use of org.sonar.alm.client.github.security.AppToken in project sonarqube by SonarSource.
the class GithubApplicationClientImplTest method checkAppPermissions_IncorrectPermissions.
@Test
public void checkAppPermissions_IncorrectPermissions() throws IOException {
AppToken appToken = mockAppToken();
String json = "{" + " \"permissions\": {\n" + " \"checks\": \"read\",\n" + " \"metadata\": \"read\",\n" + " \"statuses\": \"read\",\n" + " \"pull_requests\": \"read\"\n" + " }\n" + "}";
when(httpClient.get(appUrl, appToken, "/app")).thenReturn(new OkGetResponse(json));
assertThatThrownBy(() -> underTest.checkAppPermissions(githubAppConfiguration)).isInstanceOf(IllegalArgumentException.class).hasMessage("Missing permissions; permission granted on pull_requests is 'read', should be 'write', checks is 'read', should be 'write'");
}
use of org.sonar.alm.client.github.security.AppToken in project sonarqube by SonarSource.
the class GithubApplicationClientImpl method checkAppPermissions.
@Override
public void checkAppPermissions(GithubAppConfiguration githubAppConfiguration) {
AppToken appToken = appSecurity.createAppToken(githubAppConfiguration.getId(), githubAppConfiguration.getPrivateKey());
Map<String, String> permissions = new HashMap<>();
permissions.put("checks", WRITE_PERMISSION_NAME);
permissions.put("pull_requests", WRITE_PERMISSION_NAME);
permissions.put("statuses", READ_PERMISSION_NAME);
permissions.put("metadata", READ_PERMISSION_NAME);
String endPoint = "/app";
GetResponse response;
try {
response = appHttpClient.get(githubAppConfiguration.getApiEndpoint(), appToken, endPoint);
} catch (IOException e) {
LOG.warn(FAILED_TO_REQUEST_BEGIN_MSG + githubAppConfiguration.getApiEndpoint() + endPoint, e);
throw new IllegalArgumentException("Failed to validate configuration, check URL and Private Key");
}
if (response.getCode() == HTTP_OK) {
Map<String, String> perms = handleResponse(response, endPoint, GsonApp.class).map(GsonApp::getPermissions).orElseThrow(() -> new IllegalArgumentException("Failed to get app permissions, unexpected response body"));
List<String> missingPermissions = permissions.entrySet().stream().filter(permission -> !Objects.equals(permission.getValue(), perms.get(permission.getKey()))).map(Map.Entry::getKey).collect(toList());
if (!missingPermissions.isEmpty()) {
String message = missingPermissions.stream().map(perm -> perm + " is '" + perms.get(perm) + "', should be '" + permissions.get(perm) + "'").collect(Collectors.joining(", "));
throw new IllegalArgumentException("Missing permissions; permission granted on " + message);
}
} else if (response.getCode() == HTTP_UNAUTHORIZED || response.getCode() == HTTP_FORBIDDEN) {
throw new IllegalArgumentException("Authentication failed, verify the Client Id, Client Secret and Private Key fields");
} else {
throw new IllegalArgumentException("Failed to check permissions with Github, check the configuration");
}
}
Aggregations