aboutsummaryrefslogtreecommitdiffstats
path: root/server
diff options
context:
space:
mode:
authorAurelien Poscia <aurelien.poscia@sonarsource.com>2024-08-22 08:55:20 +0200
committersonartech <sonartech@sonarsource.com>2024-08-23 20:02:33 +0000
commit40a1518d8c5d7a77f63e2b3a6154219ff7f632a2 (patch)
tree1f7b12c2af8e5521de04fdd4efa7393bdbbc0d8d /server
parentda3c7f5e086e4d9c84e966cba2b74c15e72c6426 (diff)
downloadsonarqube-40a1518d8c5d7a77f63e2b3a6154219ff7f632a2.tar.gz
sonarqube-40a1518d8c5d7a77f63e2b3a6154219ff7f632a2.zip
SONAR-22807 Add default permissions mappings for GitLab in DevOps_perms_mapping table
Diffstat (limited to 'server')
-rw-r--r--server/sonar-db-migration/src/it/java/org/sonar/server/platform/db/migration/version/v107/PopulateGitlabDevopsPermissionsMappingIT.java112
-rw-r--r--server/sonar-db-migration/src/main/java/org/sonar/server/platform/db/migration/version/v107/DbVersion107.java3
-rw-r--r--server/sonar-db-migration/src/main/java/org/sonar/server/platform/db/migration/version/v107/PopulateGitlabDevOpsPermissionsMapping.java96
3 files changed, 210 insertions, 1 deletions
diff --git a/server/sonar-db-migration/src/it/java/org/sonar/server/platform/db/migration/version/v107/PopulateGitlabDevopsPermissionsMappingIT.java b/server/sonar-db-migration/src/it/java/org/sonar/server/platform/db/migration/version/v107/PopulateGitlabDevopsPermissionsMappingIT.java
new file mode 100644
index 00000000000..b3c7e3259ff
--- /dev/null
+++ b/server/sonar-db-migration/src/it/java/org/sonar/server/platform/db/migration/version/v107/PopulateGitlabDevopsPermissionsMappingIT.java
@@ -0,0 +1,112 @@
+/*
+ * SonarQube
+ * Copyright (C) 2009-2024 SonarSource SA
+ * mailto:info AT sonarsource DOT com
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 3 of the License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with this program; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+ */
+package org.sonar.server.platform.db.migration.version.v107;
+
+import java.sql.SQLException;
+import org.junit.jupiter.api.Test;
+import org.junit.jupiter.api.extension.RegisterExtension;
+import org.sonar.api.testfixtures.log.LogTesterJUnit5;
+import org.sonar.core.util.UuidFactoryFast;
+import org.sonar.db.MigrationDbTester;
+
+import static org.assertj.core.api.Assertions.assertThat;
+import static org.assertj.core.api.Assertions.tuple;
+import static org.sonar.server.platform.db.migration.version.v107.RenameGithubPermsMappingTable.DEVOPS_PERMS_MAPPING_TABLE_NAME;
+
+class PopulateGitlabDevopsPermissionsMappingIT {
+
+ @RegisterExtension
+ public final MigrationDbTester db = MigrationDbTester.createForMigrationStep(PopulateGitlabDevOpsPermissionsMapping.class);
+ @RegisterExtension
+ public final LogTesterJUnit5 logTester = new LogTesterJUnit5();
+
+ private final PopulateGitlabDevOpsPermissionsMapping migration = new PopulateGitlabDevOpsPermissionsMapping(db.database(), UuidFactoryFast.getInstance());
+
+ @Test
+ void execute_whenTableIsEmpty_shouldPopulate() throws SQLException {
+ migration.execute();
+
+ verifyMapping();
+ }
+
+ @Test
+ void execute_isReentrant() throws SQLException {
+ migration.execute();
+ migration.execute();
+
+ verifyMapping();
+ }
+
+ @Test
+ void execute_whenTableAlreadyPopulated_doesNothing() throws SQLException {
+ db.executeInsert(DEVOPS_PERMS_MAPPING_TABLE_NAME,
+ "UUID", UuidFactoryFast.getInstance().create(),
+ "devops_platform", "gitlab",
+ "devops_platform_role", "role1",
+ "sonarqube_permission", "sq_perm");
+
+ migration.execute();
+
+ assertThat(db.select("select devops_platform_role, sonarqube_permission from devops_perms_mapping"))
+ .extracting(stringObjectMap -> stringObjectMap.get("DEVOPS_PLATFORM_ROLE"), stringObjectMap -> stringObjectMap.get("SONARQUBE_PERMISSION"))
+ .containsExactly(tuple("role1", "sq_perm"));
+ }
+
+ @Test
+ void execute_whenTableAlreadyPopulatedWithGithub_appliesMigration() throws SQLException {
+ db.executeInsert(DEVOPS_PERMS_MAPPING_TABLE_NAME,
+ "UUID", UuidFactoryFast.getInstance().create(),
+ "devops_platform", "github",
+ "devops_platform_role", "role1",
+ "sonarqube_permission", "sq_perm");
+
+ migration.execute();
+
+ verifyMapping();
+ }
+
+ private void verifyMapping() {
+ assertThat(db.select("select devops_platform_role, sonarqube_permission from devops_perms_mapping where devops_platform = 'gitlab'"))
+ .extracting(stringObjectMap -> stringObjectMap.get("DEVOPS_PLATFORM_ROLE"), stringObjectMap -> stringObjectMap.get("SONARQUBE_PERMISSION"))
+ .containsExactlyInAnyOrder(
+ tuple("guest", "user"),
+ tuple("reporter", "codeviewer"),
+ tuple("reporter", "user"),
+ tuple("developer", "codeviewer"),
+ tuple("developer", "user"),
+ tuple("developer", "issueadmin"),
+ tuple("developer", "securityhotspotadmin"),
+ tuple("developer", "scan"),
+ tuple("maintainer", "codeviewer"),
+ tuple("maintainer", "user"),
+ tuple("maintainer", "issueadmin"),
+ tuple("maintainer", "securityhotspotadmin"),
+ tuple("maintainer", "scan"),
+ tuple("maintainer", "admin"),
+ tuple("owner", "codeviewer"),
+ tuple("owner", "user"),
+ tuple("owner", "issueadmin"),
+ tuple("owner", "securityhotspotadmin"),
+ tuple("owner", "scan"),
+ tuple("owner", "admin")
+ );
+ }
+
+}
diff --git a/server/sonar-db-migration/src/main/java/org/sonar/server/platform/db/migration/version/v107/DbVersion107.java b/server/sonar-db-migration/src/main/java/org/sonar/server/platform/db/migration/version/v107/DbVersion107.java
index f70a46a99d4..36c626b67a3 100644
--- a/server/sonar-db-migration/src/main/java/org/sonar/server/platform/db/migration/version/v107/DbVersion107.java
+++ b/server/sonar-db-migration/src/main/java/org/sonar/server/platform/db/migration/version/v107/DbVersion107.java
@@ -51,7 +51,8 @@ public class DbVersion107 implements DbVersion {
.add(10_7_008, "Create primary key on 'devops_perms_mapping.uuid'", CreatePrimaryKeyConstraintOnDevopsPermsMappingTable.class)
.add(10_7_009, "Drop index 'uniq_github_perm_mappings' in the 'devops_perms_mapping' table", DropIndexUniqGithubPermsMappingInDevopsPermsMappingTable.class)
.add(10_7_010, "Create uniq index on 'devops_perms_mapping' table for columns 'devops_platform_role', 'sonarqube_permission' and 'devops_platform'",
- CreateUniqueIndexOnDevopsPermsMappingTable.class);
+ CreateUniqueIndexOnDevopsPermsMappingTable.class)
+ .add(10_7_011, "Add default permissions for GitLab in 'devops_perms_mapping'", PopulateGitlabDevOpsPermissionsMapping.class);
}
}
diff --git a/server/sonar-db-migration/src/main/java/org/sonar/server/platform/db/migration/version/v107/PopulateGitlabDevOpsPermissionsMapping.java b/server/sonar-db-migration/src/main/java/org/sonar/server/platform/db/migration/version/v107/PopulateGitlabDevOpsPermissionsMapping.java
new file mode 100644
index 00000000000..667ea41dc31
--- /dev/null
+++ b/server/sonar-db-migration/src/main/java/org/sonar/server/platform/db/migration/version/v107/PopulateGitlabDevOpsPermissionsMapping.java
@@ -0,0 +1,96 @@
+/*
+ * SonarQube
+ * Copyright (C) 2009-2024 SonarSource SA
+ * mailto:info AT sonarsource DOT com
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 3 of the License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with this program; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+ */
+package org.sonar.server.platform.db.migration.version.v107;
+
+import java.sql.SQLException;
+import java.util.Map;
+import java.util.Optional;
+import java.util.Set;
+import org.sonar.core.util.UuidFactory;
+import org.sonar.db.Database;
+import org.sonar.server.platform.db.migration.step.DataChange;
+import org.sonar.server.platform.db.migration.step.Select;
+import org.sonar.server.platform.db.migration.step.Upsert;
+
+import static org.sonar.api.web.UserRole.ADMIN;
+import static org.sonar.api.web.UserRole.CODEVIEWER;
+import static org.sonar.api.web.UserRole.ISSUE_ADMIN;
+import static org.sonar.api.web.UserRole.SCAN;
+import static org.sonar.api.web.UserRole.SECURITYHOTSPOT_ADMIN;
+import static org.sonar.api.web.UserRole.USER;
+
+public class PopulateGitlabDevOpsPermissionsMapping extends DataChange {
+
+ private static final Map<String, Set<String>> GITLAB_ROLE_TO_SQ_PERMISSIONS = Map.of(
+ "guest", Set.of(USER),
+ "reporter", Set.of(USER, CODEVIEWER),
+ "developer", Set.of(USER, CODEVIEWER, ISSUE_ADMIN, SECURITYHOTSPOT_ADMIN, SCAN),
+ "maintainer", Set.of(USER, CODEVIEWER, ISSUE_ADMIN, SECURITYHOTSPOT_ADMIN, SCAN, ADMIN),
+ "owner", Set.of(USER, CODEVIEWER, ISSUE_ADMIN, SECURITYHOTSPOT_ADMIN, SCAN, ADMIN)
+ );
+
+ private static final String INSERT_QUERY = """
+ insert into devops_perms_mapping (uuid, devops_platform, devops_platform_role, sonarqube_permission)
+ values (?, ?, ?, ?)
+ """;
+
+ private final UuidFactory uuidFactory;
+
+ public PopulateGitlabDevOpsPermissionsMapping(Database db, UuidFactory uuidFactory) {
+ super(db);
+ this.uuidFactory = uuidFactory;
+ }
+
+ @Override
+ protected void execute(Context context) throws SQLException {
+ if (isDefaultMappingAlreadyDefined(context)) {
+ return;
+ }
+ try (Upsert upsert = context.prepareUpsert(INSERT_QUERY)) {
+ GITLAB_ROLE_TO_SQ_PERMISSIONS.forEach((role, permissions) -> insertGitlabRoleToSonarqubePermissionMapping(upsert, role, permissions));
+ upsert.commit();
+ }
+ }
+
+ private void insertGitlabRoleToSonarqubePermissionMapping(Upsert upsert, String role, Set<String> sonarqubePermissions) {
+ sonarqubePermissions.forEach(permission -> insertGitlabRoleToSonarqubePermissionMapping(upsert, role, permission));
+ }
+
+ private void insertGitlabRoleToSonarqubePermissionMapping(Upsert upsert, String role, String sonarqubePermission) {
+ try {
+ upsert
+ .setString(1, uuidFactory.create())
+ .setString(2, "gitlab")
+ .setString(3, role)
+ .setString(4, sonarqubePermission)
+ .execute();
+ } catch (SQLException e) {
+ throw new IllegalStateException(e);
+ }
+ }
+
+ private static boolean isDefaultMappingAlreadyDefined(Context context) throws SQLException {
+ try (Select select = context.prepareSelect("select count(*) from devops_perms_mapping where devops_platform='gitlab'")) {
+ return Optional.ofNullable(select.get(t -> t.getInt(1) > 0))
+ .orElseThrow();
+ }
+ }
+
+}