Sonarqube GitHub 身份验证插件:为什么用户在登录后会从组中删除?
Sonarqube GitHub Authentication Plugin: Why are users Removed from Groups after Login?
我想我在使用 SonarQube 的 GitHub 身份验证插件时遇到了一些问题。我在 EC2 实例上通过 Kitchen.io 创建一个 SonarQube 服务器,然后 运行 使用 SonarQube API 和 GitHub [=36] 的 Ruby 脚本=] 找到两者之间匹配的项目。然后,我将拥有这些项目的 GitHub 团队作为组映射到 SonarQube,将 SonarQube 中的现有用户添加到各自的组中。
问题:当 Git 用户使用 GitHub 对 SonarQube 进行身份验证时,该用户将从我的脚本添加到的所有组中删除。是否有我遗漏的配置项会在用户基于修复登录时放弃权限?
我的Ruby代码:
#RUNNING RULE: GitHub Teams = SonarQube Groups
#git_client and @sonar_client are configured in-script (redacted here)
#get the list of repos associated with git_client ID
gh_repo = []
git_client.repos.each do |repo|
gh_repo.push(repo.name);
end
#get the existing projects on SonarQube, store their names in sonar_projects
project_index = @sonar_client.projects.index
project_index = JSON.parse(project_index)
sonar_projects = []
project_index.each do |projects|
sonar_projects.push(projects['nm']);
end
#find common projects and repos
common_projects = sonar_projects & gh_repo;
#get list of organziations associated with client
org_array = []
git_client.organizations.each do |org|
org_array.push(org.login);
end
#get teams for each common project, and get info to set permissions in SonarQube
teams = []
team_names = []
team_permissions =[]
org_array.each do |org|
common_projects.each do |project|
begin
git_client.repo_teams("#{org}/#{project}").each do |team|
teams.push(team);
team_names.push(team.name);
team_permissions.push({:team_name => team.name, :project => project})
end
rescue => exception
#specifies what was rescued
puts "[LOG] " + exception.inspect
next
end
end
end
#get user groups from SonarQube
group_index = @sonar_client.user_groups.search
group_index = JSON.parse(group_index)
sonar_groups = []
sonar_group_names = []
group_index['groups'].each do |group|
sonar_groups.push(group);
sonar_group_names.push(group['name']);
end
#find difference between sonar groups and organization team names
groups_to_create = team_names - sonar_group_names;
#create groups in SonarQube to mirror GitHub, and refresh sonar_groups
groups_to_create.each do |group|
@sonar_client.user_groups.create(:name => group, :login => group);
end
group_index = @sonar_client.user_groups.search
group_index = JSON.parse(group_index)
sonar_groups = []
sonar_group_names = []
group_index['groups'].each do |group|
sonar_groups.push(group);
sonar_group_names.push(group['name']);
end
#get members from GitHub teams
git_members = []
teams.each do |team|
git_members.push({:team_id => team.id, :team_name => team.name, :members => git_client.team_members(team.id)});
end
#get members from SonarQube groups
sonar_members = []
sonar_groups.each do |group|
users = JSON.parse(@sonar_client.user_groups.users({:name => group['name']}))['users'];
sonar_members.push({:group_name => group['name'], :members => users});
end
#get difference between GitHub teams and SonarQube groups, and add users to to SonarQube groups
existing_users = (JSON.parse(@sonar_client.users.search))['users'];
git_members.each do |team|
gits = []
qubes = []
users_to_add = []
(team[:members]).each do |member|
gits.push(member[:login])
end
search_result = sonar_members.select {|group| group[:group_name] == team[:team_name]};
(search_result[0][:members]).each do |member|
qubes.push(member['login']);
end
users_to_add = gits - qubes;
users_to_add.each do |adding_user|
user_exists = existing_users.select{|user| user['login'] == adding_user};
if user_exists == []
puts "[LOG] User doesn't exist in SonarQube. User must perform first-time login"
else
@sonar_client.user_groups.add_user(:name => search_result[0][:group_name], :login => adding_user);
end
end
end
#gives group permissions to view code to newly generated groups
if team_permissions != []
team_permissions.each do |team|
@sonar_client.permissions.add_group({:group_name => team[:team_name], :permission => 'codeviewer', :project_key => team[:project]})
end
end
预先感谢您的帮助,如果我可以通过其他信息或背景改进我的问题,请告诉我。
-发霉奶酪
更新!!!---------------------------------------- ------------------------------
好的,我删除了与将成员添加到组相关的逻辑,因为 SonarQube 处理用户与组的同步。此外,我对创建组的方式进行了必要的更改,以匹配 SonarQube 中组的命名方式。为了进行同步,必须包含团队所属的组织并且团队名称必须小写。例如,'myOrg' 组织中的 GitHub 团队 'myTeam' 将仅与 SonarQube 组 'myOrg/myteam' 同步。我的最终解决方案如下:
#RUNNING RULE: GitHub Teams = SonarQube Groups
#git_client and @sonar_client are configured in-script (redacted here)
#get list of organziations associated with client
org_array = []
git_client.organizations.each do |org|
org_array.push(org.login);
end
#get the list of repos associated with git_client ID
gh_repo = []
org_array.each do |org|
git_client.org_repos(org).each do |repo|
gh_repo.push(repo.name);
end
end
#get the existing projects on SonarQube, store their names in sonar_projects
project_index = @sonar_client.projects.index
project_index = JSON.parse(project_index)
sonar_projects = []
project_index.each do |projects|
sonar_projects.push(projects['nm']);
end
#find common projects and repos
common_projects = sonar_projects & gh_repo;
#get teams for each common project, and get info to set permissions in SonarQube
teams = []
team_names = []
team_permissions =[]
org_array.each do |org|
common_projects.each do |project|
begin
git_client.repo_teams("#{org}/#{project}").each do |team|
teams.push(team);
team_names.push("#{org}/#{team.name.downcase}");
team_permissions.push({:team_name => "#{org}/#{team.name.downcase}", :project => project})
end
rescue => exception
#specifies what was rescued
puts "[LOG] " + exception.inspect
next
end
end
end
#get user groups from SonarQube
group_index = @sonar_client.user_groups.search
group_index = JSON.parse(group_index)
sonar_groups = []
sonar_group_names = []
group_index['groups'].each do |group|
sonar_groups.push(group);
sonar_group_names.push(group['name']);
end
#find difference between sonar groups and organization team names
groups_to_create = team_names - sonar_group_names;
#create groups in SonarQube to mirror GitHub, and refresh sonar_groups
groups_to_create.each do |group|
@sonar_client.user_groups.create(:name => group, :login => group);
end
group_index = @sonar_client.user_groups.search
group_index = JSON.parse(group_index)
sonar_groups = []
sonar_group_names = []
group_index['groups'].each do |group|
sonar_groups.push(group);
sonar_group_names.push(group['name']);
end
#gives group permissions to view code to newly generated groups
if team_permissions != []
team_permissions.each do |team|
@sonar_client.permissions.add_group({:group_name => team[:team_name], :permission => 'codeviewer', :project_key => team[:project]})
end
end
希望我的解决方案可以帮助到其他人!
-发霉奶酪
GitHub 身份验证插件能够同步用户组。
"Synchronize teams as groups" 设置必须设置为 true,并且您要同步的每个 GitHub 的团队必须在 SonarQube 中创建为组。
然后,当用户使用他的 GitHub 帐户在 Sonarqube 中进行身份验证时,他将自动属于与其团队匹配的组。
我想我在使用 SonarQube 的 GitHub 身份验证插件时遇到了一些问题。我在 EC2 实例上通过 Kitchen.io 创建一个 SonarQube 服务器,然后 运行 使用 SonarQube API 和 GitHub [=36] 的 Ruby 脚本=] 找到两者之间匹配的项目。然后,我将拥有这些项目的 GitHub 团队作为组映射到 SonarQube,将 SonarQube 中的现有用户添加到各自的组中。
问题:当 Git 用户使用 GitHub 对 SonarQube 进行身份验证时,该用户将从我的脚本添加到的所有组中删除。是否有我遗漏的配置项会在用户基于修复登录时放弃权限?
我的Ruby代码:
#RUNNING RULE: GitHub Teams = SonarQube Groups
#git_client and @sonar_client are configured in-script (redacted here)
#get the list of repos associated with git_client ID
gh_repo = []
git_client.repos.each do |repo|
gh_repo.push(repo.name);
end
#get the existing projects on SonarQube, store their names in sonar_projects
project_index = @sonar_client.projects.index
project_index = JSON.parse(project_index)
sonar_projects = []
project_index.each do |projects|
sonar_projects.push(projects['nm']);
end
#find common projects and repos
common_projects = sonar_projects & gh_repo;
#get list of organziations associated with client
org_array = []
git_client.organizations.each do |org|
org_array.push(org.login);
end
#get teams for each common project, and get info to set permissions in SonarQube
teams = []
team_names = []
team_permissions =[]
org_array.each do |org|
common_projects.each do |project|
begin
git_client.repo_teams("#{org}/#{project}").each do |team|
teams.push(team);
team_names.push(team.name);
team_permissions.push({:team_name => team.name, :project => project})
end
rescue => exception
#specifies what was rescued
puts "[LOG] " + exception.inspect
next
end
end
end
#get user groups from SonarQube
group_index = @sonar_client.user_groups.search
group_index = JSON.parse(group_index)
sonar_groups = []
sonar_group_names = []
group_index['groups'].each do |group|
sonar_groups.push(group);
sonar_group_names.push(group['name']);
end
#find difference between sonar groups and organization team names
groups_to_create = team_names - sonar_group_names;
#create groups in SonarQube to mirror GitHub, and refresh sonar_groups
groups_to_create.each do |group|
@sonar_client.user_groups.create(:name => group, :login => group);
end
group_index = @sonar_client.user_groups.search
group_index = JSON.parse(group_index)
sonar_groups = []
sonar_group_names = []
group_index['groups'].each do |group|
sonar_groups.push(group);
sonar_group_names.push(group['name']);
end
#get members from GitHub teams
git_members = []
teams.each do |team|
git_members.push({:team_id => team.id, :team_name => team.name, :members => git_client.team_members(team.id)});
end
#get members from SonarQube groups
sonar_members = []
sonar_groups.each do |group|
users = JSON.parse(@sonar_client.user_groups.users({:name => group['name']}))['users'];
sonar_members.push({:group_name => group['name'], :members => users});
end
#get difference between GitHub teams and SonarQube groups, and add users to to SonarQube groups
existing_users = (JSON.parse(@sonar_client.users.search))['users'];
git_members.each do |team|
gits = []
qubes = []
users_to_add = []
(team[:members]).each do |member|
gits.push(member[:login])
end
search_result = sonar_members.select {|group| group[:group_name] == team[:team_name]};
(search_result[0][:members]).each do |member|
qubes.push(member['login']);
end
users_to_add = gits - qubes;
users_to_add.each do |adding_user|
user_exists = existing_users.select{|user| user['login'] == adding_user};
if user_exists == []
puts "[LOG] User doesn't exist in SonarQube. User must perform first-time login"
else
@sonar_client.user_groups.add_user(:name => search_result[0][:group_name], :login => adding_user);
end
end
end
#gives group permissions to view code to newly generated groups
if team_permissions != []
team_permissions.each do |team|
@sonar_client.permissions.add_group({:group_name => team[:team_name], :permission => 'codeviewer', :project_key => team[:project]})
end
end
预先感谢您的帮助,如果我可以通过其他信息或背景改进我的问题,请告诉我。
-发霉奶酪
更新!!!---------------------------------------- ------------------------------
好的,我删除了与将成员添加到组相关的逻辑,因为 SonarQube 处理用户与组的同步。此外,我对创建组的方式进行了必要的更改,以匹配 SonarQube 中组的命名方式。为了进行同步,必须包含团队所属的组织并且团队名称必须小写。例如,'myOrg' 组织中的 GitHub 团队 'myTeam' 将仅与 SonarQube 组 'myOrg/myteam' 同步。我的最终解决方案如下:
#RUNNING RULE: GitHub Teams = SonarQube Groups
#git_client and @sonar_client are configured in-script (redacted here)
#get list of organziations associated with client
org_array = []
git_client.organizations.each do |org|
org_array.push(org.login);
end
#get the list of repos associated with git_client ID
gh_repo = []
org_array.each do |org|
git_client.org_repos(org).each do |repo|
gh_repo.push(repo.name);
end
end
#get the existing projects on SonarQube, store their names in sonar_projects
project_index = @sonar_client.projects.index
project_index = JSON.parse(project_index)
sonar_projects = []
project_index.each do |projects|
sonar_projects.push(projects['nm']);
end
#find common projects and repos
common_projects = sonar_projects & gh_repo;
#get teams for each common project, and get info to set permissions in SonarQube
teams = []
team_names = []
team_permissions =[]
org_array.each do |org|
common_projects.each do |project|
begin
git_client.repo_teams("#{org}/#{project}").each do |team|
teams.push(team);
team_names.push("#{org}/#{team.name.downcase}");
team_permissions.push({:team_name => "#{org}/#{team.name.downcase}", :project => project})
end
rescue => exception
#specifies what was rescued
puts "[LOG] " + exception.inspect
next
end
end
end
#get user groups from SonarQube
group_index = @sonar_client.user_groups.search
group_index = JSON.parse(group_index)
sonar_groups = []
sonar_group_names = []
group_index['groups'].each do |group|
sonar_groups.push(group);
sonar_group_names.push(group['name']);
end
#find difference between sonar groups and organization team names
groups_to_create = team_names - sonar_group_names;
#create groups in SonarQube to mirror GitHub, and refresh sonar_groups
groups_to_create.each do |group|
@sonar_client.user_groups.create(:name => group, :login => group);
end
group_index = @sonar_client.user_groups.search
group_index = JSON.parse(group_index)
sonar_groups = []
sonar_group_names = []
group_index['groups'].each do |group|
sonar_groups.push(group);
sonar_group_names.push(group['name']);
end
#gives group permissions to view code to newly generated groups
if team_permissions != []
team_permissions.each do |team|
@sonar_client.permissions.add_group({:group_name => team[:team_name], :permission => 'codeviewer', :project_key => team[:project]})
end
end
希望我的解决方案可以帮助到其他人!
-发霉奶酪
GitHub 身份验证插件能够同步用户组。
"Synchronize teams as groups" 设置必须设置为 true,并且您要同步的每个 GitHub 的团队必须在 SonarQube 中创建为组。
然后,当用户使用他的 GitHub 帐户在 Sonarqube 中进行身份验证时,他将自动属于与其团队匹配的组。