SONAR-22364 Fix SSF-572 on LTS

server/sonar-webserver-webapi/src/main/java/org/sonar/server/setting/ws/SetAction.java

@@ -57,6 +57,7 @@
 import org.sonar.server.user.UserSession;
 
 import static com.google.common.base.Preconditions.checkArgument;
+import static java.lang.String.format;
 import static org.sonar.server.exceptions.BadRequestException.checkRequest;
 import static org.sonar.server.setting.ws.SettingsWsParameters.PARAM_COMPONENT;
 import static org.sonar.server.setting.ws.SettingsWsParameters.PARAM_FIELD_VALUES;
@@ -69,6 +70,9 @@ public class SetAction implements SettingsWsAction {
   private static final Collector<CharSequence, ?, String> COMMA_JOINER = Collectors.joining(",");
   private static final String MSG_NO_EMPTY_VALUE = "A non empty value must be provided";
   private static final int VALUE_MAXIMUM_LENGTH = 4000;
+  static final Map<String, String> KEY_CONSTRAINTS = Map.of(
+    "sonar.auth.gitlab.url", "sonar.auth.gitlab.secret.secured"
+  );
 
   private final PropertyDefinitions propertyDefinitions;
   private final DbClient dbClient;
@@ -136,12 +140,27 @@ public void define(WebService.NewController context) {
   public void handle(Request request, Response response) throws Exception {
     try (DbSession dbSession = dbClient.openSession(false)) {
       SetRequest wsRequest = toWsRequest(request);
+      throwIfUnmatchedConstraintOnGlobalKey(wsRequest.getKey());
       SettingsWsSupport.validateKey(wsRequest.getKey());
       doHandle(dbSession, wsRequest);
     }
     response.noContent();
   }
 
+  private void throwIfUnmatchedConstraintOnGlobalKey(String key) {
+    if (KEY_CONSTRAINTS.containsKey(key)) {
+      String keyConstrained = KEY_CONSTRAINTS.get(key);
+      checkRequest(!isGlobalKeySet(keyConstrained), format("Setting '%s' must be empty to set '%s'", keyConstrained, key));
+    }
+  }
+
+  private boolean isGlobalKeySet(String keyConstrained) {
+    try (DbSession dbSession = dbClient.openSession(false)) {
+      PropertyDto propertyDto = dbClient.propertiesDao().selectGlobalProperty(dbSession, keyConstrained);
+      return propertyDto != null && !StringUtils.isBlank(propertyDto.getValue());
+    }
+  }
+
   private void doHandle(DbSession dbSession, SetRequest request) {
     Optional<ComponentDto> component = searchComponent(dbSession, request);
     String projectKey = component.isPresent() ? component.get().getKey() : null;

server/sonar-webserver-webapi/src/test/java/org/sonar/server/setting/ws/SetActionTest.java

@@ -1190,6 +1190,26 @@ public void fail_when_setting_key_is_defined_in_sonar_properties() {
       .hasMessage(format("Setting '%s' can only be used in sonar.properties", settingKey));
   }
 
+  @Test
+  public void fail_when_key_constraints_are_not_met() {
+    propertyDb.insertProperty(newGlobalPropertyDto("sonar.auth.gitlab.secret.secured", "secret"), null, null, null, null);
+
+    assertThatThrownBy(() -> {
+      callForGlobalSetting("sonar.auth.gitlab.url", "http://new.url");
+    })
+      .isInstanceOf(BadRequestException.class)
+      .hasMessage("Setting 'sonar.auth.gitlab.secret.secured' must be empty to set 'sonar.auth.gitlab.url'");
+  }
+
+  @Test
+  public void succeed_when_key_constraints_are_met() {
+    assertGlobalSettingIsNotSet("sonar.auth.gitlab.secret.secured");
+
+    callForGlobalSetting("sonar.auth.gitlab.url", "http://new.url");
+
+    assertGlobalSetting("sonar.auth.gitlab.url", "http://new.url");
+  }
+
   @Test
   public void definition() {
     WebService.Action definition = ws.getDef();
@@ -1210,6 +1230,12 @@ private void assertGlobalSetting(String key, String value) {
       .containsExactly(key, value, null);
   }
 
+  private void assertGlobalSettingIsNotSet(String key) {
+    PropertyDto result = dbClient.propertiesDao().selectGlobalProperty(key);
+
+    assertThat(result).isNull();
+  }
+
   private void assertUserSetting(String key, String value, String userUuid) {
     List<PropertyDto> result = dbClient.propertiesDao().selectByQuery(PropertyQuery.builder().setKey(key).setUserUuid(userUuid).build(), dbSession);