commit b7adb9041819690d1700c2941b412a0286cd4fb6
author David Åkerman <davidak@axis.com> Tue Sep 17 15:32:16 2024 +0200
committer David Åkerman <davidak@axis.com> Wed Sep 18 11:28:37 2024 +0200
tree b4c19b942cee949d19d2641197c422ec6aa42186
parent 7d8f59710d14c5bfca9b5317c6ff89f3a491e2dc

Fix missing group add of serviceuser for ssh register command

You can configure groups that a newly created service user
should be added to. Before this change using the ssh
register command would not add the serviceuser to any
groups.

Bug: Issue 367623920
Change-Id: I9a5b2f6d444e46f5f7290cf4c2ea612f89d19f17

src/main/java/com/googlesource/gerrit/plugins/serviceuser/RegisterServiceUser.java

diff --git a/src/main/java/com/googlesource/gerrit/plugins/serviceuser/RegisterServiceUser.java b/src/main/java/com/googlesource/gerrit/plugins/serviceuser/RegisterServiceUser.java
index 17c8ab3..e8b6e3e 100644
--- a/src/main/java/com/googlesource/gerrit/plugins/serviceuser/RegisterServiceUser.java
+++ b/src/main/java/com/googlesource/gerrit/plugins/serviceuser/RegisterServiceUser.java
@@ -14,6 +14,7 @@
 
 package com.googlesource.gerrit.plugins.serviceuser;
 
+import static com.google.gerrit.server.api.ApiUtil.asRestApiException;
 import static com.google.gerrit.server.permissions.GlobalPermission.ADMINISTRATE_SERVER;
 import static com.googlesource.gerrit.plugins.serviceuser.CreateServiceUser.KEY_CREATED_AT;
 import static com.googlesource.gerrit.plugins.serviceuser.CreateServiceUser.KEY_CREATED_BY;
@@ -22,8 +23,13 @@
 import static com.googlesource.gerrit.plugins.serviceuser.CreateServiceUser.USER;
 
 import com.google.common.base.Strings;
+import com.google.common.collect.ImmutableSet;
+import com.google.common.collect.Sets;
 import com.google.gerrit.entities.Account;
+import com.google.gerrit.entities.AccountGroup;
 import com.google.gerrit.entities.Project;
+import com.google.gerrit.exceptions.NoSuchGroupException;
+import com.google.gerrit.extensions.annotations.PluginName;
 import com.google.gerrit.extensions.annotations.RequiresCapability;
 import com.google.gerrit.extensions.common.AccountInfo;
 import com.google.gerrit.extensions.restapi.AuthException;
@@ -36,13 +42,17 @@
 import com.google.gerrit.server.CurrentUser;
 import com.google.gerrit.server.GerritPersonIdent;
 import com.google.gerrit.server.IdentifiedUser;
+import com.google.gerrit.server.ServerInitiated;
 import com.google.gerrit.server.account.AccountLoader;
 import com.google.gerrit.server.account.AccountResolver;
 import com.google.gerrit.server.account.AccountResolver.UnresolvableAccountException;
 import com.google.gerrit.server.config.AllProjectsName;
 import com.google.gerrit.server.config.ConfigResource;
+import com.google.gerrit.server.config.GerritServerConfig;
 import com.google.gerrit.server.git.meta.MetaDataUpdate;
 import com.google.gerrit.server.group.GroupResolver;
+import com.google.gerrit.server.group.db.GroupDelta;
+import com.google.gerrit.server.group.db.GroupsUpdate;
 import com.google.gerrit.server.permissions.PermissionBackend;
 import com.google.gerrit.server.permissions.PermissionBackendException;
 import com.google.gerrit.server.project.ProjectLevelConfig;
@@ -83,6 +93,9 @@
   private final StorageCache storageCache;
   private final PermissionBackend permissionBackend;
   private final BlockedNameFilter blockedNameFilter;
+  private final Provider<GroupsUpdate> groupsUpdateProvider;
+  private final Config config;
+  private final String pluginName;
 
   @Inject
   RegisterServiceUser(
@@ -96,7 +109,10 @@
       AccountLoader.Factory accountLoader,
       StorageCache storageCache,
       PermissionBackend permissionBackend,
-      BlockedNameFilter blockedNameFilter) {
+      BlockedNameFilter blockedNameFilter,
+      @ServerInitiated Provider<GroupsUpdate> groupsUpdateProvider,
+      @GerritServerConfig Config config,
+      @PluginName String pluginName) {
     this.configProvider = configProvider;
     this.accountResolver = accountResolver;
     this.groupResolver = groupResolver;
@@ -110,6 +126,9 @@
     this.storageCache = storageCache;
     this.permissionBackend = permissionBackend;
     this.blockedNameFilter = blockedNameFilter;
+    this.groupsUpdateProvider = groupsUpdateProvider;
+    this.config = config;
+    this.pluginName = pluginName;
   }
 
   @Override
@@ -183,6 +202,16 @@
       storageCache.invalidate();
     }
 
+    Account.Id accountId = user.getAccountId();
+    for (String groupName : config.getStringList("plugin", pluginName, "group")) {
+      AccountGroup.UUID groupUuid = groupResolver.parse(groupName).getGroupUUID();
+      try {
+        addGroupMember(groupUuid, accountId);
+      } catch (NoSuchGroupException e) {
+        throw asRestApiException("Cannot add account: " + accountId + " to group: " + groupName, e);
+      }
+    }
+
     ServiceUserInfo info = new ServiceUserInfo(new AccountInfo(user.getAccountId().get()));
     AccountLoader al = accountLoader.create(true);
     info.createdBy = al.get(creatorId);
@@ -190,4 +219,13 @@
     info.createdAt = creationDate;
     return Response.created(info);
   }
+
+  private void addGroupMember(AccountGroup.UUID groupUuid, Account.Id accountId)
+      throws IOException, NoSuchGroupException, ConfigInvalidException {
+    GroupDelta groupDelta =
+        GroupDelta.builder()
+            .setMemberModification(memberIds -> Sets.union(memberIds, ImmutableSet.of(accountId)))
+            .build();
+    groupsUpdateProvider.get().updateGroup(groupUuid, groupDelta);
+  }
 }