Hi, I trying to get the Sonarqube metrics from end point ‘/api/monitoring/metrics’ using prometheus scrape config. When I’m using authorization header token, getting 403 (insufficent privileges)
and if I provide token in username as plain text then it works both in prometheus confgi and curl command.
I tried bearer token with curl also and got same error.
This endpoint is a bit specific. If you check its documentation, it says : "This endpoint can be accessed using a Bearer token, which needs to be defined in sonar.properties with the ‘sonar.web.systemPasscode’ key.
It is flexible enough to be able to plug multiple kind of monitoring service behind without having to manage a token from a user/service account.
I’m bit wonder why this specific API endpoint have such implementation. On the other hand, this endpoint works fine if we use basic authentication either in ‘curl -u : endpoint’ or in web browser.
As I understood from document, after adding ‘sonar.web.systemPasscode’ in sonarqube helm values.yaml it will start work with Bearer token also.
We dont have native deployment of prometheus (as mentioned in doc) with sonarqube deployment but a separate prometheus set up in differnent kubernetes cluster.
One more doubt - after adding above property, this endpoint will work without need of any user token ? If No, should we provide same Beaer token while authentiating or how it work ? Please correct me.
As said, this endpoint is specific, and, as such, does not benefit from all access other endpoints can have technically speaking (especially accessing to available tokens).
As long as the token is the same between your prometheus config let’s say and the one set on the SQ properties file, it will work.