Synchronize LDAP/AD groups to Sonarqube. The official Sonarqube documentation includes this passage regarding delegation of authorization: For the delegation of authorization, groups must be first defined in SonarQube. The script aims to provide a solution to this.
Official Sonarqube documentation: https://docs.sonarqube.org/7.6/instance-administration/delegated-auth/
Sonarqube (https://www.sonarqube.org/) has great LDAP integration for user account. It lets you delegate authentication to an LDAP server such as a Microsoft Active Directory. If an LDAP user logs into Sonar, a local record is being created. If the LDAP/AD groups are synchronized to Sonar, we can set permissions for these groups to projects.
The script was tested using Python 3.7 and Sonarqube 7.6 as target. In addition, a few PIP packages need to be present:
pip install -r requirements.txt
Generate a token for a user in the sonar-administrators group:
Administration --> Security --> Users in the Tokens column, click and generate a token.
See ./group-sync.py --help for available parameters.
- Copy the sample config into
config.ymland adapt it to your environment
cp config.yml.sample config.yml
# edit config.yml
- Run with no parameter to see how many groups would get created/deleted.
- Execute with
--no-dryto actually create/delete the groups.
You may want to put this into a cronjob to run regularly.
Build a container image:
docker build . -t sonar-ldap-groups
Run script in container and pass it a local configuration file:
docker run -it -v$(pwd)/config.yml:/etc/config.yml sonar-ldap-groups --config /etc/config.yml
Checkout the Cronjob and ConfigMap examples in the kubernetes/* directory.