sonarqube
自動化
permission
project
sonarscan
原始碼掃描
Sonarqube 自動化建立 users,project,permission
2021/12/16 16:00:00
2
1341
零、環境準備
* 安裝 sonarqube 請參考這篇,本篇不再贅述。
Sonarqube Code Quality Review 源碼檢測
* 網域須依自己環境更換
一、使用腳本達到自動化
IP 需更改成自己環境的
#!/bin/bash
### This scripts used to create users, project, permission automatically.
### also can deactive users (when create wrong users)
CMD=${1}
PROJECT_LIST=(a b c d e f g h i)
USERS=(${PROJECT_LIST[@]})
GROUP=(TPI-ERP)
ADMIN_TOKEN='8axxx'
PROJECT_PERMISSION=(codeviewer issueadmin securityhotspotadmin user)
### function
[[ "$USERS" == "erpadmin" || "$USERS" == "erpuser" ]] && echo "You give wrong user, please fix user you set before !" && exit 1
function create_user() {
for i in ${USERS[@]}
do
echo "[INFO] USERS=($i)"
curl -X POST "http://${ADMIN_TOKEN}@192.168.131.7:9000/api/users/create?login=$i&name=$i&password=$i"
done
}
function deactivate_user() {
for i in ${USERS[@]}
do
echo "[INFO] Deleting USERS=($i) NOW..."
curl -X POST "http://$ADMIN_TOKEN@192.168.131.7:9000/api/users/deactivate?login=$i"
done
}
function delete_project() {
for i in ${PROJECT_LIST[@]}
do
echo "[INFO] Deleting project=($i) NOW..."
curl -X POST "http://$ADMIN_TOKEN@192.168.131.7:9000/api/projects/delete?project=tpi-erp-${i}"
done
}
function create_project() {
for i in ${PROJECT_LIST[@]}
do
echo "[INFO] Creating project=($i) NOW..."
curl -X POST "http://$ADMIN_TOKEN@192.168.131.7:9000/api/projects/create?name=$i&project=tpi-erp-${i}"
done
}
function add_user_to_group() {
for i in ${USERS[@]}
do
curl -X POST "http://$ADMIN_TOKEN@192.168.131.7:9000/api/user_groups/add_user?name=${GROUP}&login=${i}"
done
}
function add_user_to_project() {
# echo "Add priviledge of users to project NOW..."
# for i in ${PROJECT_PERMISSION[@]} ; do for j in ${PROJECT_LIST[@]} ;do for k in ${projectKey} ;do curl -X POST "https://${ADMIN_TOKEN}@www.test.com.tw/sonarqube/api/permissions/add_user?login=${j}&permission=${i}&projectKey=${k}"; done; done; done
echo "[INFO] Add priviledge of users to project=($i) NOW..."
for i in ${PROJECT_LIST[@]}
do
for j in ${PROJECT_PERMISSION[@]}
do
LOGIN="${i}"
PROJECT_KEY="tpi-erp-${i}"
curl -X POST "http://$ADMIN_TOKEN@192.168.131.7:9000/api/permissions/add_user?login=${LOGIN}&permission=${j}&projectKey=${PROJECT_KEY}"
done
done
}
## entry
case "$CMD" in
"create")
create_user
add_user_to_group
create_project
add_user_to_project
;;
"delete")
deactivate_user
delete_project
;;
esac
# 使用方式
sh automation.sh create
# 刪除建錯的user
sh automation.sh delete
> 我的API 參考資料: https://www.test.com.tw/sonarqube/web_api
* 為了方便好用,設定傾向於將 repo 與 user設為相同名,且也與 sonarqube上的projectKey 相同。
REPO | USER |
a | a |
b | b |
c | c |
d | d |
e | e |
f | f |
g | g |
h | h |
i | i |
壹、自動化說明
* 設定所有project當創建時,就擁有default templates賦予的admin,erpuser使用者與權限.設定方式以正規表示式.*任意project name均適用.
貳、功能
# 一、新增 users 、新增 projects、為 project 增加同名使用者的權限。
* 為 project 增加同名使用者的權限 (除admin及scan以外,其餘權限全給;因已在pipeline設定以erpuser送掃描)
for i in ${RROJECT_PERMISSION[@]}
do
for j in ${PROJECT_LIST[@]}
do
curl -X POST "https://$ADMIN_TOKEN@www.test.com.tw/sonarqube/api/permissions/add_user?login=${j}&permission=${i}&projectKey=${j}"
done
done
二、刪除指定 users
創錯 users 等等
設定防呆機制,若遇 erpuser 或 admin 被設定,會終止腳本。
三、注意事項
目前僅有erpuser是有群組的,
若之後刪除後要重建的某 user 是group成員之一,且同名project有apply templates的前提下,需重新將 user 重新加入 group,才可順利在 pipeline 中跑過 sonarscan step。