sonarqube 自動化 permission project sonarscan 原始碼掃描

Sonarqube 自動化建立 users,project,permission

羅詠茹 Vickey Luo 2021/12/16 16:00:00
1517

零、環境準備

* 安裝 sonarqube 請參考這篇,本篇不再贅述。

Sonarqube Code Quality Review 源碼檢測

* 網域須依自己環境更換

一、使用腳本達到自動化

IP 需更改成自己環境的

#!/bin/bash
### This scripts used to create users, project, permission automatically.
### also can deactive users (when create wrong users)

CMD=${1}
PROJECT_LIST=(a b c d e f g h i)

USERS=(${PROJECT_LIST[@]})

GROUP=(TPI-ERP)
ADMIN_TOKEN='8axxx'
PROJECT_PERMISSION=(codeviewer issueadmin securityhotspotadmin user)

### function
[[ "$USERS" == "erpadmin" || "$USERS" == "erpuser" ]] && echo "You give wrong user, please fix user you set before !" && exit 1

function create_user() {
  for i in ${USERS[@]}
  do
    echo "[INFO] USERS=($i)"
    curl -X POST "http://${ADMIN_TOKEN}@192.168.131.7:9000/api/users/create?login=$i&name=$i&password=$i"
  done
}

function deactivate_user() {
  for i in ${USERS[@]}
  do
    echo "[INFO] Deleting USERS=($i) NOW..."
    curl -X POST "http://$ADMIN_TOKEN@192.168.131.7:9000/api/users/deactivate?login=$i"
  done
}

function delete_project() {
  for i in ${PROJECT_LIST[@]}
  do
    echo "[INFO] Deleting project=($i) NOW..."
    curl -X POST "http://$ADMIN_TOKEN@192.168.131.7:9000/api/projects/delete?project=tpi-erp-${i}"
  done

}

function create_project() {
  for i in ${PROJECT_LIST[@]}
  do
    echo "[INFO] Creating project=($i) NOW..."
    curl -X POST "http://$ADMIN_TOKEN@192.168.131.7:9000/api/projects/create?name=$i&project=tpi-erp-${i}"
  done

}

function add_user_to_group() {
  for i in ${USERS[@]}
  do
    curl -X POST "http://$ADMIN_TOKEN@192.168.131.7:9000/api/user_groups/add_user?name=${GROUP}&login=${i}"
  done

}

function add_user_to_project() {
#    echo "Add priviledge of users to project NOW..."
#    for i in ${PROJECT_PERMISSION[@]} ; do for j in ${PROJECT_LIST[@]} ;do for k in ${projectKey} ;do curl -X POST "https://${ADMIN_TOKEN}@www.test.com.tw/sonarqube/api/permissions/add_user?login=${j}&permission=${i}&projectKey=${k}"; done; done; done

    echo "[INFO] Add priviledge of users to project=($i) NOW..."
    for i in ${PROJECT_LIST[@]}
    do
       for j in ${PROJECT_PERMISSION[@]}
       do
         LOGIN="${i}"
         PROJECT_KEY="tpi-erp-${i}"
         curl -X POST "http://$ADMIN_TOKEN@192.168.131.7:9000/api/permissions/add_user?login=${LOGIN}&permission=${j}&projectKey=${PROJECT_KEY}"
       done  
    done
}

## entry

case "$CMD" in
    "create")
        create_user
        add_user_to_group
        create_project
        add_user_to_project
    ;;
    "delete")
        deactivate_user
        delete_project
    ;;
esac

 

# 使用方式

sh automation.sh create

# 刪除建錯的user

sh automation.sh delete

 

> 我的API 參考資料: https://www.test.com.tw/sonarqube/web_api

 

* 為了方便好用,設定傾向於將 repo 與 user設為相同名,且也與 sonarqube上的projectKey 相同。

 

REPO USER 
a a
b b
c c
d d
e e
f f
g g
h h
i i

 

壹、自動化說明

* 設定所有project當創建時,就擁有default templates賦予的admin,erpuser使用者與權限.設定方式以正規表示式.*任意project name均適用.

貳、功能

# 一、新增 users 、新增 projects、為 project 增加同名使用者的權限。

 

* 為 project 增加同名使用者的權限 (除admin及scan以外,其餘權限全給;因已在pipeline設定以erpuser送掃描)

    for i in ${RROJECT_PERMISSION[@]}
    do
        for j in ${PROJECT_LIST[@]}
        do 
            curl -X POST "https://$ADMIN_TOKEN@www.test.com.tw/sonarqube/api/permissions/add_user?login=${j}&permission=${i}&projectKey=${j}"
        done
    done

 

二、刪除指定 users 

創錯 users 等等

設定防呆機制,若遇 erpuser 或 admin 被設定,會終止腳本。

三、注意事項

目前僅有erpuser是有群組的,

若之後刪除後要重建的某 user 是group成員之一,且同名project有apply templates的前提下,需重新將 user 重新加入 group,才可順利在 pipeline 中跑過 sonarscan step。

羅詠茹 Vickey Luo
相關文章
API安全風險大揭密 (下集) - OWASP Top 10 API Security Risk 2023
Composer 子流程用法分享
Composer http in 節點 subpath 的使用方式
Composer http in/out 節點的基本介紹
API安全風險大揭密 (上集) - OWASP Top 10 API Security Risk 2023
Composer catch 節點的完整介紹
最新文章
Playwright : 'wait' For System Stability
Visual Regression Test
快速生成API測試案例 - Keploy
Visual Testing 原理簡介
API安全風險大揭密 (下集) - OWASP Top 10 API Security Risk 2023
探索性測試指南