mirrors
/
sonarqube
mirror of https://github.com/SonarSource/sonarqube.git
Watch 1
Star 0
Fork 0
Code Issues 0 Releases 237 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
36209 Commits
59 Branches
Tree: 4592d63590
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '4592d63590'
${ noResults }
sonarqube/server/sonar-auth-github/src/main/java/org/sonar/auth/github/GitHubSettings.java

GitHubSettings.java 11KB
Raw Blame History

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286 
  1. /*

  2.  * SonarQube

  3.  * Copyright (C) 2009-2024 SonarSource SA

  4.  * mailto:info AT sonarsource DOT com

  5.  *

  6.  * This program is free software; you can redistribute it and/or

  7.  * modify it under the terms of the GNU Lesser General Public

  8.  * License as published by the Free Software Foundation; either

  9.  * version 3 of the License, or (at your option) any later version.

  10.  *

  11.  * This program is distributed in the hope that it will be useful,

  12.  * but WITHOUT ANY WARRANTY; without even the implied warranty of

  13.  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU

  14.  * Lesser General Public License for more details.

  15.  *

  16.  * You should have received a copy of the GNU Lesser General Public License

  17.  * along with this program; if not, write to the Free Software Foundation,

  18.  * Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.

  19.  */

  20. package org.sonar.auth.github;

  21. 

  22. import com.google.common.annotations.VisibleForTesting;

  23. import java.util.Arrays;

  24. import java.util.List;

  25. import java.util.Set;

  26. import javax.annotation.CheckForNull;

  27. import javax.annotation.Nullable;

  28. import org.sonar.api.PropertyType;

  29. import org.sonar.api.ce.ComputeEngineSide;

  30. import org.sonar.api.config.Configuration;

  31. import org.sonar.api.config.PropertyDefinition;

  32. import org.sonar.api.server.ServerSide;

  33. import org.sonar.auth.DevOpsPlatformSettings;

  34. import org.sonar.db.DbClient;

  35. import org.sonar.db.DbSession;

  36. import org.sonar.db.alm.setting.ALM;

  37. import org.sonar.server.property.InternalProperties;

  38. 

  39. import static java.lang.String.format;

  40. import static java.lang.String.valueOf;

  41. import static org.apache.commons.lang3.StringUtils.isNotBlank;

  42. import static org.sonar.api.PropertyType.BOOLEAN;

  43. import static org.sonar.api.PropertyType.PASSWORD;

  44. import static org.sonar.api.PropertyType.STRING;

  45. import static org.sonar.api.utils.Preconditions.checkState;

  46. 

  47. @ServerSide

  48. @ComputeEngineSide

  49. public class GitHubSettings implements DevOpsPlatformSettings {

  50. 

  51.   public static final String CLIENT_ID = "sonar.auth.github.clientId.secured";

  52.   public static final String CLIENT_SECRET = "sonar.auth.github.clientSecret.secured";

  53.   public static final String APP_ID = "sonar.auth.github.appId";

  54.   public static final String PRIVATE_KEY = "sonar.auth.github.privateKey.secured";

  55.   public static final String ENABLED = "sonar.auth.github.enabled";

  56.   public static final String ALLOW_USERS_TO_SIGN_UP = "sonar.auth.github.allowUsersToSignUp";

  57.   public static final String GROUPS_SYNC = "sonar.auth.github.groupsSync";

  58.   public static final String API_URL = "sonar.auth.github.apiUrl";

  59.   public static final String DEFAULT_API_URL = "https://api.github.com/";

  60.   public static final String WEB_URL = "sonar.auth.github.webUrl";

  61.   public static final String DEFAULT_WEB_URL = "https://github.com/";

  62.   public static final String ORGANIZATIONS = "sonar.auth.github.organizations";

  63.   @VisibleForTesting

  64.   static final String PROVISIONING = "provisioning.github.enabled";

  65.   @VisibleForTesting

  66.   static final String PROVISION_VISIBILITY = "provisioning.github.project.visibility.enabled";

  67.   @VisibleForTesting

  68.   static final String USER_CONSENT_FOR_PERMISSIONS_REQUIRED_AFTER_UPGRADE = "sonar.auth.github.userConsentForPermissionProvisioningRequired";

  69. 

  70.   private static final String CATEGORY = "authentication";

  71.   private static final String SUBCATEGORY = "github";

  72. 

  73.   private final Configuration configuration;

  74. 

  75.   private final InternalProperties internalProperties;

  76.   private final DbClient dbClient;

  77. 

  78.   public GitHubSettings(Configuration configuration, InternalProperties internalProperties, DbClient dbClient) {

  79.     this.configuration = configuration;

  80.     this.internalProperties = internalProperties;

  81.     this.dbClient = dbClient;

  82.   }

  83. 

  84.   public String clientId() {

  85.     return configuration.get(CLIENT_ID).orElse("");

  86.   }

  87. 

  88.   public String clientSecret() {

  89.     return configuration.get(CLIENT_SECRET).orElse("");

  90.   }

  91. 

  92.   public String appId() {

  93.     return configuration.get(APP_ID).orElse("");

  94.   }

  95. 

  96.   public String privateKey() {

  97.     return configuration.get(PRIVATE_KEY).orElse("");

  98.   }

  99. 

  100.   public boolean isEnabled() {

  101.     return configuration.getBoolean(ENABLED).orElse(false) && !clientId().isEmpty() && !clientSecret().isEmpty();

  102.   }

  103. 

  104.   public boolean allowUsersToSignUp() {

  105.     return configuration.getBoolean(ALLOW_USERS_TO_SIGN_UP).orElse(false);

  106.   }

  107. 

  108.   public boolean syncGroups() {

  109.     return configuration.getBoolean(GROUPS_SYNC).orElse(false);

  110.   }

  111. 

  112.   @CheckForNull

  113.   String webURL() {

  114.     return urlWithEndingSlash(configuration.get(WEB_URL).orElse(""));

  115.   }

  116. 

  117.   @CheckForNull

  118.   public String apiURL() {

  119.     return urlWithEndingSlash(configuration.get(API_URL).orElse(""));

  120.   }

  121. 

  122.   public String apiURLOrDefault() {

  123.     return configuration.get(API_URL).map(GitHubSettings::urlWithEndingSlash).orElse(DEFAULT_API_URL);

  124.   }

  125. 

  126.   public Set<String> getOrganizations() {

  127.     return Set.of(configuration.getStringArray(ORGANIZATIONS));

  128.   }

  129. 

  130.   @CheckForNull

  131.   private static String urlWithEndingSlash(@Nullable String url) {

  132.     if (url != null && !url.endsWith("/")) {

  133.       return url + "/";

  134.     }

  135.     return url;

  136.   }

  137. 

  138.   public void setProvisioning(boolean enableProvisioning) {

  139.     if (enableProvisioning) {

  140.       checkGithubConfigIsCompleteForProvisioning();

  141.     } else {

  142.       removeExternalGroupsForGithub();

  143.     }

  144.     internalProperties.write(PROVISIONING, String.valueOf(enableProvisioning));

  145.   }

  146. 

  147.   private void removeExternalGroupsForGithub() {

  148.     try (DbSession dbSession = dbClient.openSession(false)) {

  149.       dbClient.externalGroupDao().deleteByExternalIdentityProvider(dbSession, GitHubIdentityProvider.KEY);

  150.       dbClient.githubOrganizationGroupDao().deleteAll(dbSession);

  151.       dbSession.commit();

  152.     }

  153.   }

  154. 

  155.   private void checkGithubConfigIsCompleteForProvisioning() {

  156.     checkState(isEnabled(), getErrorMessage("GitHub authentication must be enabled"));

  157.     checkState(isNotBlank(appId()), getErrorMessage("Application ID must be provided"));

  158.     checkState(isNotBlank(privateKey()), getErrorMessage("Private key must be provided"));

  159.   }

  160. 

  161.   private static String getErrorMessage(String prefix) {

  162.     return format("%s to enable GitHub provisioning.", prefix);

  163.   }

  164. 

  165.   @Override

  166.   public String getDevOpsPlatform() {

  167.     return ALM.GITHUB.getId();

  168.   }

  169. 

  170.   @Override

  171.   public boolean isProvisioningEnabled() {

  172.     return isEnabled() && internalProperties.read(PROVISIONING).map(Boolean::parseBoolean).orElse(false);

  173.   }

  174. 

  175.   public boolean isUserConsentRequiredAfterUpgrade() {

  176.     return configuration.get(USER_CONSENT_FOR_PERMISSIONS_REQUIRED_AFTER_UPGRADE).isPresent();

  177.   }

  178. 

  179.   @Override

  180.   public boolean isProjectVisibilitySynchronizationActivated() {

  181.     return configuration.getBoolean(PROVISION_VISIBILITY).orElse(true);

  182.   }

  183. 

  184.   public static List<PropertyDefinition> definitions() {

  185.     int index = 1;

  186.     return Arrays.asList(

  187.       PropertyDefinition.builder(ENABLED)

  188.         .name("Enabled")

  189.         .description("Enable GitHub users to login. Value is ignored if client ID and secret are not defined.")

  190.         .category(CATEGORY)

  191.         .subCategory(SUBCATEGORY)

  192.         .type(BOOLEAN)

  193.         .defaultValue(valueOf(false))

  194.         .index(index++)

  195.         .build(),

  196.       PropertyDefinition.builder(CLIENT_ID)

  197.         .name("Client ID")

  198.         .description("Client ID provided by GitHub when registering the application.")

  199.         .category(CATEGORY)

  200.         .subCategory(SUBCATEGORY)

  201.         .index(index++)

  202.         .build(),

  203.       PropertyDefinition.builder(CLIENT_SECRET)

  204.         .name("Client Secret")

  205.         .description("Client password provided by GitHub when registering the application.")

  206.         .category(CATEGORY)

  207.         .subCategory(SUBCATEGORY)

  208.         .type(PASSWORD)

  209.         .index(index++)

  210.         .build(),

  211.       PropertyDefinition.builder(APP_ID)

  212.         .name("App ID")

  213.         .description("The App ID is found on your GitHub App's page on GitHub at Settings > Developer Settings > GitHub Apps.")

  214.         .category(CATEGORY)

  215.         .subCategory(SUBCATEGORY)

  216.         .type(STRING)

  217.         .index(index++)

  218.         .build(),

  219.       PropertyDefinition.builder(PRIVATE_KEY)

  220.         .name("Private Key")

  221.         .description("""

  222.           Your GitHub App's private key. You can generate a .pem file from your GitHub App's page under Private keys.

  223.           Copy and paste the whole contents of the file here.""")

  224.         .category(CATEGORY)

  225.         .subCategory(SUBCATEGORY)

  226.         .type(PropertyType.TEXT)

  227.         .index(index++)

  228.         .build(),

  229.       PropertyDefinition.builder(ALLOW_USERS_TO_SIGN_UP)

  230.         .name("Allow users to sign up")

  231.         .description("Allow new users to authenticate. When set to disabled, only existing users will be able to authenticate to the server.")

  232.         .category(CATEGORY)

  233.         .subCategory(SUBCATEGORY)

  234.         .type(BOOLEAN)

  235.         .defaultValue(valueOf(true))

  236.         .index(index++)

  237.         .build(),

  238.       PropertyDefinition.builder(GROUPS_SYNC)

  239.         .name("Synchronize teams as groups")

  240.         .description("Synchronize GitHub team with SonarQube group memberships when users log in to SonarQube."

  241.           + " For each GitHub team they belong to, users will be associated to a group of the same name if it exists in SonarQube.")

  242.         .category(CATEGORY)

  243.         .subCategory(SUBCATEGORY)

  244.         .type(BOOLEAN)

  245.         .defaultValue(valueOf(false))

  246.         .index(index++)

  247.         .build(),

  248.       PropertyDefinition.builder(API_URL)

  249.         .name("The API url for a GitHub instance.")

  250.         .description(String.format("The API url for a GitHub instance. %s for Github.com, https://github.company.com/api/v3/ when using Github Enterprise", DEFAULT_API_URL))

  251.         .category(CATEGORY)

  252.         .subCategory(SUBCATEGORY)

  253.         .type(STRING)

  254.         .defaultValue(DEFAULT_API_URL)

  255.         .index(index++)

  256.         .build(),

  257.       PropertyDefinition.builder(WEB_URL)

  258.         .name("The WEB url for a GitHub instance.")

  259.         .description(String.format("The WEB url for a GitHub instance. %s for Github.com, https://github.company.com/ when using GitHub Enterprise.", DEFAULT_WEB_URL))

  260.         .category(CATEGORY)

  261.         .subCategory(SUBCATEGORY)

  262.         .type(STRING)

  263.         .defaultValue(DEFAULT_WEB_URL)

  264.         .index(index++)

  265.         .build(),

  266.       PropertyDefinition.builder(ORGANIZATIONS)

  267.         .name("Organizations")

  268.         .description("Only members of these organizations will be able to authenticate to the server. "

  269.           + "⚠ if not set, users from any organization where the GitHub App is installed will be able to login to this SonarQube instance.")

  270.         .multiValues(true)

  271.         .category(CATEGORY)

  272.         .subCategory(SUBCATEGORY)

  273.         .index(index)

  274.         .build(),

  275.       PropertyDefinition.builder(PROVISION_VISIBILITY)

  276.         .name("Provision project visibility")

  277.         .description("Change project visibility based on GitHub repository visibility. If disabled, every provisioned project will be private in SonarQube and visible only"

  278.           + " to users with explicit GitHub permissions for the corresponding repository. Changes take effect at the next synchronization.")

  279.         .type(BOOLEAN)

  280.         .category(CATEGORY)

  281.         .subCategory(SUBCATEGORY)

  282.         .defaultValue(valueOf(true))

  283.         .index(index)

  284.         .build());

  285.   }

  286. }