diff options
| author | Antoine Vigneau <antoine.vigneau@sonarsource.com> | 2024-01-16 15:35:59 +0100 |
|---|---|---|
| committer | sonartech <sonartech@sonarsource.com> | 2024-01-23 20:04:15 +0000 |
| commit | c6471c039ede0753dc9396bb5348939f17b30665 (patch) | |
| tree | 42e24172ddc2abed98f139146499cf0ccf4e83a9 | |
| parent | ee268b1caac7c777dbe612ef4cde8cbf15d00f26 (diff) | |
| download | sonarqube-c6471c039ede0753dc9396bb5348939f17b30665.tar.gz sonarqube-c6471c039ede0753dc9396bb5348939f17b30665.zip | |
SONAR-21413 Make provisioning groups ready to handle allowed groups
13 files changed, 144 insertions, 131 deletions
diff --git a/server/sonar-auth-gitlab/src/main/java/org/sonar/auth/gitlab/GitLabSettings.java b/server/sonar-auth-gitlab/src/main/java/org/sonar/auth/gitlab/GitLabSettings.java index 65d48a1181f..54b449e270a 100644 --- a/server/sonar-auth-gitlab/src/main/java/org/sonar/auth/gitlab/GitLabSettings.java +++ b/server/sonar-auth-gitlab/src/main/java/org/sonar/auth/gitlab/GitLabSettings.java @@ -42,9 +42,9 @@ public class GitLabSettings implements DevOpsPlatformSettings { public static final String GITLAB_AUTH_APPLICATION_ID = "sonar.auth.gitlab.applicationId.secured"; public static final String GITLAB_AUTH_SECRET = "sonar.auth.gitlab.secret.secured"; public static final String GITLAB_AUTH_ALLOW_USERS_TO_SIGNUP = "sonar.auth.gitlab.allowUsersToSignUp"; + public static final String GITLAB_AUTH_ALLOWED_GROUPS = "sonar.auth.gitlab.allowedGroups"; public static final String GITLAB_AUTH_SYNC_USER_GROUPS = "sonar.auth.gitlab.groupsSync"; public static final String GITLAB_AUTH_PROVISIONING_TOKEN = "provisioning.gitlab.token.secured"; - public static final String GITLAB_AUTH_PROVISIONING_GROUPS = "provisioning.gitlab.groups"; public static final String GITLAB_AUTH_PROVISIONING_ENABLED = "provisioning.gitlab.enabled"; private static final String CATEGORY = "authentication"; @@ -84,6 +84,10 @@ public class GitLabSettings implements DevOpsPlatformSettings { return configuration.getBoolean(GITLAB_AUTH_ALLOW_USERS_TO_SIGNUP).orElse(false); } + public Set<String> allowedGroups() { + return Set.of(configuration.getStringArray(GITLAB_AUTH_ALLOWED_GROUPS)); + } + public boolean syncUserGroups() { return configuration.getBoolean(GITLAB_AUTH_SYNC_USER_GROUPS).orElse(false); } @@ -92,10 +96,6 @@ public class GitLabSettings implements DevOpsPlatformSettings { return configuration.get(GITLAB_AUTH_PROVISIONING_TOKEN).map(Strings::emptyToNull).orElse(null); } - public Set<String> provisioningGroups() { - return Set.of(configuration.getStringArray(GITLAB_AUTH_PROVISIONING_GROUPS)); - } - @Override public String getDevOpsPlatform() { return ALM.GITLAB.getId(); @@ -154,6 +154,16 @@ public class GitLabSettings implements DevOpsPlatformSettings { .defaultValue(valueOf(true)) .index(5) .build(), + PropertyDefinition.builder(GITLAB_AUTH_ALLOWED_GROUPS) + .name("Groups allowed") + .description("Only members of these groups (and sub-groups) will be allowed to authenticate. " + + "Please enter the group slug as it appears in the GitLab URL, for instance `my-gitlab-group`. " + + "If you use Auto-provisioning, only members of these groups (and sub-groups) will be provisioned") + .multiValues(true) + .category(CATEGORY) + .subCategory(SUBCATEGORY) + .index(6) + .build(), PropertyDefinition.builder(GITLAB_AUTH_SYNC_USER_GROUPS) .deprecatedKey("sonar.auth.gitlab.sync_user_groups") .name("Synchronize user groups") @@ -163,7 +173,7 @@ public class GitLabSettings implements DevOpsPlatformSettings { .subCategory(SUBCATEGORY) .type(PropertyType.BOOLEAN) .defaultValue(valueOf(false)) - .index(6) + .index(7) .build(), PropertyDefinition.builder(GITLAB_AUTH_PROVISIONING_TOKEN) .name("Provisioning token") @@ -172,15 +182,6 @@ public class GitLabSettings implements DevOpsPlatformSettings { .category(CATEGORY) .subCategory(SUBCATEGORY) .type(PASSWORD) - .index(7) - .build(), - PropertyDefinition.builder(GITLAB_AUTH_PROVISIONING_GROUPS) - .name("Groups") - .description("Only members of these groups (and sub-groups) will be provisioned." + - " Please enter the group slug as it appears in the GitLab URL, for instance `my-gitlab-group`.") - .multiValues(true) - .category(CATEGORY) - .subCategory(SUBCATEGORY) .index(8) .build(), PropertyDefinition.builder(GITLAB_AUTH_PROVISIONING_ENABLED) diff --git a/server/sonar-auth-gitlab/src/test/java/org/sonar/auth/gitlab/GitLabSettingsTest.java b/server/sonar-auth-gitlab/src/test/java/org/sonar/auth/gitlab/GitLabSettingsTest.java index 089cad77cb8..808cf8175bc 100644 --- a/server/sonar-auth-gitlab/src/test/java/org/sonar/auth/gitlab/GitLabSettingsTest.java +++ b/server/sonar-auth-gitlab/src/test/java/org/sonar/auth/gitlab/GitLabSettingsTest.java @@ -26,11 +26,11 @@ import org.sonar.api.config.internal.MapSettings; import org.sonar.api.utils.System2; import static org.assertj.core.api.Assertions.assertThat; +import static org.sonar.auth.gitlab.GitLabSettings.GITLAB_AUTH_ALLOWED_GROUPS; import static org.sonar.auth.gitlab.GitLabSettings.GITLAB_AUTH_ALLOW_USERS_TO_SIGNUP; import static org.sonar.auth.gitlab.GitLabSettings.GITLAB_AUTH_APPLICATION_ID; import static org.sonar.auth.gitlab.GitLabSettings.GITLAB_AUTH_ENABLED; import static org.sonar.auth.gitlab.GitLabSettings.GITLAB_AUTH_PROVISIONING_ENABLED; -import static org.sonar.auth.gitlab.GitLabSettings.GITLAB_AUTH_PROVISIONING_GROUPS; import static org.sonar.auth.gitlab.GitLabSettings.GITLAB_AUTH_PROVISIONING_TOKEN; import static org.sonar.auth.gitlab.GitLabSettings.GITLAB_AUTH_SECRET; import static org.sonar.auth.gitlab.GitLabSettings.GITLAB_AUTH_SYNC_USER_GROUPS; @@ -83,8 +83,8 @@ public class GitLabSettingsTest { settings.setProperty(GITLAB_AUTH_PROVISIONING_TOKEN, "token"); assertThat(config.provisioningToken()).isEqualTo("token"); - settings.setProperty(GITLAB_AUTH_PROVISIONING_GROUPS, new String[] {"Group1", "Group2"}); - assertThat(config.provisioningGroups()).containsExactlyInAnyOrder("Group1", "Group2"); + settings.setProperty(GITLAB_AUTH_ALLOWED_GROUPS, new String[] {"Group1", "Group2"}); + assertThat(config.allowedGroups()).containsExactlyInAnyOrder("Group1", "Group2"); assertThat(config.isProvisioningEnabled()).isFalse(); settings.setProperty(GITLAB_AUTH_PROVISIONING_ENABLED, true); diff --git a/server/sonar-webserver-common/src/it/java/org/sonar/server/common/gitlab/config/GitlabConfigurationServiceIT.java b/server/sonar-webserver-common/src/it/java/org/sonar/server/common/gitlab/config/GitlabConfigurationServiceIT.java index e50fffe47e6..cb7e8cd8889 100644 --- a/server/sonar-webserver-common/src/it/java/org/sonar/server/common/gitlab/config/GitlabConfigurationServiceIT.java +++ b/server/sonar-webserver-common/src/it/java/org/sonar/server/common/gitlab/config/GitlabConfigurationServiceIT.java @@ -55,11 +55,11 @@ import static org.mockito.Mockito.verifyNoMoreInteractions; import static org.mockito.Mockito.when; import static org.sonar.alm.client.gitlab.GitlabGlobalSettingsValidator.ValidationMode.AUTH_ONLY; import static org.sonar.alm.client.gitlab.GitlabGlobalSettingsValidator.ValidationMode.COMPLETE; +import static org.sonar.auth.gitlab.GitLabSettings.GITLAB_AUTH_ALLOWED_GROUPS; import static org.sonar.auth.gitlab.GitLabSettings.GITLAB_AUTH_ALLOW_USERS_TO_SIGNUP; import static org.sonar.auth.gitlab.GitLabSettings.GITLAB_AUTH_APPLICATION_ID; import static org.sonar.auth.gitlab.GitLabSettings.GITLAB_AUTH_ENABLED; import static org.sonar.auth.gitlab.GitLabSettings.GITLAB_AUTH_PROVISIONING_ENABLED; -import static org.sonar.auth.gitlab.GitLabSettings.GITLAB_AUTH_PROVISIONING_GROUPS; import static org.sonar.auth.gitlab.GitLabSettings.GITLAB_AUTH_PROVISIONING_TOKEN; import static org.sonar.auth.gitlab.GitLabSettings.GITLAB_AUTH_SECRET; import static org.sonar.auth.gitlab.GitLabSettings.GITLAB_AUTH_SYNC_USER_GROUPS; @@ -125,7 +125,7 @@ public class GitlabConfigurationServiceIT { @Test public void getConfiguration_whenConfigurationSetAndEmpty_returnsConfig() { dbTester.properties().insertProperty(GITLAB_AUTH_ENABLED, "true", null); - dbTester.properties().insertProperty(GITLAB_AUTH_PROVISIONING_GROUPS, "", null); + dbTester.properties().insertProperty(GITLAB_AUTH_ALLOWED_GROUPS, "", null); GitlabConfiguration configuration = gitlabConfigurationService.getConfiguration("gitlab-configuration"); @@ -135,10 +135,10 @@ public class GitlabConfigurationServiceIT { assertThat(configuration.url()).isEmpty(); assertThat(configuration.secret()).isEmpty(); assertThat(configuration.synchronizeGroups()).isFalse(); + assertThat(configuration.allowedGroups()).isEmpty(); assertThat(configuration.provisioningType()).isEqualTo(JIT); assertThat(configuration.allowUsersToSignUp()).isFalse(); assertThat(configuration.provisioningToken()).isNull(); - assertThat(configuration.provisioningGroups()).isEmpty(); } @Test @@ -169,10 +169,10 @@ public class GitlabConfigurationServiceIT { .url(withValueOrThrow("url")) .secret(withValueOrThrow("secret")) .synchronizeGroups(withValueOrThrow(true)) + .allowedGroups(withValueOrThrow(new LinkedHashSet<>(List.of("group1", "group2", "group3")))) .provisioningType(withValueOrThrow(AUTO_PROVISIONING)) .allowUserToSignUp(withValueOrThrow(true)) .provisioningToken(withValueOrThrow("provisioningToken")) - .provisioningGroups(withValueOrThrow(new LinkedHashSet<>(List.of("group1", "group2", "group3")))) .build(); GitlabConfiguration gitlabConfiguration = gitlabConfigurationService.updateConfiguration(updateRequest); @@ -182,10 +182,10 @@ public class GitlabConfigurationServiceIT { verifySettingWasSet(GITLAB_AUTH_URL, "url"); verifySettingWasSet(GITLAB_AUTH_SECRET, "secret"); verifySettingWasSet(GITLAB_AUTH_SYNC_USER_GROUPS, "true"); + verifySettingWasSet(GITLAB_AUTH_ALLOWED_GROUPS, "group1,group2,group3"); verifySettingWasSet(GITLAB_AUTH_PROVISIONING_ENABLED, "true"); verifySettingWasSet(GITLAB_AUTH_ALLOW_USERS_TO_SIGNUP, "true"); verifySettingWasSet(GITLAB_AUTH_PROVISIONING_TOKEN, "provisioningToken"); - verifySettingWasSet(GITLAB_AUTH_PROVISIONING_GROUPS, "group1,group2,group3"); verify(managedInstanceService).queueSynchronisationTask(); assertConfigurationFields(gitlabConfiguration); @@ -290,10 +290,10 @@ public class GitlabConfigurationServiceIT { assertThat(configuration.url()).isEqualTo("url"); assertThat(configuration.secret()).isEqualTo("secret"); assertThat(configuration.synchronizeGroups()).isTrue(); + assertThat(configuration.allowedGroups()).containsExactlyInAnyOrder("group1", "group2", "group3"); assertThat(configuration.provisioningType()).isEqualTo(AUTO_PROVISIONING); assertThat(configuration.allowUsersToSignUp()).isTrue(); assertThat(configuration.provisioningToken()).isEqualTo("provisioningToken"); - assertThat(configuration.provisioningGroups()).containsExactlyInAnyOrder("group1", "group2", "group3"); } @Test @@ -329,10 +329,11 @@ public class GitlabConfigurationServiceIT { "url", "secret", true, - AUTO_PROVISIONING, + Set.of("group1", "group2", "group3"), true, - null, - Set.of("group1", "group2", "group3")); + AUTO_PROVISIONING, + null + ); assertThatThrownBy(() -> gitlabConfigurationService.createConfiguration(configuration)) .isInstanceOf(IllegalStateException.class) @@ -375,10 +376,11 @@ public class GitlabConfigurationServiceIT { "url", "secret", true, - JIT, + Set.of("group1", "group2", "group3"), true, - null, - Set.of("group1", "group2", "group3")); + JIT, + null + ); GitlabConfiguration createdConfiguration = gitlabConfigurationService.createConfiguration(configuration); @@ -395,11 +397,10 @@ public class GitlabConfigurationServiceIT { verifySettingWasSet(GITLAB_AUTH_URL, configuration.url()); verifySettingWasSet(GITLAB_AUTH_SECRET, configuration.secret()); verifySettingWasSet(GITLAB_AUTH_SYNC_USER_GROUPS, String.valueOf(configuration.synchronizeGroups())); + verifySettingWasSet(GITLAB_AUTH_ALLOWED_GROUPS, String.join(",", configuration.allowedGroups())); verifySettingWasSet(GITLAB_AUTH_ALLOW_USERS_TO_SIGNUP, String.valueOf(configuration.allowUsersToSignUp())); verifySettingWasSet(GITLAB_AUTH_PROVISIONING_TOKEN, Strings.nullToEmpty(configuration.provisioningToken())); - verifySettingWasSet(GITLAB_AUTH_PROVISIONING_GROUPS, String.join(",", configuration.provisioningGroups())); - verifySettingWasSet(GITLAB_AUTH_PROVISIONING_ENABLED, - String.valueOf(configuration.provisioningType().equals(AUTO_PROVISIONING))); + verifySettingWasSet(GITLAB_AUTH_PROVISIONING_ENABLED, String.valueOf(configuration.provisioningType().equals(AUTO_PROVISIONING))); } private void verifySettingWasSet(String setting, @Nullable String value) { @@ -434,10 +435,10 @@ public class GitlabConfigurationServiceIT { assertPropertyIsDeleted(GITLAB_AUTH_URL); assertPropertyIsDeleted(GITLAB_AUTH_SECRET); assertPropertyIsDeleted(GITLAB_AUTH_SYNC_USER_GROUPS); + assertPropertyIsDeleted(GITLAB_AUTH_ALLOWED_GROUPS); assertPropertyIsDeleted(GITLAB_AUTH_PROVISIONING_ENABLED); assertPropertyIsDeleted(GITLAB_AUTH_ALLOW_USERS_TO_SIGNUP); assertPropertyIsDeleted(GITLAB_AUTH_PROVISIONING_TOKEN); - assertPropertyIsDeleted(GITLAB_AUTH_PROVISIONING_GROUPS); assertThat(dbTester.getDbClient().externalGroupDao().selectByIdentityProvider(dbTester.getSession(), GitLabIdentityProvider.KEY)).isEmpty(); } @@ -538,10 +539,10 @@ public class GitlabConfigurationServiceIT { when(gitlabConfiguration.url()).thenReturn("url"); when(gitlabConfiguration.secret()).thenReturn("secret"); when(gitlabConfiguration.synchronizeGroups()).thenReturn(true); + when(gitlabConfiguration.allowedGroups()).thenReturn(new LinkedHashSet<>(Set.of("group1", "group2", "group3"))); when(gitlabConfiguration.provisioningType()).thenReturn(provisioningType); when(gitlabConfiguration.allowUsersToSignUp()).thenReturn(true); when(gitlabConfiguration.provisioningToken()).thenReturn("provisioningToken"); - when(gitlabConfiguration.provisioningGroups()).thenReturn(new LinkedHashSet<>(Set.of("group1", "group2", "group3"))); return gitlabConfiguration; } @@ -552,9 +553,9 @@ public class GitlabConfigurationServiceIT { assertThat(actualConfiguration.url()).isEqualTo(expectedConfiguration.url()); assertThat(actualConfiguration.secret()).isEqualTo(expectedConfiguration.secret()); assertThat(actualConfiguration.synchronizeGroups()).isEqualTo(expectedConfiguration.synchronizeGroups()); + assertThat(actualConfiguration.allowedGroups()).containsExactlyInAnyOrderElementsOf(expectedConfiguration.allowedGroups()); assertThat(actualConfiguration.provisioningType()).isEqualTo(expectedConfiguration.provisioningType()); assertThat(actualConfiguration.allowUsersToSignUp()).isEqualTo(expectedConfiguration.allowUsersToSignUp()); assertThat(actualConfiguration.provisioningToken()).isEqualTo(expectedConfiguration.provisioningToken()); - assertThat(actualConfiguration.provisioningGroups()).containsExactlyInAnyOrderElementsOf(expectedConfiguration.provisioningGroups()); } } diff --git a/server/sonar-webserver-common/src/main/java/org/sonar/server/common/gitlab/config/GitlabConfiguration.java b/server/sonar-webserver-common/src/main/java/org/sonar/server/common/gitlab/config/GitlabConfiguration.java index b6c71aac7c1..32d39b04985 100644 --- a/server/sonar-webserver-common/src/main/java/org/sonar/server/common/gitlab/config/GitlabConfiguration.java +++ b/server/sonar-webserver-common/src/main/java/org/sonar/server/common/gitlab/config/GitlabConfiguration.java @@ -35,13 +35,14 @@ public record GitlabConfiguration( boolean synchronizeGroups, - ProvisioningType provisioningType, + Set<String> allowedGroups, boolean allowUsersToSignUp, + ProvisioningType provisioningType, + @Nullable - String provisioningToken, + String provisioningToken - Set<String> provisioningGroups ) { } diff --git a/server/sonar-webserver-common/src/main/java/org/sonar/server/common/gitlab/config/GitlabConfigurationService.java b/server/sonar-webserver-common/src/main/java/org/sonar/server/common/gitlab/config/GitlabConfigurationService.java index 5df75318455..214c196133d 100644 --- a/server/sonar-webserver-common/src/main/java/org/sonar/server/common/gitlab/config/GitlabConfigurationService.java +++ b/server/sonar-webserver-common/src/main/java/org/sonar/server/common/gitlab/config/GitlabConfigurationService.java @@ -43,11 +43,11 @@ import static org.apache.commons.lang.StringUtils.isNotBlank; import static org.sonar.alm.client.gitlab.GitlabGlobalSettingsValidator.ValidationMode.AUTH_ONLY; import static org.sonar.alm.client.gitlab.GitlabGlobalSettingsValidator.ValidationMode.COMPLETE; import static org.sonar.api.utils.Preconditions.checkState; +import static org.sonar.auth.gitlab.GitLabSettings.GITLAB_AUTH_ALLOWED_GROUPS; import static org.sonar.auth.gitlab.GitLabSettings.GITLAB_AUTH_ALLOW_USERS_TO_SIGNUP; import static org.sonar.auth.gitlab.GitLabSettings.GITLAB_AUTH_APPLICATION_ID; import static org.sonar.auth.gitlab.GitLabSettings.GITLAB_AUTH_ENABLED; import static org.sonar.auth.gitlab.GitLabSettings.GITLAB_AUTH_PROVISIONING_ENABLED; -import static org.sonar.auth.gitlab.GitLabSettings.GITLAB_AUTH_PROVISIONING_GROUPS; import static org.sonar.auth.gitlab.GitLabSettings.GITLAB_AUTH_PROVISIONING_TOKEN; import static org.sonar.auth.gitlab.GitLabSettings.GITLAB_AUTH_SECRET; import static org.sonar.auth.gitlab.GitLabSettings.GITLAB_AUTH_SYNC_USER_GROUPS; @@ -65,10 +65,10 @@ public class GitlabConfigurationService { GITLAB_AUTH_URL, GITLAB_AUTH_SECRET, GITLAB_AUTH_SYNC_USER_GROUPS, + GITLAB_AUTH_ALLOWED_GROUPS, GITLAB_AUTH_PROVISIONING_ENABLED, GITLAB_AUTH_ALLOW_USERS_TO_SIGNUP, - GITLAB_AUTH_PROVISIONING_TOKEN, - GITLAB_AUTH_PROVISIONING_GROUPS); + GITLAB_AUTH_PROVISIONING_TOKEN); public static final String UNIQUE_GITLAB_CONFIGURATION_ID = "gitlab-configuration"; private final DbClient dbClient; @@ -95,10 +95,10 @@ public class GitlabConfigurationService { setIfDefined(dbSession, GITLAB_AUTH_URL, updateRequest.url()); setIfDefined(dbSession, GITLAB_AUTH_SECRET, updateRequest.secret()); setIfDefined(dbSession, GITLAB_AUTH_SYNC_USER_GROUPS, updateRequest.synchronizeGroups().map(String::valueOf)); + setIfDefined(dbSession, GITLAB_AUTH_ALLOWED_GROUPS, updateRequest.allowedGroups().map(groups -> String.join(",", groups))); setIfDefined(dbSession, GITLAB_AUTH_PROVISIONING_ENABLED, provisioningEnabled.map(String::valueOf)); setIfDefined(dbSession, GITLAB_AUTH_ALLOW_USERS_TO_SIGNUP, updateRequest.allowUsersToSignUp().map(String::valueOf)); setIfDefined(dbSession, GITLAB_AUTH_PROVISIONING_TOKEN, updateRequest.provisioningToken()); - setIfDefined(dbSession, GITLAB_AUTH_PROVISIONING_GROUPS, updateRequest.provisioningGroups().map(groups -> String.join(",", groups))); boolean shouldTriggerProvisioning = provisioningEnabled.orElse(false) && !currentConfiguration.provisioningType().equals(AUTO_PROVISIONING); deleteExternalGroupsWhenDisablingAutoProvisioning(dbSession, currentConfiguration, updateRequest.provisioningType()); @@ -196,10 +196,10 @@ public class GitlabConfigurationService { setProperty(dbSession, GITLAB_AUTH_URL, configuration.url()); setProperty(dbSession, GITLAB_AUTH_SECRET, configuration.secret()); setProperty(dbSession, GITLAB_AUTH_SYNC_USER_GROUPS, String.valueOf(configuration.synchronizeGroups())); + setProperty(dbSession, GITLAB_AUTH_ALLOWED_GROUPS, String.join(",", configuration.allowedGroups())); setProperty(dbSession, GITLAB_AUTH_PROVISIONING_ENABLED, String.valueOf(enableAutoProvisioning)); setProperty(dbSession, GITLAB_AUTH_ALLOW_USERS_TO_SIGNUP, String.valueOf(configuration.allowUsersToSignUp())); setProperty(dbSession, GITLAB_AUTH_PROVISIONING_TOKEN, configuration.provisioningToken()); - setProperty(dbSession, GITLAB_AUTH_PROVISIONING_GROUPS, String.join(",", configuration.provisioningGroups())); if (enableAutoProvisioning) { triggerRun(configuration); } @@ -234,15 +234,15 @@ public class GitlabConfigurationService { getStringPropertyOrEmpty(dbSession, GITLAB_AUTH_URL), getStringPropertyOrEmpty(dbSession, GITLAB_AUTH_SECRET), getBooleanOrFalse(dbSession, GITLAB_AUTH_SYNC_USER_GROUPS), - toProvisioningType(getBooleanOrFalse(dbSession, GITLAB_AUTH_PROVISIONING_ENABLED)), + getAllowedGroups(dbSession), getBooleanOrFalse(dbSession, GITLAB_AUTH_ALLOW_USERS_TO_SIGNUP), - getStringPropertyOrNull(dbSession, GITLAB_AUTH_PROVISIONING_TOKEN), - getProvisioningGroups(dbSession) + toProvisioningType(getBooleanOrFalse(dbSession, GITLAB_AUTH_PROVISIONING_ENABLED)), + getStringPropertyOrNull(dbSession, GITLAB_AUTH_PROVISIONING_TOKEN) ); } - private Set<String> getProvisioningGroups(DbSession dbSession) { - return Optional.ofNullable(dbClient.propertiesDao().selectGlobalProperty(dbSession, GITLAB_AUTH_PROVISIONING_GROUPS)) + private Set<String> getAllowedGroups(DbSession dbSession) { + return Optional.ofNullable(dbClient.propertiesDao().selectGlobalProperty(dbSession, GITLAB_AUTH_ALLOWED_GROUPS)) .map(dto -> Arrays.stream(dto.getValue().split(",")) .filter(s -> !s.isEmpty()) .collect(Collectors.toSet()) diff --git a/server/sonar-webserver-common/src/main/java/org/sonar/server/common/gitlab/config/UpdateGitlabConfigurationRequest.java b/server/sonar-webserver-common/src/main/java/org/sonar/server/common/gitlab/config/UpdateGitlabConfigurationRequest.java index dd2f17ad125..23fd0ef2d56 100644 --- a/server/sonar-webserver-common/src/main/java/org/sonar/server/common/gitlab/config/UpdateGitlabConfigurationRequest.java +++ b/server/sonar-webserver-common/src/main/java/org/sonar/server/common/gitlab/config/UpdateGitlabConfigurationRequest.java @@ -30,10 +30,10 @@ public record UpdateGitlabConfigurationRequest( NonNullUpdatedValue<String> url, NonNullUpdatedValue<String> secret, NonNullUpdatedValue<Boolean> synchronizeGroups, - NonNullUpdatedValue<ProvisioningType> provisioningType, + NonNullUpdatedValue<Set<String>> allowedGroups, NonNullUpdatedValue<Boolean> allowUsersToSignUp, UpdatedValue<String> provisioningToken, - NonNullUpdatedValue<Set<String>> provisioningGroups + NonNullUpdatedValue<ProvisioningType> provisioningType ) { public static Builder builder() { @@ -47,10 +47,10 @@ public record UpdateGitlabConfigurationRequest( private NonNullUpdatedValue<String> url = NonNullUpdatedValue.undefined(); private NonNullUpdatedValue<String> secret = NonNullUpdatedValue.undefined(); private NonNullUpdatedValue<Boolean> synchronizeGroups = NonNullUpdatedValue.undefined(); + private NonNullUpdatedValue<Set<String>> allowedGroups = NonNullUpdatedValue.undefined(); private NonNullUpdatedValue<ProvisioningType> provisioningType = NonNullUpdatedValue.undefined(); private NonNullUpdatedValue<Boolean> allowUserToSignUp = NonNullUpdatedValue.undefined(); private UpdatedValue<String> provisioningToken = UpdatedValue.undefined(); - private NonNullUpdatedValue<Set<String>> provisioningGroups = NonNullUpdatedValue.undefined(); private Builder() { } @@ -85,6 +85,11 @@ public record UpdateGitlabConfigurationRequest( return this; } + public Builder allowedGroups(NonNullUpdatedValue<Set<String>> allowedGroups) { + this.allowedGroups = allowedGroups; + return this; + } + public Builder provisioningType(NonNullUpdatedValue<ProvisioningType> provisioningType) { this.provisioningType = provisioningType; return this; @@ -100,14 +105,10 @@ public record UpdateGitlabConfigurationRequest( return this; } - public Builder provisioningGroups(NonNullUpdatedValue<Set<String>> provisioningGroups) { - this.provisioningGroups = provisioningGroups; - return this; - } - public UpdateGitlabConfigurationRequest build() { - return new UpdateGitlabConfigurationRequest(gitlabConfigurationId, enabled, applicationId, url, secret, synchronizeGroups, provisioningType, allowUserToSignUp, - provisioningToken, provisioningGroups); + return new UpdateGitlabConfigurationRequest(gitlabConfigurationId, enabled, applicationId, url, secret, synchronizeGroups, allowedGroups, allowUserToSignUp, + provisioningToken, provisioningType + ); } } } diff --git a/server/sonar-webserver-webapi-v2/src/main/java/org/sonar/server/v2/api/gitlab/config/controller/DefaultGitlabConfigurationController.java b/server/sonar-webserver-webapi-v2/src/main/java/org/sonar/server/v2/api/gitlab/config/controller/DefaultGitlabConfigurationController.java index 4a0c1b4b9db..e1adcb057ee 100644 --- a/server/sonar-webserver-webapi-v2/src/main/java/org/sonar/server/v2/api/gitlab/config/controller/DefaultGitlabConfigurationController.java +++ b/server/sonar-webserver-webapi-v2/src/main/java/org/sonar/server/v2/api/gitlab/config/controller/DefaultGitlabConfigurationController.java @@ -81,10 +81,11 @@ public class DefaultGitlabConfigurationController implements GitlabConfiguration createRestRequest.url(), createRestRequest.secret(), createRestRequest.synchronizeGroups(), - toProvisioningType(createRestRequest.provisioningType()), + Set.copyOf(createRestRequest.allowedGroups()), createRestRequest.allowUsersToSignUp() != null && createRestRequest.allowUsersToSignUp(), - createRestRequest.provisioningToken(), - createRestRequest.provisioningGroups() == null ? Set.of() : Set.copyOf(createRestRequest.provisioningGroups())); + toProvisioningType(createRestRequest.provisioningType()), + createRestRequest.provisioningToken() + ); } private GitlabConfigurationResource getGitlabConfigurationResource(String id) { @@ -107,10 +108,10 @@ public class DefaultGitlabConfigurationController implements GitlabConfiguration .url(updateRequest.getUrl().toNonNullUpdatedValue()) .secret(updateRequest.getSecret().toNonNullUpdatedValue()) .synchronizeGroups(updateRequest.getSynchronizeGroups().toNonNullUpdatedValue()) + .allowedGroups(updateRequest.getAllowedGroups().map(DefaultGitlabConfigurationController::getGroups).toNonNullUpdatedValue()) .provisioningType(updateRequest.getProvisioningType().map(DefaultGitlabConfigurationController::toProvisioningType).toNonNullUpdatedValue()) .allowUserToSignUp(updateRequest.getAllowUsersToSignUp().toNonNullUpdatedValue()) .provisioningToken(updateRequest.getProvisioningToken().toUpdatedValue()) - .provisioningGroups(updateRequest.getProvisioningGroups().map(DefaultGitlabConfigurationController::getGroups).toNonNullUpdatedValue()) .build(); } @@ -126,9 +127,9 @@ public class DefaultGitlabConfigurationController implements GitlabConfiguration configuration.applicationId(), configuration.url(), configuration.synchronizeGroups(), - toRestProvisioningType(configuration), + sortGroups(configuration.allowedGroups()), configuration.allowUsersToSignUp(), - sortGroups(configuration.provisioningGroups()), + toRestProvisioningType(configuration), configurationError.orElse(null) ); } diff --git a/server/sonar-webserver-webapi-v2/src/main/java/org/sonar/server/v2/api/gitlab/config/request/GitlabConfigurationCreateRestRequest.java b/server/sonar-webserver-webapi-v2/src/main/java/org/sonar/server/v2/api/gitlab/config/request/GitlabConfigurationCreateRestRequest.java index 848e073f9e7..b4c92f862e2 100644 --- a/server/sonar-webserver-webapi-v2/src/main/java/org/sonar/server/v2/api/gitlab/config/request/GitlabConfigurationCreateRestRequest.java +++ b/server/sonar-webserver-webapi-v2/src/main/java/org/sonar/server/v2/api/gitlab/config/request/GitlabConfigurationCreateRestRequest.java @@ -36,9 +36,11 @@ public record GitlabConfigurationCreateRestRequest( @NotEmpty @Schema(description = "Gitlab Application id") String applicationId, + @NotEmpty @Schema(description = "Url of Gitlab instance for authentication (for instance https://gitlab.com)") String url, + @NotEmpty @Schema(accessMode = Schema.AccessMode.WRITE_ONLY, description = "Secret of the application") String secret, @@ -47,6 +49,10 @@ public record GitlabConfigurationCreateRestRequest( @Schema(description = "Set whether to synchronize groups") Boolean synchronizeGroups, + @NotEmpty + @ArraySchema(arraySchema = @Schema(description = "GitLab groups allowed to authenticate and provisioned (for Auto-Provisioning only). Subgroups will automatically be included")) + List<String> allowedGroups, + @NotNull @Schema(description = "Type of synchronization") ProvisioningType provisioningType, @@ -57,10 +63,6 @@ public record GitlabConfigurationCreateRestRequest( @Schema(description = "Allow user to sign up") @Nullable - Boolean allowUsersToSignUp, - - @ArraySchema(arraySchema = @Schema(description = "Root GitLab groups to provision.")) - @Nullable - List<String> provisioningGroups + Boolean allowUsersToSignUp ) { } diff --git a/server/sonar-webserver-webapi-v2/src/main/java/org/sonar/server/v2/api/gitlab/config/request/GitlabConfigurationUpdateRestRequest.java b/server/sonar-webserver-webapi-v2/src/main/java/org/sonar/server/v2/api/gitlab/config/request/GitlabConfigurationUpdateRestRequest.java index 149be458a36..6bc9f941b0d 100644 --- a/server/sonar-webserver-webapi-v2/src/main/java/org/sonar/server/v2/api/gitlab/config/request/GitlabConfigurationUpdateRestRequest.java +++ b/server/sonar-webserver-webapi-v2/src/main/java/org/sonar/server/v2/api/gitlab/config/request/GitlabConfigurationUpdateRestRequest.java @@ -33,10 +33,10 @@ public class GitlabConfigurationUpdateRestRequest { private UpdateField<String> url = UpdateField.undefined(); private UpdateField<String> secret = UpdateField.undefined(); private UpdateField<Boolean> synchronizeGroups = UpdateField.undefined(); + private UpdateField<List<String>> allowedGroups = UpdateField.undefined(); private UpdateField<ProvisioningType> provisioningType = UpdateField.undefined(); private UpdateField<Boolean> allowUsersToSignUp = UpdateField.undefined(); private UpdateField<String> provisioningToken = UpdateField.undefined(); - private UpdateField<List<String>> provisioningGroups = UpdateField.undefined(); @Schema(implementation = Boolean.class, description = "Enable Gitlab authentication") public UpdateField<Boolean> getEnabled() { @@ -83,6 +83,15 @@ public class GitlabConfigurationUpdateRestRequest { this.synchronizeGroups = UpdateField.withValue(synchronizeGroups); } + @ArraySchema(arraySchema = @Schema(description = "Root Gitlab groups allowed to authenticate and provisioned"), schema = @Schema(implementation = String.class)) + public UpdateField<List<String>> getAllowedGroups() { + return allowedGroups; + } + + public void setAllowedGroups(List<String> allowedGroups) { + this.allowedGroups = UpdateField.withValue(allowedGroups); + } + @Schema(implementation = ProvisioningType.class, description = "Type of synchronization") public UpdateField<ProvisioningType> getProvisioningType() { return provisioningType; @@ -110,13 +119,4 @@ public class GitlabConfigurationUpdateRestRequest { public void setProvisioningToken(String provisioningToken) { this.provisioningToken = UpdateField.withValue(provisioningToken); } - - @ArraySchema(arraySchema = @Schema(description = "Root gitlab groups to provision."), schema = @Schema(implementation = String.class)) - public UpdateField<List<String>> getProvisioningGroups() { - return provisioningGroups; - } - - public void setProvisioningGroups(List<String> provisioningGroups) { - this.provisioningGroups = UpdateField.withValue(provisioningGroups); - } } diff --git a/server/sonar-webserver-webapi-v2/src/main/java/org/sonar/server/v2/api/gitlab/config/resource/GitlabConfigurationResource.java b/server/sonar-webserver-webapi-v2/src/main/java/org/sonar/server/v2/api/gitlab/config/resource/GitlabConfigurationResource.java index 79bfaf3972f..749c0515201 100644 --- a/server/sonar-webserver-webapi-v2/src/main/java/org/sonar/server/v2/api/gitlab/config/resource/GitlabConfigurationResource.java +++ b/server/sonar-webserver-webapi-v2/src/main/java/org/sonar/server/v2/api/gitlab/config/resource/GitlabConfigurationResource.java @@ -38,12 +38,12 @@ public record GitlabConfigurationResource( boolean synchronizeGroups, - ProvisioningType provisioningType, + @Schema(description = "Root Gitlab groups allowed to authenticate and provisioned") + List<String> allowedGroups, boolean allowUsersToSignUp, - @Schema(description = "Root Gitlab groups to provision") - List<String> provisioningGroups, + ProvisioningType provisioningType, @Schema(accessMode = Schema.AccessMode.READ_ONLY, description = "In case the GitLab configuration is incorrect, error message") @Nullable diff --git a/server/sonar-webserver-webapi-v2/src/test/java/org/sonar/server/v2/api/gitlab/config/DefaultGitlabConfigurationControllerTest.java b/server/sonar-webserver-webapi-v2/src/test/java/org/sonar/server/v2/api/gitlab/config/DefaultGitlabConfigurationControllerTest.java index 64a790887f8..3cef1d97d1d 100644 --- a/server/sonar-webserver-webapi-v2/src/test/java/org/sonar/server/v2/api/gitlab/config/DefaultGitlabConfigurationControllerTest.java +++ b/server/sonar-webserver-webapi-v2/src/test/java/org/sonar/server/v2/api/gitlab/config/DefaultGitlabConfigurationControllerTest.java @@ -69,20 +69,23 @@ public class DefaultGitlabConfigurationControllerTest { "www.url.com", "secret", true, - AUTO_PROVISIONING, + Set.of("group1", "group2"), true, - "provisioning-token", - Set.of("provisioning-group2", "provisioning-group1")); + AUTO_PROVISIONING, + "provisioning-token" + ); + private static final GitlabConfigurationResource EXPECTED_GITLAB_CONF_RESOURCE = new GitlabConfigurationResource( GITLAB_CONFIGURATION.id(), GITLAB_CONFIGURATION.enabled(), GITLAB_CONFIGURATION.applicationId(), GITLAB_CONFIGURATION.url(), GITLAB_CONFIGURATION.synchronizeGroups(), - org.sonar.server.v2.api.gitlab.config.resource.ProvisioningType.valueOf(GITLAB_CONFIGURATION.provisioningType().name()), + List.of("group1", "group2"), GITLAB_CONFIGURATION.allowUsersToSignUp(), - List.of("provisioning-group1", "provisioning-group2"), + org.sonar.server.v2.api.gitlab.config.resource.ProvisioningType.valueOf(GITLAB_CONFIGURATION.provisioningType().name()), "error-message"); + private static final String EXPECTED_CONFIGURATION = """ { "id": "existing-id", @@ -90,12 +93,12 @@ public class DefaultGitlabConfigurationControllerTest { "applicationId": "application-id", "url": "www.url.com", "synchronizeGroups": true, + "allowedGroups": [ + "group1", + "group2" + ], "provisioningType": "AUTO_PROVISIONING", "allowUsersToSignUp": true, - "provisioningGroups": [ - "provisioning-group2", - "provisioning-group1" - ], "errorMessage": "error-message" } """; @@ -200,13 +203,13 @@ public class DefaultGitlabConfigurationControllerTest { "url": "www.url.com", "secret": "newSecret", "synchronizeGroups": true, + "allowedGroups": [ + "group1", + "group2" + ], "provisioningType": "AUTO_PROVISIONING", "allowUsersToSignUp": true, - "provisioningToken": "token", - "provisioningGroups": [ - "provisioning-group2", - "provisioning-group1" - ] + "provisioningToken": "token" } """; @@ -224,10 +227,11 @@ public class DefaultGitlabConfigurationControllerTest { NonNullUpdatedValue.withValueOrThrow("www.url.com"), NonNullUpdatedValue.withValueOrThrow("newSecret"), NonNullUpdatedValue.withValueOrThrow(true), - NonNullUpdatedValue.withValueOrThrow(AUTO_PROVISIONING), + NonNullUpdatedValue.withValueOrThrow(Set.of("group1", "group2")), NonNullUpdatedValue.withValueOrThrow(true), UpdatedValue.withValue("token"), - NonNullUpdatedValue.withValueOrThrow(Set.of("provisioning-group2", "provisioning-group1")))); + NonNullUpdatedValue.withValueOrThrow(AUTO_PROVISIONING) + )); } @Test @@ -258,10 +262,8 @@ public class DefaultGitlabConfigurationControllerTest { NonNullUpdatedValue.undefined(), NonNullUpdatedValue.undefined(), NonNullUpdatedValue.undefined(), - NonNullUpdatedValue.withValueOrThrow(JIT), - NonNullUpdatedValue.withValueOrThrow(false), - UpdatedValue.withValue(null), - NonNullUpdatedValue.undefined())); + NonNullUpdatedValue.undefined(), NonNullUpdatedValue.withValueOrThrow(false), UpdatedValue.withValue(null), NonNullUpdatedValue.withValueOrThrow(JIT) + )); } @Test @@ -278,12 +280,12 @@ public class DefaultGitlabConfigurationControllerTest { "url": "www.url.com", "secret": "123", "synchronizeGroups": true, + "allowedGroups": [ + "group1", + "group2" + ], "provisioningType": "AUTO_PROVISIONING", - "allowUsersToSignUp": true, - "provisioningGroups": [ - "provisioning-group2", - "provisioning-group1" - ] + "allowUsersToSignUp": true } """)) .andExpectAll( @@ -306,12 +308,12 @@ public class DefaultGitlabConfigurationControllerTest { "secret": "123", "url": "www.url.com", "synchronizeGroups": true, + "allowedGroups": [ + "group1", + "group2" + ], "provisioningType": "AUTO_PROVISIONING", - "allowUsersToSignUp": true, - "provisioningGroups": [ - "provisioning-group2", - "provisioning-group1" - ] + "allowUsersToSignUp": true } """)) @@ -324,12 +326,12 @@ public class DefaultGitlabConfigurationControllerTest { "applicationId": "application-id", "url": "www.url.com", "synchronizeGroups": true, + "allowedGroups": [ + "group1", + "group2" + ], "provisioningType": "AUTO_PROVISIONING", - "allowUsersToSignUp": true, - "provisioningGroups": [ - "provisioning-group2", - "provisioning-group1" - ] + "allowUsersToSignUp": true } """)); @@ -349,6 +351,10 @@ public class DefaultGitlabConfigurationControllerTest { "secret": "123", "url": "www.url.com", "synchronizeGroups": true, + "allowedGroups": [ + "group1", + "group2" + ], "provisioningType": "AUTO_PROVISIONING" } @@ -362,12 +368,12 @@ public class DefaultGitlabConfigurationControllerTest { "applicationId": "application-id", "url": "www.url.com", "synchronizeGroups": true, + "allowedGroups": [ + "group1", + "group2" + ], "provisioningType": "AUTO_PROVISIONING", - "allowUsersToSignUp": true, - "provisioningGroups": [ - "provisioning-group2", - "provisioning-group1" - ] + "allowUsersToSignUp": true } """)); @@ -386,12 +392,12 @@ public class DefaultGitlabConfigurationControllerTest { "applicationId": "application-id", "url": "www.url.com", "synchronizeGroups": true, + "allowedGroups": [ + "group1", + "group2" + ], "provisioningType": "AUTO_PROVISIONING", - "allowUsersToSignUp": true, - "provisioningGroups": [ - "provisioning-group2", - "provisioning-group1" - ] + "allowUsersToSignUp": true } """)) .andExpectAll( diff --git a/sonar-ws/src/main/java/org/sonarqube/ws/client/gitlab/configuration/GitlabConfiguration.java b/sonar-ws/src/main/java/org/sonarqube/ws/client/gitlab/configuration/GitlabConfiguration.java index 9bc3fbe3efb..5a50500911a 100644 --- a/sonar-ws/src/main/java/org/sonarqube/ws/client/gitlab/configuration/GitlabConfiguration.java +++ b/sonar-ws/src/main/java/org/sonarqube/ws/client/gitlab/configuration/GitlabConfiguration.java @@ -21,5 +21,5 @@ package org.sonarqube.ws.client.gitlab.configuration; public record GitlabConfiguration(boolean enabled, String applicationId, String url, String secret, boolean synchronizeGroups, String provisioningType, boolean allowUsersToSignUp, String provisioningToken, - String singleProvisioningGroup) { + String singleAllowedGroup) { } diff --git a/sonar-ws/src/main/java/org/sonarqube/ws/client/gitlab/configuration/GitlabConfigurationService.java b/sonar-ws/src/main/java/org/sonarqube/ws/client/gitlab/configuration/GitlabConfigurationService.java index b0f530395d7..4082c0adf1a 100644 --- a/sonar-ws/src/main/java/org/sonarqube/ws/client/gitlab/configuration/GitlabConfigurationService.java +++ b/sonar-ws/src/main/java/org/sonarqube/ws/client/gitlab/configuration/GitlabConfigurationService.java @@ -45,11 +45,11 @@ public class GitlabConfigurationService extends BaseService { "provisioningType": "%s", "allowUsersToSignUp": "%s", "provisioningToken": "%s", - "provisioningGroups": ["%s"] + "allowedGroups": ["%s"] } """, gitlabConfiguration.enabled(), gitlabConfiguration.applicationId(), gitlabConfiguration.url(), gitlabConfiguration.secret(), gitlabConfiguration.synchronizeGroups(), gitlabConfiguration.provisioningType(), gitlabConfiguration.allowUsersToSignUp(), - gitlabConfiguration.provisioningToken(), gitlabConfiguration.singleProvisioningGroup()); + gitlabConfiguration.provisioningToken(), gitlabConfiguration.singleAllowedGroup()); WsResponse response = call( new PostRequest(path()).setBody(body) ); |