Adjust permissions of Web API for health checks

Please adjust permissions of some Web API calls and add documentation which calls need authentication.

For example its really useless to require authentication for api/system/ping which I try to use for docker health check

Hello,

As far as i know, api/system/ping does not require authentication. For docker healthcheck, we added to the official docker-library an example of healthcheck as we would recommend to implement it :

I suggest you to use api/system/status which return a more precise status about the state of the sonarqube instance.

Thanks for the hint, I will change the docker healthcheck

But as we have sonar configured with force authentication, I was getting a 401 for api/system/ping !

I just tested with 7.9 and /api/system/ping definitely returns 401 when sonar.forceAuthentication=true.

1 Like