Group permissions synchronization

Yanis_Corselle · September 19, 2022, 2:00pm

Hello,
We’re using Sonar chart.
We have a lot of teams on github and would like to know if it’s possible to export their permissions on the different repos on sonarqube ? And can a user belong to more than one group on sonarqube ? Because we tried it but it didn’t seems to work.
We’re using Sonarqube version 9.4.0.54424 and the chart version 3.0.0
Thanks for your help !

ganncamp · September 19, 2022, 4:47pm

Hi,

Sorry, but I don’t understand the question. Perhaps the docs will help.

Yes, absolutely! And, as described in the group mapping docs I linked above, when you’re synchronizing group membership from your identity provider - GitHub, in this case - the user needs to be in all those groups in the IDP (GitHub) and the groups need to already exist in SonarQube.

HTH,
Ann

Yanis_Corselle · September 21, 2022, 7:43am

Thanks for your answer !
The first time we tried to add users who belongs to more than one group, they had none of their groups but we tried again and it seemed to work … Do we need to wait until sonar understands that the group is synchronized with github ? Or was it a bug ?

And the groups have access to repos on github, is it possible to automatically get the same permissions on sonar projects for the same groups ?

ganncamp · September 21, 2022, 11:49am

Hi,

No idea what was going on with those first attempts. I think we can chalk it up to a glitch. Regarding group permissions to projects, I think you’ll need to grant that manually.

Ann

Yanis_Corselle · September 21, 2022, 1:39pm

Thanks, do you know if the automatisation is on the roadmap ? It would be a nice feature

ganncamp · September 21, 2022, 1:51pm

Hi,

I don’t know for sure. I’ve pinged internally. Maybe the Product Manager will weight in…

Ann

Yanis_Corselle · September 21, 2022, 1:54pm

Thanks you

Yanis_Corselle · January 18, 2023, 6:17pm

Hello,
If it interest anyone, we created a Python corresponding to the need we had : GitHub - yaniscorselle8/sync-sonar-github

This script permits to :

add github SSO authentification inside sonar
create of all your github teams inside sonar (as sonar groups)
create a project on sonar for all your github repos (required for next step because repos needs to be created to synchronize the rights)
synchronize the rights on sonar projects with those on github repos

Do not hesitate to tell me here or to open an issue on the repo if you get any problem !

system · January 25, 2023, 6:18pm

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.

Christophe_Havard · April 5, 2023, 2:43pm

Hi @Yanis_Corselle ,
Christophe, PM DevOps platform here
I can tell you that the synchronisation or users, groups and permissions is on the roadmap for the next few months.
Are you still interested in this or your custom script is enough? I’d be happy to talk with you about it

Thanks!
Christophe

Colin · April 5, 2023, 3:31pm

Yanis_Corselle · April 13, 2023, 1:18pm

Hi,
Thanks for following this topic
My script is working well but we have to launch it as a cron to be always totally synchronized so if you propose us a solution integrated inside sonarqube which has the functionalities included inside my script , we’ll be happy to use it
We can talk about it, yes of course