added migration script for auth provider and document it

BraisVQ · BraisVQ · commit 2fd8735f2ee1 · 2024-03-28T16:10:04.000+01:00
diff --git a/docs/modules/sonarqube/pages/administration.adoc b/docs/modules/sonarqube/pages/administration.adoc
@@ -10,6 +10,7 @@ There is an `admin` user which is allowed to change settings, install plugins, e
 
 The SonarQube deployment is using an image built in the central ODS namespace. This image is based on the https://hub.docker.com/_/sonarqube, as can be seen in the https://github.com/opendevstack/ods-core/blob/master/sonarqube/docker/Dockerfile[ODS Dockerfile].
 If the previous version was installed using Tailor, follow the process to migrate from tailor to helm in https://www.opendevstack.org/ods-documentation/opendevstack/5.x/administration/helm-migration.html
+If the previous version was configured to use Atlassian Crowd as Authentication provider, run the script https://github.com/opendevstack/ods-core/tree/master/scripts/migrate-sonar-users.sh in order to migrate current users to use Saml as Authentication provider.
 
 To update SonarQube, the following steps need to be taken:
 
diff --git a/scripts/migrate-sonar-users.sh b/scripts/migrate-sonar-users.sh
@@ -0,0 +1,87 @@
+#!/usr/bin/env bash
+set -ue
+
+SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
+ODS_CORE_DIR=${SCRIPT_DIR%/*}
+ODS_CONFIGURATION_DIR="${ODS_CORE_DIR}/../ods-configuration"
+
+echo_done(){
+    echo -e "\033[92mDONE\033[39m: $1"
+}
+
+echo_warn(){
+    echo -e "\033[93mWARN\033[39m: $1"
+}
+
+echo_error(){
+    echo -e "\033[31mERROR\033[39m: $1"
+}
+
+echo_info(){
+    echo -e "\033[94mINFO\033[39m: $1"
+}
+
+
+SONARQUBE_URL=""
+SONAR_ADMIN_USERNAME=""
+SONAR_ADMIN_PASSWORD=""
+INSECURE=""
+
+function usage {
+    printf "Migrate SonarQube users from Atlassian Crowd provider to Saml provider.\n\n"
+    printf "This script will ask interactively for parameters if not in ods-configuraion.\n"
+    printf "However, you can also pass them directly. Usage:\n\n"
+    printf "\t-h|--help\t\tPrint usage\n"
+    printf "\t-v|--verbose\t\tEnable verbose mode\n"
+    printf "\t-i|--insecure\t\tAllow insecure server connections when using SSL\n"
+    printf "\n"
+    printf "\t-s|--sonarqube\t\tSonarQube URL, e.g. 'https://sonarqube.example.com'\n"
+    printf "\t-u|--admin-user\tAdmin user\n"
+    printf "\t-p|--admin-password\tAdmin password\n"
+}
+
+while [[ "$#" -gt 0 ]]; do
+    case $1 in
+
+    -v|--verbose) set -x;;
+
+    -h|--help) usage; exit 0;;
+
+    -i|--insecure) INSECURE="--insecure";;
+
+    -p|--admin-password) SONAR_ADMIN_PASSWORD="$2"; shift;;
+    -p=*|--admin-password=*) SONAR_ADMIN_PASSWORD="${1#*=}";;
+
+    -u|--admin-user) SONAR_ADMIN_USERNAME="$2"; shift;;
+    -u=*|--admin-user=*) SONAR_ADMIN_USERNAME="${1#*=}";;
+
+    -s|--sonarqube) SONARQUBE_URL="$2"; shift;;
+    -s=*|--sonarqube=*) SONARQUBE_URL="${1#*=}";;
+
+    *) echo_error "Unknown parameter passed: $1"; exit 1;;
+esac; shift; done
+
+if [ -f "${ODS_CONFIGURATION_DIR}/ods-core.env" ]; then
+
+    if [ -z "${SONARQUBE_URL}" ]; then
+        SONARQUBE_URL=$(../scripts/get-config-param.sh SONARQUBE_URL)
+    fi
+
+    if [ -z "${SONAR_ADMIN_USERNAME}" ]; then
+        SONAR_ADMIN_USERNAME=$(../scripts/get-config-param.sh SONAR_ADMIN_USERNAME)
+    fi
+
+    if [ -z "${SONAR_ADMIN_PASSWORD}" ]; then
+        SONAR_ADMIN_PASSWORD=$(../scripts/get-config-param.sh SONAR_ADMIN_PASSWORD_B64 | base64 -d)
+    fi
+
+fi
+
+Email_list=$( curl ${INSECURE} ${SONAR_URL}/api/users/search -u admin:${SONAR_ADMIN_TOKEN} | jq .users | grep login | grep @ | tr -d '"' | tr -d "," | cut -f2 -d ":" )
+email_list_array=($Email_list)
+
+for email in "${email_list_array[@]}"
+do
+    curl ${INSECURE} -X POST -sSf -u admin:${SONAR_ADMIN_TOKEN} "${SONAR_URL}/api/users/update_identity_provider?newExternalProvider=saml&login=${email}" > /dev/null
+    echo "User ${email} migrated to Saml"
+done
