Authenticate sonar-runner via basic auth - sonarqube

Our sonarqube server is behind http basic authentication and local runner fails with 401 error. Is it somehow possible to provide credentials to it? AOfficial docs shows how to provide sonarqube's internal user...
UPD #1:
sonarqube: v5.3,
sonar-runner: v2.5
Debug log of runner:
INFO: Scanner configuration file: /Users/user/Documents/Projects/Project1/sonar-scanner-2.5/conf/sonar-runner.properties
INFO: Project configuration file: /Users/user/Documents/Projects/Project1/sonar-project.properties
INFO: SonarQube Scanner 2.5
INFO: Java 1.8.0_45 Oracle Corporation (64-bit)
INFO: Mac OS X 10.11.3 x86_64
INFO: Error stacktraces are turned on.
DEBUG: cache: /Users/user/.sonar/ws_cache/https%3A%2F%2Fexample.com%2Fsonar%2F/global
INFO: User cache: /Users/user/.sonar/cache
DEBUG: Extract sonar-runner-batch in temp...
DEBUG: Get bootstrap index...
DEBUG: Download: https://example.com/sonar/batch_bootstrap/index
INFO: ------------------------------------------------------------------------
INFO: EXECUTION FAILURE
INFO: ------------------------------------------------------------------------
INFO: Total time: 1.171s
INFO: Final Memory: 5M/245M
INFO: ------------------------------------------------------------------------
ERROR: Error during SonarQube Scanner execution
org.sonar.runner.impl.RunnerException: Unable to execute SonarQube
at org.sonar.runner.impl.IsolatedLauncherFactory$1.run(IsolatedLauncherFactory.java:100)
at org.sonar.runner.impl.IsolatedLauncherFactory$1.run(IsolatedLauncherFactory.java:87)
at java.security.AccessController.doPrivileged(Native Method)
at org.sonar.runner.impl.IsolatedLauncherFactory.createLauncher(IsolatedLauncherFactory.java:87)
at org.sonar.runner.impl.IsolatedLauncherFactory.createLauncher(IsolatedLauncherFactory.java:83)
at org.sonar.runner.api.EmbeddedRunner.doStart(EmbeddedRunner.java:249)
at org.sonar.runner.api.EmbeddedRunner.start(EmbeddedRunner.java:187)
at org.sonar.runner.api.EmbeddedRunner.start(EmbeddedRunner.java:182)
at org.sonarsource.scanner.cli.Main.execute(Main.java:75)
at org.sonarsource.scanner.cli.Main.main(Main.java:66)
Caused by: java.lang.IllegalStateException: Fail to download libraries from server
at org.sonar.runner.impl.Jars.downloadFiles(Jars.java:93)
at org.sonar.runner.impl.Jars.download(Jars.java:70)
at org.sonar.runner.impl.JarDownloader.download(JarDownloader.java:40)
at org.sonar.runner.impl.IsolatedLauncherFactory$1.run(IsolatedLauncherFactory.java:91)
... 9 more
Caused by: java.lang.IllegalStateException: Status returned by url [https://example.com/sonar/batch_bootstrap/index] is not valid: [401]
at org.sonar.runner.impl.ServerConnection.callUrl(ServerConnection.java:186)
at org.sonar.runner.impl.ServerConnection.downloadString(ServerConnection.java:121)
at org.sonar.runner.impl.ServerConnection.tryServerFirst(ServerConnection.java:148)
at org.sonar.runner.impl.ServerConnection.download(ServerConnection.java:112)
at org.sonar.runner.impl.Jars.downloadFiles(Jars.java:78)
... 12 more

No it doesn't look like sonar-runner supports proxy authentication. SonarQube has built-in access control so I'm not sure why you'd need proxy authentication on top of that. Maybe you could disable proxy authentication for SonarQube's URL.

The sonar-runner, even if configured with credentials, does not use these to make it's first call to the server. The endpoint is /batch/index. You have to allow public access to that endpoint. For all other urls basic auth is fine.
More details about my working setup in my answer here: https://stackoverflow.com/a/60132667/1838233
I've tried that setup with the runner and a sonar-project.properties file containing:
sonar.host.url=https://myserver/sonar/
sonar.login=${env.SONARUSER}
sonar.password=${env.SONARPWD}
and could access Sonar behind Apache basic auth that way.

I have been looking for this too and failed to find any options to allow this. One use case I can think of for needing this is you have the sonar client running on the far end of a GCP IAP away from the sonar server. You'd need to have the client pass through the initial proxy to get to the sonar server. Even if the sonar server supports this auth natively you need some way for the client to pass an auth header.
This is for scenarios where you either don't trust sonar or you don't trust the deployment of sonar by some novice, but you do trust a zero-trust protected proxy by gcp's platform

Related

Sonarqube upload report 403

I have a Sonar analysis job in Jenkins which was working fine. Suddenly last week it started throwing error when uploading the report to Sonarqube server.
11:47:31 06:17:31.409 INFO: Analysis report generated in /var/jenkins_home/workspace/projectdirmasked/sample/.scannerwork/scanner-report
11:47:31 06:17:31.409 DEBUG: Upload report
11:47:31 06:17:31.481 DEBUG: POST 403 https://sonarqubehostnamemasked.com/api/ce/submit?projectKey=Sonar_Test&projectName=Sonar_Test | time=72ms
11:47:31 06:17:31.486 INFO: ------------------------------------------------------------------------
11:47:31 06:17:31.486 INFO: EXECUTION FAILURE
11:47:31 06:17:31.486 INFO: ------------------------------------------------------------------------
11:47:31 06:17:31.486 INFO: Total time: 9.877s
11:47:31 06:17:31.621 INFO: Final Memory: 39M/421M
11:47:31 06:17:31.621 INFO: ------------------------------------------------------------------------
11:47:31 06:17:31.621 ERROR: Error during SonarScanner execution
11:47:31 You're not authorized to run analysis. Please contact the project administrator.
The user belongs to the token has admin access. As well execute-analysis permission. And basically the user has assigned all the available permission in Sonarqube. So definitely it is not permission issue on the user.
All other projects using the same token in the same jenkins are able to scan successfully and upload the report.
Version: Enterprise Sonarqube 8.9.6
csharp plugin version: 8.22.0, xml plugin version: 2.2.0 (as I am scanning cs and xml files)
Any leads on this will be helpful!

Webdeploy database failing for SmarterASP host

I'm trying to use webdeploy for my project to publish to SmarterASP host. I get the following error:
Error : Web deployment task failed. ((1/30/2018 2:55:34 PM) An error
occurred when the request was processed on the remote computer.) 2>
2>(1/30/2018 2:55:34 PM) An error occurred when the request was
processed on the remote computer. 2>The server experienced an issue
processing the request. Contact the server administrator for more
information. 2>Publish failed to deploy.
I have gotten support to give me the error from their end:
Content-Type: application/msdeploy Version: 9.0.0.0
MSDeploy.VersionMin: 7.1.600.0 MSDeploy.VersionMax: 9.0.1981.0
MSDeploy.Method: Sync MSDeploy.RequestId:
42329f84-36b0-4fe3-aec5-a71745700abc MSDeploy.RequestCulture: en-US
MSDeploy.RequestUICulture: en-US ServerVersion: 9.0.1955.0 Skip:
objectName="^configProtectedData$" Provider: dbDacFx, Path: data
source=XXXXXXXXX;initial catalog=xxxxxxx;user id=xxxxxxxx
A tracing deployment agent exception occurred that was propagated to
the client. Request ID '42329f84-36b0-4fe3-aec5-a71745700abc'. Request
Timestamp: '1/25/2018 8:20:58 AM'. Error Details:
ERROR_DACFX_NEEDED_FOR_SQL_PROVIDER
Microsoft.Web.Deployment.DeploymentDetailedFatalException: The SQL
provider cannot run with dacpac option because of a missing
dependency. Please make sure that DacFx is installed. Learn more at:
http://go.microsoft.com/fwlink/?LinkId=221672#ERROR_DACFX_NEEDED_FOR_SQL_PROVIDER.
They claim the missing dependency is on my end. I have installed Microsoft SQL Server Data-Tier Application Framework (DACFx) at their request, and still have the same error.

SonarQube 6.0 with Sonar-Scanner-2.6.1 Cofinguration with MYSQL

I was using SonarQube 5.1.2 with Sonar-runner-dist 2.4 but I have to upgrade my SonarQube to 6.0 along with Sonar-Scanner-2.6.1
I was using MySQL for SonarQube 5.1.2 but When I upgraded to SonarQube 6.0 I am getting this error , Can someone help me how to override the error and what changes required with SonarQube 6.0
Not Sure why I am getting
WARN: Property 'sonar.jdbc.username' is not supported any more. It will be ignor
ed. There is no longer any DB connection to the SQ database.
Complete Error Log
WARN: sonar-runner.bat script is deprecated. Please use sonar-scanner.bat instea
d.
D:\Softwares\SonarQube_old\sonar-scanner-2.6.1\sonar-scanner-2.6.1
Picked up _JAVA_OPTIONS: -Djava.net.preferIPv4Stack=true
INFO: Scanner configuration file: D:\Softwares\SonarQube_old\sonar-scanner-2.6.1
\sonar-scanner-2.6.1\conf\sonar-scanner.properties
INFO: Project root configuration file: NONE
INFO: SonarQube Scanner 2.6.1
INFO: Java 1.8.0_111 Oracle Corporation (32-bit)
INFO: Windows 7 6.1 x86
INFO: User cache: C:\Users\391007\.sonar\cache
INFO: Load global repositories
INFO: Load global repositories (done) | time=124ms
WARN: Property 'sonar.jdbc.url' is not supported any more. It will be ignored. T
here is no longer any DB connection to the SQ database.
WARN: Property 'sonar.jdbc.username' is not supported any more. It will be ignor
ed. There is no longer any DB connection to the SQ database.
WARN: Property 'sonar.jdbc.password' is not supported any more. It will be ignor
ed. There is no longer any DB connection to the SQ database.
INFO: User cache: C:\Users\391007\.sonar\cache
INFO: Load plugins index
INFO: Load plugins index (done) | time=9ms
INFO: SonarQube server 6.0
INFO: Default locale: "en_US", source code encoding: "windows-1252" (analysis is
platform dependent)
INFO: ------------------------------------------------------------------------
INFO: EXECUTION FAILURE
INFO: ------------------------------------------------------------------------
INFO: Total time: 2.553s
INFO: Final Memory: 40M/96M
INFO: ------------------------------------------------------------------------
ERROR: Error during SonarQube Scanner execution
ERROR: Unable to register extension com.sonar.governance.task.A.A from plugin 'g
overnance'
ERROR: Caused by: Lorg/sonar/batch/bootstrap/BatchWsClient;
ERROR: Caused by: org.sonar.batch.bootstrap.BatchWsClient
ERROR:
ERROR: To see the full stack trace of the errors, re-run SonarQube Scanner with
the -e switch.
ERROR: Re-run SonarQube Scanner using the -X switch to enable full debug logging
I have referred below Answer but I am not getting solution to solve the problem
https://stackoverflow.com/a/35231407/3973543
"WARN: Property 'sonar.jdbc.url' is not supported any more " is not an error, just a warning, since 5.6 sonar.jdbc.url, sonar.jdbc.username and sonar.jdbc.password are not needed anymore in jenkins side. The sonarqube DataBase is only access from sonarqube instance, not from the clients as jenkins. So you should let them empty now. Just fill the sonarqube instance url for the WS connection.
Governance plugin is now commercial, you have to registry a license for using it

SonarQube Build Breaker plugin: Report processing did not complete successfully: FAILED

I am trying to upload reports generated by Istanbul to Sonar dashboard using a gulp task and it fails with the below error. Looks like the Build Breaker plugin in SonarQube is timing out before it can upload the report to Sonar. Any way that i can tweak this plugin?
I am using Sonar 5.3.
15:42:43.411 INFO: Analysis report generated in /workspace/{project}/.sonar/report
15:42:43.430 INFO: ------------------------------------------------------------------------
15:42:43.430 INFO: EXECUTION FAILURE
15:42:43.430 INFO: ------------------------------------------------------------------------
15:42:43.430 INFO: Total time: 5:06.287s
15:42:43.609 INFO: Final Memory: 57M/2603M
15:42:43.609 INFO: ------------------------------------------------------------------------
15:42:43.609 ERROR: Error during SonarQube Scanner execution
java.lang.IllegalStateException: Report processing did not complete successfully: FAILED
at org.sonar.plugins.buildbreaker.QualityGateBreaker.getAnalysisId(QualityGateBreaker.java:152)
at org.sonar.plugins.buildbreaker.QualityGateBreaker.execute(QualityGateBreaker.java:108)
at org.sonar.plugins.buildbreaker.QualityGateBreaker.executeOn(QualityGateBreaker.java:95)
at org.sonar.batch.phases.PostJobsExecutor.execute(PostJobsExecutor.java:65)
at org.sonar.batch.phases.PostJobsExecutor.execute(PostJobsExecutor.java:55)
This is a known invalid issue: #14 (he problem occurs on the server side, not in Build Breaker mechanism/logic).
Matthew DeTullio's comment:
This is because the server side background task for your project is
failing. You need to check the logs there and fix that problem first.
The report processing step is when SQ computes the quality gate
status. This plugin simply checks the status computed there, so if
processing fails this plugin will mark the analysis a failure.
In my company we found on the server side:
java.lang.OutOfMemoryError: GC overhead limit exceeded
The reason could be any error in the SonarQube processing of background task.
And the error is very generic like below
ERROR: Error during SonarQube Scanner execution
java.lang.IllegalStateException: Report processing did not complete successfully: FAILED
In my case, the server on which SonarQube is installed, ran out of disk space hence it was not able to write the logs.
So, the idea is to check sonar.log to understand whats wrong and rectify it, restart SonarQube service.
less <SONAR_INSTALL_DIR>/logs/sonar.log
2021-03-28 01:13:25,124 elasticsearch[sonarqube][management][T#3] ERROR An exception occurred processing Appender file_es org.apache.logging.log4j.core.appender.AppenderLoggingException: Error writing to stream /apps/sonarqube-8.3.0.34182/logs/es.log
Reboot the Sonar service
cd <SONAR_INSTALL_DIR>/bin
./sonar.sh stop
./sonar.sh start

Sonar - Fail to request server version | HTTP Status 404 /

With each run done by console or by Jenkins throws me the following error:
SonarQube Runner 2.4
Java 1.8.0_51 Oracle Corporation (32-bit)
Linux 2.6.32-504.30.3.el6.i686 i386
INFO: Runner configuration file: /usr/local/sonar-runner/conf/sonar-runner.properties
INFO: Project configuration file: /opt/apps/php-sonar-runner/sonar-project.properties
INFO: Default locale: "es_ES", source code encoding: "UTF-8"
INFO: Work directory: /opt/apps/php-sonar-runner/./.sonar
INFO: EXECUTION FAILURE
INFO: ------------------------------------------------------------------------
Total time: 0.042s
Final Memory: 0M/28M
INFO: ------------------------------------------------------------------------
ERROR: Error during Sonar runner execution
ERROR: Fail to request server version
ERROR: Caused by: Status returned by url : 'http://xxx.xxx.xx.xxx:9000/api/server/version' is invalid : 404
ERROR:
ERROR: To see the full stack trace of the errors, re-run SonarQube Runner with the -e switch.
ERROR: Re-run SonarQube Runner using the -X switch to enable full debug logging.
Open the URL 'http://xxx.xxx.xx.xxx:9000/api/server/version' in a browser, see if it gives you a 404 error. If so, you need to find the right path to Sonar root on the remote server, maybe 'http://xxx.xxx.xx.xxx:9000/sonar/'?
When you have the full URL of Sonar, update the sonar.host.url property in your pom accordingly. See full documentation for more details.
Check the value of sonar.web.context = /myPath maybe you have some path and you configure other path in your url at your jenkis, tfs, etc. That is the reason you get an 404 error.
In your example you should not have that value configurated or without a value.
'http://xxx.xxx.xx.xxx:9000/myPath/api/server/version
In your sonar-runner.properties file
define #--- Default SonarQube sever as give below
sonar.host.url=http://localhost:9000/sonar
Also cross check in sonar.properties file i.e
sonar.web.port=9000
sonar.web.host=127.0.0.1
sonar.web.context=/sonar

Resources