Group permissions synchronization

Hello,
We’re using Sonar chart.
We have a lot of teams on github and would like to know if it’s possible to export their permissions on the different repos on sonarqube ? And can a user belong to more than one group on sonarqube ? Because we tried it but it didn’t seems to work.
We’re using Sonarqube version 9.4.0.54424 and the chart version 3.0.0
Thanks for your help !

Hi,

Sorry, but I don’t understand the question. Perhaps the docs will help.

Yes, absolutely! And, as described in the group mapping docs I linked above, when you’re synchronizing group membership from your identity provider - GitHub, in this case - the user needs to be in all those groups in the IDP (GitHub) and the groups need to already exist in SonarQube.

 
HTH,
Ann

Thanks for your answer !
The first time we tried to add users who belongs to more than one group, they had none of their groups but we tried again and it seemed to work … Do we need to wait until sonar understands that the group is synchronized with github ? Or was it a bug ?

And the groups have access to repos on github, is it possible to automatically get the same permissions on sonar projects for the same groups ?

Hi,

No idea what was going on with those first attempts. I think we can chalk it up to a glitch. Regarding group permissions to projects, I think you’ll need to grant that manually.

 
Ann

Thanks, do you know if the automatisation is on the roadmap ? It would be a nice feature

Hi,

I don’t know for sure. I’ve pinged internally. Maybe the Product Manager will weight in…

 
Ann

Thanks you

Hello,
If it interest anyone, we created a Python corresponding to the need we had : GitHub - yaniscorselle8/sync-sonar-github

This script permits to :

  • add github SSO authentification inside sonar
  • create of all your github teams inside sonar (as sonar groups)
  • create a project on sonar for all your github repos (required for next step because repos needs to be created to synchronize the rights)
  • synchronize the rights on sonar projects with those on github repos

Do not hesitate to tell me here or to open an issue on the repo if you get any problem !

2 Likes

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.

Hi @Yanis_Corselle ,
Christophe, PM DevOps platform here :wave:
I can tell you that the synchronisation or users, groups and permissions is on the roadmap for the next few months.
Are you still interested in this or your custom script is enough? I’d be happy to talk with you about it :slight_smile:

Thanks!
Christophe

1 Like

Hi,
Thanks for following this topic :slight_smile:
My script is working well but we have to launch it as a cron to be always totally synchronized so if you propose us a solution integrated inside sonarqube which has the functionalities included inside my script , we’ll be happy to use it :slight_smile:
We can talk about it, yes of course :slight_smile:

1 Like