertiesDao().selectGlobalProperty(dbSession, GITLAB_AUTH_ALLOWED_GROUPS)) | |||
.map(dto -> Arrays.stream(dto.getValue().split(",")) | |||
.filter(s -> !s.isEmpty()) | |||
.collect(Collectors.toSet()) |
@@ -30,10 +30,10 @@ public record UpdateGitlabConfigurationRequest( | |||
NonNullUpdatedValue<String> url, | |||
NonNullUpdatedValue<String> secret, | |||
NonNullUpdatedValue<Boolean> synchronizeGroups, | |||
NonNullUpdatedValue<ProvisioningType> provisioningType, | |||
NonNullUpdatedValue<Set<String>> allowedGroups, | |||
NonNullUpdatedValue<Boolean> allowUsersToSignUp, | |||
UpdatedValue<String> provisioningToken, | |||
NonNullUpdatedValue<Set<String>> provisioningGroups | |||
NonNullUpdatedValue<ProvisioningType> provisioningType | |||
) { | |||
public static Builder builder() { | |||
@@ -47,10 +47,10 @@ public record UpdateGitlabConfigurationRequest( | |||
private NonNullUpdatedValue<String> url = NonNullUpdatedValue.undefined(); | |||
private NonNullUpdatedValue<String> secret = NonNullUpdatedValue.undefined(); | |||
private NonNullUpdatedValue<Boolean> synchronizeGroups = NonNullUpdatedValue.undefined(); | |||
private NonNullUpdatedValue<Set<String>> allowedGroups = NonNullUpdatedValue.undefined(); | |||
private NonNullUpdatedValue<ProvisioningType> provisioningType = NonNullUpdatedValue.undefined(); | |||
private NonNullUpdatedValue<Boolean> allowUserToSignUp = NonNullUpdatedValue.undefined(); | |||
private UpdatedValue<String> provisioningToken = UpdatedValue.undefined(); | |||
private NonNullUpdatedValue<Set<String>> provisioningGroups = NonNullUpdatedValue.undefined(); | |||
private Builder() { | |||
} | |||
@@ -85,6 +85,11 @@ public record UpdateGitlabConfigurationRequest( | |||
return this; | |||
} | |||
public Builder allowedGroups(NonNullUpdatedValue<Set<String>> allowedGroups) { | |||
this.allowedGroups = allowedGroups; | |||
return this; | |||
} | |||
public Builder provisioningType(NonNullUpdatedValue<ProvisioningType> provisioningType) { | |||
this.provisioningType = provisioningType; | |||
return this; | |||
@@ -100,14 +105,10 @@ public record UpdateGitlabConfigurationRequest( | |||
return this; | |||
} | |||
public Builder provisioningGroups(NonNullUpdatedValue<Set<String>> provisioningGroups) { | |||
this.provisioningGroups = provisioningGroups; | |||
return this; | |||
} | |||
public UpdateGitlabConfigurationRequest build() { | |||
return new UpdateGitlabConfigurationRequest(gitlabConfigurationId, enabled, applicationId, url, secret, synchronizeGroups, provisioningType, allowUserToSignUp, | |||
provisioningToken, provisioningGroups); | |||
return new UpdateGitlabConfigurationRequest(gitlabConfigurationId, enabled, applicationId, url, secret, synchronizeGroups, allowedGroups, allowUserToSignUp, | |||
provisioningToken, provisioningType | |||
); | |||
} | |||
} | |||
} |
@@ -81,10 +81,11 @@ public class DefaultGitlabConfigurationController implements GitlabConfiguration | |||
createRestRequest.url(), | |||
createRestRequest.secret(), | |||
createRestRequest.synchronizeGroups(), | |||
toProvisioningType(createRestRequest.provisioningType()), | |||
Set.copyOf(createRestRequest.allowedGroups()), | |||
createRestRequest.allowUsersToSignUp() != null && createRestRequest.allowUsersToSignUp(), | |||
createRestRequest.provisioningToken(), | |||
createRestRequest.provisioningGroups() == null ? Set.of() : Set.copyOf(createRestRequest.provisioningGroups())); | |||
toProvisioningType(createRestRequest.provisioningType()), | |||
createRestRequest.provisioningToken() | |||
); | |||
} | |||
private GitlabConfigurationResource getGitlabConfigurationResource(String id) { | |||
@@ -107,10 +108,10 @@ public class DefaultGitlabConfigurationController implements GitlabConfiguration | |||
.url(updateRequest.getUrl().toNonNullUpdatedValue()) | |||
.secret(updateRequest.getSecret().toNonNullUpdatedValue()) | |||
.synchronizeGroups(updateRequest.getSynchronizeGroups().toNonNullUpdatedValue()) | |||
.allowedGroups(updateRequest.getAllowedGroups().map(DefaultGitlabConfigurationController::getGroups).toNonNullUpdatedValue()) | |||
.provisioningType(updateRequest.getProvisioningType().map(DefaultGitlabConfigurationController::toProvisioningType).toNonNullUpdatedValue()) | |||
.allowUserToSignUp(updateRequest.getAllowUsersToSignUp().toNonNullUpdatedValue()) | |||
.provisioningToken(updateRequest.getProvisioningToken().toUpdatedValue()) | |||
.provisioningGroups(updateRequest.getProvisioningGroups().map(DefaultGitlabConfigurationController::getGroups).toNonNullUpdatedValue()) | |||
.build(); | |||
} | |||
@@ -126,9 +127,9 @@ public class DefaultGitlabConfigurationController implements GitlabConfiguration | |||
configuration.applicationId(), | |||
configuration.url(), | |||
configuration.synchronizeGroups(), | |||
toRestProvisioningType(configuration), | |||
sortGroups(configuration.allowedGroups()), | |||
configuration.allowUsersToSignUp(), | |||
sortGroups(configuration.provisioningGroups()), | |||
toRestProvisioningType(configuration), | |||
configurationError.orElse(null) | |||
); | |||
} |
@@ -36,9 +36,11 @@ public record GitlabConfigurationCreateRestRequest( | |||
@NotEmpty | |||
@Schema(description = "Gitlab Application id") | |||
String applicationId, | |||
@NotEmpty | |||
@Schema(description = "Url of Gitlab instance for authentication (for instance https://gitlab.com)") | |||
String url, | |||
@NotEmpty | |||
@Schema(accessMode = Schema.AccessMode.WRITE_ONLY, description = "Secret of the application") | |||
String secret, | |||
@@ -47,6 +49,10 @@ public record GitlabConfigurationCreateRestRequest( | |||
@Schema(description = "Set whether to synchronize groups") | |||
Boolean synchronizeGroups, | |||
@NotEmpty | |||
@ArraySchema(arraySchema = @Schema(description = "GitLab groups allowed to authenticate and provisioned (for Auto-Provisioning only). Subgroups will automatically be included")) | |||
List<String> allowedGroups, | |||
@NotNull | |||
@Schema(description = "Type of synchronization") | |||
ProvisioningType provisioningType, | |||
@@ -57,10 +63,6 @@ public record GitlabConfigurationCreateRestRequest( | |||
@Schema(description = "Allow user to sign up") | |||
@Nullable | |||
Boolean allowUsersToSignUp, | |||
@ArraySchema(arraySchema = @Schema(description = "Root GitLab groups to provision.")) | |||
@Nullable | |||
List<String> provisioningGroups | |||
Boolean allowUsersToSignUp | |||
) { | |||
} |
@@ -33,10 +33,10 @@ public class GitlabConfigurationUpdateRestRequest { | |||
private UpdateField<String> url = UpdateField.undefined(); | |||
private UpdateField<String> secret = UpdateField.undefined(); | |||
private UpdateField<Boolean> synchronizeGroups = UpdateField.undefined(); | |||
private UpdateField<List<String>> allowedGroups = UpdateField.undefined(); | |||
private UpdateField<ProvisioningType> provisioningType = UpdateField.undefined(); | |||
private UpdateField<Boolean> allowUsersToSignUp = UpdateField.undefined(); | |||
private UpdateField<String> provisioningToken = UpdateField.undefined(); | |||
private UpdateField<List<String>> provisioningGroups = UpdateField.undefined(); | |||
@Schema(implementation = Boolean.class, description = "Enable Gitlab authentication") | |||
public UpdateField<Boolean> getEnabled() { | |||
@@ -83,6 +83,15 @@ public class GitlabConfigurationUpdateRestRequest { | |||
this.synchronizeGroups = UpdateField.withValue(synchronizeGroups); | |||
} | |||
@ArraySchema(arraySchema = @Schema(description = "Root Gitlab groups allowed to authenticate and provisioned"), schema = @Schema(implementation = String.class)) | |||
public UpdateField<List<String>> getAllowedGroups() { | |||
return allowedGroups; | |||
} | |||
public void setAllowedGroups(List<String> allowedGroups) { | |||
this.allowedGroups = UpdateField.withValue(allowedGroups); | |||
} | |||
@Schema(implementation = ProvisioningType.class, description = "Type of synchronization") | |||
public UpdateField<ProvisioningType> getProvisioningType() { | |||
return provisioningType; | |||
@@ -110,13 +119,4 @@ public class GitlabConfigurationUpdateRestRequest { | |||
public void setProvisioningToken(String provisioningToken) { | |||
this.provisioningToken = UpdateField.withValue(provisioningToken); | |||
} | |||
@ArraySchema(arraySchema = @Schema(description = "Root gitlab groups to provision."), schema = @Schema(implementation = String.class)) | |||
public UpdateField<List<String>> getProvisioningGroups() { | |||
return provisioningGroups; | |||
} | |||
public void setProvisioningGroups(List<String> provisioningGroups) { | |||
this.provisioningGroups = UpdateField.withValue(provisioningGroups); | |||
} | |||
} |
@@ -38,12 +38,12 @@ public record GitlabConfigurationResource( | |||
boolean synchronizeGroups, | |||
ProvisioningType provisioningType, | |||
@Schema(description = "Root Gitlab groups allowed to authenticate and provisioned") | |||
List<String> allowedGroups, | |||
boolean allowUsersToSignUp, | |||
@Schema(description = "Root Gitlab groups to provision") | |||
List<String> provisioningGroups, | |||
ProvisioningType provisioningType, | |||
@Schema(accessMode = Schema.AccessMode.READ_ONLY, description = "In case the GitLab configuration is incorrect, error message") | |||
@Nullable |
@@ -69,20 +69,23 @@ public class DefaultGitlabConfigurationControllerTest { | |||
"www.url.com", | |||
"secret", | |||
true, | |||
AUTO_PROVISIONING, | |||
Set.of("group1", "group2"), | |||
true, | |||
"provisioning-token", | |||
Set.of("provisioning-group2", "provisioning-group1")); | |||
AUTO_PROVISIONING, | |||
"provisioning-token" | |||
); | |||
private static final GitlabConfigurationResource EXPECTED_GITLAB_CONF_RESOURCE = new GitlabConfigurationResource( | |||
GITLAB_CONFIGURATION.id(), | |||
GITLAB_CONFIGURATION.enabled(), | |||
GITLAB_CONFIGURATION.applicationId(), | |||
GITLAB_CONFIGURATION.url(), | |||
GITLAB_CONFIGURATION.synchronizeGroups(), | |||
org.sonar.server.v2.api.gitlab.config.resource.ProvisioningType.valueOf(GITLAB_CONFIGURATION.provisioningType().name()), | |||
List.of("group1", "group2"), | |||
GITLAB_CONFIGURATION.allowUsersToSignUp(), | |||
List.of("provisioning-group1", "provisioning-group2"), | |||
org.sonar.server.v2.api.gitlab.config.resource.ProvisioningType.valueOf(GITLAB_CONFIGURATION.provisioningType().name()), | |||
"error-message"); | |||
private static final String EXPECTED_CONFIGURATION = """ | |||
{ | |||
"id": "existing-id", | |||
@@ -90,12 +93,12 @@ public class DefaultGitlabConfigurationControllerTest { | |||
"applicationId": "application-id", | |||
"url": "www.url.com", | |||
"synchronizeGroups": true, | |||
"allowedGroups": [ | |||
"group1", | |||
"group2" | |||
], | |||
"provisioningType": "AUTO_PROVISIONING", | |||
"allowUsersToSignUp": true, | |||
"provisioningGroups": [ | |||
"provisioning-group2", | |||
"provisioning-group1" | |||
], | |||
"errorMessage": "error-message" | |||
} | |||
"""; | |||
@@ -200,13 +203,13 @@ public class DefaultGitlabConfigurationControllerTest { | |||
"url": "www.url.com", | |||
"secret": "newSecret", | |||
"synchronizeGroups": true, | |||
"allowedGroups": [ | |||
"group1", | |||
"group2" | |||
], | |||
"provisioningType": "AUTO_PROVISIONING", | |||
"allowUsersToSignUp": true, | |||
"provisioningToken": "token", | |||
"provisioningGroups": [ | |||
"provisioning-group2", | |||
"provisioning-group1" | |||
] | |||
"provisioningToken": "token" | |||
} | |||
"""; | |||
@@ -224,10 +227,11 @@ public class DefaultGitlabConfigurationControllerTest { | |||
NonNullUpdatedValue.withValueOrThrow("www.url.com"), | |||
NonNullUpdatedValue.withValueOrThrow("newSecret"), | |||
NonNullUpdatedValue.withValueOrThrow(true), | |||
NonNullUpdatedValue.withValueOrThrow(AUTO_PROVISIONING), | |||
NonNullUpdatedValue.withValueOrThrow(Set.of("group1", "group2")), | |||
NonNullUpdatedValue.withValueOrThrow(true), | |||
UpdatedValue.withValue("token"), | |||
NonNullUpdatedValue.withValueOrThrow(Set.of("provisioning-group2", "provisioning-group1")))); | |||
NonNullUpdatedValue.withValueOrThrow(AUTO_PROVISIONING) | |||
)); | |||
} | |||
@Test | |||
@@ -258,10 +262,8 @@ public class DefaultGitlabConfigurationControllerTest { | |||
NonNullUpdatedValue.undefined(), | |||
NonNullUpdatedValue.undefined(), | |||
NonNullUpdatedValue.undefined(), | |||
NonNullUpdatedValue.withValueOrThrow(JIT), | |||
NonNullUpdatedValue.withValueOrThrow(false), | |||
UpdatedValue.withValue(null), | |||
NonNullUpdatedValue.undefined())); | |||
NonNullUpdatedValue.undefined(), NonNullUpdatedValue.withValueOrThrow(false), UpdatedValue.withValue(null), NonNullUpdatedValue.withValueOrThrow(JIT) | |||
)); | |||
} | |||
@Test | |||
@@ -278,12 +280,12 @@ public class DefaultGitlabConfigurationControllerTest { | |||
"url": "www.url.com", | |||
"secret": "123", | |||
"synchronizeGroups": true, | |||
"allowedGroups": [ | |||
"group1", | |||
"group2" | |||
], | |||
"provisioningType": "AUTO_PROVISIONING", | |||
"allowUsersToSignUp": true, | |||
"provisioningGroups": [ | |||
"provisioning-group2", | |||
"provisioning-group1" | |||
] | |||
"allowUsersToSignUp": true | |||
} | |||
""")) | |||
.andExpectAll( | |||
@@ -306,12 +308,12 @@ public class DefaultGitlabConfigurationControllerTest { | |||
"secret": "123", | |||
"url": "www.url.com", | |||
"synchronizeGroups": true, | |||
"allowedGroups": [ | |||
"group1", | |||
"group2" | |||
], | |||
"provisioningType": "AUTO_PROVISIONING", | |||
"allowUsersToSignUp": true, | |||
"provisioningGroups": [ | |||
"provisioning-group2", | |||
"provisioning-group1" | |||
] | |||
"allowUsersToSignUp": true | |||
} | |||
""")) | |||
@@ -324,12 +326,12 @@ public class DefaultGitlabConfigurationControllerTest { | |||
"applicationId": "application-id", | |||
"url": "www.url.com", | |||
"synchronizeGroups": true, | |||
"allowedGroups": [ | |||
"group1", | |||
"group2" | |||
], | |||
"provisioningType": "AUTO_PROVISIONING", | |||
"allowUsersToSignUp": true, | |||
"provisioningGroups": [ | |||
"provisioning-group2", | |||
"provisioning-group1" | |||
] | |||
"allowUsersToSignUp": true | |||
} | |||
""")); | |||
@@ -349,6 +351,10 @@ public class DefaultGitlabConfigurationControllerTest { | |||
"secret": "123", | |||
"url": "www.url.com", | |||
"synchronizeGroups": true, | |||
"allowedGroups": [ | |||
"group1", | |||
"group2" | |||
], | |||
"provisioningType": "AUTO_PROVISIONING" | |||
} | |||
@@ -362,12 +368,12 @@ public class DefaultGitlabConfigurationControllerTest { | |||
"applicationId": "application-id", | |||
"url": "www.url.com", | |||
"synchronizeGroups": true, | |||
"allowedGroups": [ | |||
"group1", | |||
"group2" | |||
], | |||
"provisioningType": "AUTO_PROVISIONING", | |||
"allowUsersToSignUp": true, | |||
"provisioningGroups": [ | |||
"provisioning-group2", | |||
"provisioning-group1" | |||
] | |||
"allowUsersToSignUp": true | |||
} | |||
""")); | |||
@@ -386,12 +392,12 @@ public class DefaultGitlabConfigurationControllerTest { | |||
"applicationId": "application-id", | |||
"url": "www.url.com", | |||
"synchronizeGroups": true, | |||
"allowedGroups": [ | |||
"group1", | |||
"group2" | |||
], | |||
"provisioningType": "AUTO_PROVISIONING", | |||
"allowUsersToSignUp": true, | |||
"provisioningGroups": [ | |||
"provisioning-group2", | |||
"provisioning-group1" | |||
] | |||
"allowUsersToSignUp": true | |||
} | |||
""")) | |||
.andExpectAll( |
@@ -21,5 +21,5 @@ package org.sonarqube.ws.client.gitlab.configuration; | |||
public record GitlabConfiguration(boolean enabled, String applicationId, String url, String secret, boolean synchronizeGroups, | |||
String provisioningType, boolean allowUsersToSignUp, String provisioningToken, | |||
String singleProvisioningGroup) { | |||
String singleAllowedGroup) { | |||
} |
@@ -45,11 +45,11 @@ public class GitlabConfigurationService extends BaseService { | |||
"provisioningType": "%s", | |||
"allowUsersToSignUp": "%s", | |||
"provisioningToken": "%s", | |||
"provisioningGroups": ["%s"] | |||
"allowedGroups": ["%s"] | |||
} | |||
""", gitlabConfiguration.enabled(), gitlabConfiguration.applicationId(), gitlabConfiguration.url(), gitlabConfiguration.secret(), | |||
gitlabConfiguration.synchronizeGroups(), gitlabConfiguration.provisioningType(), gitlabConfiguration.allowUsersToSignUp(), | |||
gitlabConfiguration.provisioningToken(), gitlabConfiguration.singleProvisioningGroup()); | |||
gitlabConfiguration.provisioningToken(), gitlabConfiguration.singleAllowedGroup()); | |||
WsResponse response = call( | |||
new PostRequest(path()).setBody(body) | |||
); |