diff options
19 files changed, 361 insertions, 316 deletions
diff --git a/server/sonar-alm-client/src/main/java/org/sonar/alm/client/github/GithubPermissionConverter.java b/server/sonar-alm-client/src/main/java/org/sonar/alm/client/github/GithubPermissionConverter.java index 5c22374cf15..cea9a01054a 100644 --- a/server/sonar-alm-client/src/main/java/org/sonar/alm/client/github/GithubPermissionConverter.java +++ b/server/sonar-alm-client/src/main/java/org/sonar/alm/client/github/GithubPermissionConverter.java @@ -28,7 +28,7 @@ import javax.annotation.Nullable; import org.slf4j.Logger; import org.slf4j.LoggerFactory; import org.sonar.auth.github.GsonRepositoryPermissions; -import org.sonar.db.provisioning.GithubPermissionsMappingDto; +import org.sonar.db.provisioning.DevOpsPermissionsMappingDto; import static java.util.function.Function.identity; import static java.util.stream.Collectors.toMap; @@ -68,7 +68,7 @@ public class GithubPermissionConverter { .collect(toMap(identity(), sonarqubeRoles::contains)); } - public Set<String> toSonarqubeRolesWithFallbackOnRepositoryPermissions(Set<GithubPermissionsMappingDto> allPermissionsMappings, + public Set<String> toSonarqubeRolesWithFallbackOnRepositoryPermissions(Set<DevOpsPermissionsMappingDto> allPermissionsMappings, String githubRoleOrPermission, GsonRepositoryPermissions repositoryPermissions) { String roleName = toRoleName(githubRoleOrPermission); return toSonarqubeRoles(allPermissionsMappings, roleName, repositoryPermissions); @@ -78,19 +78,19 @@ public class GithubPermissionConverter { return GITHUB_GROUP_PERMISSION_TO_ROLE_NAME.getOrDefault(permission, permission); } - public Set<String> toSonarqubeRolesForDefaultRepositoryPermission(Set<GithubPermissionsMappingDto> allPermissionsMappings, String roleName) { + public Set<String> toSonarqubeRolesForDefaultRepositoryPermission(Set<DevOpsPermissionsMappingDto> allPermissionsMappings, String roleName) { return toSonarqubeRoles(allPermissionsMappings, roleName, null); } - private static Set<String> toSonarqubeRoles(Set<GithubPermissionsMappingDto> allPermissionsMappings, String githubRoleName, + private static Set<String> toSonarqubeRoles(Set<DevOpsPermissionsMappingDto> allPermissionsMappings, String githubRoleName, @Nullable GsonRepositoryPermissions repositoryPermissions) { - Map<String, List<GithubPermissionsMappingDto>> permissionMappings = allPermissionsMappings.stream() - .collect(Collectors.groupingBy(GithubPermissionsMappingDto::githubRole)); + Map<String, List<DevOpsPermissionsMappingDto>> permissionMappings = allPermissionsMappings.stream() + .collect(Collectors.groupingBy(DevOpsPermissionsMappingDto::role)); Set<String> sonarqubePermissions = Optional.ofNullable(permissionMappings.get(githubRoleName)) .orElse(GithubPermissionConverter.computeBaseRoleAndGetSqPermissions(permissionMappings, repositoryPermissions)) .stream() - .map(GithubPermissionsMappingDto::sonarqubePermission) + .map(DevOpsPermissionsMappingDto::sonarqubePermission) .collect(Collectors.toSet()); if (sonarqubePermissions.isEmpty()) { @@ -99,7 +99,7 @@ public class GithubPermissionConverter { return sonarqubePermissions; } - private static List<GithubPermissionsMappingDto> computeBaseRoleAndGetSqPermissions(Map<String, List<GithubPermissionsMappingDto>> permissionMappings, + private static List<DevOpsPermissionsMappingDto> computeBaseRoleAndGetSqPermissions(Map<String, List<DevOpsPermissionsMappingDto>> permissionMappings, @Nullable GsonRepositoryPermissions repositoryPermissions) { return Optional.ofNullable(repositoryPermissions) .map(GITHUB_PERMISSION_TO_GITHUB_BASE_ROLE::get) diff --git a/server/sonar-alm-client/src/test/java/org/sonar/alm/client/github/GithubPermissionConverterTest.java b/server/sonar-alm-client/src/test/java/org/sonar/alm/client/github/GithubPermissionConverterTest.java index fb16bbb1d8b..a4d72469738 100644 --- a/server/sonar-alm-client/src/test/java/org/sonar/alm/client/github/GithubPermissionConverterTest.java +++ b/server/sonar-alm-client/src/test/java/org/sonar/alm/client/github/GithubPermissionConverterTest.java @@ -26,7 +26,7 @@ import org.junit.runner.RunWith; import org.junit.runners.Parameterized; import org.junit.runners.Suite; import org.sonar.auth.github.GsonRepositoryPermissions; -import org.sonar.db.provisioning.GithubPermissionsMappingDto; +import org.sonar.db.provisioning.DevOpsPermissionsMappingDto; import static org.assertj.core.api.Assertions.assertThat; @@ -37,12 +37,12 @@ import static org.assertj.core.api.Assertions.assertThat; }) public class GithubPermissionConverterTest { - private static final Set<GithubPermissionsMappingDto> ALL_PERMISSIONS_MAPPING_FROM_DB = Set.of( - new GithubPermissionsMappingDto("uuid1", "read", "roleRead"), - new GithubPermissionsMappingDto("uuid2", "triage", "roleTriage"), - new GithubPermissionsMappingDto("uuid3", "write", "roleWrite"), - new GithubPermissionsMappingDto("uuid4", "maintain", "roleMaintain"), - new GithubPermissionsMappingDto("uuid5", "admin", "roleAdmin") + private static final Set<DevOpsPermissionsMappingDto> ALL_PERMISSIONS_MAPPING_FROM_DB = Set.of( + new DevOpsPermissionsMappingDto("uuid1", "github", "read", "roleRead"), + new DevOpsPermissionsMappingDto("uuid2", "github", "triage", "roleTriage"), + new DevOpsPermissionsMappingDto("uuid3", "github", "write", "roleWrite"), + new DevOpsPermissionsMappingDto("uuid4", "github", "maintain", "roleMaintain"), + new DevOpsPermissionsMappingDto("uuid5", "github", "admin", "roleAdmin") ) ; private static final GsonRepositoryPermissions NO_PERMS = new GsonRepositoryPermissions(false, false, false, false, false); diff --git a/server/sonar-db-core/src/main/java/org/sonar/db/version/SqTables.java b/server/sonar-db-core/src/main/java/org/sonar/db/version/SqTables.java index 32bd5f7e330..bc3d0ab98a0 100644 --- a/server/sonar-db-core/src/main/java/org/sonar/db/version/SqTables.java +++ b/server/sonar-db-core/src/main/java/org/sonar/db/version/SqTables.java @@ -46,6 +46,7 @@ public final class SqTables { "components", "default_qprofiles", "deprecated_rule_keys", + "devops_perms_mapping", "duplications_index", "es_queue", "events", @@ -53,7 +54,6 @@ public final class SqTables { "external_groups", "file_sources", "github_orgs_groups", - "github_perms_mapping", "groups", "groups_users", "group_roles", diff --git a/server/sonar-db-dao/src/it/java/org/sonar/db/provisioning/DevOpsPermissionsMappingDaoIT.java b/server/sonar-db-dao/src/it/java/org/sonar/db/provisioning/DevOpsPermissionsMappingDaoIT.java new file mode 100644 index 00000000000..12a9ad741b0 --- /dev/null +++ b/server/sonar-db-dao/src/it/java/org/sonar/db/provisioning/DevOpsPermissionsMappingDaoIT.java @@ -0,0 +1,161 @@ +/* + * SonarQube + * Copyright (C) 2009-2024 SonarSource SA + * mailto:info AT sonarsource DOT com + * + * This program is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 3 of the License, or (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public License + * along with this program; if not, write to the Free Software Foundation, + * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. + */ +package org.sonar.db.provisioning; + +import java.util.List; +import java.util.Set; +import org.junit.jupiter.api.BeforeEach; +import org.junit.jupiter.api.Test; +import org.junit.jupiter.api.extension.RegisterExtension; +import org.mockito.ArgumentCaptor; +import org.sonar.db.DbSession; +import org.sonar.db.DbTester; +import org.sonar.db.audit.AuditPersister; +import org.sonar.db.audit.model.DevOpsPermissionsMappingNewValue; + +import static org.assertj.core.api.Assertions.assertThat; +import static org.mockito.ArgumentMatchers.eq; +import static org.mockito.Mockito.mock; +import static org.mockito.Mockito.reset; +import static org.mockito.Mockito.verify; +import static org.sonar.db.audit.model.DevOpsPermissionsMappingNewValue.ALL_PERMISSIONS; + +class DevOpsPermissionsMappingDaoIT { + + private static final String MAPPING_UUID = "uuid"; + protected static final String DEV_OPS_PLATFORM = "github"; + + private final AuditPersister auditPersister = mock(); + + @RegisterExtension + private final DbTester db = DbTester.create(auditPersister); + + private final ArgumentCaptor<DevOpsPermissionsMappingNewValue> newValueCaptor = + ArgumentCaptor.forClass(DevOpsPermissionsMappingNewValue.class); + + private final DbSession dbSession = db.getSession(); + + private final DevOpsPermissionsMappingDao underTest = db.getDbClient().githubPermissionsMappingDao(); + + @BeforeEach + public void setUp() { + List<DevOpsPermissionsMappingDto> role1Mappings = List.of( + new DevOpsPermissionsMappingDto("otherDop1", DEV_OPS_PLATFORM + "2", "GH_role_1", "SQ_role_1"), + new DevOpsPermissionsMappingDto("otherDop2", DEV_OPS_PLATFORM + "2", "GH_role_2", "SQ_role_2"), + new DevOpsPermissionsMappingDto("otherDop3", DEV_OPS_PLATFORM + "2", "GH_role_3", "SQ_role_3")); + + role1Mappings.forEach(mapping -> underTest.insert(dbSession, mapping)); + reset(auditPersister); + } + + @Test + void insert_savesGithubPermissionsMappingDto() { + DevOpsPermissionsMappingDto devOpsPermissionsMappingDto = new DevOpsPermissionsMappingDto(MAPPING_UUID, DEV_OPS_PLATFORM, "GH_role", "SQ_role"); + + underTest.insert(dbSession, devOpsPermissionsMappingDto); + + Set<DevOpsPermissionsMappingDto> savedGithubPermissionsMappings = underTest.findAll(dbSession, DEV_OPS_PLATFORM); + assertThat(savedGithubPermissionsMappings).hasSize(1); + DevOpsPermissionsMappingDto savedMapping = savedGithubPermissionsMappings.iterator().next(); + assertThat(savedMapping.uuid()).isEqualTo(devOpsPermissionsMappingDto.uuid()); + assertThat(savedMapping.role()).isEqualTo(devOpsPermissionsMappingDto.role()); + assertThat(savedMapping.sonarqubePermission()).isEqualTo(devOpsPermissionsMappingDto.sonarqubePermission()); + + verify(auditPersister).addDevOpsPermissionsMapping(eq(dbSession), newValueCaptor.capture()); + assertThat(newValueCaptor.getValue().getDevOpsPlatform()).isEqualTo(DEV_OPS_PLATFORM); + assertThat(newValueCaptor.getValue().getGithubRole()).isEqualTo(devOpsPermissionsMappingDto.role()); + assertThat(newValueCaptor.getValue().getSonarqubePermission()).isEqualTo(devOpsPermissionsMappingDto.sonarqubePermission()); + } + + @Test + void delete_deletesGithubPermissionsMappingDto() { + DevOpsPermissionsMappingDto devOpsPermissionsMappingDto = new DevOpsPermissionsMappingDto(MAPPING_UUID, DEV_OPS_PLATFORM, "GH_role", "SQ_role"); + + underTest.insert(dbSession, devOpsPermissionsMappingDto); + underTest.delete(dbSession, DEV_OPS_PLATFORM, "GH_role", "SQ_role"); + + Set<DevOpsPermissionsMappingDto> savedGithubPermissionsMappings = underTest.findAll(dbSession, DEV_OPS_PLATFORM); + assertThat(savedGithubPermissionsMappings).isEmpty(); + + verify(auditPersister).deleteDevOpsPermissionsMapping(eq(dbSession), newValueCaptor.capture()); + assertThat(newValueCaptor.getValue().getDevOpsPlatform()).isEqualTo(DEV_OPS_PLATFORM); + assertThat(newValueCaptor.getValue().getGithubRole()).isEqualTo("GH_role"); + assertThat(newValueCaptor.getValue().getSonarqubePermission()).isEqualTo("SQ_role"); + } + + @Test + void deleteAllPermissionsForRole_deletesGithubPermissionsMappingDto() { + List<DevOpsPermissionsMappingDto> role1Mappings = List.of( + new DevOpsPermissionsMappingDto("1", DEV_OPS_PLATFORM, "GH_role_1", "SQ_role_1"), + new DevOpsPermissionsMappingDto("2", DEV_OPS_PLATFORM, "GH_role_1", "SQ_role_2"), + new DevOpsPermissionsMappingDto("3", DEV_OPS_PLATFORM, "GH_role_1", "SQ_role_3")); + + List<DevOpsPermissionsMappingDto> role2Mappings = List.of( + new DevOpsPermissionsMappingDto("4", DEV_OPS_PLATFORM, "GH_role_2", "SQ_role_1"), + new DevOpsPermissionsMappingDto("5", DEV_OPS_PLATFORM, "GH_role_2", "SQ_role_2")); + + role1Mappings.forEach(mapping -> underTest.insert(dbSession, mapping)); + role2Mappings.forEach(mapping -> underTest.insert(dbSession, mapping)); + + underTest.deleteAllPermissionsForRole(dbSession, DEV_OPS_PLATFORM, "GH_role_1"); + + Set<DevOpsPermissionsMappingDto> savedGithubPermissionsMappings = underTest.findAll(dbSession, DEV_OPS_PLATFORM); + assertThat(savedGithubPermissionsMappings).containsExactlyInAnyOrderElementsOf(role2Mappings); + + verify(auditPersister).deleteDevOpsPermissionsMapping(eq(dbSession), newValueCaptor.capture()); + assertThat(newValueCaptor.getValue().getDevOpsPlatform()).isEqualTo(DEV_OPS_PLATFORM); + assertThat(newValueCaptor.getValue().getGithubRole()).isEqualTo("GH_role_1"); + assertThat(newValueCaptor.getValue().getSonarqubePermission()).isEqualTo(ALL_PERMISSIONS); + } + + @Test + void findAll_shouldReturnAllDevOpsPermissionMappingOfDevOpsPlatform() { + DevOpsPermissionsMappingDto mapping1 = new DevOpsPermissionsMappingDto(MAPPING_UUID, DEV_OPS_PLATFORM, "GH_role", "SQ_role"); + DevOpsPermissionsMappingDto mapping2 = new DevOpsPermissionsMappingDto(MAPPING_UUID + "2", DEV_OPS_PLATFORM, "GH_role2", "SQ_role"); + DevOpsPermissionsMappingDto mapping3 = new DevOpsPermissionsMappingDto(MAPPING_UUID + "3", DEV_OPS_PLATFORM + "2", "GH_role2", "SQ_role"); + + underTest.insert(dbSession, mapping1); + underTest.insert(dbSession, mapping2); + underTest.insert(dbSession, mapping3); + + Set<DevOpsPermissionsMappingDto> all = underTest.findAll(dbSession, DEV_OPS_PLATFORM); + + assertThat(all).hasSize(2) + .containsExactlyInAnyOrder( + mapping1, + mapping2); + } + + @Test + void findAllForGithubRole_shouldReturnPermissionsForTheRole() { + DevOpsPermissionsMappingDto mapping1 = new DevOpsPermissionsMappingDto(MAPPING_UUID, DEV_OPS_PLATFORM, "GH_role", "SQ_role"); + DevOpsPermissionsMappingDto mapping2 = new DevOpsPermissionsMappingDto(MAPPING_UUID + "2", DEV_OPS_PLATFORM, "GH_role2", "SQ_role"); + DevOpsPermissionsMappingDto mapping3 = new DevOpsPermissionsMappingDto(MAPPING_UUID + "3", DEV_OPS_PLATFORM, "GH_role2", "SQ_role2"); + underTest.insert(dbSession, mapping1); + underTest.insert(dbSession, mapping2); + underTest.insert(dbSession, mapping3); + + Set<DevOpsPermissionsMappingDto> forRole2 = underTest.findAllForRole(dbSession, DEV_OPS_PLATFORM, "GH_role2"); + assertThat(forRole2).hasSize(2) + .containsExactlyInAnyOrder(mapping2, mapping3); + + } + +} diff --git a/server/sonar-db-dao/src/it/java/org/sonar/db/provisioning/GithubPermissionsMappingDaoIT.java b/server/sonar-db-dao/src/it/java/org/sonar/db/provisioning/GithubPermissionsMappingDaoIT.java deleted file mode 100644 index 4ca14987d78..00000000000 --- a/server/sonar-db-dao/src/it/java/org/sonar/db/provisioning/GithubPermissionsMappingDaoIT.java +++ /dev/null @@ -1,142 +0,0 @@ -/* - * SonarQube - * Copyright (C) 2009-2024 SonarSource SA - * mailto:info AT sonarsource DOT com - * - * This program is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public - * License as published by the Free Software Foundation; either - * version 3 of the License, or (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public License - * along with this program; if not, write to the Free Software Foundation, - * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. - */ -package org.sonar.db.provisioning; - -import java.util.List; -import java.util.Set; -import org.junit.jupiter.api.Test; -import org.junit.jupiter.api.extension.RegisterExtension; -import org.mockito.ArgumentCaptor; -import org.sonar.db.DbSession; -import org.sonar.db.DbTester; -import org.sonar.db.audit.AuditPersister; -import org.sonar.db.audit.model.GithubPermissionsMappingNewValue; - -import static org.assertj.core.api.Assertions.assertThat; -import static org.mockito.ArgumentMatchers.eq; -import static org.mockito.Mockito.mock; -import static org.mockito.Mockito.verify; -import static org.sonar.db.audit.model.GithubPermissionsMappingNewValue.ALL_PERMISSIONS; - -class GithubPermissionsMappingDaoIT { - - private static final String MAPPING_UUID = "uuid"; - - private final AuditPersister auditPersister = mock(); - - @RegisterExtension - private final DbTester db = DbTester.create(auditPersister); - - private final ArgumentCaptor<GithubPermissionsMappingNewValue> newValueCaptor = - ArgumentCaptor.forClass(GithubPermissionsMappingNewValue.class); - - private final DbSession dbSession = db.getSession(); - - private final GithubPermissionsMappingDao underTest = db.getDbClient().githubPermissionsMappingDao(); - - @Test - void insert_savesGithubPermissionsMappingDto() { - GithubPermissionsMappingDto githubPermissionsMappingDto = new GithubPermissionsMappingDto(MAPPING_UUID, "GH_role", "SQ_role"); - - underTest.insert(dbSession, githubPermissionsMappingDto); - - Set<GithubPermissionsMappingDto> savedGithubPermissionsMappings = underTest.findAll(dbSession); - assertThat(savedGithubPermissionsMappings).hasSize(1); - GithubPermissionsMappingDto savedMapping = savedGithubPermissionsMappings.iterator().next(); - assertThat(savedMapping.uuid()).isEqualTo(githubPermissionsMappingDto.uuid()); - assertThat(savedMapping.githubRole()).isEqualTo(githubPermissionsMappingDto.githubRole()); - assertThat(savedMapping.sonarqubePermission()).isEqualTo(githubPermissionsMappingDto.sonarqubePermission()); - - verify(auditPersister).addGithubPermissionsMapping(eq(dbSession), newValueCaptor.capture()); - assertThat(newValueCaptor.getValue().getGithubRole()).isEqualTo(githubPermissionsMappingDto.githubRole()); - assertThat(newValueCaptor.getValue().getSonarqubePermission()).isEqualTo(githubPermissionsMappingDto.sonarqubePermission()); - } - - @Test - void delete_deletesGithubPermissionsMappingDto() { - GithubPermissionsMappingDto githubPermissionsMappingDto = new GithubPermissionsMappingDto(MAPPING_UUID, "GH_role", "SQ_role"); - - underTest.insert(dbSession, githubPermissionsMappingDto); - underTest.delete(dbSession, "GH_role", "SQ_role"); - - Set<GithubPermissionsMappingDto> savedGithubPermissionsMappings = underTest.findAll(dbSession); - assertThat(savedGithubPermissionsMappings).isEmpty(); - - verify(auditPersister).deleteGithubPermissionsMapping(eq(dbSession), newValueCaptor.capture()); - assertThat(newValueCaptor.getValue().getGithubRole()).isEqualTo("GH_role"); - assertThat(newValueCaptor.getValue().getSonarqubePermission()).isEqualTo("SQ_role"); - } - - @Test - void deleteAllPermissionsForRole_deletesGithubPermissionsMappingDto() { - List<GithubPermissionsMappingDto> role1Mappings = List.of( - new GithubPermissionsMappingDto("1", "GH_role_1", "SQ_role_1"), - new GithubPermissionsMappingDto("2", "GH_role_1", "SQ_role_2"), - new GithubPermissionsMappingDto("3", "GH_role_1", "SQ_role_3")); - - List<GithubPermissionsMappingDto> role2Mappings = List.of( - new GithubPermissionsMappingDto("4", "GH_role_2", "SQ_role_1"), - new GithubPermissionsMappingDto("5", "GH_role_2", "SQ_role_2")); - - role1Mappings.forEach(mapping -> underTest.insert(dbSession, mapping)); - role2Mappings.forEach(mapping -> underTest.insert(dbSession, mapping)); - - underTest.deleteAllPermissionsForRole(dbSession, "GH_role_1"); - - Set<GithubPermissionsMappingDto> savedGithubPermissionsMappings = underTest.findAll(dbSession); - assertThat(savedGithubPermissionsMappings).containsExactlyInAnyOrderElementsOf(role2Mappings); - - verify(auditPersister).deleteGithubPermissionsMapping(eq(dbSession), newValueCaptor.capture()); - assertThat(newValueCaptor.getValue().getGithubRole()).isEqualTo("GH_role_1"); - assertThat(newValueCaptor.getValue().getSonarqubePermission()).isEqualTo(ALL_PERMISSIONS); - } - - @Test - void findAll_shouldReturnAllGithubOrganizationGroup() { - GithubPermissionsMappingDto mapping1 = new GithubPermissionsMappingDto(MAPPING_UUID, "GH_role", "SQ_role"); - GithubPermissionsMappingDto mapping2 = new GithubPermissionsMappingDto(MAPPING_UUID + "2", "GH_role2", "SQ_role"); - - underTest.insert(dbSession, mapping1); - underTest.insert(dbSession, mapping2); - - Set<GithubPermissionsMappingDto> all = underTest.findAll(dbSession); - - assertThat(all).hasSize(2) - .containsExactlyInAnyOrder( - mapping1, - mapping2); - } - - @Test - void findAllForGithubRole_shouldReturnPermissionsForTheRole() { - GithubPermissionsMappingDto mapping1 = new GithubPermissionsMappingDto(MAPPING_UUID, "GH_role", "SQ_role"); - GithubPermissionsMappingDto mapping2 = new GithubPermissionsMappingDto(MAPPING_UUID + "2", "GH_role2", "SQ_role"); - GithubPermissionsMappingDto mapping3 = new GithubPermissionsMappingDto(MAPPING_UUID + "3", "GH_role2", "SQ_role2"); - underTest.insert(dbSession, mapping1); - underTest.insert(dbSession, mapping2); - underTest.insert(dbSession, mapping3); - - Set<GithubPermissionsMappingDto> forRole2 = underTest.findAllForGithubRole(dbSession, "GH_role2"); - assertThat(forRole2).hasSize(2) - .containsExactlyInAnyOrder(mapping2, mapping3); - - } - -} diff --git a/server/sonar-db-dao/src/main/java/org/sonar/db/DaoModule.java b/server/sonar-db-dao/src/main/java/org/sonar/db/DaoModule.java index 26e1187218d..bb7b126d088 100644 --- a/server/sonar-db-dao/src/main/java/org/sonar/db/DaoModule.java +++ b/server/sonar-db-dao/src/main/java/org/sonar/db/DaoModule.java @@ -66,7 +66,7 @@ import org.sonar.db.property.InternalComponentPropertiesDao; import org.sonar.db.property.InternalPropertiesDao; import org.sonar.db.property.PropertiesDao; import org.sonar.db.provisioning.GithubOrganizationGroupDao; -import org.sonar.db.provisioning.GithubPermissionsMappingDao; +import org.sonar.db.provisioning.DevOpsPermissionsMappingDao; import org.sonar.db.purge.PurgeDao; import org.sonar.db.pushevent.PushEventDao; import org.sonar.db.qualitygate.ProjectQgateAssociationDao; @@ -127,13 +127,13 @@ public class DaoModule extends Module { ComponentDao.class, ComponentKeyUpdaterDao.class, DefaultQProfileDao.class, + DevOpsPermissionsMappingDao.class, DuplicationDao.class, EntityDao.class, EsQueueDao.class, EventDao.class, EventComponentChangeDao.class, GithubOrganizationGroupDao.class, - GithubPermissionsMappingDao.class, ExternalGroupDao.class, FileSourceDao.class, GroupDao.class, diff --git a/server/sonar-db-dao/src/main/java/org/sonar/db/DbClient.java b/server/sonar-db-dao/src/main/java/org/sonar/db/DbClient.java index c336b040b8c..8f68429cbb0 100644 --- a/server/sonar-db-dao/src/main/java/org/sonar/db/DbClient.java +++ b/server/sonar-db-dao/src/main/java/org/sonar/db/DbClient.java @@ -66,7 +66,7 @@ import org.sonar.db.property.InternalComponentPropertiesDao; import org.sonar.db.property.InternalPropertiesDao; import org.sonar.db.property.PropertiesDao; import org.sonar.db.provisioning.GithubOrganizationGroupDao; -import org.sonar.db.provisioning.GithubPermissionsMappingDao; +import org.sonar.db.provisioning.DevOpsPermissionsMappingDao; import org.sonar.db.purge.PurgeDao; import org.sonar.db.pushevent.PushEventDao; import org.sonar.db.qualitygate.ProjectQgateAssociationDao; @@ -192,7 +192,7 @@ public class DbClient { private final ReportScheduleDao reportScheduleDao; private final ReportSubscriptionDao reportSubscriptionDao; private final GithubOrganizationGroupDao githubOrganizationGroupDao; - private final GithubPermissionsMappingDao githubPermissionsMappingDao; + private final DevOpsPermissionsMappingDao devopsPermissionsMappingDao; private final RuleChangeDao ruleChangeDao; private final ProjectExportDao projectExportDao; private final IssueFixedDao issueFixedDao; @@ -254,7 +254,7 @@ public class DbClient { metricDao = getDao(map, MetricDao.class); groupDao = getDao(map, GroupDao.class); githubOrganizationGroupDao = getDao(map, GithubOrganizationGroupDao.class); - githubPermissionsMappingDao = getDao(map, GithubPermissionsMappingDao.class); + devopsPermissionsMappingDao = getDao(map, DevOpsPermissionsMappingDao.class); externalGroupDao = getDao(map, ExternalGroupDao.class); ruleDao = getDao(map, RuleDao.class); ruleRepositoryDao = getDao(map, RuleRepositoryDao.class); @@ -513,8 +513,8 @@ public class DbClient { return githubOrganizationGroupDao; } - public GithubPermissionsMappingDao githubPermissionsMappingDao() { - return githubPermissionsMappingDao; + public DevOpsPermissionsMappingDao githubPermissionsMappingDao() { + return devopsPermissionsMappingDao; } public ExternalGroupDao externalGroupDao() { diff --git a/server/sonar-db-dao/src/main/java/org/sonar/db/MyBatis.java b/server/sonar-db-dao/src/main/java/org/sonar/db/MyBatis.java index 35162ba115e..e14f8adac8a 100644 --- a/server/sonar-db-dao/src/main/java/org/sonar/db/MyBatis.java +++ b/server/sonar-db-dao/src/main/java/org/sonar/db/MyBatis.java @@ -121,8 +121,8 @@ import org.sonar.db.property.PropertiesMapper; import org.sonar.db.property.ScrapPropertyDto; import org.sonar.db.provisioning.GithubOrganizationGroupDto; import org.sonar.db.provisioning.GithubOrganizationGroupMapper; -import org.sonar.db.provisioning.GithubPermissionsMappingDto; -import org.sonar.db.provisioning.GithubPermissionsMappingMapper; +import org.sonar.db.provisioning.DevOpsPermissionsMappingDto; +import org.sonar.db.provisioning.DevOpsPermissionsMappingMapper; import org.sonar.db.purge.PurgeMapper; import org.sonar.db.purge.PurgeableAnalysisDto; import org.sonar.db.pushevent.PushEventDto; @@ -208,12 +208,12 @@ public class MyBatis { confBuilder.loadAlias("AnticipatedTransition", AnticipatedTransitionDto.class); confBuilder.loadAlias("CeTaskCharacteristic", CeTaskCharacteristicDto.class); confBuilder.loadAlias("Component", ComponentDto.class); + confBuilder.loadAlias("DevOpsPermissionsMapping", DevOpsPermissionsMappingDto.class); confBuilder.loadAlias("DuplicationUnit", DuplicationUnitDto.class); confBuilder.loadAlias("Entity", EntityDto.class); confBuilder.loadAlias("Event", EventDto.class); confBuilder.loadAlias("ExternalGroup", ExternalGroupDto.class); confBuilder.loadAlias("GithubOrganizationGroup", GithubOrganizationGroupDto.class); - confBuilder.loadAlias("GithubPermissionsMapping", GithubPermissionsMappingDto.class); confBuilder.loadAlias("FilePathWithHash", FilePathWithHashDto.class); confBuilder.loadAlias("KeyWithUuid", KeyWithUuidDto.class); confBuilder.loadAlias("Group", GroupDto.class); @@ -292,7 +292,7 @@ public class MyBatis { EventMapper.class, EventComponentChangeMapper.class, GithubOrganizationGroupMapper.class, - GithubPermissionsMappingMapper.class, + DevOpsPermissionsMappingMapper.class, ExternalGroupMapper.class, FileSourceMapper.class, GroupMapper.class, diff --git a/server/sonar-db-dao/src/main/java/org/sonar/db/audit/AuditPersister.java b/server/sonar-db-dao/src/main/java/org/sonar/db/audit/AuditPersister.java index 25d0bcbf65d..5e6f11a95f4 100644 --- a/server/sonar-db-dao/src/main/java/org/sonar/db/audit/AuditPersister.java +++ b/server/sonar-db-dao/src/main/java/org/sonar/db/audit/AuditPersister.java @@ -25,7 +25,7 @@ import org.sonar.db.audit.model.AbstractEditorNewValue; import org.sonar.db.audit.model.ComponentKeyNewValue; import org.sonar.db.audit.model.ComponentNewValue; import org.sonar.db.audit.model.DevOpsPlatformSettingNewValue; -import org.sonar.db.audit.model.GithubPermissionsMappingNewValue; +import org.sonar.db.audit.model.DevOpsPermissionsMappingNewValue; import org.sonar.db.audit.model.GroupPermissionNewValue; import org.sonar.db.audit.model.LicenseNewValue; import org.sonar.db.audit.model.PermissionTemplateNewValue; @@ -103,9 +103,9 @@ public interface AuditPersister { void deleteGroupFromPermissionTemplate(DbSession dbSession, PermissionTemplateNewValue newValue); - void addGithubPermissionsMapping(DbSession dbSession, GithubPermissionsMappingNewValue newValue); + void addDevOpsPermissionsMapping(DbSession dbSession, DevOpsPermissionsMappingNewValue newValue); - void deleteGithubPermissionsMapping(DbSession dbSession, GithubPermissionsMappingNewValue deletedValue); + void deleteDevOpsPermissionsMapping(DbSession dbSession, DevOpsPermissionsMappingNewValue deletedValue); void addQualityGateEditor(DbSession dbSession, AbstractEditorNewValue newValue); diff --git a/server/sonar-db-dao/src/main/java/org/sonar/db/audit/NoOpAuditPersister.java b/server/sonar-db-dao/src/main/java/org/sonar/db/audit/NoOpAuditPersister.java index 2b6d448c295..6edae9decc8 100644 --- a/server/sonar-db-dao/src/main/java/org/sonar/db/audit/NoOpAuditPersister.java +++ b/server/sonar-db-dao/src/main/java/org/sonar/db/audit/NoOpAuditPersister.java @@ -25,7 +25,7 @@ import org.sonar.db.audit.model.ComponentKeyNewValue; import org.sonar.db.audit.model.ComponentNewValue; import org.sonar.db.audit.model.DevOpsPlatformSettingNewValue; import org.sonar.db.audit.model.AbstractEditorNewValue; -import org.sonar.db.audit.model.GithubPermissionsMappingNewValue; +import org.sonar.db.audit.model.DevOpsPermissionsMappingNewValue; import org.sonar.db.audit.model.GroupPermissionNewValue; import org.sonar.db.audit.model.LicenseNewValue; import org.sonar.db.audit.model.PermissionTemplateNewValue; @@ -193,12 +193,12 @@ public class NoOpAuditPersister implements AuditPersister { } @Override - public void addGithubPermissionsMapping(DbSession dbSession, GithubPermissionsMappingNewValue newValue) { + public void addDevOpsPermissionsMapping(DbSession dbSession, DevOpsPermissionsMappingNewValue newValue) { // no op } @Override - public void deleteGithubPermissionsMapping(DbSession dbSession, GithubPermissionsMappingNewValue deletedValue) { + public void deleteDevOpsPermissionsMapping(DbSession dbSession, DevOpsPermissionsMappingNewValue deletedValue) { // no op } diff --git a/server/sonar-db-dao/src/main/java/org/sonar/db/audit/model/GithubPermissionsMappingNewValue.java b/server/sonar-db-dao/src/main/java/org/sonar/db/audit/model/DevOpsPermissionsMappingNewValue.java index 1b3b7dec67e..b7624791dcb 100644 --- a/server/sonar-db-dao/src/main/java/org/sonar/db/audit/model/GithubPermissionsMappingNewValue.java +++ b/server/sonar-db-dao/src/main/java/org/sonar/db/audit/model/DevOpsPermissionsMappingNewValue.java @@ -21,20 +21,22 @@ package org.sonar.db.audit.model; import com.google.common.annotations.VisibleForTesting; -public class GithubPermissionsMappingNewValue extends NewValue { +public class DevOpsPermissionsMappingNewValue extends NewValue { @VisibleForTesting public static final String ALL_PERMISSIONS = "all"; + private final String devOpsPlatform; private final String githubRole; private final String sonarqubePermission; - public GithubPermissionsMappingNewValue(String githubRole, String sonarqubePermission) { + public DevOpsPermissionsMappingNewValue(String devOpsPlatform, String githubRole, String sonarqubePermission) { + this.devOpsPlatform = devOpsPlatform; this.githubRole = githubRole; this.sonarqubePermission = sonarqubePermission; } - public static GithubPermissionsMappingNewValue withAllPermissions(String githubRole) { - return new GithubPermissionsMappingNewValue(githubRole, ALL_PERMISSIONS); + public static DevOpsPermissionsMappingNewValue withAllPermissions(String devOpsPlatform, String githubRole) { + return new DevOpsPermissionsMappingNewValue(devOpsPlatform, githubRole, ALL_PERMISSIONS); } @VisibleForTesting @@ -42,14 +44,21 @@ public class GithubPermissionsMappingNewValue extends NewValue { return githubRole; } + @VisibleForTesting public String getSonarqubePermission() { return sonarqubePermission; } + @VisibleForTesting + public String getDevOpsPlatform() { + return devOpsPlatform; + } + @Override public String toString() { StringBuilder sb = new StringBuilder("{"); - addField(sb, "\"githubRole\": ", this.githubRole, true); + addField(sb, "\"devOpsPlatform\": ", this.devOpsPlatform, true); + addField(sb, "\"devOpsRole\": ", this.githubRole, true); addField(sb, "\"sonarqubePermissions\": ", this.sonarqubePermission, true); endString(sb); return sb.toString(); diff --git a/server/sonar-db-dao/src/main/java/org/sonar/db/provisioning/DevOpsPermissionsMappingDao.java b/server/sonar-db-dao/src/main/java/org/sonar/db/provisioning/DevOpsPermissionsMappingDao.java new file mode 100644 index 00000000000..c5737e62910 --- /dev/null +++ b/server/sonar-db-dao/src/main/java/org/sonar/db/provisioning/DevOpsPermissionsMappingDao.java @@ -0,0 +1,72 @@ +/* + * SonarQube + * Copyright (C) 2009-2024 SonarSource SA + * mailto:info AT sonarsource DOT com + * + * This program is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 3 of the License, or (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public License + * along with this program; if not, write to the Free Software Foundation, + * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. + */ +package org.sonar.db.provisioning; + +import java.util.Set; +import org.sonar.db.Dao; +import org.sonar.db.DbSession; +import org.sonar.db.audit.AuditPersister; +import org.sonar.db.audit.model.DevOpsPermissionsMappingNewValue; + +public class DevOpsPermissionsMappingDao implements Dao { + + private final AuditPersister auditPersister; + + public DevOpsPermissionsMappingDao(AuditPersister auditPersister) { + this.auditPersister = auditPersister; + } + + public Set<DevOpsPermissionsMappingDto> findAll(DbSession dbSession, String devOpsPlatform) { + return mapper(dbSession).selectAll(devOpsPlatform); + } + + public Set<DevOpsPermissionsMappingDto> findAllForRole(DbSession dbSession, String devOpsPlatform, String role) { + return mapper(dbSession).selectAllForRole(devOpsPlatform, role); + } + + public void insert(DbSession dbSession, DevOpsPermissionsMappingDto devOpsPermissionsMappingDto) { + mapper(dbSession).insert(devOpsPermissionsMappingDto); + DevOpsPermissionsMappingNewValue newValueForAuditLogs = toNewValueForAuditLogs( + devOpsPermissionsMappingDto.devOpsPlatform(), + devOpsPermissionsMappingDto.role(), + devOpsPermissionsMappingDto.sonarqubePermission() + ); + auditPersister.addDevOpsPermissionsMapping(dbSession, newValueForAuditLogs); + } + + public void delete(DbSession dbSession, String devOpsPlatform, String role, String sonarqubePermission) { + mapper(dbSession).delete(devOpsPlatform, role, sonarqubePermission); + auditPersister.deleteDevOpsPermissionsMapping(dbSession, toNewValueForAuditLogs(devOpsPlatform, role, sonarqubePermission)); + } + + public void deleteAllPermissionsForRole(DbSession dbSession, String devOpsPlatform, String role) { + mapper(dbSession).deleteAllPermissionsForRole(devOpsPlatform, role); + auditPersister.deleteDevOpsPermissionsMapping(dbSession, DevOpsPermissionsMappingNewValue.withAllPermissions(devOpsPlatform, role)); + } + + private static DevOpsPermissionsMappingNewValue toNewValueForAuditLogs(String devOpsPlatform, String role, String sonarqubePermission) { + return new DevOpsPermissionsMappingNewValue(devOpsPlatform, role, sonarqubePermission); + } + + private static DevOpsPermissionsMappingMapper mapper(DbSession session) { + return session.getMapper(DevOpsPermissionsMappingMapper.class); + } + +} diff --git a/server/sonar-db-dao/src/main/java/org/sonar/db/provisioning/GithubPermissionsMappingDto.java b/server/sonar-db-dao/src/main/java/org/sonar/db/provisioning/DevOpsPermissionsMappingDto.java index 764e0aec5dd..09d7654a93e 100644 --- a/server/sonar-db-dao/src/main/java/org/sonar/db/provisioning/GithubPermissionsMappingDto.java +++ b/server/sonar-db-dao/src/main/java/org/sonar/db/provisioning/DevOpsPermissionsMappingDto.java @@ -19,5 +19,5 @@ */ package org.sonar.db.provisioning; -public record GithubPermissionsMappingDto(String uuid, String githubRole, String sonarqubePermission) { +public record DevOpsPermissionsMappingDto(String uuid, String devOpsPlatform, String role, String sonarqubePermission) { } diff --git a/server/sonar-db-dao/src/main/java/org/sonar/db/provisioning/GithubPermissionsMappingMapper.java b/server/sonar-db-dao/src/main/java/org/sonar/db/provisioning/DevOpsPermissionsMappingMapper.java index 8faf4b9ef0b..afb6d2972f4 100644 --- a/server/sonar-db-dao/src/main/java/org/sonar/db/provisioning/GithubPermissionsMappingMapper.java +++ b/server/sonar-db-dao/src/main/java/org/sonar/db/provisioning/DevOpsPermissionsMappingMapper.java @@ -22,15 +22,15 @@ package org.sonar.db.provisioning; import java.util.Set; import org.apache.ibatis.annotations.Param; -public interface GithubPermissionsMappingMapper { +public interface DevOpsPermissionsMappingMapper { - Set<GithubPermissionsMappingDto> selectAll(); + Set<DevOpsPermissionsMappingDto> selectAll(@Param("devOpsPlatform") String devOpsPlatform); - Set<GithubPermissionsMappingDto> selectAllForGithubRole(String githubRole); + Set<DevOpsPermissionsMappingDto> selectAllForRole(@Param("devOpsPlatform") String devOpsPlatform, @Param("role") String role); - void insert(GithubPermissionsMappingDto githubPermissionsMappingDto); + void insert(DevOpsPermissionsMappingDto devOpsPermissionsMappingDto); - void delete(@Param("githubRole") String githubRole, @Param("sonarqubePermission") String sonarqubePermission); + void delete(@Param("devOpsPlatform") String devOpsPlatform, @Param("role") String role, @Param("sonarqubePermission") String sonarqubePermission); - void deleteAllPermissionsForRole(String githubRole); + void deleteAllPermissionsForRole(@Param("devOpsPlatform") String devOpsPlatform, @Param("role") String role); } diff --git a/server/sonar-db-dao/src/main/java/org/sonar/db/provisioning/GithubPermissionsMappingDao.java b/server/sonar-db-dao/src/main/java/org/sonar/db/provisioning/GithubPermissionsMappingDao.java deleted file mode 100644 index 33496aaaaea..00000000000 --- a/server/sonar-db-dao/src/main/java/org/sonar/db/provisioning/GithubPermissionsMappingDao.java +++ /dev/null @@ -1,67 +0,0 @@ -/* - * SonarQube - * Copyright (C) 2009-2024 SonarSource SA - * mailto:info AT sonarsource DOT com - * - * This program is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public - * License as published by the Free Software Foundation; either - * version 3 of the License, or (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public License - * along with this program; if not, write to the Free Software Foundation, - * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. - */ -package org.sonar.db.provisioning; - -import java.util.Set; -import org.sonar.db.Dao; -import org.sonar.db.DbSession; -import org.sonar.db.audit.AuditPersister; -import org.sonar.db.audit.model.GithubPermissionsMappingNewValue; - -public class GithubPermissionsMappingDao implements Dao { - - private final AuditPersister auditPersister; - - public GithubPermissionsMappingDao(AuditPersister auditPersister) { - this.auditPersister = auditPersister; - } - - public Set<GithubPermissionsMappingDto> findAll(DbSession dbSession) { - return mapper(dbSession).selectAll(); - } - - public Set<GithubPermissionsMappingDto> findAllForGithubRole(DbSession dbSession, String githubRole) { - return mapper(dbSession).selectAllForGithubRole(githubRole); - } - - public void insert(DbSession dbSession, GithubPermissionsMappingDto githubPermissionsMappingDto) { - mapper(dbSession).insert(githubPermissionsMappingDto); - auditPersister.addGithubPermissionsMapping(dbSession, toNewValueForAuditLogs(githubPermissionsMappingDto.githubRole(), githubPermissionsMappingDto.sonarqubePermission())); - } - - public void delete(DbSession dbSession, String githubRole, String sonarqubePermission) { - mapper(dbSession).delete(githubRole, sonarqubePermission); - auditPersister.deleteGithubPermissionsMapping(dbSession, toNewValueForAuditLogs(githubRole, sonarqubePermission)); - } - - public void deleteAllPermissionsForRole(DbSession dbSession, String githubRole) { - mapper(dbSession).deleteAllPermissionsForRole(githubRole); - auditPersister.deleteGithubPermissionsMapping(dbSession, GithubPermissionsMappingNewValue.withAllPermissions(githubRole)); - } - - private static GithubPermissionsMappingNewValue toNewValueForAuditLogs(String githubRole, String sonarqubePermission) { - return new GithubPermissionsMappingNewValue(githubRole, sonarqubePermission); - } - - private static GithubPermissionsMappingMapper mapper(DbSession session) { - return session.getMapper(GithubPermissionsMappingMapper.class); - } - -} diff --git a/server/sonar-db-dao/src/main/resources/org/sonar/db/provisioning/DevOpsPermissionsMappingMapper.xml b/server/sonar-db-dao/src/main/resources/org/sonar/db/provisioning/DevOpsPermissionsMappingMapper.xml new file mode 100644 index 00000000000..200fb120fbc --- /dev/null +++ b/server/sonar-db-dao/src/main/resources/org/sonar/db/provisioning/DevOpsPermissionsMappingMapper.xml @@ -0,0 +1,56 @@ +<?xml version="1.0" encoding="UTF-8" ?> + +<!DOCTYPE mapper PUBLIC "-//mybatis.org//DTD Mapper 3.0//EN" "mybatis-3-mapper.dtd"> + +<mapper namespace="org.sonar.db.provisioning.DevOpsPermissionsMappingMapper"> + + <sql id="devOpsPermissionsMappingColumns"> + dpm.uuid as uuid, + dpm.devops_platform as devOpsPlatform, + dpm.devops_platform_role as role, + dpm.sonarqube_permission as sonarqubePermission + </sql> + + <insert id="insert" useGeneratedKeys="false" parameterType="DevOpsPermissionsMapping"> + insert into devops_perms_mapping ( + uuid, + devops_platform, + devops_platform_role, + sonarqube_permission + ) values ( + #{uuid,jdbcType=VARCHAR}, + #{devOpsPlatform,jdbcType=VARCHAR}, + #{role,jdbcType=VARCHAR}, + #{sonarqubePermission,jdbcType=VARCHAR} + ) + </insert> + + <delete id="delete" parameterType="DevOpsPermissionsMapping"> + delete from devops_perms_mapping + where devops_platform = #{devOpsPlatform,jdbcType=VARCHAR} AND + devops_platform_role = #{role,jdbcType=VARCHAR} AND + sonarqube_permission = #{sonarqubePermission,jdbcType=VARCHAR} + </delete> + + <delete id="deleteAllPermissionsForRole" parameterType="DevOpsPermissionsMapping"> + delete from devops_perms_mapping + where devops_platform = #{devOpsPlatform,jdbcType=VARCHAR} AND devops_platform_role = #{role,jdbcType=VARCHAR} + </delete> + + <select id="selectAll" resultType="DevOpsPermissionsMapping"> + SELECT + <include refid="devOpsPermissionsMappingColumns"/> + FROM devops_perms_mapping dpm + where devops_platform = #{devOpsPlatform,jdbcType=VARCHAR} + </select> + + <select id="selectAllForRole" resultType="DevOpsPermissionsMapping"> + SELECT + <include refid="devOpsPermissionsMappingColumns"/> + FROM devops_perms_mapping dpm + WHERE + devops_platform = #{devOpsPlatform,jdbcType=VARCHAR} AND + dpm.devops_platform_role = #{role,jdbcType=VARCHAR} + </select> + +</mapper> diff --git a/server/sonar-db-dao/src/main/resources/org/sonar/db/provisioning/GithubPermissionsMappingMapper.xml b/server/sonar-db-dao/src/main/resources/org/sonar/db/provisioning/GithubPermissionsMappingMapper.xml deleted file mode 100644 index 1ef0f24582d..00000000000 --- a/server/sonar-db-dao/src/main/resources/org/sonar/db/provisioning/GithubPermissionsMappingMapper.xml +++ /dev/null @@ -1,48 +0,0 @@ -<?xml version="1.0" encoding="UTF-8" ?> - -<!DOCTYPE mapper PUBLIC "-//mybatis.org//DTD Mapper 3.0//EN" "mybatis-3-mapper.dtd"> - -<mapper namespace="org.sonar.db.provisioning.GithubPermissionsMappingMapper"> - - <sql id="githubPermissionsMappingColumns"> - gpm.uuid as uuid, - gpm.github_role as githubRole, - gpm.sonarqube_permission as sonarqubePermission - </sql> - - <insert id="insert" useGeneratedKeys="false" parameterType="GithubPermissionsMapping"> - insert into github_perms_mapping ( - uuid, - github_role, - sonarqube_permission - ) values ( - #{uuid,jdbcType=VARCHAR}, - #{githubRole,jdbcType=VARCHAR}, - #{sonarqubePermission,jdbcType=VARCHAR} - ) - </insert> - - <delete id="delete" parameterType="GithubPermissionsMapping"> - delete from github_perms_mapping - where github_role = #{githubRole,jdbcType=VARCHAR} AND sonarqube_permission = #{sonarqubePermission,jdbcType=VARCHAR} - </delete> - - <delete id="deleteAllPermissionsForRole" parameterType="GithubPermissionsMapping"> - delete from github_perms_mapping - where github_role = #{githubRole,jdbcType=VARCHAR} - </delete> - - <select id="selectAll" resultType="GithubPermissionsMapping"> - SELECT - <include refid="githubPermissionsMappingColumns"/> - FROM github_perms_mapping gpm - </select> - - <select id="selectAllForGithubRole" resultType="GithubPermissionsMapping"> - SELECT - <include refid="githubPermissionsMappingColumns"/> - FROM github_perms_mapping gpm - WHERE gpm.github_role = #{githubRole,jdbcType=VARCHAR} - </select> - -</mapper> diff --git a/server/sonar-webserver-common/src/main/java/org/sonar/server/common/almsettings/github/GithubProjectCreator.java b/server/sonar-webserver-common/src/main/java/org/sonar/server/common/almsettings/github/GithubProjectCreator.java index 90890b477fc..63da5997679 100644 --- a/server/sonar-webserver-common/src/main/java/org/sonar/server/common/almsettings/github/GithubProjectCreator.java +++ b/server/sonar-webserver-common/src/main/java/org/sonar/server/common/almsettings/github/GithubProjectCreator.java @@ -30,7 +30,7 @@ import org.sonar.auth.github.GsonRepositoryPermissions; import org.sonar.auth.github.GsonRepositoryTeam; import org.sonar.auth.github.client.GithubApplicationClient; import org.sonar.db.DbClient; -import org.sonar.db.provisioning.GithubPermissionsMappingDto; +import org.sonar.db.provisioning.DevOpsPermissionsMappingDto; import org.sonar.db.user.GroupDto; import org.sonar.server.common.almintegration.ProjectKeyGenerator; import org.sonar.server.common.almsettings.DefaultDevOpsProjectCreator; @@ -74,7 +74,7 @@ public class GithubProjectCreator extends DefaultDevOpsProjectCreator { String organization = orgaAndRepoTokenified[0]; String repository = orgaAndRepoTokenified[1]; - Set<GithubPermissionsMappingDto> permissionsMappingDtos = dbClient.githubPermissionsMappingDao().findAll(dbClient.openSession(false)); + Set<DevOpsPermissionsMappingDto> permissionsMappingDtos = dbClient.githubPermissionsMappingDao().findAll(dbClient.openSession(false), devOpsPlatformSettings.getDevOpsPlatform()); boolean userHasDirectAccessToRepo = doesUserHaveScanPermission(organization, repository, permissionsMappingDtos); if (userHasDirectAccessToRepo) { @@ -83,7 +83,7 @@ public class GithubProjectCreator extends DefaultDevOpsProjectCreator { return doesUserBelongToAGroupWithScanPermission(organization, repository, permissionsMappingDtos); } - private boolean doesUserHaveScanPermission(String organization, String repository, Set<GithubPermissionsMappingDto> permissionsMappingDtos) { + private boolean doesUserHaveScanPermission(String organization, String repository, Set<DevOpsPermissionsMappingDto> permissionsMappingDtos) { String url = requireNonNull(devOpsProjectCreationContext.almSettingDto().getUrl(), "GitHub url not defined"); Set<GsonRepositoryCollaborator> repositoryCollaborators = githubApplicationClient.getRepositoryCollaborators(url, authAppInstallationToken, organization, repository); @@ -100,7 +100,7 @@ public class GithubProjectCreator extends DefaultDevOpsProjectCreator { } private boolean doesUserBelongToAGroupWithScanPermission(String organization, String repository, - Set<GithubPermissionsMappingDto> permissionsMappingDtos) { + Set<DevOpsPermissionsMappingDto> permissionsMappingDtos) { String url = requireNonNull(devOpsProjectCreationContext.almSettingDto().getUrl(), "GitHub url not defined"); Set<GsonRepositoryTeam> repositoryTeams = githubApplicationClient.getRepositoryTeams(url, authAppInstallationToken, organization, repository); @@ -119,7 +119,7 @@ public class GithubProjectCreator extends DefaultDevOpsProjectCreator { .collect(toSet()); } - private boolean hasScanPermission(Set<GithubPermissionsMappingDto> permissionsMappingDtos, String role, GsonRepositoryPermissions permissions) { + private boolean hasScanPermission(Set<DevOpsPermissionsMappingDto> permissionsMappingDtos, String role, GsonRepositoryPermissions permissions) { Set<String> sonarqubePermissions = githubPermissionConverter.toSonarqubeRolesWithFallbackOnRepositoryPermissions(permissionsMappingDtos, role, permissions); return sonarqubePermissions.contains(UserRole.SCAN); diff --git a/server/sonar-webserver-common/src/test/java/org/sonar/server/common/almsettings/github/GithubProjectCreatorTest.java b/server/sonar-webserver-common/src/test/java/org/sonar/server/common/almsettings/github/GithubProjectCreatorTest.java index bdf3bf51c7e..733d6502aab 100644 --- a/server/sonar-webserver-common/src/test/java/org/sonar/server/common/almsettings/github/GithubProjectCreatorTest.java +++ b/server/sonar-webserver-common/src/test/java/org/sonar/server/common/almsettings/github/GithubProjectCreatorTest.java @@ -39,7 +39,7 @@ import org.sonar.auth.github.client.GithubApplicationClient; import org.sonar.db.DbClient; import org.sonar.db.alm.setting.ALM; import org.sonar.db.alm.setting.AlmSettingDto; -import org.sonar.db.provisioning.GithubPermissionsMappingDto; +import org.sonar.db.provisioning.DevOpsPermissionsMappingDto; import org.sonar.db.user.GroupDto; import org.sonar.server.common.almintegration.ProjectKeyGenerator; import org.sonar.server.common.almsettings.DevOpsProjectCreationContext; @@ -58,9 +58,11 @@ import static java.util.stream.Collectors.toSet; import static org.assertj.core.api.Assertions.assertThat; import static org.assertj.core.api.Assertions.assertThatIllegalStateException; import static org.mockito.ArgumentMatchers.any; +import static org.mockito.ArgumentMatchers.eq; import static org.mockito.Mockito.lenient; import static org.mockito.Mockito.mock; import static org.mockito.Mockito.when; +import static org.sonar.server.user.UserSession.IdentityProvider.GITHUB; @ExtendWith(MockitoExtension.class) class GithubProjectCreatorTest { @@ -120,6 +122,8 @@ class GithubProjectCreatorTest { lenient().when(devOpsProjectCreationContext.fullName()).thenReturn(ORGANIZATION_NAME + "/" + REPOSITORY_NAME); lenient().when(devOpsProjectCreationContext.defaultBranchName()).thenReturn(MAIN_BRANCH_NAME); + when(gitHubSettings.getDevOpsPlatform()).thenReturn(GITHUB.getKey()); + ProjectCreator projectCreator = new ProjectCreator(userSession, projectDefaultVisibility, componentUpdater); githubProjectCreator = new GithubProjectCreator(dbClient, devOpsProjectCreationContext, projectKeyGenerator, gitHubSettings, projectCreator, permissionService, permissionUpdater, managedProjectService, githubApplicationClient, githubPermissionConverter, authAppInstallationToken); @@ -218,21 +222,21 @@ class GithubProjectCreatorTest { } private void mockPermissionsConversion(GsonRepositoryCollaborator collaborator, String... sqPermissions) { - Set<GithubPermissionsMappingDto> githubPermissionsMappingDtos = mockPermissionsMappingsDtos(); - lenient().when(githubPermissionConverter.toSonarqubeRolesWithFallbackOnRepositoryPermissions(githubPermissionsMappingDtos, collaborator.roleName(), collaborator.permissions())) + Set<DevOpsPermissionsMappingDto> devOpsPermissionsMappingDtos = mockPermissionsMappingsDtos(); + lenient().when(githubPermissionConverter.toSonarqubeRolesWithFallbackOnRepositoryPermissions(devOpsPermissionsMappingDtos, collaborator.roleName(), collaborator.permissions())) .thenReturn(Arrays.stream(sqPermissions).collect(toSet())); } private void mockPermissionsConversion(GsonRepositoryTeam team, String... sqPermissions) { - Set<GithubPermissionsMappingDto> githubPermissionsMappingDtos = mockPermissionsMappingsDtos(); - lenient().when(githubPermissionConverter.toSonarqubeRolesWithFallbackOnRepositoryPermissions(githubPermissionsMappingDtos, team.permission(), team.permissions())) + Set<DevOpsPermissionsMappingDto> devOpsPermissionsMappingDtos = mockPermissionsMappingsDtos(); + lenient().when(githubPermissionConverter.toSonarqubeRolesWithFallbackOnRepositoryPermissions(devOpsPermissionsMappingDtos, team.permission(), team.permissions())) .thenReturn(Arrays.stream(sqPermissions).collect(toSet())); } - private Set<GithubPermissionsMappingDto> mockPermissionsMappingsDtos() { - Set<GithubPermissionsMappingDto> githubPermissionsMappingDtos = Set.of(mock(GithubPermissionsMappingDto.class)); - when(dbClient.githubPermissionsMappingDao().findAll(any())).thenReturn(githubPermissionsMappingDtos); - return githubPermissionsMappingDtos; + private Set<DevOpsPermissionsMappingDto> mockPermissionsMappingsDtos() { + Set<DevOpsPermissionsMappingDto> devOpsPermissionsMappingDtos = Set.of(mock(DevOpsPermissionsMappingDto.class)); + when(dbClient.githubPermissionsMappingDao().findAll(any(), eq(GITHUB.getKey()))).thenReturn(devOpsPermissionsMappingDtos); + return devOpsPermissionsMappingDtos; } private void bindGroupsToUser(String... groupNames) { |