aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--server/sonar-alm-client/src/main/java/org/sonar/alm/client/github/GithubPermissionConverter.java16
-rw-r--r--server/sonar-alm-client/src/test/java/org/sonar/alm/client/github/GithubPermissionConverterTest.java14
-rw-r--r--server/sonar-db-core/src/main/java/org/sonar/db/version/SqTables.java2
-rw-r--r--server/sonar-db-dao/src/it/java/org/sonar/db/provisioning/DevOpsPermissionsMappingDaoIT.java161
-rw-r--r--server/sonar-db-dao/src/it/java/org/sonar/db/provisioning/GithubPermissionsMappingDaoIT.java142
-rw-r--r--server/sonar-db-dao/src/main/java/org/sonar/db/DaoModule.java4
-rw-r--r--server/sonar-db-dao/src/main/java/org/sonar/db/DbClient.java10
-rw-r--r--server/sonar-db-dao/src/main/java/org/sonar/db/MyBatis.java8
-rw-r--r--server/sonar-db-dao/src/main/java/org/sonar/db/audit/AuditPersister.java6
-rw-r--r--server/sonar-db-dao/src/main/java/org/sonar/db/audit/NoOpAuditPersister.java6
-rw-r--r--server/sonar-db-dao/src/main/java/org/sonar/db/audit/model/DevOpsPermissionsMappingNewValue.java (renamed from server/sonar-db-dao/src/main/java/org/sonar/db/audit/model/GithubPermissionsMappingNewValue.java)19
-rw-r--r--server/sonar-db-dao/src/main/java/org/sonar/db/provisioning/DevOpsPermissionsMappingDao.java72
-rw-r--r--server/sonar-db-dao/src/main/java/org/sonar/db/provisioning/DevOpsPermissionsMappingDto.java (renamed from server/sonar-db-dao/src/main/java/org/sonar/db/provisioning/GithubPermissionsMappingDto.java)2
-rw-r--r--server/sonar-db-dao/src/main/java/org/sonar/db/provisioning/DevOpsPermissionsMappingMapper.java (renamed from server/sonar-db-dao/src/main/java/org/sonar/db/provisioning/GithubPermissionsMappingMapper.java)12
-rw-r--r--server/sonar-db-dao/src/main/java/org/sonar/db/provisioning/GithubPermissionsMappingDao.java67
-rw-r--r--server/sonar-db-dao/src/main/resources/org/sonar/db/provisioning/DevOpsPermissionsMappingMapper.xml56
-rw-r--r--server/sonar-db-dao/src/main/resources/org/sonar/db/provisioning/GithubPermissionsMappingMapper.xml48
-rw-r--r--server/sonar-webserver-common/src/main/java/org/sonar/server/common/almsettings/github/GithubProjectCreator.java10
-rw-r--r--server/sonar-webserver-common/src/test/java/org/sonar/server/common/almsettings/github/GithubProjectCreatorTest.java22
19 files changed, 361 insertions, 316 deletions
diff --git a/server/sonar-alm-client/src/main/java/org/sonar/alm/client/github/GithubPermissionConverter.java b/server/sonar-alm-client/src/main/java/org/sonar/alm/client/github/GithubPermissionConverter.java
index 5c22374cf15..cea9a01054a 100644
--- a/server/sonar-alm-client/src/main/java/org/sonar/alm/client/github/GithubPermissionConverter.java
+++ b/server/sonar-alm-client/src/main/java/org/sonar/alm/client/github/GithubPermissionConverter.java
@@ -28,7 +28,7 @@ import javax.annotation.Nullable;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.sonar.auth.github.GsonRepositoryPermissions;
-import org.sonar.db.provisioning.GithubPermissionsMappingDto;
+import org.sonar.db.provisioning.DevOpsPermissionsMappingDto;
import static java.util.function.Function.identity;
import static java.util.stream.Collectors.toMap;
@@ -68,7 +68,7 @@ public class GithubPermissionConverter {
.collect(toMap(identity(), sonarqubeRoles::contains));
}
- public Set<String> toSonarqubeRolesWithFallbackOnRepositoryPermissions(Set<GithubPermissionsMappingDto> allPermissionsMappings,
+ public Set<String> toSonarqubeRolesWithFallbackOnRepositoryPermissions(Set<DevOpsPermissionsMappingDto> allPermissionsMappings,
String githubRoleOrPermission, GsonRepositoryPermissions repositoryPermissions) {
String roleName = toRoleName(githubRoleOrPermission);
return toSonarqubeRoles(allPermissionsMappings, roleName, repositoryPermissions);
@@ -78,19 +78,19 @@ public class GithubPermissionConverter {
return GITHUB_GROUP_PERMISSION_TO_ROLE_NAME.getOrDefault(permission, permission);
}
- public Set<String> toSonarqubeRolesForDefaultRepositoryPermission(Set<GithubPermissionsMappingDto> allPermissionsMappings, String roleName) {
+ public Set<String> toSonarqubeRolesForDefaultRepositoryPermission(Set<DevOpsPermissionsMappingDto> allPermissionsMappings, String roleName) {
return toSonarqubeRoles(allPermissionsMappings, roleName, null);
}
- private static Set<String> toSonarqubeRoles(Set<GithubPermissionsMappingDto> allPermissionsMappings, String githubRoleName,
+ private static Set<String> toSonarqubeRoles(Set<DevOpsPermissionsMappingDto> allPermissionsMappings, String githubRoleName,
@Nullable GsonRepositoryPermissions repositoryPermissions) {
- Map<String, List<GithubPermissionsMappingDto>> permissionMappings = allPermissionsMappings.stream()
- .collect(Collectors.groupingBy(GithubPermissionsMappingDto::githubRole));
+ Map<String, List<DevOpsPermissionsMappingDto>> permissionMappings = allPermissionsMappings.stream()
+ .collect(Collectors.groupingBy(DevOpsPermissionsMappingDto::role));
Set<String> sonarqubePermissions = Optional.ofNullable(permissionMappings.get(githubRoleName))
.orElse(GithubPermissionConverter.computeBaseRoleAndGetSqPermissions(permissionMappings, repositoryPermissions))
.stream()
- .map(GithubPermissionsMappingDto::sonarqubePermission)
+ .map(DevOpsPermissionsMappingDto::sonarqubePermission)
.collect(Collectors.toSet());
if (sonarqubePermissions.isEmpty()) {
@@ -99,7 +99,7 @@ public class GithubPermissionConverter {
return sonarqubePermissions;
}
- private static List<GithubPermissionsMappingDto> computeBaseRoleAndGetSqPermissions(Map<String, List<GithubPermissionsMappingDto>> permissionMappings,
+ private static List<DevOpsPermissionsMappingDto> computeBaseRoleAndGetSqPermissions(Map<String, List<DevOpsPermissionsMappingDto>> permissionMappings,
@Nullable GsonRepositoryPermissions repositoryPermissions) {
return Optional.ofNullable(repositoryPermissions)
.map(GITHUB_PERMISSION_TO_GITHUB_BASE_ROLE::get)
diff --git a/server/sonar-alm-client/src/test/java/org/sonar/alm/client/github/GithubPermissionConverterTest.java b/server/sonar-alm-client/src/test/java/org/sonar/alm/client/github/GithubPermissionConverterTest.java
index fb16bbb1d8b..a4d72469738 100644
--- a/server/sonar-alm-client/src/test/java/org/sonar/alm/client/github/GithubPermissionConverterTest.java
+++ b/server/sonar-alm-client/src/test/java/org/sonar/alm/client/github/GithubPermissionConverterTest.java
@@ -26,7 +26,7 @@ import org.junit.runner.RunWith;
import org.junit.runners.Parameterized;
import org.junit.runners.Suite;
import org.sonar.auth.github.GsonRepositoryPermissions;
-import org.sonar.db.provisioning.GithubPermissionsMappingDto;
+import org.sonar.db.provisioning.DevOpsPermissionsMappingDto;
import static org.assertj.core.api.Assertions.assertThat;
@@ -37,12 +37,12 @@ import static org.assertj.core.api.Assertions.assertThat;
})
public class GithubPermissionConverterTest {
- private static final Set<GithubPermissionsMappingDto> ALL_PERMISSIONS_MAPPING_FROM_DB = Set.of(
- new GithubPermissionsMappingDto("uuid1", "read", "roleRead"),
- new GithubPermissionsMappingDto("uuid2", "triage", "roleTriage"),
- new GithubPermissionsMappingDto("uuid3", "write", "roleWrite"),
- new GithubPermissionsMappingDto("uuid4", "maintain", "roleMaintain"),
- new GithubPermissionsMappingDto("uuid5", "admin", "roleAdmin")
+ private static final Set<DevOpsPermissionsMappingDto> ALL_PERMISSIONS_MAPPING_FROM_DB = Set.of(
+ new DevOpsPermissionsMappingDto("uuid1", "github", "read", "roleRead"),
+ new DevOpsPermissionsMappingDto("uuid2", "github", "triage", "roleTriage"),
+ new DevOpsPermissionsMappingDto("uuid3", "github", "write", "roleWrite"),
+ new DevOpsPermissionsMappingDto("uuid4", "github", "maintain", "roleMaintain"),
+ new DevOpsPermissionsMappingDto("uuid5", "github", "admin", "roleAdmin")
) ;
private static final GsonRepositoryPermissions NO_PERMS = new GsonRepositoryPermissions(false, false, false, false, false);
diff --git a/server/sonar-db-core/src/main/java/org/sonar/db/version/SqTables.java b/server/sonar-db-core/src/main/java/org/sonar/db/version/SqTables.java
index 32bd5f7e330..bc3d0ab98a0 100644
--- a/server/sonar-db-core/src/main/java/org/sonar/db/version/SqTables.java
+++ b/server/sonar-db-core/src/main/java/org/sonar/db/version/SqTables.java
@@ -46,6 +46,7 @@ public final class SqTables {
"components",
"default_qprofiles",
"deprecated_rule_keys",
+ "devops_perms_mapping",
"duplications_index",
"es_queue",
"events",
@@ -53,7 +54,6 @@ public final class SqTables {
"external_groups",
"file_sources",
"github_orgs_groups",
- "github_perms_mapping",
"groups",
"groups_users",
"group_roles",
diff --git a/server/sonar-db-dao/src/it/java/org/sonar/db/provisioning/DevOpsPermissionsMappingDaoIT.java b/server/sonar-db-dao/src/it/java/org/sonar/db/provisioning/DevOpsPermissionsMappingDaoIT.java
new file mode 100644
index 00000000000..12a9ad741b0
--- /dev/null
+++ b/server/sonar-db-dao/src/it/java/org/sonar/db/provisioning/DevOpsPermissionsMappingDaoIT.java
@@ -0,0 +1,161 @@
+/*
+ * SonarQube
+ * Copyright (C) 2009-2024 SonarSource SA
+ * mailto:info AT sonarsource DOT com
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 3 of the License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with this program; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+ */
+package org.sonar.db.provisioning;
+
+import java.util.List;
+import java.util.Set;
+import org.junit.jupiter.api.BeforeEach;
+import org.junit.jupiter.api.Test;
+import org.junit.jupiter.api.extension.RegisterExtension;
+import org.mockito.ArgumentCaptor;
+import org.sonar.db.DbSession;
+import org.sonar.db.DbTester;
+import org.sonar.db.audit.AuditPersister;
+import org.sonar.db.audit.model.DevOpsPermissionsMappingNewValue;
+
+import static org.assertj.core.api.Assertions.assertThat;
+import static org.mockito.ArgumentMatchers.eq;
+import static org.mockito.Mockito.mock;
+import static org.mockito.Mockito.reset;
+import static org.mockito.Mockito.verify;
+import static org.sonar.db.audit.model.DevOpsPermissionsMappingNewValue.ALL_PERMISSIONS;
+
+class DevOpsPermissionsMappingDaoIT {
+
+ private static final String MAPPING_UUID = "uuid";
+ protected static final String DEV_OPS_PLATFORM = "github";
+
+ private final AuditPersister auditPersister = mock();
+
+ @RegisterExtension
+ private final DbTester db = DbTester.create(auditPersister);
+
+ private final ArgumentCaptor<DevOpsPermissionsMappingNewValue> newValueCaptor =
+ ArgumentCaptor.forClass(DevOpsPermissionsMappingNewValue.class);
+
+ private final DbSession dbSession = db.getSession();
+
+ private final DevOpsPermissionsMappingDao underTest = db.getDbClient().githubPermissionsMappingDao();
+
+ @BeforeEach
+ public void setUp() {
+ List<DevOpsPermissionsMappingDto> role1Mappings = List.of(
+ new DevOpsPermissionsMappingDto("otherDop1", DEV_OPS_PLATFORM + "2", "GH_role_1", "SQ_role_1"),
+ new DevOpsPermissionsMappingDto("otherDop2", DEV_OPS_PLATFORM + "2", "GH_role_2", "SQ_role_2"),
+ new DevOpsPermissionsMappingDto("otherDop3", DEV_OPS_PLATFORM + "2", "GH_role_3", "SQ_role_3"));
+
+ role1Mappings.forEach(mapping -> underTest.insert(dbSession, mapping));
+ reset(auditPersister);
+ }
+
+ @Test
+ void insert_savesGithubPermissionsMappingDto() {
+ DevOpsPermissionsMappingDto devOpsPermissionsMappingDto = new DevOpsPermissionsMappingDto(MAPPING_UUID, DEV_OPS_PLATFORM, "GH_role", "SQ_role");
+
+ underTest.insert(dbSession, devOpsPermissionsMappingDto);
+
+ Set<DevOpsPermissionsMappingDto> savedGithubPermissionsMappings = underTest.findAll(dbSession, DEV_OPS_PLATFORM);
+ assertThat(savedGithubPermissionsMappings).hasSize(1);
+ DevOpsPermissionsMappingDto savedMapping = savedGithubPermissionsMappings.iterator().next();
+ assertThat(savedMapping.uuid()).isEqualTo(devOpsPermissionsMappingDto.uuid());
+ assertThat(savedMapping.role()).isEqualTo(devOpsPermissionsMappingDto.role());
+ assertThat(savedMapping.sonarqubePermission()).isEqualTo(devOpsPermissionsMappingDto.sonarqubePermission());
+
+ verify(auditPersister).addDevOpsPermissionsMapping(eq(dbSession), newValueCaptor.capture());
+ assertThat(newValueCaptor.getValue().getDevOpsPlatform()).isEqualTo(DEV_OPS_PLATFORM);
+ assertThat(newValueCaptor.getValue().getGithubRole()).isEqualTo(devOpsPermissionsMappingDto.role());
+ assertThat(newValueCaptor.getValue().getSonarqubePermission()).isEqualTo(devOpsPermissionsMappingDto.sonarqubePermission());
+ }
+
+ @Test
+ void delete_deletesGithubPermissionsMappingDto() {
+ DevOpsPermissionsMappingDto devOpsPermissionsMappingDto = new DevOpsPermissionsMappingDto(MAPPING_UUID, DEV_OPS_PLATFORM, "GH_role", "SQ_role");
+
+ underTest.insert(dbSession, devOpsPermissionsMappingDto);
+ underTest.delete(dbSession, DEV_OPS_PLATFORM, "GH_role", "SQ_role");
+
+ Set<DevOpsPermissionsMappingDto> savedGithubPermissionsMappings = underTest.findAll(dbSession, DEV_OPS_PLATFORM);
+ assertThat(savedGithubPermissionsMappings).isEmpty();
+
+ verify(auditPersister).deleteDevOpsPermissionsMapping(eq(dbSession), newValueCaptor.capture());
+ assertThat(newValueCaptor.getValue().getDevOpsPlatform()).isEqualTo(DEV_OPS_PLATFORM);
+ assertThat(newValueCaptor.getValue().getGithubRole()).isEqualTo("GH_role");
+ assertThat(newValueCaptor.getValue().getSonarqubePermission()).isEqualTo("SQ_role");
+ }
+
+ @Test
+ void deleteAllPermissionsForRole_deletesGithubPermissionsMappingDto() {
+ List<DevOpsPermissionsMappingDto> role1Mappings = List.of(
+ new DevOpsPermissionsMappingDto("1", DEV_OPS_PLATFORM, "GH_role_1", "SQ_role_1"),
+ new DevOpsPermissionsMappingDto("2", DEV_OPS_PLATFORM, "GH_role_1", "SQ_role_2"),
+ new DevOpsPermissionsMappingDto("3", DEV_OPS_PLATFORM, "GH_role_1", "SQ_role_3"));
+
+ List<DevOpsPermissionsMappingDto> role2Mappings = List.of(
+ new DevOpsPermissionsMappingDto("4", DEV_OPS_PLATFORM, "GH_role_2", "SQ_role_1"),
+ new DevOpsPermissionsMappingDto("5", DEV_OPS_PLATFORM, "GH_role_2", "SQ_role_2"));
+
+ role1Mappings.forEach(mapping -> underTest.insert(dbSession, mapping));
+ role2Mappings.forEach(mapping -> underTest.insert(dbSession, mapping));
+
+ underTest.deleteAllPermissionsForRole(dbSession, DEV_OPS_PLATFORM, "GH_role_1");
+
+ Set<DevOpsPermissionsMappingDto> savedGithubPermissionsMappings = underTest.findAll(dbSession, DEV_OPS_PLATFORM);
+ assertThat(savedGithubPermissionsMappings).containsExactlyInAnyOrderElementsOf(role2Mappings);
+
+ verify(auditPersister).deleteDevOpsPermissionsMapping(eq(dbSession), newValueCaptor.capture());
+ assertThat(newValueCaptor.getValue().getDevOpsPlatform()).isEqualTo(DEV_OPS_PLATFORM);
+ assertThat(newValueCaptor.getValue().getGithubRole()).isEqualTo("GH_role_1");
+ assertThat(newValueCaptor.getValue().getSonarqubePermission()).isEqualTo(ALL_PERMISSIONS);
+ }
+
+ @Test
+ void findAll_shouldReturnAllDevOpsPermissionMappingOfDevOpsPlatform() {
+ DevOpsPermissionsMappingDto mapping1 = new DevOpsPermissionsMappingDto(MAPPING_UUID, DEV_OPS_PLATFORM, "GH_role", "SQ_role");
+ DevOpsPermissionsMappingDto mapping2 = new DevOpsPermissionsMappingDto(MAPPING_UUID + "2", DEV_OPS_PLATFORM, "GH_role2", "SQ_role");
+ DevOpsPermissionsMappingDto mapping3 = new DevOpsPermissionsMappingDto(MAPPING_UUID + "3", DEV_OPS_PLATFORM + "2", "GH_role2", "SQ_role");
+
+ underTest.insert(dbSession, mapping1);
+ underTest.insert(dbSession, mapping2);
+ underTest.insert(dbSession, mapping3);
+
+ Set<DevOpsPermissionsMappingDto> all = underTest.findAll(dbSession, DEV_OPS_PLATFORM);
+
+ assertThat(all).hasSize(2)
+ .containsExactlyInAnyOrder(
+ mapping1,
+ mapping2);
+ }
+
+ @Test
+ void findAllForGithubRole_shouldReturnPermissionsForTheRole() {
+ DevOpsPermissionsMappingDto mapping1 = new DevOpsPermissionsMappingDto(MAPPING_UUID, DEV_OPS_PLATFORM, "GH_role", "SQ_role");
+ DevOpsPermissionsMappingDto mapping2 = new DevOpsPermissionsMappingDto(MAPPING_UUID + "2", DEV_OPS_PLATFORM, "GH_role2", "SQ_role");
+ DevOpsPermissionsMappingDto mapping3 = new DevOpsPermissionsMappingDto(MAPPING_UUID + "3", DEV_OPS_PLATFORM, "GH_role2", "SQ_role2");
+ underTest.insert(dbSession, mapping1);
+ underTest.insert(dbSession, mapping2);
+ underTest.insert(dbSession, mapping3);
+
+ Set<DevOpsPermissionsMappingDto> forRole2 = underTest.findAllForRole(dbSession, DEV_OPS_PLATFORM, "GH_role2");
+ assertThat(forRole2).hasSize(2)
+ .containsExactlyInAnyOrder(mapping2, mapping3);
+
+ }
+
+}
diff --git a/server/sonar-db-dao/src/it/java/org/sonar/db/provisioning/GithubPermissionsMappingDaoIT.java b/server/sonar-db-dao/src/it/java/org/sonar/db/provisioning/GithubPermissionsMappingDaoIT.java
deleted file mode 100644
index 4ca14987d78..00000000000
--- a/server/sonar-db-dao/src/it/java/org/sonar/db/provisioning/GithubPermissionsMappingDaoIT.java
+++ /dev/null
@@ -1,142 +0,0 @@
-/*
- * SonarQube
- * Copyright (C) 2009-2024 SonarSource SA
- * mailto:info AT sonarsource DOT com
- *
- * This program is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public
- * License as published by the Free Software Foundation; either
- * version 3 of the License, or (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public License
- * along with this program; if not, write to the Free Software Foundation,
- * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
- */
-package org.sonar.db.provisioning;
-
-import java.util.List;
-import java.util.Set;
-import org.junit.jupiter.api.Test;
-import org.junit.jupiter.api.extension.RegisterExtension;
-import org.mockito.ArgumentCaptor;
-import org.sonar.db.DbSession;
-import org.sonar.db.DbTester;
-import org.sonar.db.audit.AuditPersister;
-import org.sonar.db.audit.model.GithubPermissionsMappingNewValue;
-
-import static org.assertj.core.api.Assertions.assertThat;
-import static org.mockito.ArgumentMatchers.eq;
-import static org.mockito.Mockito.mock;
-import static org.mockito.Mockito.verify;
-import static org.sonar.db.audit.model.GithubPermissionsMappingNewValue.ALL_PERMISSIONS;
-
-class GithubPermissionsMappingDaoIT {
-
- private static final String MAPPING_UUID = "uuid";
-
- private final AuditPersister auditPersister = mock();
-
- @RegisterExtension
- private final DbTester db = DbTester.create(auditPersister);
-
- private final ArgumentCaptor<GithubPermissionsMappingNewValue> newValueCaptor =
- ArgumentCaptor.forClass(GithubPermissionsMappingNewValue.class);
-
- private final DbSession dbSession = db.getSession();
-
- private final GithubPermissionsMappingDao underTest = db.getDbClient().githubPermissionsMappingDao();
-
- @Test
- void insert_savesGithubPermissionsMappingDto() {
- GithubPermissionsMappingDto githubPermissionsMappingDto = new GithubPermissionsMappingDto(MAPPING_UUID, "GH_role", "SQ_role");
-
- underTest.insert(dbSession, githubPermissionsMappingDto);
-
- Set<GithubPermissionsMappingDto> savedGithubPermissionsMappings = underTest.findAll(dbSession);
- assertThat(savedGithubPermissionsMappings).hasSize(1);
- GithubPermissionsMappingDto savedMapping = savedGithubPermissionsMappings.iterator().next();
- assertThat(savedMapping.uuid()).isEqualTo(githubPermissionsMappingDto.uuid());
- assertThat(savedMapping.githubRole()).isEqualTo(githubPermissionsMappingDto.githubRole());
- assertThat(savedMapping.sonarqubePermission()).isEqualTo(githubPermissionsMappingDto.sonarqubePermission());
-
- verify(auditPersister).addGithubPermissionsMapping(eq(dbSession), newValueCaptor.capture());
- assertThat(newValueCaptor.getValue().getGithubRole()).isEqualTo(githubPermissionsMappingDto.githubRole());
- assertThat(newValueCaptor.getValue().getSonarqubePermission()).isEqualTo(githubPermissionsMappingDto.sonarqubePermission());
- }
-
- @Test
- void delete_deletesGithubPermissionsMappingDto() {
- GithubPermissionsMappingDto githubPermissionsMappingDto = new GithubPermissionsMappingDto(MAPPING_UUID, "GH_role", "SQ_role");
-
- underTest.insert(dbSession, githubPermissionsMappingDto);
- underTest.delete(dbSession, "GH_role", "SQ_role");
-
- Set<GithubPermissionsMappingDto> savedGithubPermissionsMappings = underTest.findAll(dbSession);
- assertThat(savedGithubPermissionsMappings).isEmpty();
-
- verify(auditPersister).deleteGithubPermissionsMapping(eq(dbSession), newValueCaptor.capture());
- assertThat(newValueCaptor.getValue().getGithubRole()).isEqualTo("GH_role");
- assertThat(newValueCaptor.getValue().getSonarqubePermission()).isEqualTo("SQ_role");
- }
-
- @Test
- void deleteAllPermissionsForRole_deletesGithubPermissionsMappingDto() {
- List<GithubPermissionsMappingDto> role1Mappings = List.of(
- new GithubPermissionsMappingDto("1", "GH_role_1", "SQ_role_1"),
- new GithubPermissionsMappingDto("2", "GH_role_1", "SQ_role_2"),
- new GithubPermissionsMappingDto("3", "GH_role_1", "SQ_role_3"));
-
- List<GithubPermissionsMappingDto> role2Mappings = List.of(
- new GithubPermissionsMappingDto("4", "GH_role_2", "SQ_role_1"),
- new GithubPermissionsMappingDto("5", "GH_role_2", "SQ_role_2"));
-
- role1Mappings.forEach(mapping -> underTest.insert(dbSession, mapping));
- role2Mappings.forEach(mapping -> underTest.insert(dbSession, mapping));
-
- underTest.deleteAllPermissionsForRole(dbSession, "GH_role_1");
-
- Set<GithubPermissionsMappingDto> savedGithubPermissionsMappings = underTest.findAll(dbSession);
- assertThat(savedGithubPermissionsMappings).containsExactlyInAnyOrderElementsOf(role2Mappings);
-
- verify(auditPersister).deleteGithubPermissionsMapping(eq(dbSession), newValueCaptor.capture());
- assertThat(newValueCaptor.getValue().getGithubRole()).isEqualTo("GH_role_1");
- assertThat(newValueCaptor.getValue().getSonarqubePermission()).isEqualTo(ALL_PERMISSIONS);
- }
-
- @Test
- void findAll_shouldReturnAllGithubOrganizationGroup() {
- GithubPermissionsMappingDto mapping1 = new GithubPermissionsMappingDto(MAPPING_UUID, "GH_role", "SQ_role");
- GithubPermissionsMappingDto mapping2 = new GithubPermissionsMappingDto(MAPPING_UUID + "2", "GH_role2", "SQ_role");
-
- underTest.insert(dbSession, mapping1);
- underTest.insert(dbSession, mapping2);
-
- Set<GithubPermissionsMappingDto> all = underTest.findAll(dbSession);
-
- assertThat(all).hasSize(2)
- .containsExactlyInAnyOrder(
- mapping1,
- mapping2);
- }
-
- @Test
- void findAllForGithubRole_shouldReturnPermissionsForTheRole() {
- GithubPermissionsMappingDto mapping1 = new GithubPermissionsMappingDto(MAPPING_UUID, "GH_role", "SQ_role");
- GithubPermissionsMappingDto mapping2 = new GithubPermissionsMappingDto(MAPPING_UUID + "2", "GH_role2", "SQ_role");
- GithubPermissionsMappingDto mapping3 = new GithubPermissionsMappingDto(MAPPING_UUID + "3", "GH_role2", "SQ_role2");
- underTest.insert(dbSession, mapping1);
- underTest.insert(dbSession, mapping2);
- underTest.insert(dbSession, mapping3);
-
- Set<GithubPermissionsMappingDto> forRole2 = underTest.findAllForGithubRole(dbSession, "GH_role2");
- assertThat(forRole2).hasSize(2)
- .containsExactlyInAnyOrder(mapping2, mapping3);
-
- }
-
-}
diff --git a/server/sonar-db-dao/src/main/java/org/sonar/db/DaoModule.java b/server/sonar-db-dao/src/main/java/org/sonar/db/DaoModule.java
index 26e1187218d..bb7b126d088 100644
--- a/server/sonar-db-dao/src/main/java/org/sonar/db/DaoModule.java
+++ b/server/sonar-db-dao/src/main/java/org/sonar/db/DaoModule.java
@@ -66,7 +66,7 @@ import org.sonar.db.property.InternalComponentPropertiesDao;
import org.sonar.db.property.InternalPropertiesDao;
import org.sonar.db.property.PropertiesDao;
import org.sonar.db.provisioning.GithubOrganizationGroupDao;
-import org.sonar.db.provisioning.GithubPermissionsMappingDao;
+import org.sonar.db.provisioning.DevOpsPermissionsMappingDao;
import org.sonar.db.purge.PurgeDao;
import org.sonar.db.pushevent.PushEventDao;
import org.sonar.db.qualitygate.ProjectQgateAssociationDao;
@@ -127,13 +127,13 @@ public class DaoModule extends Module {
ComponentDao.class,
ComponentKeyUpdaterDao.class,
DefaultQProfileDao.class,
+ DevOpsPermissionsMappingDao.class,
DuplicationDao.class,
EntityDao.class,
EsQueueDao.class,
EventDao.class,
EventComponentChangeDao.class,
GithubOrganizationGroupDao.class,
- GithubPermissionsMappingDao.class,
ExternalGroupDao.class,
FileSourceDao.class,
GroupDao.class,
diff --git a/server/sonar-db-dao/src/main/java/org/sonar/db/DbClient.java b/server/sonar-db-dao/src/main/java/org/sonar/db/DbClient.java
index c336b040b8c..8f68429cbb0 100644
--- a/server/sonar-db-dao/src/main/java/org/sonar/db/DbClient.java
+++ b/server/sonar-db-dao/src/main/java/org/sonar/db/DbClient.java
@@ -66,7 +66,7 @@ import org.sonar.db.property.InternalComponentPropertiesDao;
import org.sonar.db.property.InternalPropertiesDao;
import org.sonar.db.property.PropertiesDao;
import org.sonar.db.provisioning.GithubOrganizationGroupDao;
-import org.sonar.db.provisioning.GithubPermissionsMappingDao;
+import org.sonar.db.provisioning.DevOpsPermissionsMappingDao;
import org.sonar.db.purge.PurgeDao;
import org.sonar.db.pushevent.PushEventDao;
import org.sonar.db.qualitygate.ProjectQgateAssociationDao;
@@ -192,7 +192,7 @@ public class DbClient {
private final ReportScheduleDao reportScheduleDao;
private final ReportSubscriptionDao reportSubscriptionDao;
private final GithubOrganizationGroupDao githubOrganizationGroupDao;
- private final GithubPermissionsMappingDao githubPermissionsMappingDao;
+ private final DevOpsPermissionsMappingDao devopsPermissionsMappingDao;
private final RuleChangeDao ruleChangeDao;
private final ProjectExportDao projectExportDao;
private final IssueFixedDao issueFixedDao;
@@ -254,7 +254,7 @@ public class DbClient {
metricDao = getDao(map, MetricDao.class);
groupDao = getDao(map, GroupDao.class);
githubOrganizationGroupDao = getDao(map, GithubOrganizationGroupDao.class);
- githubPermissionsMappingDao = getDao(map, GithubPermissionsMappingDao.class);
+ devopsPermissionsMappingDao = getDao(map, DevOpsPermissionsMappingDao.class);
externalGroupDao = getDao(map, ExternalGroupDao.class);
ruleDao = getDao(map, RuleDao.class);
ruleRepositoryDao = getDao(map, RuleRepositoryDao.class);
@@ -513,8 +513,8 @@ public class DbClient {
return githubOrganizationGroupDao;
}
- public GithubPermissionsMappingDao githubPermissionsMappingDao() {
- return githubPermissionsMappingDao;
+ public DevOpsPermissionsMappingDao githubPermissionsMappingDao() {
+ return devopsPermissionsMappingDao;
}
public ExternalGroupDao externalGroupDao() {
diff --git a/server/sonar-db-dao/src/main/java/org/sonar/db/MyBatis.java b/server/sonar-db-dao/src/main/java/org/sonar/db/MyBatis.java
index 35162ba115e..e14f8adac8a 100644
--- a/server/sonar-db-dao/src/main/java/org/sonar/db/MyBatis.java
+++ b/server/sonar-db-dao/src/main/java/org/sonar/db/MyBatis.java
@@ -121,8 +121,8 @@ import org.sonar.db.property.PropertiesMapper;
import org.sonar.db.property.ScrapPropertyDto;
import org.sonar.db.provisioning.GithubOrganizationGroupDto;
import org.sonar.db.provisioning.GithubOrganizationGroupMapper;
-import org.sonar.db.provisioning.GithubPermissionsMappingDto;
-import org.sonar.db.provisioning.GithubPermissionsMappingMapper;
+import org.sonar.db.provisioning.DevOpsPermissionsMappingDto;
+import org.sonar.db.provisioning.DevOpsPermissionsMappingMapper;
import org.sonar.db.purge.PurgeMapper;
import org.sonar.db.purge.PurgeableAnalysisDto;
import org.sonar.db.pushevent.PushEventDto;
@@ -208,12 +208,12 @@ public class MyBatis {
confBuilder.loadAlias("AnticipatedTransition", AnticipatedTransitionDto.class);
confBuilder.loadAlias("CeTaskCharacteristic", CeTaskCharacteristicDto.class);
confBuilder.loadAlias("Component", ComponentDto.class);
+ confBuilder.loadAlias("DevOpsPermissionsMapping", DevOpsPermissionsMappingDto.class);
confBuilder.loadAlias("DuplicationUnit", DuplicationUnitDto.class);
confBuilder.loadAlias("Entity", EntityDto.class);
confBuilder.loadAlias("Event", EventDto.class);
confBuilder.loadAlias("ExternalGroup", ExternalGroupDto.class);
confBuilder.loadAlias("GithubOrganizationGroup", GithubOrganizationGroupDto.class);
- confBuilder.loadAlias("GithubPermissionsMapping", GithubPermissionsMappingDto.class);
confBuilder.loadAlias("FilePathWithHash", FilePathWithHashDto.class);
confBuilder.loadAlias("KeyWithUuid", KeyWithUuidDto.class);
confBuilder.loadAlias("Group", GroupDto.class);
@@ -292,7 +292,7 @@ public class MyBatis {
EventMapper.class,
EventComponentChangeMapper.class,
GithubOrganizationGroupMapper.class,
- GithubPermissionsMappingMapper.class,
+ DevOpsPermissionsMappingMapper.class,
ExternalGroupMapper.class,
FileSourceMapper.class,
GroupMapper.class,
diff --git a/server/sonar-db-dao/src/main/java/org/sonar/db/audit/AuditPersister.java b/server/sonar-db-dao/src/main/java/org/sonar/db/audit/AuditPersister.java
index 25d0bcbf65d..5e6f11a95f4 100644
--- a/server/sonar-db-dao/src/main/java/org/sonar/db/audit/AuditPersister.java
+++ b/server/sonar-db-dao/src/main/java/org/sonar/db/audit/AuditPersister.java
@@ -25,7 +25,7 @@ import org.sonar.db.audit.model.AbstractEditorNewValue;
import org.sonar.db.audit.model.ComponentKeyNewValue;
import org.sonar.db.audit.model.ComponentNewValue;
import org.sonar.db.audit.model.DevOpsPlatformSettingNewValue;
-import org.sonar.db.audit.model.GithubPermissionsMappingNewValue;
+import org.sonar.db.audit.model.DevOpsPermissionsMappingNewValue;
import org.sonar.db.audit.model.GroupPermissionNewValue;
import org.sonar.db.audit.model.LicenseNewValue;
import org.sonar.db.audit.model.PermissionTemplateNewValue;
@@ -103,9 +103,9 @@ public interface AuditPersister {
void deleteGroupFromPermissionTemplate(DbSession dbSession, PermissionTemplateNewValue newValue);
- void addGithubPermissionsMapping(DbSession dbSession, GithubPermissionsMappingNewValue newValue);
+ void addDevOpsPermissionsMapping(DbSession dbSession, DevOpsPermissionsMappingNewValue newValue);
- void deleteGithubPermissionsMapping(DbSession dbSession, GithubPermissionsMappingNewValue deletedValue);
+ void deleteDevOpsPermissionsMapping(DbSession dbSession, DevOpsPermissionsMappingNewValue deletedValue);
void addQualityGateEditor(DbSession dbSession, AbstractEditorNewValue newValue);
diff --git a/server/sonar-db-dao/src/main/java/org/sonar/db/audit/NoOpAuditPersister.java b/server/sonar-db-dao/src/main/java/org/sonar/db/audit/NoOpAuditPersister.java
index 2b6d448c295..6edae9decc8 100644
--- a/server/sonar-db-dao/src/main/java/org/sonar/db/audit/NoOpAuditPersister.java
+++ b/server/sonar-db-dao/src/main/java/org/sonar/db/audit/NoOpAuditPersister.java
@@ -25,7 +25,7 @@ import org.sonar.db.audit.model.ComponentKeyNewValue;
import org.sonar.db.audit.model.ComponentNewValue;
import org.sonar.db.audit.model.DevOpsPlatformSettingNewValue;
import org.sonar.db.audit.model.AbstractEditorNewValue;
-import org.sonar.db.audit.model.GithubPermissionsMappingNewValue;
+import org.sonar.db.audit.model.DevOpsPermissionsMappingNewValue;
import org.sonar.db.audit.model.GroupPermissionNewValue;
import org.sonar.db.audit.model.LicenseNewValue;
import org.sonar.db.audit.model.PermissionTemplateNewValue;
@@ -193,12 +193,12 @@ public class NoOpAuditPersister implements AuditPersister {
}
@Override
- public void addGithubPermissionsMapping(DbSession dbSession, GithubPermissionsMappingNewValue newValue) {
+ public void addDevOpsPermissionsMapping(DbSession dbSession, DevOpsPermissionsMappingNewValue newValue) {
// no op
}
@Override
- public void deleteGithubPermissionsMapping(DbSession dbSession, GithubPermissionsMappingNewValue deletedValue) {
+ public void deleteDevOpsPermissionsMapping(DbSession dbSession, DevOpsPermissionsMappingNewValue deletedValue) {
// no op
}
diff --git a/server/sonar-db-dao/src/main/java/org/sonar/db/audit/model/GithubPermissionsMappingNewValue.java b/server/sonar-db-dao/src/main/java/org/sonar/db/audit/model/DevOpsPermissionsMappingNewValue.java
index 1b3b7dec67e..b7624791dcb 100644
--- a/server/sonar-db-dao/src/main/java/org/sonar/db/audit/model/GithubPermissionsMappingNewValue.java
+++ b/server/sonar-db-dao/src/main/java/org/sonar/db/audit/model/DevOpsPermissionsMappingNewValue.java
@@ -21,20 +21,22 @@ package org.sonar.db.audit.model;
import com.google.common.annotations.VisibleForTesting;
-public class GithubPermissionsMappingNewValue extends NewValue {
+public class DevOpsPermissionsMappingNewValue extends NewValue {
@VisibleForTesting
public static final String ALL_PERMISSIONS = "all";
+ private final String devOpsPlatform;
private final String githubRole;
private final String sonarqubePermission;
- public GithubPermissionsMappingNewValue(String githubRole, String sonarqubePermission) {
+ public DevOpsPermissionsMappingNewValue(String devOpsPlatform, String githubRole, String sonarqubePermission) {
+ this.devOpsPlatform = devOpsPlatform;
this.githubRole = githubRole;
this.sonarqubePermission = sonarqubePermission;
}
- public static GithubPermissionsMappingNewValue withAllPermissions(String githubRole) {
- return new GithubPermissionsMappingNewValue(githubRole, ALL_PERMISSIONS);
+ public static DevOpsPermissionsMappingNewValue withAllPermissions(String devOpsPlatform, String githubRole) {
+ return new DevOpsPermissionsMappingNewValue(devOpsPlatform, githubRole, ALL_PERMISSIONS);
}
@VisibleForTesting
@@ -42,14 +44,21 @@ public class GithubPermissionsMappingNewValue extends NewValue {
return githubRole;
}
+ @VisibleForTesting
public String getSonarqubePermission() {
return sonarqubePermission;
}
+ @VisibleForTesting
+ public String getDevOpsPlatform() {
+ return devOpsPlatform;
+ }
+
@Override
public String toString() {
StringBuilder sb = new StringBuilder("{");
- addField(sb, "\"githubRole\": ", this.githubRole, true);
+ addField(sb, "\"devOpsPlatform\": ", this.devOpsPlatform, true);
+ addField(sb, "\"devOpsRole\": ", this.githubRole, true);
addField(sb, "\"sonarqubePermissions\": ", this.sonarqubePermission, true);
endString(sb);
return sb.toString();
diff --git a/server/sonar-db-dao/src/main/java/org/sonar/db/provisioning/DevOpsPermissionsMappingDao.java b/server/sonar-db-dao/src/main/java/org/sonar/db/provisioning/DevOpsPermissionsMappingDao.java
new file mode 100644
index 00000000000..c5737e62910
--- /dev/null
+++ b/server/sonar-db-dao/src/main/java/org/sonar/db/provisioning/DevOpsPermissionsMappingDao.java
@@ -0,0 +1,72 @@
+/*
+ * SonarQube
+ * Copyright (C) 2009-2024 SonarSource SA
+ * mailto:info AT sonarsource DOT com
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 3 of the License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with this program; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+ */
+package org.sonar.db.provisioning;
+
+import java.util.Set;
+import org.sonar.db.Dao;
+import org.sonar.db.DbSession;
+import org.sonar.db.audit.AuditPersister;
+import org.sonar.db.audit.model.DevOpsPermissionsMappingNewValue;
+
+public class DevOpsPermissionsMappingDao implements Dao {
+
+ private final AuditPersister auditPersister;
+
+ public DevOpsPermissionsMappingDao(AuditPersister auditPersister) {
+ this.auditPersister = auditPersister;
+ }
+
+ public Set<DevOpsPermissionsMappingDto> findAll(DbSession dbSession, String devOpsPlatform) {
+ return mapper(dbSession).selectAll(devOpsPlatform);
+ }
+
+ public Set<DevOpsPermissionsMappingDto> findAllForRole(DbSession dbSession, String devOpsPlatform, String role) {
+ return mapper(dbSession).selectAllForRole(devOpsPlatform, role);
+ }
+
+ public void insert(DbSession dbSession, DevOpsPermissionsMappingDto devOpsPermissionsMappingDto) {
+ mapper(dbSession).insert(devOpsPermissionsMappingDto);
+ DevOpsPermissionsMappingNewValue newValueForAuditLogs = toNewValueForAuditLogs(
+ devOpsPermissionsMappingDto.devOpsPlatform(),
+ devOpsPermissionsMappingDto.role(),
+ devOpsPermissionsMappingDto.sonarqubePermission()
+ );
+ auditPersister.addDevOpsPermissionsMapping(dbSession, newValueForAuditLogs);
+ }
+
+ public void delete(DbSession dbSession, String devOpsPlatform, String role, String sonarqubePermission) {
+ mapper(dbSession).delete(devOpsPlatform, role, sonarqubePermission);
+ auditPersister.deleteDevOpsPermissionsMapping(dbSession, toNewValueForAuditLogs(devOpsPlatform, role, sonarqubePermission));
+ }
+
+ public void deleteAllPermissionsForRole(DbSession dbSession, String devOpsPlatform, String role) {
+ mapper(dbSession).deleteAllPermissionsForRole(devOpsPlatform, role);
+ auditPersister.deleteDevOpsPermissionsMapping(dbSession, DevOpsPermissionsMappingNewValue.withAllPermissions(devOpsPlatform, role));
+ }
+
+ private static DevOpsPermissionsMappingNewValue toNewValueForAuditLogs(String devOpsPlatform, String role, String sonarqubePermission) {
+ return new DevOpsPermissionsMappingNewValue(devOpsPlatform, role, sonarqubePermission);
+ }
+
+ private static DevOpsPermissionsMappingMapper mapper(DbSession session) {
+ return session.getMapper(DevOpsPermissionsMappingMapper.class);
+ }
+
+}
diff --git a/server/sonar-db-dao/src/main/java/org/sonar/db/provisioning/GithubPermissionsMappingDto.java b/server/sonar-db-dao/src/main/java/org/sonar/db/provisioning/DevOpsPermissionsMappingDto.java
index 764e0aec5dd..09d7654a93e 100644
--- a/server/sonar-db-dao/src/main/java/org/sonar/db/provisioning/GithubPermissionsMappingDto.java
+++ b/server/sonar-db-dao/src/main/java/org/sonar/db/provisioning/DevOpsPermissionsMappingDto.java
@@ -19,5 +19,5 @@
*/
package org.sonar.db.provisioning;
-public record GithubPermissionsMappingDto(String uuid, String githubRole, String sonarqubePermission) {
+public record DevOpsPermissionsMappingDto(String uuid, String devOpsPlatform, String role, String sonarqubePermission) {
}
diff --git a/server/sonar-db-dao/src/main/java/org/sonar/db/provisioning/GithubPermissionsMappingMapper.java b/server/sonar-db-dao/src/main/java/org/sonar/db/provisioning/DevOpsPermissionsMappingMapper.java
index 8faf4b9ef0b..afb6d2972f4 100644
--- a/server/sonar-db-dao/src/main/java/org/sonar/db/provisioning/GithubPermissionsMappingMapper.java
+++ b/server/sonar-db-dao/src/main/java/org/sonar/db/provisioning/DevOpsPermissionsMappingMapper.java
@@ -22,15 +22,15 @@ package org.sonar.db.provisioning;
import java.util.Set;
import org.apache.ibatis.annotations.Param;
-public interface GithubPermissionsMappingMapper {
+public interface DevOpsPermissionsMappingMapper {
- Set<GithubPermissionsMappingDto> selectAll();
+ Set<DevOpsPermissionsMappingDto> selectAll(@Param("devOpsPlatform") String devOpsPlatform);
- Set<GithubPermissionsMappingDto> selectAllForGithubRole(String githubRole);
+ Set<DevOpsPermissionsMappingDto> selectAllForRole(@Param("devOpsPlatform") String devOpsPlatform, @Param("role") String role);
- void insert(GithubPermissionsMappingDto githubPermissionsMappingDto);
+ void insert(DevOpsPermissionsMappingDto devOpsPermissionsMappingDto);
- void delete(@Param("githubRole") String githubRole, @Param("sonarqubePermission") String sonarqubePermission);
+ void delete(@Param("devOpsPlatform") String devOpsPlatform, @Param("role") String role, @Param("sonarqubePermission") String sonarqubePermission);
- void deleteAllPermissionsForRole(String githubRole);
+ void deleteAllPermissionsForRole(@Param("devOpsPlatform") String devOpsPlatform, @Param("role") String role);
}
diff --git a/server/sonar-db-dao/src/main/java/org/sonar/db/provisioning/GithubPermissionsMappingDao.java b/server/sonar-db-dao/src/main/java/org/sonar/db/provisioning/GithubPermissionsMappingDao.java
deleted file mode 100644
index 33496aaaaea..00000000000
--- a/server/sonar-db-dao/src/main/java/org/sonar/db/provisioning/GithubPermissionsMappingDao.java
+++ /dev/null
@@ -1,67 +0,0 @@
-/*
- * SonarQube
- * Copyright (C) 2009-2024 SonarSource SA
- * mailto:info AT sonarsource DOT com
- *
- * This program is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public
- * License as published by the Free Software Foundation; either
- * version 3 of the License, or (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public License
- * along with this program; if not, write to the Free Software Foundation,
- * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
- */
-package org.sonar.db.provisioning;
-
-import java.util.Set;
-import org.sonar.db.Dao;
-import org.sonar.db.DbSession;
-import org.sonar.db.audit.AuditPersister;
-import org.sonar.db.audit.model.GithubPermissionsMappingNewValue;
-
-public class GithubPermissionsMappingDao implements Dao {
-
- private final AuditPersister auditPersister;
-
- public GithubPermissionsMappingDao(AuditPersister auditPersister) {
- this.auditPersister = auditPersister;
- }
-
- public Set<GithubPermissionsMappingDto> findAll(DbSession dbSession) {
- return mapper(dbSession).selectAll();
- }
-
- public Set<GithubPermissionsMappingDto> findAllForGithubRole(DbSession dbSession, String githubRole) {
- return mapper(dbSession).selectAllForGithubRole(githubRole);
- }
-
- public void insert(DbSession dbSession, GithubPermissionsMappingDto githubPermissionsMappingDto) {
- mapper(dbSession).insert(githubPermissionsMappingDto);
- auditPersister.addGithubPermissionsMapping(dbSession, toNewValueForAuditLogs(githubPermissionsMappingDto.githubRole(), githubPermissionsMappingDto.sonarqubePermission()));
- }
-
- public void delete(DbSession dbSession, String githubRole, String sonarqubePermission) {
- mapper(dbSession).delete(githubRole, sonarqubePermission);
- auditPersister.deleteGithubPermissionsMapping(dbSession, toNewValueForAuditLogs(githubRole, sonarqubePermission));
- }
-
- public void deleteAllPermissionsForRole(DbSession dbSession, String githubRole) {
- mapper(dbSession).deleteAllPermissionsForRole(githubRole);
- auditPersister.deleteGithubPermissionsMapping(dbSession, GithubPermissionsMappingNewValue.withAllPermissions(githubRole));
- }
-
- private static GithubPermissionsMappingNewValue toNewValueForAuditLogs(String githubRole, String sonarqubePermission) {
- return new GithubPermissionsMappingNewValue(githubRole, sonarqubePermission);
- }
-
- private static GithubPermissionsMappingMapper mapper(DbSession session) {
- return session.getMapper(GithubPermissionsMappingMapper.class);
- }
-
-}
diff --git a/server/sonar-db-dao/src/main/resources/org/sonar/db/provisioning/DevOpsPermissionsMappingMapper.xml b/server/sonar-db-dao/src/main/resources/org/sonar/db/provisioning/DevOpsPermissionsMappingMapper.xml
new file mode 100644
index 00000000000..200fb120fbc
--- /dev/null
+++ b/server/sonar-db-dao/src/main/resources/org/sonar/db/provisioning/DevOpsPermissionsMappingMapper.xml
@@ -0,0 +1,56 @@
+<?xml version="1.0" encoding="UTF-8" ?>
+
+<!DOCTYPE mapper PUBLIC "-//mybatis.org//DTD Mapper 3.0//EN" "mybatis-3-mapper.dtd">
+
+<mapper namespace="org.sonar.db.provisioning.DevOpsPermissionsMappingMapper">
+
+ <sql id="devOpsPermissionsMappingColumns">
+ dpm.uuid as uuid,
+ dpm.devops_platform as devOpsPlatform,
+ dpm.devops_platform_role as role,
+ dpm.sonarqube_permission as sonarqubePermission
+ </sql>
+
+ <insert id="insert" useGeneratedKeys="false" parameterType="DevOpsPermissionsMapping">
+ insert into devops_perms_mapping (
+ uuid,
+ devops_platform,
+ devops_platform_role,
+ sonarqube_permission
+ ) values (
+ #{uuid,jdbcType=VARCHAR},
+ #{devOpsPlatform,jdbcType=VARCHAR},
+ #{role,jdbcType=VARCHAR},
+ #{sonarqubePermission,jdbcType=VARCHAR}
+ )
+ </insert>
+
+ <delete id="delete" parameterType="DevOpsPermissionsMapping">
+ delete from devops_perms_mapping
+ where devops_platform = #{devOpsPlatform,jdbcType=VARCHAR} AND
+ devops_platform_role = #{role,jdbcType=VARCHAR} AND
+ sonarqube_permission = #{sonarqubePermission,jdbcType=VARCHAR}
+ </delete>
+
+ <delete id="deleteAllPermissionsForRole" parameterType="DevOpsPermissionsMapping">
+ delete from devops_perms_mapping
+ where devops_platform = #{devOpsPlatform,jdbcType=VARCHAR} AND devops_platform_role = #{role,jdbcType=VARCHAR}
+ </delete>
+
+ <select id="selectAll" resultType="DevOpsPermissionsMapping">
+ SELECT
+ <include refid="devOpsPermissionsMappingColumns"/>
+ FROM devops_perms_mapping dpm
+ where devops_platform = #{devOpsPlatform,jdbcType=VARCHAR}
+ </select>
+
+ <select id="selectAllForRole" resultType="DevOpsPermissionsMapping">
+ SELECT
+ <include refid="devOpsPermissionsMappingColumns"/>
+ FROM devops_perms_mapping dpm
+ WHERE
+ devops_platform = #{devOpsPlatform,jdbcType=VARCHAR} AND
+ dpm.devops_platform_role = #{role,jdbcType=VARCHAR}
+ </select>
+
+</mapper>
diff --git a/server/sonar-db-dao/src/main/resources/org/sonar/db/provisioning/GithubPermissionsMappingMapper.xml b/server/sonar-db-dao/src/main/resources/org/sonar/db/provisioning/GithubPermissionsMappingMapper.xml
deleted file mode 100644
index 1ef0f24582d..00000000000
--- a/server/sonar-db-dao/src/main/resources/org/sonar/db/provisioning/GithubPermissionsMappingMapper.xml
+++ /dev/null
@@ -1,48 +0,0 @@
-<?xml version="1.0" encoding="UTF-8" ?>
-
-<!DOCTYPE mapper PUBLIC "-//mybatis.org//DTD Mapper 3.0//EN" "mybatis-3-mapper.dtd">
-
-<mapper namespace="org.sonar.db.provisioning.GithubPermissionsMappingMapper">
-
- <sql id="githubPermissionsMappingColumns">
- gpm.uuid as uuid,
- gpm.github_role as githubRole,
- gpm.sonarqube_permission as sonarqubePermission
- </sql>
-
- <insert id="insert" useGeneratedKeys="false" parameterType="GithubPermissionsMapping">
- insert into github_perms_mapping (
- uuid,
- github_role,
- sonarqube_permission
- ) values (
- #{uuid,jdbcType=VARCHAR},
- #{githubRole,jdbcType=VARCHAR},
- #{sonarqubePermission,jdbcType=VARCHAR}
- )
- </insert>
-
- <delete id="delete" parameterType="GithubPermissionsMapping">
- delete from github_perms_mapping
- where github_role = #{githubRole,jdbcType=VARCHAR} AND sonarqube_permission = #{sonarqubePermission,jdbcType=VARCHAR}
- </delete>
-
- <delete id="deleteAllPermissionsForRole" parameterType="GithubPermissionsMapping">
- delete from github_perms_mapping
- where github_role = #{githubRole,jdbcType=VARCHAR}
- </delete>
-
- <select id="selectAll" resultType="GithubPermissionsMapping">
- SELECT
- <include refid="githubPermissionsMappingColumns"/>
- FROM github_perms_mapping gpm
- </select>
-
- <select id="selectAllForGithubRole" resultType="GithubPermissionsMapping">
- SELECT
- <include refid="githubPermissionsMappingColumns"/>
- FROM github_perms_mapping gpm
- WHERE gpm.github_role = #{githubRole,jdbcType=VARCHAR}
- </select>
-
-</mapper>
diff --git a/server/sonar-webserver-common/src/main/java/org/sonar/server/common/almsettings/github/GithubProjectCreator.java b/server/sonar-webserver-common/src/main/java/org/sonar/server/common/almsettings/github/GithubProjectCreator.java
index 90890b477fc..63da5997679 100644
--- a/server/sonar-webserver-common/src/main/java/org/sonar/server/common/almsettings/github/GithubProjectCreator.java
+++ b/server/sonar-webserver-common/src/main/java/org/sonar/server/common/almsettings/github/GithubProjectCreator.java
@@ -30,7 +30,7 @@ import org.sonar.auth.github.GsonRepositoryPermissions;
import org.sonar.auth.github.GsonRepositoryTeam;
import org.sonar.auth.github.client.GithubApplicationClient;
import org.sonar.db.DbClient;
-import org.sonar.db.provisioning.GithubPermissionsMappingDto;
+import org.sonar.db.provisioning.DevOpsPermissionsMappingDto;
import org.sonar.db.user.GroupDto;
import org.sonar.server.common.almintegration.ProjectKeyGenerator;
import org.sonar.server.common.almsettings.DefaultDevOpsProjectCreator;
@@ -74,7 +74,7 @@ public class GithubProjectCreator extends DefaultDevOpsProjectCreator {
String organization = orgaAndRepoTokenified[0];
String repository = orgaAndRepoTokenified[1];
- Set<GithubPermissionsMappingDto> permissionsMappingDtos = dbClient.githubPermissionsMappingDao().findAll(dbClient.openSession(false));
+ Set<DevOpsPermissionsMappingDto> permissionsMappingDtos = dbClient.githubPermissionsMappingDao().findAll(dbClient.openSession(false), devOpsPlatformSettings.getDevOpsPlatform());
boolean userHasDirectAccessToRepo = doesUserHaveScanPermission(organization, repository, permissionsMappingDtos);
if (userHasDirectAccessToRepo) {
@@ -83,7 +83,7 @@ public class GithubProjectCreator extends DefaultDevOpsProjectCreator {
return doesUserBelongToAGroupWithScanPermission(organization, repository, permissionsMappingDtos);
}
- private boolean doesUserHaveScanPermission(String organization, String repository, Set<GithubPermissionsMappingDto> permissionsMappingDtos) {
+ private boolean doesUserHaveScanPermission(String organization, String repository, Set<DevOpsPermissionsMappingDto> permissionsMappingDtos) {
String url = requireNonNull(devOpsProjectCreationContext.almSettingDto().getUrl(), "GitHub url not defined");
Set<GsonRepositoryCollaborator> repositoryCollaborators = githubApplicationClient.getRepositoryCollaborators(url, authAppInstallationToken, organization, repository);
@@ -100,7 +100,7 @@ public class GithubProjectCreator extends DefaultDevOpsProjectCreator {
}
private boolean doesUserBelongToAGroupWithScanPermission(String organization, String repository,
- Set<GithubPermissionsMappingDto> permissionsMappingDtos) {
+ Set<DevOpsPermissionsMappingDto> permissionsMappingDtos) {
String url = requireNonNull(devOpsProjectCreationContext.almSettingDto().getUrl(), "GitHub url not defined");
Set<GsonRepositoryTeam> repositoryTeams = githubApplicationClient.getRepositoryTeams(url, authAppInstallationToken, organization, repository);
@@ -119,7 +119,7 @@ public class GithubProjectCreator extends DefaultDevOpsProjectCreator {
.collect(toSet());
}
- private boolean hasScanPermission(Set<GithubPermissionsMappingDto> permissionsMappingDtos, String role, GsonRepositoryPermissions permissions) {
+ private boolean hasScanPermission(Set<DevOpsPermissionsMappingDto> permissionsMappingDtos, String role, GsonRepositoryPermissions permissions) {
Set<String> sonarqubePermissions = githubPermissionConverter.toSonarqubeRolesWithFallbackOnRepositoryPermissions(permissionsMappingDtos,
role, permissions);
return sonarqubePermissions.contains(UserRole.SCAN);
diff --git a/server/sonar-webserver-common/src/test/java/org/sonar/server/common/almsettings/github/GithubProjectCreatorTest.java b/server/sonar-webserver-common/src/test/java/org/sonar/server/common/almsettings/github/GithubProjectCreatorTest.java
index bdf3bf51c7e..733d6502aab 100644
--- a/server/sonar-webserver-common/src/test/java/org/sonar/server/common/almsettings/github/GithubProjectCreatorTest.java
+++ b/server/sonar-webserver-common/src/test/java/org/sonar/server/common/almsettings/github/GithubProjectCreatorTest.java
@@ -39,7 +39,7 @@ import org.sonar.auth.github.client.GithubApplicationClient;
import org.sonar.db.DbClient;
import org.sonar.db.alm.setting.ALM;
import org.sonar.db.alm.setting.AlmSettingDto;
-import org.sonar.db.provisioning.GithubPermissionsMappingDto;
+import org.sonar.db.provisioning.DevOpsPermissionsMappingDto;
import org.sonar.db.user.GroupDto;
import org.sonar.server.common.almintegration.ProjectKeyGenerator;
import org.sonar.server.common.almsettings.DevOpsProjectCreationContext;
@@ -58,9 +58,11 @@ import static java.util.stream.Collectors.toSet;
import static org.assertj.core.api.Assertions.assertThat;
import static org.assertj.core.api.Assertions.assertThatIllegalStateException;
import static org.mockito.ArgumentMatchers.any;
+import static org.mockito.ArgumentMatchers.eq;
import static org.mockito.Mockito.lenient;
import static org.mockito.Mockito.mock;
import static org.mockito.Mockito.when;
+import static org.sonar.server.user.UserSession.IdentityProvider.GITHUB;
@ExtendWith(MockitoExtension.class)
class GithubProjectCreatorTest {
@@ -120,6 +122,8 @@ class GithubProjectCreatorTest {
lenient().when(devOpsProjectCreationContext.fullName()).thenReturn(ORGANIZATION_NAME + "/" + REPOSITORY_NAME);
lenient().when(devOpsProjectCreationContext.defaultBranchName()).thenReturn(MAIN_BRANCH_NAME);
+ when(gitHubSettings.getDevOpsPlatform()).thenReturn(GITHUB.getKey());
+
ProjectCreator projectCreator = new ProjectCreator(userSession, projectDefaultVisibility, componentUpdater);
githubProjectCreator = new GithubProjectCreator(dbClient, devOpsProjectCreationContext, projectKeyGenerator, gitHubSettings, projectCreator, permissionService, permissionUpdater,
managedProjectService, githubApplicationClient, githubPermissionConverter, authAppInstallationToken);
@@ -218,21 +222,21 @@ class GithubProjectCreatorTest {
}
private void mockPermissionsConversion(GsonRepositoryCollaborator collaborator, String... sqPermissions) {
- Set<GithubPermissionsMappingDto> githubPermissionsMappingDtos = mockPermissionsMappingsDtos();
- lenient().when(githubPermissionConverter.toSonarqubeRolesWithFallbackOnRepositoryPermissions(githubPermissionsMappingDtos, collaborator.roleName(), collaborator.permissions()))
+ Set<DevOpsPermissionsMappingDto> devOpsPermissionsMappingDtos = mockPermissionsMappingsDtos();
+ lenient().when(githubPermissionConverter.toSonarqubeRolesWithFallbackOnRepositoryPermissions(devOpsPermissionsMappingDtos, collaborator.roleName(), collaborator.permissions()))
.thenReturn(Arrays.stream(sqPermissions).collect(toSet()));
}
private void mockPermissionsConversion(GsonRepositoryTeam team, String... sqPermissions) {
- Set<GithubPermissionsMappingDto> githubPermissionsMappingDtos = mockPermissionsMappingsDtos();
- lenient().when(githubPermissionConverter.toSonarqubeRolesWithFallbackOnRepositoryPermissions(githubPermissionsMappingDtos, team.permission(), team.permissions()))
+ Set<DevOpsPermissionsMappingDto> devOpsPermissionsMappingDtos = mockPermissionsMappingsDtos();
+ lenient().when(githubPermissionConverter.toSonarqubeRolesWithFallbackOnRepositoryPermissions(devOpsPermissionsMappingDtos, team.permission(), team.permissions()))
.thenReturn(Arrays.stream(sqPermissions).collect(toSet()));
}
- private Set<GithubPermissionsMappingDto> mockPermissionsMappingsDtos() {
- Set<GithubPermissionsMappingDto> githubPermissionsMappingDtos = Set.of(mock(GithubPermissionsMappingDto.class));
- when(dbClient.githubPermissionsMappingDao().findAll(any())).thenReturn(githubPermissionsMappingDtos);
- return githubPermissionsMappingDtos;
+ private Set<DevOpsPermissionsMappingDto> mockPermissionsMappingsDtos() {
+ Set<DevOpsPermissionsMappingDto> devOpsPermissionsMappingDtos = Set.of(mock(DevOpsPermissionsMappingDto.class));
+ when(dbClient.githubPermissionsMappingDao().findAll(any(), eq(GITHUB.getKey()))).thenReturn(devOpsPermissionsMappingDtos);
+ return devOpsPermissionsMappingDtos;
}
private void bindGroupsToUser(String... groupNames) {