diff options
author | Aurelien Poscia <aurelien.poscia@sonarsource.com> | 2024-08-22 08:55:20 +0200 |
---|---|---|
committer | sonartech <sonartech@sonarsource.com> | 2024-08-23 20:02:33 +0000 |
commit | 40a1518d8c5d7a77f63e2b3a6154219ff7f632a2 (patch) | |
tree | 1f7b12c2af8e5521de04fdd4efa7393bdbbc0d8d /server | |
parent | da3c7f5e086e4d9c84e966cba2b74c15e72c6426 (diff) | |
download | sonarqube-40a1518d8c5d7a77f63e2b3a6154219ff7f632a2.tar.gz sonarqube-40a1518d8c5d7a77f63e2b3a6154219ff7f632a2.zip |
SONAR-22807 Add default permissions mappings for GitLab in DevOps_perms_mapping table
Diffstat (limited to 'server')
3 files changed, 210 insertions, 1 deletions
diff --git a/server/sonar-db-migration/src/it/java/org/sonar/server/platform/db/migration/version/v107/PopulateGitlabDevopsPermissionsMappingIT.java b/server/sonar-db-migration/src/it/java/org/sonar/server/platform/db/migration/version/v107/PopulateGitlabDevopsPermissionsMappingIT.java new file mode 100644 index 00000000000..b3c7e3259ff --- /dev/null +++ b/server/sonar-db-migration/src/it/java/org/sonar/server/platform/db/migration/version/v107/PopulateGitlabDevopsPermissionsMappingIT.java @@ -0,0 +1,112 @@ +/* + * SonarQube + * Copyright (C) 2009-2024 SonarSource SA + * mailto:info AT sonarsource DOT com + * + * This program is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 3 of the License, or (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public License + * along with this program; if not, write to the Free Software Foundation, + * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. + */ +package org.sonar.server.platform.db.migration.version.v107; + +import java.sql.SQLException; +import org.junit.jupiter.api.Test; +import org.junit.jupiter.api.extension.RegisterExtension; +import org.sonar.api.testfixtures.log.LogTesterJUnit5; +import org.sonar.core.util.UuidFactoryFast; +import org.sonar.db.MigrationDbTester; + +import static org.assertj.core.api.Assertions.assertThat; +import static org.assertj.core.api.Assertions.tuple; +import static org.sonar.server.platform.db.migration.version.v107.RenameGithubPermsMappingTable.DEVOPS_PERMS_MAPPING_TABLE_NAME; + +class PopulateGitlabDevopsPermissionsMappingIT { + + @RegisterExtension + public final MigrationDbTester db = MigrationDbTester.createForMigrationStep(PopulateGitlabDevOpsPermissionsMapping.class); + @RegisterExtension + public final LogTesterJUnit5 logTester = new LogTesterJUnit5(); + + private final PopulateGitlabDevOpsPermissionsMapping migration = new PopulateGitlabDevOpsPermissionsMapping(db.database(), UuidFactoryFast.getInstance()); + + @Test + void execute_whenTableIsEmpty_shouldPopulate() throws SQLException { + migration.execute(); + + verifyMapping(); + } + + @Test + void execute_isReentrant() throws SQLException { + migration.execute(); + migration.execute(); + + verifyMapping(); + } + + @Test + void execute_whenTableAlreadyPopulated_doesNothing() throws SQLException { + db.executeInsert(DEVOPS_PERMS_MAPPING_TABLE_NAME, + "UUID", UuidFactoryFast.getInstance().create(), + "devops_platform", "gitlab", + "devops_platform_role", "role1", + "sonarqube_permission", "sq_perm"); + + migration.execute(); + + assertThat(db.select("select devops_platform_role, sonarqube_permission from devops_perms_mapping")) + .extracting(stringObjectMap -> stringObjectMap.get("DEVOPS_PLATFORM_ROLE"), stringObjectMap -> stringObjectMap.get("SONARQUBE_PERMISSION")) + .containsExactly(tuple("role1", "sq_perm")); + } + + @Test + void execute_whenTableAlreadyPopulatedWithGithub_appliesMigration() throws SQLException { + db.executeInsert(DEVOPS_PERMS_MAPPING_TABLE_NAME, + "UUID", UuidFactoryFast.getInstance().create(), + "devops_platform", "github", + "devops_platform_role", "role1", + "sonarqube_permission", "sq_perm"); + + migration.execute(); + + verifyMapping(); + } + + private void verifyMapping() { + assertThat(db.select("select devops_platform_role, sonarqube_permission from devops_perms_mapping where devops_platform = 'gitlab'")) + .extracting(stringObjectMap -> stringObjectMap.get("DEVOPS_PLATFORM_ROLE"), stringObjectMap -> stringObjectMap.get("SONARQUBE_PERMISSION")) + .containsExactlyInAnyOrder( + tuple("guest", "user"), + tuple("reporter", "codeviewer"), + tuple("reporter", "user"), + tuple("developer", "codeviewer"), + tuple("developer", "user"), + tuple("developer", "issueadmin"), + tuple("developer", "securityhotspotadmin"), + tuple("developer", "scan"), + tuple("maintainer", "codeviewer"), + tuple("maintainer", "user"), + tuple("maintainer", "issueadmin"), + tuple("maintainer", "securityhotspotadmin"), + tuple("maintainer", "scan"), + tuple("maintainer", "admin"), + tuple("owner", "codeviewer"), + tuple("owner", "user"), + tuple("owner", "issueadmin"), + tuple("owner", "securityhotspotadmin"), + tuple("owner", "scan"), + tuple("owner", "admin") + ); + } + +} diff --git a/server/sonar-db-migration/src/main/java/org/sonar/server/platform/db/migration/version/v107/DbVersion107.java b/server/sonar-db-migration/src/main/java/org/sonar/server/platform/db/migration/version/v107/DbVersion107.java index f70a46a99d4..36c626b67a3 100644 --- a/server/sonar-db-migration/src/main/java/org/sonar/server/platform/db/migration/version/v107/DbVersion107.java +++ b/server/sonar-db-migration/src/main/java/org/sonar/server/platform/db/migration/version/v107/DbVersion107.java @@ -51,7 +51,8 @@ public class DbVersion107 implements DbVersion { .add(10_7_008, "Create primary key on 'devops_perms_mapping.uuid'", CreatePrimaryKeyConstraintOnDevopsPermsMappingTable.class) .add(10_7_009, "Drop index 'uniq_github_perm_mappings' in the 'devops_perms_mapping' table", DropIndexUniqGithubPermsMappingInDevopsPermsMappingTable.class) .add(10_7_010, "Create uniq index on 'devops_perms_mapping' table for columns 'devops_platform_role', 'sonarqube_permission' and 'devops_platform'", - CreateUniqueIndexOnDevopsPermsMappingTable.class); + CreateUniqueIndexOnDevopsPermsMappingTable.class) + .add(10_7_011, "Add default permissions for GitLab in 'devops_perms_mapping'", PopulateGitlabDevOpsPermissionsMapping.class); } } diff --git a/server/sonar-db-migration/src/main/java/org/sonar/server/platform/db/migration/version/v107/PopulateGitlabDevOpsPermissionsMapping.java b/server/sonar-db-migration/src/main/java/org/sonar/server/platform/db/migration/version/v107/PopulateGitlabDevOpsPermissionsMapping.java new file mode 100644 index 00000000000..667ea41dc31 --- /dev/null +++ b/server/sonar-db-migration/src/main/java/org/sonar/server/platform/db/migration/version/v107/PopulateGitlabDevOpsPermissionsMapping.java @@ -0,0 +1,96 @@ +/* + * SonarQube + * Copyright (C) 2009-2024 SonarSource SA + * mailto:info AT sonarsource DOT com + * + * This program is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 3 of the License, or (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public License + * along with this program; if not, write to the Free Software Foundation, + * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. + */ +package org.sonar.server.platform.db.migration.version.v107; + +import java.sql.SQLException; +import java.util.Map; +import java.util.Optional; +import java.util.Set; +import org.sonar.core.util.UuidFactory; +import org.sonar.db.Database; +import org.sonar.server.platform.db.migration.step.DataChange; +import org.sonar.server.platform.db.migration.step.Select; +import org.sonar.server.platform.db.migration.step.Upsert; + +import static org.sonar.api.web.UserRole.ADMIN; +import static org.sonar.api.web.UserRole.CODEVIEWER; +import static org.sonar.api.web.UserRole.ISSUE_ADMIN; +import static org.sonar.api.web.UserRole.SCAN; +import static org.sonar.api.web.UserRole.SECURITYHOTSPOT_ADMIN; +import static org.sonar.api.web.UserRole.USER; + +public class PopulateGitlabDevOpsPermissionsMapping extends DataChange { + + private static final Map<String, Set<String>> GITLAB_ROLE_TO_SQ_PERMISSIONS = Map.of( + "guest", Set.of(USER), + "reporter", Set.of(USER, CODEVIEWER), + "developer", Set.of(USER, CODEVIEWER, ISSUE_ADMIN, SECURITYHOTSPOT_ADMIN, SCAN), + "maintainer", Set.of(USER, CODEVIEWER, ISSUE_ADMIN, SECURITYHOTSPOT_ADMIN, SCAN, ADMIN), + "owner", Set.of(USER, CODEVIEWER, ISSUE_ADMIN, SECURITYHOTSPOT_ADMIN, SCAN, ADMIN) + ); + + private static final String INSERT_QUERY = """ + insert into devops_perms_mapping (uuid, devops_platform, devops_platform_role, sonarqube_permission) + values (?, ?, ?, ?) + """; + + private final UuidFactory uuidFactory; + + public PopulateGitlabDevOpsPermissionsMapping(Database db, UuidFactory uuidFactory) { + super(db); + this.uuidFactory = uuidFactory; + } + + @Override + protected void execute(Context context) throws SQLException { + if (isDefaultMappingAlreadyDefined(context)) { + return; + } + try (Upsert upsert = context.prepareUpsert(INSERT_QUERY)) { + GITLAB_ROLE_TO_SQ_PERMISSIONS.forEach((role, permissions) -> insertGitlabRoleToSonarqubePermissionMapping(upsert, role, permissions)); + upsert.commit(); + } + } + + private void insertGitlabRoleToSonarqubePermissionMapping(Upsert upsert, String role, Set<String> sonarqubePermissions) { + sonarqubePermissions.forEach(permission -> insertGitlabRoleToSonarqubePermissionMapping(upsert, role, permission)); + } + + private void insertGitlabRoleToSonarqubePermissionMapping(Upsert upsert, String role, String sonarqubePermission) { + try { + upsert + .setString(1, uuidFactory.create()) + .setString(2, "gitlab") + .setString(3, role) + .setString(4, sonarqubePermission) + .execute(); + } catch (SQLException e) { + throw new IllegalStateException(e); + } + } + + private static boolean isDefaultMappingAlreadyDefined(Context context) throws SQLException { + try (Select select = context.prepareSelect("select count(*) from devops_perms_mapping where devops_platform='gitlab'")) { + return Optional.ofNullable(select.get(t -> t.getInt(1) > 0)) + .orElseThrow(); + } + } + +} |