Search in sources :

Example 6 with AppToken

use of org.sonar.alm.client.github.security.AppToken in project sonarqube by SonarSource.

the class GithubApplicationClientImplTest method checkAppPermissions_IncorrectPermissions.

@Test
public void checkAppPermissions_IncorrectPermissions() throws IOException {
    AppToken appToken = mockAppToken();
    String json = "{" + "      \"permissions\": {\n" + "        \"checks\": \"read\",\n" + "        \"metadata\": \"read\",\n" + "        \"statuses\": \"read\",\n" + "        \"pull_requests\": \"read\"\n" + "      }\n" + "}";
    when(httpClient.get(appUrl, appToken, "/app")).thenReturn(new OkGetResponse(json));
    assertThatThrownBy(() -> underTest.checkAppPermissions(githubAppConfiguration)).isInstanceOf(IllegalArgumentException.class).hasMessage("Missing permissions; permission granted on pull_requests is 'read', should be 'write', checks is 'read', should be 'write'");
}
Also used : AppToken(org.sonar.alm.client.github.security.AppToken) Test(org.junit.Test)

Example 7 with AppToken

use of org.sonar.alm.client.github.security.AppToken in project sonarqube by SonarSource.

the class GithubApplicationClientImpl method checkAppPermissions.

@Override
public void checkAppPermissions(GithubAppConfiguration githubAppConfiguration) {
    AppToken appToken = appSecurity.createAppToken(githubAppConfiguration.getId(), githubAppConfiguration.getPrivateKey());
    Map<String, String> permissions = new HashMap<>();
    permissions.put("checks", WRITE_PERMISSION_NAME);
    permissions.put("pull_requests", WRITE_PERMISSION_NAME);
    permissions.put("statuses", READ_PERMISSION_NAME);
    permissions.put("metadata", READ_PERMISSION_NAME);
    String endPoint = "/app";
    GetResponse response;
    try {
        response = appHttpClient.get(githubAppConfiguration.getApiEndpoint(), appToken, endPoint);
    } catch (IOException e) {
        LOG.warn(FAILED_TO_REQUEST_BEGIN_MSG + githubAppConfiguration.getApiEndpoint() + endPoint, e);
        throw new IllegalArgumentException("Failed to validate configuration, check URL and Private Key");
    }
    if (response.getCode() == HTTP_OK) {
        Map<String, String> perms = handleResponse(response, endPoint, GsonApp.class).map(GsonApp::getPermissions).orElseThrow(() -> new IllegalArgumentException("Failed to get app permissions, unexpected response body"));
        List<String> missingPermissions = permissions.entrySet().stream().filter(permission -> !Objects.equals(permission.getValue(), perms.get(permission.getKey()))).map(Map.Entry::getKey).collect(toList());
        if (!missingPermissions.isEmpty()) {
            String message = missingPermissions.stream().map(perm -> perm + " is '" + perms.get(perm) + "', should be '" + permissions.get(perm) + "'").collect(Collectors.joining(", "));
            throw new IllegalArgumentException("Missing permissions; permission granted on " + message);
        }
    } else if (response.getCode() == HTTP_UNAUTHORIZED || response.getCode() == HTTP_FORBIDDEN) {
        throw new IllegalArgumentException("Authentication failed, verify the Client Id, Client Secret and Private Key fields");
    } else {
        throw new IllegalArgumentException("Failed to check permissions with Github, check the configuration");
    }
}
Also used : AppToken(org.sonar.alm.client.github.security.AppToken) Arrays(java.util.Arrays) StringUtils(org.sonar.api.internal.apachecommons.lang.StringUtils) HashMap(java.util.HashMap) UserAccessToken(org.sonar.alm.client.github.security.UserAccessToken) GsonApp(org.sonar.alm.client.gitlab.GsonApp) HTTP_OK(java.net.HttpURLConnection.HTTP_OK) AccessToken(org.sonar.alm.client.github.security.AccessToken) Loggers(org.sonar.api.utils.log.Loggers) Preconditions.checkArgument(com.google.common.base.Preconditions.checkArgument) Gson(com.google.gson.Gson) Locale(java.util.Locale) Map(java.util.Map) GsonRepositorySearch(org.sonar.alm.client.github.GithubBinding.GsonRepositorySearch) URI(java.net.URI) Nullable(javax.annotation.Nullable) Logger(org.sonar.api.utils.log.Logger) GsonInstallations(org.sonar.alm.client.github.GithubBinding.GsonInstallations) GithubAppConfiguration(org.sonar.alm.client.github.config.GithubAppConfiguration) AppToken(org.sonar.alm.client.github.security.AppToken) HTTP_UNAUTHORIZED(java.net.HttpURLConnection.HTTP_UNAUTHORIZED) IOException(java.io.IOException) GithubAppSecurity(org.sonar.alm.client.github.security.GithubAppSecurity) GsonGithubRepository(org.sonar.alm.client.github.GithubBinding.GsonGithubRepository) Collectors(java.util.stream.Collectors) String.format(java.lang.String.format) Objects(java.util.Objects) List(java.util.List) Collectors.toList(java.util.stream.Collectors.toList) Optional(java.util.Optional) HTTP_FORBIDDEN(java.net.HttpURLConnection.HTTP_FORBIDDEN) GetResponse(org.sonar.alm.client.github.GithubApplicationHttpClient.GetResponse) HashMap(java.util.HashMap) IOException(java.io.IOException) GetResponse(org.sonar.alm.client.github.GithubApplicationHttpClient.GetResponse) HashMap(java.util.HashMap) Map(java.util.Map)

Aggregations

AppToken (org.sonar.alm.client.github.security.AppToken)7 Test (org.junit.Test)5 IOException (java.io.IOException)2 Preconditions.checkArgument (com.google.common.base.Preconditions.checkArgument)1 Gson (com.google.gson.Gson)1 UseDataProvider (com.tngtech.java.junit.dataprovider.UseDataProvider)1 String.format (java.lang.String.format)1 HTTP_FORBIDDEN (java.net.HttpURLConnection.HTTP_FORBIDDEN)1 HTTP_OK (java.net.HttpURLConnection.HTTP_OK)1 HTTP_UNAUTHORIZED (java.net.HttpURLConnection.HTTP_UNAUTHORIZED)1 URI (java.net.URI)1 Arrays (java.util.Arrays)1 HashMap (java.util.HashMap)1 List (java.util.List)1 Locale (java.util.Locale)1 Map (java.util.Map)1 Objects (java.util.Objects)1 Optional (java.util.Optional)1 Collectors (java.util.stream.Collectors)1 Collectors.toList (java.util.stream.Collectors.toList)1