We are trying to set up a Quality Gate step in our Jenkins pipeline as specified in this link in the SonarQube docs. The analysis runs fine, but as soon as we hit the waitForQualityGate() instruction, we get an error like the following:
org.sonarqube.ws.client.HttpException: Error 401 on https://<SONAR_URL>/api/ce/task?id=AWVDbTfzpzqbN_7rzK2s
I don’t manage our Jenkins server, but I believe the configuration is the following:
Jenkins version: 2.107
SonarQube plugin: 2.7.1 (not 2.6.1 as the post originally said)
Sonar Scanner for MSBuild: 4.2.0.1214
Sample of how we are running the analysis (there is more code outside this to set up a node):
withSonarQubeEnv('Sonar') {
docker.image('temp-sonarqube:latest').inside() {
withEnv(['HOME=/app','DOTNET_CLI_TELEMETRY_OPTOUT=1']) {
sh "cd /app && dotnet /sonar-scanner/SonarScanner.MSBuild.dll begin" +
" /k:MY_PROJECT_KEY" +
" /d:sonar.login=${SONAR_TOKEN}" +
" /d:sonar.verbose=true"
sh "cd /app && dotnet build -c Release"
sh "cd /app && dotnet /sonar-scanner/SonarScanner.MSBuild.dll end" +
" /d:sonar.login=${SONAR_TOKEN}"
// Used to solve missing task ID issue
sh "cp /app/.sonarqube/out/.sonar/report-task.txt ."
}
}
}
Sample of how we are running our Quality Gate: (step that fails)
May I ask if you have a reason not to update to a newer version of the Jenkins plugin and/or the Scanner for MSBuild? I am asking because you are referencing quite old versions and the issues you are facing might have been fixed in newer versions.
@Ammo Just edited my question. The MSBuild scanner is actual 4.2, not 1.2 (my bad!)
As for the SonarQube plugin for Jenkins, we are on a shared environment with other teams and the team that manages the setup is concerned about updating the plugin. I might be able to have them update it on their staging environment though.
@Ammo we have updated the Sonar plugin to v2.8 and the sonar-scanner for MSBuild to version 4.3.1.1372 and we got the same error.
The full stack trace of the error is as follows:
org.sonarqube.ws.client.HttpException: Error 401 on https://<SONAR_URL>/api/ce/task?id=AWVZeMJMpzqbN_7rzK4W
at org.sonarqube.ws.client.BaseResponse.failIfNotSuccessful(BaseResponse.java:34)
at hudson.plugins.sonar.client.HttpClient.getHttp(HttpClient.java:38)
at hudson.plugins.sonar.client.WsClient.getCETask(WsClient.java:51)
at org.sonarsource.scanner.jenkins.pipeline.WaitForQualityGateStep$Execution.checkTaskCompleted(WaitForQualityGateStep.java:183)
at org.sonarsource.scanner.jenkins.pipeline.WaitForQualityGateStep$Execution.start(WaitForQualityGateStep.java:129)
at org.jenkinsci.plugins.workflow.cps.DSL.invokeStep(DSL.java:229)
at org.jenkinsci.plugins.workflow.cps.DSL.invokeMethod(DSL.java:153)
at org.jenkinsci.plugins.workflow.cps.CpsScript.invokeMethod(CpsScript.java:108)
at sun.reflect.GeneratedMethodAccessor464.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at org.codehaus.groovy.reflection.CachedMethod.invoke(CachedMethod.java:93)
at groovy.lang.MetaMethod.doMethodInvoke(MetaMethod.java:325)
at groovy.lang.MetaClassImpl.invokeMethod(MetaClassImpl.java:1213)
at groovy.lang.MetaClassImpl.invokeMethod(MetaClassImpl.java:1022)
at org.codehaus.groovy.runtime.callsite.PogoMetaClassSite.call(PogoMetaClassSite.java:42)
at org.codehaus.groovy.runtime.callsite.CallSiteArray.defaultCall(CallSiteArray.java:48)
at org.codehaus.groovy.runtime.callsite.AbstractCallSite.call(AbstractCallSite.java:113)
at org.kohsuke.groovy.sandbox.impl.Checker$1.call(Checker.java:157)
at org.kohsuke.groovy.sandbox.GroovyInterceptor.onMethodCall(GroovyInterceptor.java:23)
at org.jenkinsci.plugins.scriptsecurity.sandbox.groovy.SandboxInterceptor.onMethodCall(SandboxInterceptor.java:133)
at org.kohsuke.groovy.sandbox.impl.Checker$1.call(Checker.java:155)
at org.kohsuke.groovy.sandbox.impl.Checker.checkedCall(Checker.java:159)
at org.kohsuke.groovy.sandbox.impl.Checker.checkedCall(Checker.java:129)
at org.kohsuke.groovy.sandbox.impl.Checker.checkedCall(Checker.java:129)
at org.kohsuke.groovy.sandbox.impl.Checker.checkedCall(Checker.java:129)
at com.cloudbees.groovy.cps.sandbox.SandboxInvoker.methodCall(SandboxInvoker.java:17)
at WorkflowScript.run(WorkflowScript:58)
at ___cps.transform___(Native Method)
at com.cloudbees.groovy.cps.impl.ContinuationGroup.methodCall(ContinuationGroup.java:57)
at com.cloudbees.groovy.cps.impl.FunctionCallBlock$ContinuationImpl.dispatchOrArg(FunctionCallBlock.java:109)
at com.cloudbees.groovy.cps.impl.FunctionCallBlock$ContinuationImpl.fixName(FunctionCallBlock.java:77)
at sun.reflect.GeneratedMethodAccessor446.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at com.cloudbees.groovy.cps.impl.ContinuationPtr$ContinuationImpl.receive(ContinuationPtr.java:72)
at com.cloudbees.groovy.cps.impl.ConstantBlock.eval(ConstantBlock.java:21)
at com.cloudbees.groovy.cps.Next.step(Next.java:83)
at com.cloudbees.groovy.cps.Continuable$1.call(Continuable.java:174)
at com.cloudbees.groovy.cps.Continuable$1.call(Continuable.java:163)
at org.codehaus.groovy.runtime.GroovyCategorySupport$ThreadCategoryInfo.use(GroovyCategorySupport.java:122)
at org.codehaus.groovy.runtime.GroovyCategorySupport.use(GroovyCategorySupport.java:261)
at com.cloudbees.groovy.cps.Continuable.run0(Continuable.java:163)
at org.jenkinsci.plugins.workflow.cps.SandboxContinuable.access$001(SandboxContinuable.java:19)
at org.jenkinsci.plugins.workflow.cps.SandboxContinuable$1.call(SandboxContinuable.java:35)
at org.jenkinsci.plugins.workflow.cps.SandboxContinuable$1.call(SandboxContinuable.java:32)
at org.jenkinsci.plugins.scriptsecurity.sandbox.groovy.GroovySandbox.runInSandbox(GroovySandbox.java:108)
at org.jenkinsci.plugins.workflow.cps.SandboxContinuable.run0(SandboxContinuable.java:32)
at org.jenkinsci.plugins.workflow.cps.CpsThread.runNextChunk(CpsThread.java:174)
at org.jenkinsci.plugins.workflow.cps.CpsThreadGroup.run(CpsThreadGroup.java:331)
at org.jenkinsci.plugins.workflow.cps.CpsThreadGroup.access$200(CpsThreadGroup.java:82)
at org.jenkinsci.plugins.workflow.cps.CpsThreadGroup$2.call(CpsThreadGroup.java:243)
at org.jenkinsci.plugins.workflow.cps.CpsThreadGroup$2.call(CpsThreadGroup.java:231)
at org.jenkinsci.plugins.workflow.cps.CpsVmExecutorService$2.call(CpsVmExecutorService.java:64)
at java.util.concurrent.FutureTask.run(FutureTask.java:266)
at hudson.remoting.SingleLaneExecutorService$1.run(SingleLaneExecutorService.java:131)
at jenkins.util.ContextResettingExecutorService$1.run(ContextResettingExecutorService.java:28)
at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511)
at java.util.concurrent.FutureTask.run(FutureTask.java:266)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
at java.lang.Thread.run(Thread.java:748)
That HTTP 401 error definitely means a permission problem, so I would surely recommend to double-check the token in use, and whether the user it relates to has sufficient permissions to query the Quality Gate data (you can see the 401 is on api/ce/task, so you can try querying manually to understand what’s going on).
You can also double-check this thread:
Ultimately poking around with user/tokens/permissions should let you understand the root of this error.
@NicoB Do you know of a way to specify the access token when using the waitForQualityGate() step? I am configuring this with a Jenkins pipeline.
If I query the api/ce/task URL directly while I am logged in I get a JSON result as I expect, but if I query it from an incognito window I also get a 401. Not sure if it’s relevant but Force user authentication is also disabled for the SonarQube server.
Our Jenkins is set up with a default token for the SonarQube instance as shown in the image below (I am using the Staging-Sonarqube instance in my pipeline)
