Azure DevOps Scanner The token you provided doesn't have sufficient rights to check license

nope, not in sonarqube

Did you get all endpoints at once with the API ? Is yes, you need to then get the id, and get it “solo” by just adding the id after a slash in the endpoints

/endpoints/{id]?api-version=xxx

here you go

{
“data”: {},
“id”: “xxxxxxxxxxxxxxxxxxxxx”,
“name”: “SonarQube”,
“type”: “sonarqube”,
“url”: “http://10.10.0.40:9000”,
“createdBy”: {
“displayName”: “Atif Farrukh”,
“url”: “xxxxxxxxxxxxxxxxxxxxxxxxxxx”,
“_links”: {
“avatar”: {
“href”: “xxxxxxxxxxxxxxxxxxxxx”
}
},
“id”: “xxxxxxx”,
“uniqueName”: “xxxxxxxxxxxxx”,
“imageUrl”: “xxxxxxxxxxxxxxxxx”,
“descriptor”: “win.Uy0xLTUtMjEtNDEzNTA2ODk3Ny01ODc5MjQ0MDEtMjE4ODk1NjAyMS0xNjQ0”
},
“authorization”: {
“parameters”: {
“username”: null,
“password”: null
},
“scheme”: “UsernamePassword”
},
“isShared”: false,
“isReady”: true,
“owner”: “Library”
}

@mickaelcaro any update regarding this issue?

any update regarding this issue?

@mickaelcaro any update regarding this issue?

For reference, I have encountered this after upgrade to 8.7.1 and taken the same steps as above, creating a new Service Connection. Still finding that I get this issue, but only when using a Linux based build agent (not sure if that is relevant).

Also, looking at the logs on Sonarqube I can see it is getting a 401 when trying to reach the is_valid_license API endpoint:

[08/Apr/2021:16:30:59 +0100] “GET /api/server/version HTTP/1.0” 200 - “-” “-” “AXirv6CFEDFxZdlpAAWD”
[08/Apr/2021:16:30:59 +0100] “GET /api/editions/is_valid_license HTTP/1.0” 401 - “-” “-” “AXirv6CFEDFxZdlpAAWE”

Hi @Tom_Ferguson

No update so far, i’ll work on a fix ASAP.

Mickaël

Hi. I’m also getting that same error.
Setting the web log to TRACE I could find that it seems to search our AD for a user with the name of our token.
Is this normal or have i done something wrong in the config-file?

Edited logs below. IE not real token and CN’s, DC’s and OU’s censored.

2021.06.10 14:52:58 TRACE web[AXn1+5qxpoOm8wyKAAAC][sql] time=0ms | sql=SELECT u.uuid as uuid, u.login as login, u.name as name, u.email as email, u.active as "active", u.scm_accounts as "scmAccounts", u.salt as "salt", u.crypted_password as "cryptedPassword", u.hash_method as "hashMethod", u.external_id as "externalId", u.external_login as "externalLogin", u.external_identity_provider as "externalIdentityProvider", u.user_local as "local", u.is_root as "root", u.onboarded as "onboarded", u.reset_password as "resetPassword", u.homepage_type as "homepageType", u.homepage_parameter as "homepageParameter", u.last_connection_date as "lastConnectionDate", u.last_sonarlint_connection as "lastSonarlintConnectionDate", u.created_at as "createdAt", u.updated_at as "updatedAt" FROM users u WHERE u.login=? AND u.active=1 | params=339f40c91f339f40c91f339f40c91f339f40c91f
2021.06.10 14:52:58 DEBUG web[AXn1+5qxpoOm8wyKAAAC][o.s.a.l.LdapUsersProvider] Requesting details for user 339f40c91f339f40c91f339f40c91f339f40c91f
2021.06.10 14:52:58 DEBUG web[AXn1+5qxpoOm8wyKAAAC][o.s.a.l.LdapSearch] Search: LdapSearch{baseDn=OU=Users,OU=***,DC=****,DC=********,DC=net, scope=subtree, request=(&(objectClass=user)(sAMAccountName={0})), parameters=[339f40c91f339f40c91f339f40c91f339f40c91f], attributes=[email, cn]}
2021.06.10 14:52:58 DEBUG web[AXn1+5qxpoOm8wyKAAAC][o.s.a.l.LdapContextFactory] Initializing LDAP context {java.naming.referral=follow, java.naming.security.principal=CN=svc_Sonar,OU=***,OU=*****,OU=****,DC=**,DC=******,DC=net, com.sun.jndi.ldap.connect.pool=true, java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory, java.naming.security.sasl.realm=*******.net, java.naming.provider.url=ldap://****.**.******.net:389, java.naming.security.authentication=simple}
2021.06.10 14:52:58 DEBUG web[AXn1+5qxpoOm8wyKAAAC][o.s.a.l.LdapUsersProvider] User 339f40c91f339f40c91f339f40c91f339f40c91f not found in <default>
2021.06.10 14:52:58 DEBUG web[AXn1+5qxpoOm8wyKAAAC][auth.event] login failure [cause|No user details][method|BASIC][provider|REALM|LDAP][IP|0:0:0:0:0:0:0:1|10.158.116.5:54171][login|339f40c91f339f40c91f339f40c91f339f40c91f]

@mickaelcaro I have the same issue, however, i have several projects in my TFS repository. One of them succeeds. I compared the verbose logs between the successful and failure builds, I notice the failed one sets sonar.password=*** whereas the successful one doesnt. I’m using the Community Edition 9.x.

Log from the Successful build:
set SONARQUBE_SCANNER_PARAMS={“sonar.host.url”:“https://myserver.com/",“sonar.login”:***,“sonar.projectKey”:“ProjA”,“sonar.projectName”:“ProjA”,“sonar.projectVersion”:“ProjA_20210916.2”,“sonar.scanner.metadataFilePath”:“D:\TFS2017BuildQueue\_work\_temp\sonar\ProjA_20210916.2\e3d42a61-3b97-d954-a366-8a160d8a171b\report-task.txt”,“sonar.verbose”:"true”}

here’s the failed one:
set SONARQUBE_SCANNER_PARAMS={“sonar.host.url”:“https://myserver.com/","sonar.login”:,“sonar.password”:,“sonar.projectKey”:“ProjB”,“sonar.projectName”:“ProjB”,“sonar.projectVersion”:“ProjB_20210916.7”,“sonar.branch.name”:“master-projB”,“sonar.scanner.metadataFilePath”:“D:\TFS2017BuildQueue\_work\_temp\sonar\ProjB_20210916.7\f8661401-31ab-9a6c-aaec-6851bed3530a\report-task.txt”,“sonar.verbose”:“true”}

Is it possible the Community edition allows no more than 1 project?

I’ve also attempted to set sonar.password to an empty string in the Prepare Analysis build step additional properties. Still no luck!

Hi @bprodduturi

Are you using the same Service Connection for both builds ?

Hi @mickaelcaro - each project has its own repository in our TFS and therefore I had to create a new Service Connection per project and obtain a different token for each project.

Ok then i would suggest to drop and recreate the faulty service connection, to see first if that can fix the issue.

Mickaël

@mickaelcaro I’ve deleted the Service Connection in TFS. Revoked the token in Sonar under My Account. Recreated a new token. Recreated a new Service Connection with the new Token. Made sure the build template is reading the new Service Connection. Fired the build, and the still seeing the same issue.

@mickaelcaro Someone else reported the same problem as mine here: Visual Studio Feedback

I dont understand what the workaround is. I’ve tried setting sonar.login={token} in the additional properties in the Prepare Analysis build step, and no luck.

Do you have by chance a SonarQube.Analysis.xml file somewhere in your checked out code ?

Hello @mickaelcaro! I am experiencing this issue, and can be of assistance in any debugging.

What I have gathered so far, after reinstalling the extension in DevOps, recreating the service connection, and recreating the tokens, that it gets stuck on calling “/api/editions/is_valid_license”. When I try and call that endpoint, I get the following response:

{
  "errors": [
    {
      "msg": "Unknown url : /api/editions/is_valid_license"
    }
  ]
}

Our version of SonarQube is 9.1.0.47736, and I believe that our problems started when we upgraded to it

Here is a exerpt of the log from running the task in a pipeline, with system.debug on

15:54:48.927  Downloading from http://10.24.3.103:9000/api/server/version...
15:54:48.958  Checking validity of server license
15:54:48.958  Downloading from http://10.24.3.103:9000/api/editions/is_valid_license...
##[error]15:54:48.958  The token you provided doesn't have sufficient rights to check license.
##[debug]Processed: ##vso[task.logissue type=error;]15:54:48.958  The token you provided doesn't have sufficient rights to check license.