mirrors
/
sonarqube
mirror of https://github.com/SonarSource/sonarqube.git
Watch 1
Star 0
Fork 0
Code Issues 0 Releases 237 Wiki Activity
Browse Source

SONAR-21413 Make provisioning groups ready to handle allowed groups

tags/10.4.0.87286
Antoine Vigneau 3 months ago
parent
ee268b1caa
commit
c6471c039e
13 changed files with 144 additions and 131 deletions
Split View Show Diff Stats
  1. 16
    15
      server/sonar-auth-gitlab/src/main/java/org/sonar/auth/gitlab/GitLabSettings.java
  2. 3
    3
      server/sonar-auth-gitlab/src/test/java/org/sonar/auth/gitlab/GitLabSettingsTest.java
  3. 19
    18
      server/sonar-webserver-common/src/it/java/org/sonar/server/common/gitlab/config/GitlabConfigurationServiceIT.java
  4. 4
    3
      server/sonar-webserver-common/src/main/java/org/sonar/server/common/gitlab/config/GitlabConfiguration.java
  5. 10
    10
      server/sonar-webserver-common/src/main/java/org/sonar/server/common/gitlab/config/GitlabConfigurationService.java
  6. 11
    10
      server/sonar-webserver-common/src/main/java/org/sonar/server/common/gitlab/config/UpdateGitlabConfigurationRequest.java
  7. 7
    6
      server/sonar-webserver-webapi-v2/src/main/java/org/sonar/server/v2/api/gitlab/config/controller/DefaultGitlabConfigurationController.java
  8. 7
    5
      server/sonar-webserver-webapi-v2/src/main/java/org/sonar/server/v2/api/gitlab/config/request/GitlabConfigurationCreateRestRequest.java
  9. 10
    10
      server/sonar-webserver-webapi-v2/src/main/java/org/sonar/server/v2/api/gitlab/config/request/GitlabConfigurationUpdateRestRequest.java
  10. 3
    3
      server/sonar-webserver-webapi-v2/src/main/java/org/sonar/server/v2/api/gitlab/config/resource/GitlabConfigurationResource.java
  11. 51
    45
      server/sonar-webserver-webapi-v2/src/test/java/org/sonar/server/v2/api/gitlab/config/DefaultGitlabConfigurationControllerTest.java
  12. 1
    1
      sonar-ws/src/main/java/org/sonarqube/ws/client/gitlab/configuration/GitlabConfiguration.java
  13. 2
    2
      sonar-ws/src/main/java/org/sonarqube/ws/client/gitlab/configuration/GitlabConfigurationService.java

+ 16
- 15
server/sonar-auth-gitlab/src/main/java/org/sonar/auth/gitlab/GitLabSettings.java View File

@@ -42,9 +42,9 @@ public class GitLabSettings implements DevOpsPlatformSettings {
public static final String GITLAB_AUTH_APPLICATION_ID = "sonar.auth.gitlab.applicationId.secured";
public static final String GITLAB_AUTH_SECRET = "sonar.auth.gitlab.secret.secured";
public static final String GITLAB_AUTH_ALLOW_USERS_TO_SIGNUP = "sonar.auth.gitlab.allowUsersToSignUp";
public static final String GITLAB_AUTH_ALLOWED_GROUPS = "sonar.auth.gitlab.allowedGroups";
public static final String GITLAB_AUTH_SYNC_USER_GROUPS = "sonar.auth.gitlab.groupsSync";
public static final String GITLAB_AUTH_PROVISIONING_TOKEN = "provisioning.gitlab.token.secured";
public static final String GITLAB_AUTH_PROVISIONING_GROUPS = "provisioning.gitlab.groups";
public static final String GITLAB_AUTH_PROVISIONING_ENABLED = "provisioning.gitlab.enabled";

private static final String CATEGORY = "authentication";
@@ -84,6 +84,10 @@ public class GitLabSettings implements DevOpsPlatformSettings {
return configuration.getBoolean(GITLAB_AUTH_ALLOW_USERS_TO_SIGNUP).orElse(false);
}

public Set<String> allowedGroups() {
return Set.of(configuration.getStringArray(GITLAB_AUTH_ALLOWED_GROUPS));
}

public boolean syncUserGroups() {
return configuration.getBoolean(GITLAB_AUTH_SYNC_USER_GROUPS).orElse(false);
}
@@ -92,10 +96,6 @@ public class GitLabSettings implements DevOpsPlatformSettings {
return configuration.get(GITLAB_AUTH_PROVISIONING_TOKEN).map(Strings::emptyToNull).orElse(null);
}

public Set<String> provisioningGroups() {
return Set.of(configuration.getStringArray(GITLAB_AUTH_PROVISIONING_GROUPS));
}

@Override
public String getDevOpsPlatform() {
return ALM.GITLAB.getId();
@@ -154,6 +154,16 @@ public class GitLabSettings implements DevOpsPlatformSettings {
.defaultValue(valueOf(true))
.index(5)
.build(),
PropertyDefinition.builder(GITLAB_AUTH_ALLOWED_GROUPS)
.name("Groups allowed")
.description("Only members of these groups (and sub-groups) will be allowed to authenticate. " +
"Please enter the group slug as it appears in the GitLab URL, for instance `my-gitlab-group`. " +
"If you use Auto-provisioning, only members of these groups (and sub-groups) will be provisioned")
.multiValues(true)
.category(CATEGORY)
.subCategory(SUBCATEGORY)
.index(6)
.build(),
PropertyDefinition.builder(GITLAB_AUTH_SYNC_USER_GROUPS)
.deprecatedKey("sonar.auth.gitlab.sync_user_groups")
.name("Synchronize user groups")
@@ -163,7 +173,7 @@ public class GitLabSettings implements DevOpsPlatformSettings {
.subCategory(SUBCATEGORY)
.type(PropertyType.BOOLEAN)
.defaultValue(valueOf(false))
.index(6)
.index(7)
.build(),
PropertyDefinition.builder(GITLAB_AUTH_PROVISIONING_TOKEN)
.name("Provisioning token")
@@ -172,15 +182,6 @@ public class GitLabSettings implements DevOpsPlatformSettings {
.category(CATEGORY)
.subCategory(SUBCATEGORY)
.type(PASSWORD)
.index(7)
.build(),
PropertyDefinition.builder(GITLAB_AUTH_PROVISIONING_GROUPS)
.name("Groups")
.description("Only members of these groups (and sub-groups) will be provisioned." +
" Please enter the group slug as it appears in the GitLab URL, for instance `my-gitlab-group`.")
.multiValues(true)
.category(CATEGORY)
.subCategory(SUBCATEGORY)
.index(8)
.build(),
PropertyDefinition.builder(GITLAB_AUTH_PROVISIONING_ENABLED)

+ 3
- 3
server/sonar-auth-gitlab/src/test/java/org/sonar/auth/gitlab/GitLabSettingsTest.java View File

@@ -26,11 +26,11 @@ import org.sonar.api.config.internal.MapSettings;
import org.sonar.api.utils.System2;

import static org.assertj.core.api.Assertions.assertThat;
import static org.sonar.auth.gitlab.GitLabSettings.GITLAB_AUTH_ALLOWED_GROUPS;
import static org.sonar.auth.gitlab.GitLabSettings.GITLAB_AUTH_ALLOW_USERS_TO_SIGNUP;
import static org.sonar.auth.gitlab.GitLabSettings.GITLAB_AUTH_APPLICATION_ID;
import static org.sonar.auth.gitlab.GitLabSettings.GITLAB_AUTH_ENABLED;
import static org.sonar.auth.gitlab.GitLabSettings.GITLAB_AUTH_PROVISIONING_ENABLED;
import static org.sonar.auth.gitlab.GitLabSettings.GITLAB_AUTH_PROVISIONING_GROUPS;
import static org.sonar.auth.gitlab.GitLabSettings.GITLAB_AUTH_PROVISIONING_TOKEN;
import static org.sonar.auth.gitlab.GitLabSettings.GITLAB_AUTH_SECRET;
import static org.sonar.auth.gitlab.GitLabSettings.GITLAB_AUTH_SYNC_USER_GROUPS;
@@ -83,8 +83,8 @@ public class GitLabSettingsTest {
settings.setProperty(GITLAB_AUTH_PROVISIONING_TOKEN, "token");
assertThat(config.provisioningToken()).isEqualTo("token");

settings.setProperty(GITLAB_AUTH_PROVISIONING_GROUPS, new String[] {"Group1", "Group2"});
assertThat(config.provisioningGroups()).containsExactlyInAnyOrder("Group1", "Group2");
settings.setProperty(GITLAB_AUTH_ALLOWED_GROUPS, new String[] {"Group1", "Group2"});
assertThat(config.allowedGroups()).containsExactlyInAnyOrder("Group1", "Group2");

assertThat(config.isProvisioningEnabled()).isFalse();
settings.setProperty(GITLAB_AUTH_PROVISIONING_ENABLED, true);

+ 19
- 18
server/sonar-webserver-common/src/it/java/org/sonar/server/common/gitlab/config/GitlabConfigurationServiceIT.java View File

@@ -55,11 +55,11 @@ import static org.mockito.Mockito.verifyNoMoreInteractions;
import static org.mockito.Mockito.when;
import static org.sonar.alm.client.gitlab.GitlabGlobalSettingsValidator.ValidationMode.AUTH_ONLY;
import static org.sonar.alm.client.gitlab.GitlabGlobalSettingsValidator.ValidationMode.COMPLETE;
import static org.sonar.auth.gitlab.GitLabSettings.GITLAB_AUTH_ALLOWED_GROUPS;
import static org.sonar.auth.gitlab.GitLabSettings.GITLAB_AUTH_ALLOW_USERS_TO_SIGNUP;
import static org.sonar.auth.gitlab.GitLabSettings.GITLAB_AUTH_APPLICATION_ID;
import static org.sonar.auth.gitlab.GitLabSettings.GITLAB_AUTH_ENABLED;
import static org.sonar.auth.gitlab.GitLabSettings.GITLAB_AUTH_PROVISIONING_ENABLED;
import static org.sonar.auth.gitlab.GitLabSettings.GITLAB_AUTH_PROVISIONING_GROUPS;
import static org.sonar.auth.gitlab.GitLabSettings.GITLAB_AUTH_PROVISIONING_TOKEN;
import static org.sonar.auth.gitlab.GitLabSettings.GITLAB_AUTH_SECRET;
import static org.sonar.auth.gitlab.GitLabSettings.GITLAB_AUTH_SYNC_USER_GROUPS;
@@ -125,7 +125,7 @@ public class GitlabConfigurationServiceIT {
@Test
public void getConfiguration_whenConfigurationSetAndEmpty_returnsConfig() {
dbTester.properties().insertProperty(GITLAB_AUTH_ENABLED, "true", null);
dbTester.properties().insertProperty(GITLAB_AUTH_PROVISIONING_GROUPS, "", null);
dbTester.properties().insertProperty(GITLAB_AUTH_ALLOWED_GROUPS, "", null);

GitlabConfiguration configuration = gitlabConfigurationService.getConfiguration("gitlab-configuration");

@@ -135,10 +135,10 @@ public class GitlabConfigurationServiceIT {
assertThat(configuration.url()).isEmpty();
assertThat(configuration.secret()).isEmpty();
assertThat(configuration.synchronizeGroups()).isFalse();
assertThat(configuration.allowedGroups()).isEmpty();
assertThat(configuration.provisioningType()).isEqualTo(JIT);
assertThat(configuration.allowUsersToSignUp()).isFalse();
assertThat(configuration.provisioningToken()).isNull();
assertThat(configuration.provisioningGroups()).isEmpty();
}

@Test
@@ -169,10 +169,10 @@ public class GitlabConfigurationServiceIT {
.url(withValueOrThrow("url"))
.secret(withValueOrThrow("secret"))
.synchronizeGroups(withValueOrThrow(true))
.allowedGroups(withValueOrThrow(new LinkedHashSet<>(List.of("group1", "group2", "group3"))))
.provisioningType(withValueOrThrow(AUTO_PROVISIONING))
.allowUserToSignUp(withValueOrThrow(true))
.provisioningToken(withValueOrThrow("provisioningToken"))
.provisioningGroups(withValueOrThrow(new LinkedHashSet<>(List.of("group1", "group2", "group3"))))
.build();

GitlabConfiguration gitlabConfiguration = gitlabConfigurationService.updateConfiguration(updateRequest);
@@ -182,10 +182,10 @@ public class GitlabConfigurationServiceIT {
verifySettingWasSet(GITLAB_AUTH_URL, "url");
verifySettingWasSet(GITLAB_AUTH_SECRET, "secret");
verifySettingWasSet(GITLAB_AUTH_SYNC_USER_GROUPS, "true");
verifySettingWasSet(GITLAB_AUTH_ALLOWED_GROUPS, "group1,group2,group3");
verifySettingWasSet(GITLAB_AUTH_PROVISIONING_ENABLED, "true");
verifySettingWasSet(GITLAB_AUTH_ALLOW_USERS_TO_SIGNUP, "true");
verifySettingWasSet(GITLAB_AUTH_PROVISIONING_TOKEN, "provisioningToken");
verifySettingWasSet(GITLAB_AUTH_PROVISIONING_GROUPS, "group1,group2,group3");
verify(managedInstanceService).queueSynchronisationTask();

assertConfigurationFields(gitlabConfiguration);
@@ -290,10 +290,10 @@ public class GitlabConfigurationServiceIT {
assertThat(configuration.url()).isEqualTo("url");
assertThat(configuration.secret()).isEqualTo("secret");
assertThat(configuration.synchronizeGroups()).isTrue();
assertThat(configuration.allowedGroups()).containsExactlyInAnyOrder("group1", "group2", "group3");
assertThat(configuration.provisioningType()).isEqualTo(AUTO_PROVISIONING);
assertThat(configuration.allowUsersToSignUp()).isTrue();
assertThat(configuration.provisioningToken()).isEqualTo("provisioningToken");
assertThat(configuration.provisioningGroups()).containsExactlyInAnyOrder("group1", "group2", "group3");
}

@Test
@@ -329,10 +329,11 @@ public class GitlabConfigurationServiceIT {
"url",
"secret",
true,
AUTO_PROVISIONING,
Set.of("group1", "group2", "group3"),
true,
null,
Set.of("group1", "group2", "group3"));
AUTO_PROVISIONING,
null
);

assertThatThrownBy(() -> gitlabConfigurationService.createConfiguration(configuration))
.isInstanceOf(IllegalStateException.class)
@@ -375,10 +376,11 @@ public class GitlabConfigurationServiceIT {
"url",
"secret",
true,
JIT,
Set.of("group1", "group2", "group3"),
true,
null,
Set.of("group1", "group2", "group3"));
JIT,
null
);

GitlabConfiguration createdConfiguration = gitlabConfigurationService.createConfiguration(configuration);

@@ -395,11 +397,10 @@ public class GitlabConfigurationServiceIT {
verifySettingWasSet(GITLAB_AUTH_URL, configuration.url());
verifySettingWasSet(GITLAB_AUTH_SECRET, configuration.secret());
verifySettingWasSet(GITLAB_AUTH_SYNC_USER_GROUPS, String.valueOf(configuration.synchronizeGroups()));
verifySettingWasSet(GITLAB_AUTH_ALLOWED_GROUPS, String.join(",", configuration.allowedGroups()));
verifySettingWasSet(GITLAB_AUTH_ALLOW_USERS_TO_SIGNUP, String.valueOf(configuration.allowUsersToSignUp()));
verifySettingWasSet(GITLAB_AUTH_PROVISIONING_TOKEN, Strings.nullToEmpty(configuration.provisioningToken()));
verifySettingWasSet(GITLAB_AUTH_PROVISIONING_GROUPS, String.join(",", configuration.provisioningGroups()));
verifySettingWasSet(GITLAB_AUTH_PROVISIONING_ENABLED,
String.valueOf(configuration.provisioningType().equals(AUTO_PROVISIONING)));
verifySettingWasSet(GITLAB_AUTH_PROVISIONING_ENABLED, String.valueOf(configuration.provisioningType().equals(AUTO_PROVISIONING)));
}

private void verifySettingWasSet(String setting, @Nullable String value) {
@@ -434,10 +435,10 @@ public class GitlabConfigurationServiceIT {
assertPropertyIsDeleted(GITLAB_AUTH_URL);
assertPropertyIsDeleted(GITLAB_AUTH_SECRET);
assertPropertyIsDeleted(GITLAB_AUTH_SYNC_USER_GROUPS);
assertPropertyIsDeleted(GITLAB_AUTH_ALLOWED_GROUPS);
assertPropertyIsDeleted(GITLAB_AUTH_PROVISIONING_ENABLED);
assertPropertyIsDeleted(GITLAB_AUTH_ALLOW_USERS_TO_SIGNUP);
assertPropertyIsDeleted(GITLAB_AUTH_PROVISIONING_TOKEN);
assertPropertyIsDeleted(GITLAB_AUTH_PROVISIONING_GROUPS);

assertThat(dbTester.getDbClient().externalGroupDao().selectByIdentityProvider(dbTester.getSession(), GitLabIdentityProvider.KEY)).isEmpty();
}
@@ -538,10 +539,10 @@ public class GitlabConfigurationServiceIT {
when(gitlabConfiguration.url()).thenReturn("url");
when(gitlabConfiguration.secret()).thenReturn("secret");
when(gitlabConfiguration.synchronizeGroups()).thenReturn(true);
when(gitlabConfiguration.allowedGroups()).thenReturn(new LinkedHashSet<>(Set.of("group1", "group2", "group3")));
when(gitlabConfiguration.provisioningType()).thenReturn(provisioningType);
when(gitlabConfiguration.allowUsersToSignUp()).thenReturn(true);
when(gitlabConfiguration.provisioningToken()).thenReturn("provisioningToken");
when(gitlabConfiguration.provisioningGroups()).thenReturn(new LinkedHashSet<>(Set.of("group1", "group2", "group3")));
return gitlabConfiguration;
}

@@ -552,9 +553,9 @@ public class GitlabConfigurationServiceIT {
assertThat(actualConfiguration.url()).isEqualTo(expectedConfiguration.url());
assertThat(actualConfiguration.secret()).isEqualTo(expectedConfiguration.secret());
assertThat(actualConfiguration.synchronizeGroups()).isEqualTo(expectedConfiguration.synchronizeGroups());
assertThat(actualConfiguration.allowedGroups()).containsExactlyInAnyOrderElementsOf(expectedConfiguration.allowedGroups());
assertThat(actualConfiguration.provisioningType()).isEqualTo(expectedConfiguration.provisioningType());
assertThat(actualConfiguration.allowUsersToSignUp()).isEqualTo(expectedConfiguration.allowUsersToSignUp());
assertThat(actualConfiguration.provisioningToken()).isEqualTo(expectedConfiguration.provisioningToken());
assertThat(actualConfiguration.provisioningGroups()).containsExactlyInAnyOrderElementsOf(expectedConfiguration.provisioningGroups());
}
}

+ 4
- 3
server/sonar-webserver-common/src/main/java/org/sonar/server/common/gitlab/config/GitlabConfiguration.java View File

@@ -35,13 +35,14 @@ public record GitlabConfiguration(

boolean synchronizeGroups,

ProvisioningType provisioningType,
Set<String> allowedGroups,

boolean allowUsersToSignUp,

ProvisioningType provisioningType,

@Nullable
String provisioningToken,
String provisioningToken

Set<String> provisioningGroups
) {
}

+ 10
- 10
server/sonar-webserver-common/src/main/java/org/sonar/server/common/gitlab/config/GitlabConfigurationService.java View File

@@ -43,11 +43,11 @@ import static org.apache.commons.lang.StringUtils.isNotBlank;
import static org.sonar.alm.client.gitlab.GitlabGlobalSettingsValidator.ValidationMode.AUTH_ONLY;
import static org.sonar.alm.client.gitlab.GitlabGlobalSettingsValidator.ValidationMode.COMPLETE;
import static org.sonar.api.utils.Preconditions.checkState;
import static org.sonar.auth.gitlab.GitLabSettings.GITLAB_AUTH_ALLOWED_GROUPS;
import static org.sonar.auth.gitlab.GitLabSettings.GITLAB_AUTH_ALLOW_USERS_TO_SIGNUP;
import static org.sonar.auth.gitlab.GitLabSettings.GITLAB_AUTH_APPLICATION_ID;
import static org.sonar.auth.gitlab.GitLabSettings.GITLAB_AUTH_ENABLED;
import static org.sonar.auth.gitlab.GitLabSettings.GITLAB_AUTH_PROVISIONING_ENABLED;
import static org.sonar.auth.gitlab.GitLabSettings.GITLAB_AUTH_PROVISIONING_GROUPS;
import static org.sonar.auth.gitlab.GitLabSettings.GITLAB_AUTH_PROVISIONING_TOKEN;
import static org.sonar.auth.gitlab.GitLabSettings.GITLAB_AUTH_SECRET;
import static org.sonar.auth.gitlab.GitLabSettings.GITLAB_AUTH_SYNC_USER_GROUPS;
@@ -65,10 +65,10 @@ public class GitlabConfigurationService {
GITLAB_AUTH_URL,
GITLAB_AUTH_SECRET,
GITLAB_AUTH_SYNC_USER_GROUPS,
GITLAB_AUTH_ALLOWED_GROUPS,
GITLAB_AUTH_PROVISIONING_ENABLED,
GITLAB_AUTH_ALLOW_USERS_TO_SIGNUP,
GITLAB_AUTH_PROVISIONING_TOKEN,
GITLAB_AUTH_PROVISIONING_GROUPS);
GITLAB_AUTH_PROVISIONING_TOKEN);

public static final String UNIQUE_GITLAB_CONFIGURATION_ID = "gitlab-configuration";
private final DbClient dbClient;
@@ -95,10 +95,10 @@ public class GitlabConfigurationService {
setIfDefined(dbSession, GITLAB_AUTH_URL, updateRequest.url());
setIfDefined(dbSession, GITLAB_AUTH_SECRET, updateRequest.secret());
setIfDefined(dbSession, GITLAB_AUTH_SYNC_USER_GROUPS, updateRequest.synchronizeGroups().map(String::valueOf));
setIfDefined(dbSession, GITLAB_AUTH_ALLOWED_GROUPS, updateRequest.allowedGroups().map(groups -> String.join(",", groups)));
setIfDefined(dbSession, GITLAB_AUTH_PROVISIONING_ENABLED, provisioningEnabled.map(String::valueOf));
setIfDefined(dbSession, GITLAB_AUTH_ALLOW_USERS_TO_SIGNUP, updateRequest.allowUsersToSignUp().map(String::valueOf));
setIfDefined(dbSession, GITLAB_AUTH_PROVISIONING_TOKEN, updateRequest.provisioningToken());
setIfDefined(dbSession, GITLAB_AUTH_PROVISIONING_GROUPS, updateRequest.provisioningGroups().map(groups -> String.join(",", groups)));
boolean shouldTriggerProvisioning =
provisioningEnabled.orElse(false) && !currentConfiguration.provisioningType().equals(AUTO_PROVISIONING);
deleteExternalGroupsWhenDisablingAutoProvisioning(dbSession, currentConfiguration, updateRequest.provisioningType());
@@ -196,10 +196,10 @@ public class GitlabConfigurationService {
setProperty(dbSession, GITLAB_AUTH_URL, configuration.url());
setProperty(dbSession, GITLAB_AUTH_SECRET, configuration.secret());
setProperty(dbSession, GITLAB_AUTH_SYNC_USER_GROUPS, String.valueOf(configuration.synchronizeGroups()));
setProperty(dbSession, GITLAB_AUTH_ALLOWED_GROUPS, String.join(",", configuration.allowedGroups()));
setProperty(dbSession, GITLAB_AUTH_PROVISIONING_ENABLED, String.valueOf(enableAutoProvisioning));
setProperty(dbSession, GITLAB_AUTH_ALLOW_USERS_TO_SIGNUP, String.valueOf(configuration.allowUsersToSignUp()));
setProperty(dbSession, GITLAB_AUTH_PROVISIONING_TOKEN, configuration.provisioningToken());
setProperty(dbSession, GITLAB_AUTH_PROVISIONING_GROUPS, String.join(",", configuration.provisioningGroups()));
if (enableAutoProvisioning) {
triggerRun(configuration);
}
@@ -234,15 +234,15 @@ public class GitlabConfigurationService {
getStringPropertyOrEmpty(dbSession, GITLAB_AUTH_URL),
getStringPropertyOrEmpty(dbSession, GITLAB_AUTH_SECRET),
getBooleanOrFalse(dbSession, GITLAB_AUTH_SYNC_USER_GROUPS),
toProvisioningType(getBooleanOrFalse(dbSession, GITLAB_AUTH_PROVISIONING_ENABLED)),
getAllowedGroups(dbSession),
getBooleanOrFalse(dbSession, GITLAB_AUTH_ALLOW_USERS_TO_SIGNUP),
getStringPropertyOrNull(dbSession, GITLAB_AUTH_PROVISIONING_TOKEN),
getProvisioningGroups(dbSession)
toProvisioningType(getBooleanOrFalse(dbSession, GITLAB_AUTH_PROVISIONING_ENABLED)),
getStringPropertyOrNull(dbSession, GITLAB_AUTH_PROVISIONING_TOKEN)
);
}

private Set<String> getProvisioningGroups(DbSession dbSession) {
return Optional.ofNullable(dbClient.propertiesDao().selectGlobalProperty(dbSession, GITLAB_AUTH_PROVISIONING_GROUPS))
private Set<String> getAllowedGroups(DbSession dbSession) {
return Optional.ofNullable(dbClient.propertiesDao().selectGlobalProperty(dbSession, GITLAB_AUTH_ALLOWED_GROUPS))
.map(dto -> Arrays.stream(dto.getValue().split(","))
.filter(s -> !s.isEmpty())
.collect(Collectors.toSet())

+ 11
- 10
server/sonar-webserver-common/src/main/java/org/sonar/server/common/gitlab/config/UpdateGitlabConfigurationRequest.java View File

@@ -30,10 +30,10 @@ public record UpdateGitlabConfigurationRequest(
NonNullUpdatedValue<String> url,
NonNullUpdatedValue<String> secret,
NonNullUpdatedValue<Boolean> synchronizeGroups,
NonNullUpdatedValue<ProvisioningType> provisioningType,
NonNullUpdatedValue<Set<String>> allowedGroups,
NonNullUpdatedValue<Boolean> allowUsersToSignUp,
UpdatedValue<String> provisioningToken,
NonNullUpdatedValue<Set<String>> provisioningGroups
NonNullUpdatedValue<ProvisioningType> provisioningType
) {

public static Builder builder() {
@@ -47,10 +47,10 @@ public record UpdateGitlabConfigurationRequest(
private NonNullUpdatedValue<String> url = NonNullUpdatedValue.undefined();
private NonNullUpdatedValue<String> secret = NonNullUpdatedValue.undefined();
private NonNullUpdatedValue<Boolean> synchronizeGroups = NonNullUpdatedValue.undefined();
private NonNullUpdatedValue<Set<String>> allowedGroups = NonNullUpdatedValue.undefined();
private NonNullUpdatedValue<ProvisioningType> provisioningType = NonNullUpdatedValue.undefined();
private NonNullUpdatedValue<Boolean> allowUserToSignUp = NonNullUpdatedValue.undefined();
private UpdatedValue<String> provisioningToken = UpdatedValue.undefined();
private NonNullUpdatedValue<Set<String>> provisioningGroups = NonNullUpdatedValue.undefined();

private Builder() {
}
@@ -85,6 +85,11 @@ public record UpdateGitlabConfigurationRequest(
return this;
}

public Builder allowedGroups(NonNullUpdatedValue<Set<String>> allowedGroups) {
this.allowedGroups = allowedGroups;
return this;
}

public Builder provisioningType(NonNullUpdatedValue<ProvisioningType> provisioningType) {
this.provisioningType = provisioningType;
return this;
@@ -100,14 +105,10 @@ public record UpdateGitlabConfigurationRequest(
return this;
}

public Builder provisioningGroups(NonNullUpdatedValue<Set<String>> provisioningGroups) {
this.provisioningGroups = provisioningGroups;
return this;
}

public UpdateGitlabConfigurationRequest build() {
return new UpdateGitlabConfigurationRequest(gitlabConfigurationId, enabled, applicationId, url, secret, synchronizeGroups, provisioningType, allowUserToSignUp,
provisioningToken, provisioningGroups);
return new UpdateGitlabConfigurationRequest(gitlabConfigurationId, enabled, applicationId, url, secret, synchronizeGroups, allowedGroups, allowUserToSignUp,
provisioningToken, provisioningType
);
}
}
}

+ 7
- 6
server/sonar-webserver-webapi-v2/src/main/java/org/sonar/server/v2/api/gitlab/config/controller/DefaultGitlabConfigurationController.java View File

@@ -81,10 +81,11 @@ public class DefaultGitlabConfigurationController implements GitlabConfiguration
createRestRequest.url(),
createRestRequest.secret(),
createRestRequest.synchronizeGroups(),
toProvisioningType(createRestRequest.provisioningType()),
Set.copyOf(createRestRequest.allowedGroups()),
createRestRequest.allowUsersToSignUp() != null && createRestRequest.allowUsersToSignUp(),
createRestRequest.provisioningToken(),
createRestRequest.provisioningGroups() == null ? Set.of() : Set.copyOf(createRestRequest.provisioningGroups()));
toProvisioningType(createRestRequest.provisioningType()),
createRestRequest.provisioningToken()
);
}

private GitlabConfigurationResource getGitlabConfigurationResource(String id) {
@@ -107,10 +108,10 @@ public class DefaultGitlabConfigurationController implements GitlabConfiguration
.url(updateRequest.getUrl().toNonNullUpdatedValue())
.secret(updateRequest.getSecret().toNonNullUpdatedValue())
.synchronizeGroups(updateRequest.getSynchronizeGroups().toNonNullUpdatedValue())
.allowedGroups(updateRequest.getAllowedGroups().map(DefaultGitlabConfigurationController::getGroups).toNonNullUpdatedValue())
.provisioningType(updateRequest.getProvisioningType().map(DefaultGitlabConfigurationController::toProvisioningType).toNonNullUpdatedValue())
.allowUserToSignUp(updateRequest.getAllowUsersToSignUp().toNonNullUpdatedValue())
.provisioningToken(updateRequest.getProvisioningToken().toUpdatedValue())
.provisioningGroups(updateRequest.getProvisioningGroups().map(DefaultGitlabConfigurationController::getGroups).toNonNullUpdatedValue())
.build();
}

@@ -126,9 +127,9 @@ public class DefaultGitlabConfigurationController implements GitlabConfiguration
configuration.applicationId(),
configuration.url(),
configuration.synchronizeGroups(),
toRestProvisioningType(configuration),
sortGroups(configuration.allowedGroups()),
configuration.allowUsersToSignUp(),
sortGroups(configuration.provisioningGroups()),
toRestProvisioningType(configuration),
configurationError.orElse(null)
);
}

+ 7
- 5
server/sonar-webserver-webapi-v2/src/main/java/org/sonar/server/v2/api/gitlab/config/request/GitlabConfigurationCreateRestRequest.java View File

@@ -36,9 +36,11 @@ public record GitlabConfigurationCreateRestRequest(
@NotEmpty
@Schema(description = "Gitlab Application id")
String applicationId,

@NotEmpty
@Schema(description = "Url of Gitlab instance for authentication (for instance https://gitlab.com)")
String url,

@NotEmpty
@Schema(accessMode = Schema.AccessMode.WRITE_ONLY, description = "Secret of the application")
String secret,
@@ -47,6 +49,10 @@ public record GitlabConfigurationCreateRestRequest(
@Schema(description = "Set whether to synchronize groups")
Boolean synchronizeGroups,

@NotEmpty
@ArraySchema(arraySchema = @Schema(description = "GitLab groups allowed to authenticate and provisioned (for Auto-Provisioning only). Subgroups will automatically be included"))
List<String> allowedGroups,

@NotNull
@Schema(description = "Type of synchronization")
ProvisioningType provisioningType,
@@ -57,10 +63,6 @@ public record GitlabConfigurationCreateRestRequest(

@Schema(description = "Allow user to sign up")
@Nullable
Boolean allowUsersToSignUp,

@ArraySchema(arraySchema = @Schema(description = "Root GitLab groups to provision."))
@Nullable
List<String> provisioningGroups
Boolean allowUsersToSignUp
) {
}

+ 10
- 10
server/sonar-webserver-webapi-v2/src/main/java/org/sonar/server/v2/api/gitlab/config/request/GitlabConfigurationUpdateRestRequest.java View File

@@ -33,10 +33,10 @@ public class GitlabConfigurationUpdateRestRequest {
private UpdateField<String> url = UpdateField.undefined();
private UpdateField<String> secret = UpdateField.undefined();
private UpdateField<Boolean> synchronizeGroups = UpdateField.undefined();
private UpdateField<List<String>> allowedGroups = UpdateField.undefined();
private UpdateField<ProvisioningType> provisioningType = UpdateField.undefined();
private UpdateField<Boolean> allowUsersToSignUp = UpdateField.undefined();
private UpdateField<String> provisioningToken = UpdateField.undefined();
private UpdateField<List<String>> provisioningGroups = UpdateField.undefined();

@Schema(implementation = Boolean.class, description = "Enable Gitlab authentication")
public UpdateField<Boolean> getEnabled() {
@@ -83,6 +83,15 @@ public class GitlabConfigurationUpdateRestRequest {
this.synchronizeGroups = UpdateField.withValue(synchronizeGroups);
}

@ArraySchema(arraySchema = @Schema(description = "Root Gitlab groups allowed to authenticate and provisioned"), schema = @Schema(implementation = String.class))
public UpdateField<List<String>> getAllowedGroups() {
return allowedGroups;
}

public void setAllowedGroups(List<String> allowedGroups) {
this.allowedGroups = UpdateField.withValue(allowedGroups);
}

@Schema(implementation = ProvisioningType.class, description = "Type of synchronization")
public UpdateField<ProvisioningType> getProvisioningType() {
return provisioningType;
@@ -110,13 +119,4 @@ public class GitlabConfigurationUpdateRestRequest {
public void setProvisioningToken(String provisioningToken) {
this.provisioningToken = UpdateField.withValue(provisioningToken);
}

@ArraySchema(arraySchema = @Schema(description = "Root gitlab groups to provision."), schema = @Schema(implementation = String.class))
public UpdateField<List<String>> getProvisioningGroups() {
return provisioningGroups;
}

public void setProvisioningGroups(List<String> provisioningGroups) {
this.provisioningGroups = UpdateField.withValue(provisioningGroups);
}
}

+ 3
- 3
server/sonar-webserver-webapi-v2/src/main/java/org/sonar/server/v2/api/gitlab/config/resource/GitlabConfigurationResource.java View File

@@ -38,12 +38,12 @@ public record GitlabConfigurationResource(

boolean synchronizeGroups,

ProvisioningType provisioningType,
@Schema(description = "Root Gitlab groups allowed to authenticate and provisioned")
List<String> allowedGroups,

boolean allowUsersToSignUp,

@Schema(description = "Root Gitlab groups to provision")
List<String> provisioningGroups,
ProvisioningType provisioningType,

@Schema(accessMode = Schema.AccessMode.READ_ONLY, description = "In case the GitLab configuration is incorrect, error message")
@Nullable

+ 51
- 45
server/sonar-webserver-webapi-v2/src/test/java/org/sonar/server/v2/api/gitlab/config/DefaultGitlabConfigurationControllerTest.java View File

@@ -69,20 +69,23 @@ public class DefaultGitlabConfigurationControllerTest {
"www.url.com",
"secret",
true,
AUTO_PROVISIONING,
Set.of("group1", "group2"),
true,
"provisioning-token",
Set.of("provisioning-group2", "provisioning-group1"));
AUTO_PROVISIONING,
"provisioning-token"
);

private static final GitlabConfigurationResource EXPECTED_GITLAB_CONF_RESOURCE = new GitlabConfigurationResource(
GITLAB_CONFIGURATION.id(),
GITLAB_CONFIGURATION.enabled(),
GITLAB_CONFIGURATION.applicationId(),
GITLAB_CONFIGURATION.url(),
GITLAB_CONFIGURATION.synchronizeGroups(),
org.sonar.server.v2.api.gitlab.config.resource.ProvisioningType.valueOf(GITLAB_CONFIGURATION.provisioningType().name()),
List.of("group1", "group2"),
GITLAB_CONFIGURATION.allowUsersToSignUp(),
List.of("provisioning-group1", "provisioning-group2"),
org.sonar.server.v2.api.gitlab.config.resource.ProvisioningType.valueOf(GITLAB_CONFIGURATION.provisioningType().name()),
"error-message");

private static final String EXPECTED_CONFIGURATION = """
{
"id": "existing-id",
@@ -90,12 +93,12 @@ public class DefaultGitlabConfigurationControllerTest {
"applicationId": "application-id",
"url": "www.url.com",
"synchronizeGroups": true,
"allowedGroups": [
"group1",
"group2"
],
"provisioningType": "AUTO_PROVISIONING",
"allowUsersToSignUp": true,
"provisioningGroups": [
"provisioning-group2",
"provisioning-group1"
],
"errorMessage": "error-message"
}
""";
@@ -200,13 +203,13 @@ public class DefaultGitlabConfigurationControllerTest {
"url": "www.url.com",
"secret": "newSecret",
"synchronizeGroups": true,
"allowedGroups": [
"group1",
"group2"
],
"provisioningType": "AUTO_PROVISIONING",
"allowUsersToSignUp": true,
"provisioningToken": "token",
"provisioningGroups": [
"provisioning-group2",
"provisioning-group1"
]
"provisioningToken": "token"
}
""";

@@ -224,10 +227,11 @@ public class DefaultGitlabConfigurationControllerTest {
NonNullUpdatedValue.withValueOrThrow("www.url.com"),
NonNullUpdatedValue.withValueOrThrow("newSecret"),
NonNullUpdatedValue.withValueOrThrow(true),
NonNullUpdatedValue.withValueOrThrow(AUTO_PROVISIONING),
NonNullUpdatedValue.withValueOrThrow(Set.of("group1", "group2")),
NonNullUpdatedValue.withValueOrThrow(true),
UpdatedValue.withValue("token"),
NonNullUpdatedValue.withValueOrThrow(Set.of("provisioning-group2", "provisioning-group1"))));
NonNullUpdatedValue.withValueOrThrow(AUTO_PROVISIONING)
));
}

@Test
@@ -258,10 +262,8 @@ public class DefaultGitlabConfigurationControllerTest {
NonNullUpdatedValue.undefined(),
NonNullUpdatedValue.undefined(),
NonNullUpdatedValue.undefined(),
NonNullUpdatedValue.withValueOrThrow(JIT),
NonNullUpdatedValue.withValueOrThrow(false),
UpdatedValue.withValue(null),
NonNullUpdatedValue.undefined()));
NonNullUpdatedValue.undefined(), NonNullUpdatedValue.withValueOrThrow(false), UpdatedValue.withValue(null), NonNullUpdatedValue.withValueOrThrow(JIT)
));
}

@Test
@@ -278,12 +280,12 @@ public class DefaultGitlabConfigurationControllerTest {
"url": "www.url.com",
"secret": "123",
"synchronizeGroups": true,
"allowedGroups": [
"group1",
"group2"
],
"provisioningType": "AUTO_PROVISIONING",
"allowUsersToSignUp": true,
"provisioningGroups": [
"provisioning-group2",
"provisioning-group1"
]
"allowUsersToSignUp": true
}
"""))
.andExpectAll(
@@ -306,12 +308,12 @@ public class DefaultGitlabConfigurationControllerTest {
"secret": "123",
"url": "www.url.com",
"synchronizeGroups": true,
"allowedGroups": [
"group1",
"group2"
],
"provisioningType": "AUTO_PROVISIONING",
"allowUsersToSignUp": true,
"provisioningGroups": [
"provisioning-group2",
"provisioning-group1"
]
"allowUsersToSignUp": true
}

"""))
@@ -324,12 +326,12 @@ public class DefaultGitlabConfigurationControllerTest {
"applicationId": "application-id",
"url": "www.url.com",
"synchronizeGroups": true,
"allowedGroups": [
"group1",
"group2"
],
"provisioningType": "AUTO_PROVISIONING",
"allowUsersToSignUp": true,
"provisioningGroups": [
"provisioning-group2",
"provisioning-group1"
]
"allowUsersToSignUp": true
}
"""));

@@ -349,6 +351,10 @@ public class DefaultGitlabConfigurationControllerTest {
"secret": "123",
"url": "www.url.com",
"synchronizeGroups": true,
"allowedGroups": [
"group1",
"group2"
],
"provisioningType": "AUTO_PROVISIONING"
}

@@ -362,12 +368,12 @@ public class DefaultGitlabConfigurationControllerTest {
"applicationId": "application-id",
"url": "www.url.com",
"synchronizeGroups": true,
"allowedGroups": [
"group1",
"group2"
],
"provisioningType": "AUTO_PROVISIONING",
"allowUsersToSignUp": true,
"provisioningGroups": [
"provisioning-group2",
"provisioning-group1"
]
"allowUsersToSignUp": true
}
"""));

@@ -386,12 +392,12 @@ public class DefaultGitlabConfigurationControllerTest {
"applicationId": "application-id",
"url": "www.url.com",
"synchronizeGroups": true,
"allowedGroups": [
"group1",
"group2"
],
"provisioningType": "AUTO_PROVISIONING",
"allowUsersToSignUp": true,
"provisioningGroups": [
"provisioning-group2",
"provisioning-group1"
]
"allowUsersToSignUp": true
}
"""))
.andExpectAll(

+ 1
- 1
sonar-ws/src/main/java/org/sonarqube/ws/client/gitlab/configuration/GitlabConfiguration.java View File

@@ -21,5 +21,5 @@ package org.sonarqube.ws.client.gitlab.configuration;

public record GitlabConfiguration(boolean enabled, String applicationId, String url, String secret, boolean synchronizeGroups,
String provisioningType, boolean allowUsersToSignUp, String provisioningToken,
String singleProvisioningGroup) {
String singleAllowedGroup) {
}

+ 2
- 2
sonar-ws/src/main/java/org/sonarqube/ws/client/gitlab/configuration/GitlabConfigurationService.java View File

@@ -45,11 +45,11 @@ public class GitlabConfigurationService extends BaseService {
"provisioningType": "%s",
"allowUsersToSignUp": "%s",
"provisioningToken": "%s",
"provisioningGroups": ["%s"]
"allowedGroups": ["%s"]
}
""", gitlabConfiguration.enabled(), gitlabConfiguration.applicationId(), gitlabConfiguration.url(), gitlabConfiguration.secret(),
gitlabConfiguration.synchronizeGroups(), gitlabConfiguration.provisioningType(), gitlabConfiguration.allowUsersToSignUp(),
gitlabConfiguration.provisioningToken(), gitlabConfiguration.singleProvisioningGroup());
gitlabConfiguration.provisioningToken(), gitlabConfiguration.singleAllowedGroup());
WsResponse response = call(
new PostRequest(path()).setBody(body)
);

Write Preview
Loading…
Cancel
Save