Build fails due to user analysis permission

Failed to execute goal org.sonarsource.scanner.maven:sonar-maven-plugin:3.7.0.1746:sonar (default-cli) on project lmu: You’re not authorized to run analysis. Please contact the project administrator. -> [Help 1]

I check the user permission and I see the user has enough priviliges to perform the analysis task but still the build fails. Any suggestions and root cause will be really helpful.

Regards,
Charan N

Hello Charan
thanks for joining the community!
As a a general feedback, I would mention that you should probably upgrade you SonarQube. The 8.0 has been obsoleted with the release of the 8.1, and the version you should use now is the 8.4.2 (or the 8.5 that is being released today I think).

Then about your permission issue, you might want to check that the user you have set for this analysis is indeed granted rights for this particular projects. Analyze project permission can be assigned to users and groups at Global AND Project levels. And Project level permissions can be assigned by permission templates at project creation, and later removed.
Your documentation entry point would be here.

In order to troubleshoot your permissions further, you can find some useful error message with your SonarQube web.log file. And you can check the SonarQube access.log file as well, possibly tweaked to show login information for all requests ( with “%reqAttribute{LOGIN}” added to the access.log pattern in sonar.properties), and check which login that is used for this project analysis.

Let us know where this leads you.
Best regards
Sylvain

Hello Sylvian,

As per above suggestions I had gone through all the steps still I get the same error? Could you please help me to fix this issue.

Regards,
Charan N

Hi Charan
did you activate the DEBUG logs for your scanner (adding -X to the mvn command run by your bamboo CI)?
Did you see anything useful in them?

Then on the server side, were you able to locate the scanner log lines in the access.log file? Is the login shown on those lines the one you expected to find?
Here is an example of such a line:

127.0.0.1 - - [08/Oct/2020:17:16:00 +0200] “POST /api/ce/submit?organization=default-organization&projectKey=test-999&projectName=port-test-999 HTTP/1.1” 403 46 “-” “ScannerMaven/3.7.0.1746/3.3.9” “AXUIxA0Fp/7iFvCiAACf” “sylvain”

In your log (the submit POST as shown obove), were you able to find the same 403 error?
You have the project key there as well, did you make sure the project key either describes an existing project or that the user has the global right to create a new one (in addition to analyze).

Let me know
Best regards
Sylvain

127.0.0.1 - - [09/Oct/2020:09:32:33 +0200] “GET /api/measures/search_history?component=com.swarco.sts.emob%3Almu&metrics=bugs%2Cvulnerabilities%2Csqale_index%2Cduplicated_lines_density%2Cncloc%2Ccoverage%2Ccode_smells&ps=1000 HTTP/1.1” 200 4816 “https://sonarqube.swarco.com/dashboard?id=com.swarco.sts.emob%3Almu” “Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36” “AXQ51zTTk9SB7c2ZASxb”
127.0.0.1 - - [09/Oct/2020:09:32:33 +0200] “GET /api/measures/component?additionalFields=metrics&component=com.swarco.sts.emob%3Almu&metricKeys=new_reliability_rating%2Cnew_coverage HTTP/1.1” 200 862 “https://sonarqube.swarco.com/dashboard?id=com.swarco.sts.emob%3Almu” “Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36” “AXQ51zTTk9SB7c2ZASxc”
127.0.0.1 - - [09/Oct/2020:09:32:33 +0200] “GET /api/project_links/search?projectKey=com.swarco.sts.emob%3Almu HTTP/1.1” 200 12 “https://sonarqube.swarco.com/dashboard?id=com.swarco.sts.emob%3Almu” “Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36” “AXQ51zTTk9SB7c2ZASxd”
127.0.0.1 - - [09/Oct/2020:09:32:53 +0200] “GET / HTTP/1.1” 200 - “-” “Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36” “AXQ51zTTk9SB7c2ZASxe”
root@ATVINSRV276:/opt/sonarqube/sonarqube-8.0/logs#

I am getting GET request instead of POST.

Hi Charan
the access.log file is showing every call to SonarQube server, from the scanners, from the UI or from any external tool.
The logs you attached above were triggered from SonarQube UI browsing(in Safari it seems), and not from any scanner.
From those logs I can also see that you did not update your access.log configuration as suggested, please do it or you won’t see the login used with each request.

And if you can’t find connection from the scanner in there (“ScannerMaven” will show in those logs for sure) then either you are not looking at the right log file (beware of log rotation) or this analysis is targeting another SonarQube instance.

Best regards
Sylvain