SonarQube 6.7: how do no-admin users create a project? - sonarqube

I have just installed SonarQube 6.7 and I am creating users for my colleagues, who would like to create a project from their source code hosted on GitHub repositories.
So far I did not find a way to let users create a project, without setting them as system administrator. Apparently a project is created indeed from the Create Project button on the Administration > Projects > Management page as reported in the official documentation.
Unfortunately in this way, most users should be set as admin if they want to create projects: therefore they will be able to manage the users and the whole system. As you can imagine it is not ideal situation, when a lot of administrators on a system.
How can users be able to create a project without having admin privileges over the whole system (configuration, security, users, etc.)?
I thank you in advance for your help!

Your users need the Create Projects global permission. You can grant this individually or by putting them in a group and giving the group the permission.
They'll need the Execute Analysis global permission as well (another argument for using a group). Once these permissions are granted, they'll be able to analyze projects. Any project that doesn't already exist will be created in SonarQube on the first analysis.

Vittorio C. I have the same issue as you in the SonarQube 6.7.
Issue: few options will not show up for example "create projects under global permissions"
Resolution: Just search the "create user"s in the search window( shown in the screenshot) and it will start appearing.
Also if you think any option is not appearing but which ideally should, you can apply the same trick.

for example with maven, mvn package sonar:sonar will create project if no exist in sonarqube. If you want to create it before first use you can use web api, for example have a look at https://next.sonarqube.com/sonarqube/web_api/api/projects/create If i'm not wrong the create API is open to everyone.

Related

TFS 2015 Publishing build artifacts using file share option failed

I wanted to created a demo app that does automatic deployment. In other words once I check-in my code changes, the changes can be seen on the published website. I did the following steps:
I created an .NET project on Visual Studio 2017, published the project with IIS instructions from here and here. I published my project to a local file on my machine;
The I did Continuous Delivery and Release Management using TFS 2015 and created a build and release definitions from here;
The final step was to use the Copy File to and Publish Artifacts tasks, using file share option to drop the contents to the publish folder I've created. So when I check-in my changes using TFS, the changes will be seen online.
Here is the configuration for the build definition:
The folder in the file share path is shared to everyone, and the path is correct (when I type it in the browser, I can see the folder's contents).
The error I keep getting is the following:
Publishing build artifacts failed with an error: Unable to create
directory '{p}'. Unable to verify the directory exists: '{testDir}'.
If directory is a file share, please verify the share name is correct,
the share is online, and the current process has permission to access
the share. \localhost\builddrop\drop \localhost\builddrop\drop
I've been trying to solve this for 2 days with no luck, but I could not find similar issues... I would like to know what is causing this error, or if you have any hints or tips that will get me closer to the solution.
Thanks to #Maxsur answer I realized that I did not install a build agent, which is needed for in case you want to publish your code into a file share.
I did that by going to the team foundation server web portal clicked on the gear sign, and chose Agent Queues and followed the steps. Additionally you will also need to acquire a token by clicking on your profile icon then choosing security and add new token.
Reference: https://learn.microsoft.com/en-us/vsts/pipelines/agents/v2-windows?view=vsts
Try to check (and change) an account for your build agent service.
It can be found at Windows Services -> VSTS Agent on build machine (or TFS server if it used as build machine).
This service can run under "local service" account, which cannot access network shares (even on local machine!).
Try to change this account to Administrator (for example) or setup one by guidelines of MSDN
In your Publish Artifacts Task, you've specified //localhost/builddrop/ in File share path, which is not correct. You need to specify the File share path as below:
\\servername\builddrop

Assign existing Gitlab runner to new project

So, I have owner privileges on some group in Gitlab (not privately hosted instance), and there is a registered runner that I want to assign to a new project in order to use it for CD (It is in use on other projects I am an owner at). However, I don't see it in CI/CD runners settings even though it is not locked for one project. I was also trying this https://docs.gitlab.com/ee/api/runners.html#enable-a-runner-in-project solution (API call) Gitlab provides but it seems like the runner does not exist (generic error, it says the page does not exist or I have no permission).
I thought it might be a permissions problem but it doesn't make sense (or does it?) because I have owner privileges. In docs they say:
"If you are Master on a project where a specific Runner is assigned to, and the Runner is not locked only to that project, you can enable the Runner also on any other project where you have Master permissions.
To enable/disable a Runner in your project:
Visit your project's Settings > CI/CD
Find the Runner you wish to enable/disable
Click Enable for this project or Disable for this project"
and well, I can't find it. Does it sound like a bug/mistake on docs or my lack of knowledge? And if it is my lack of knowledge, do you have any ideas for possible solutions?
TL;DR:
It seems like some kind of group permissions bug.
A possible workaround is to create another user and invite him to a project that uses that specific runner, as master (not owner), and then invite him to the project you want to assign that specific runner to. then, you will have that runner available under specific runners.
Ok, it seems to be a problem with gitlab/gitlab-runner permissions, or just a rather strange behavior. This is what someone wrote in the issues section of the project ( https://gitlab.com/gitlab-org/gitlab-runner/issues/1322 ):
"Consider the following setup:
user_A is owner of project_1, runner_R is registered with project_1's token
user_A is owner of project_2
--> runner_R is NOT visible to user_A from project_2
user_A is promoted master of project_1
--> runner_R is now visible to user_A from project_2
hence my conclusions:
i don't need to be master of a project to select a runner from a project i own, being an owner works too
being a project owner is not sufficient for a project's runner to be visible to me from another project, i need to be master of the project where the runner was registered"
I hope it might be helpful to someone facing the same problem as me.

Manage project in VSTS does not keep the changes

As you can see in the picture I have project administrator permission and I added some projects to Project Administrators group.
Today I created 2 new projects. And VSTS groups stuck to Custom group.
I don't know why I have a new group which is called Custom even I don't have it in Security/Groups.
I can't change Custom to Project Administrators and for other users to Contributor.
After all, I created a Test project and I didn't get any issues.
How can I fix the problem? Thanks
Custom simply means you're a member of one or more groups that are not in the list of:
Project Administrators
Project Contributors
Project Readers
The project's Default Team
For example, you're a member of a Team (Teams are represented as a security group). Or you're a member of any custom created group within the project. These custom groups are not shown in the Manage projects dialogue.
I do not see the behaviour of not being able to change the values, the only reason I can think of is that your user doesn't have permissions to manage permissions in those projects. Have you tried changing the security directly through the project's own Security tab?

Prevent a project from being deleted, allow build configuration changes?

My company has a particular way of working, with an existing CI system, and I'd like to find a way of moving to TeamCity. I've run into a problem with permissions though.
In our current system, a group of developers might be assigned to project A. They can add/modify/remove continuous integration tasks that are related to (are children of) project A, but they can't delete project A itself.
I've got a test install of TeamCity 10, set up with per-project permissions. Project A is a top-level project. There's a projA group, which assigns a dev guy role with scope limited to Project A. user A is a member of the projA group.
Whatever permissions I choose for the dev guy role, it seems to have one of two outcomes, neither of which is useful:
user A can't delete Project A, but can't create or modify build configurations.
user A can create and modify build configurations, but can also delete Project A.
It looks like Edit project is the relevant permission, but it's not granular enough -- it includes some abilities I don't want along with the ones I do.
Is there a way around this?

How to delete a specific component from project on sonar dashboard?

We want to remove a specific component from an project on sonar dashbaord. Is there any way to do that - maybe directly in the sonar database ? I could find only the deletion of whole project on sonar dashboard. The deletion of the component is needed as source code has to be protected and now it is visible to all see source code users of the project which is wrong.
sonar version 4.5.1
You should restrict code viewing permissions.
If it's truly the case that you have users who should be able to see some components but not others then I would advise extracting the sensitive component(s) into another project on which you can impose tighter restrictions.

Resources