ERROR: You’re not authorized to run analysis. Please contact the project administrator

changtheclang · September 3, 2023, 7:51am

Hello,
I want to scan my c code, and I bought the develope version.
I used the scanner for the example at first.

First, I created my test project locally. After I git clone the example, I entered the command

autoreconf --install
./configure
make clean all
build-wrapper-linux-x86-64 --out-dir bw-output make clean all

So far, I think there is no problem. I just followed the step from sonarqube website.
Then, I entered the command which is also from website

sonar-scanner \
  -Dsonar.projectKey=test \
  -Dsonar.sources=. \
  -Dsonar.cfamily.build-wrapper-output=bw-output \
  -Dsonar.host.url=http://127.0.0.1:9000 \
  -Dsonar.token=sqp_XXXXXXXXXXXXXXXXXXXXXXXXXX

Here is the error
INFO: Scanner configuration file: /opt/sonar-scanner-5.0.1.3006-linux/conf/sonar-scanner.properties
INFO: Project root configuration file: /home/cuju/Downloads/linux-autotools-otherci-sq/sonar-project.properties
INFO: SonarScanner 5.0.1.3006
INFO: Java 17.0.7 Eclipse Adoptium (64-bit)
INFO: Linux 5.4.0-37-generic amd64
INFO: User cache: /home/cuju/.sonar/cache
INFO: Analyzing on SonarQube server 10.1.0.73491
INFO: Default locale: “en_US”, source code encoding: “UTF-8” (analysis is platform dependent)
INFO: Load global settings
INFO: Load global settings (done) | time=59ms
INFO: Server id: 147B411E-AYoTrXwIgxcd6Xxg2U4L
INFO: User cache: /home/cuju/.sonar/cache
INFO: Load/download plugins
INFO: Load plugins index
INFO: Load plugins index (done) | time=59ms
INFO: Load/download plugins (done) | time=298ms
INFO: Loaded core extensions: developer-scanner
INFO: Process project properties
INFO: Process project properties (done) | time=52ms
INFO: Execute project builders
INFO: Execute project builders (done) | time=1ms
INFO: Project key: test
INFO: Base dir: /home/cuju/Downloads/linux-autotools-otherci-sq
INFO: Working dir: /home/cuju/Downloads/linux-autotools-otherci-sq/.scannerwork
INFO: Load project settings for component key: ‘test’
INFO: ------------------------------------------------------------------------
INFO: EXECUTION FAILURE
INFO: ------------------------------------------------------------------------
INFO: Total time: 1.895s
INFO: Final Memory: 16M/80M
INFO: ------------------------------------------------------------------------
ERROR: Error during SonarScanner execution
ERROR: You’re not authorized to analyze this project or the project doesn’t exist on SonarQube and you’re not authorized to create it. Please contact an administrator.
ERROR:
ERROR: Re-run SonarScanner using the -X switch to enable full debug logging.

I have opened all of the permission in my project setting, and I already used my license.
How do I solve the error?

Colin · September 4, 2023, 7:56am

Hey there.

Can you try wrapping your SonarQube URL in quotation marks?

sonar-scanner \
  -Dsonar.projectKey=test \
  -Dsonar.sources=. \
  -Dsonar.cfamily.build-wrapper-output=bw-output \
  -Dsonar.host.url="http://127.0.0.1:9000" \
  -Dsonar.token=sqp_XXXXXXXXXXXXXXXXXXXXXXXXXX

changtheclang · September 5, 2023, 9:31am

Hello.
I have tried to add the quotation marks.
It seems the error is still.

Colin · September 5, 2023, 3:48pm

Hm. Can you try removing all the line breaks?

sonar-scanner -Dsonar.projectKey=test -Dsonar.sources=. -Dsonar.cfamily.build-wrapper-output=bw-output -Dsonar.host.url=http://127.0.0.1:9000 -Dsonar.token=sqp_XXXXXXXXXXXXXXXXXXXXXXXXXX

changtheclang · September 5, 2023, 4:50pm

Hi.
I also tried without all the line breaks.
But it doesn’t change the result.

Colin · September 6, 2023, 2:45pm

Okay. So it sounds like a real permissions issue with the token that’s being used.

Does a project with the key test already exist on SonarQube?

changtheclang · September 6, 2023, 3:06pm

Yes, it seems like a real permissions issue with the token that’s being used.
I have created the project manuallyfrom the localhost:9000.
The project display name is test, and the project key is also test.

Is there any command using the sonar.sh or sonar-scanner to check the test existing or not?

changtheclang · September 12, 2023, 12:25pm

Does anyone have the same situation?

Colin · September 13, 2023, 3:11pm

That’s really weird that it’s not working out of the box. I can’t reproduce it. Let’s try something else.

Can you go to My Account > Security and generate a new token (a user token or a global analysis token) and see if it works in place of the project token that was generated?

Andy_Evans · September 14, 2023, 4:34am

I seem to be having this same issue. I’ve tried creating a different PAT but still received the same error. I tried creating a new user with permission to run analysis and create projects but still received the same error. I’m running the Enterprise version.

changtheclang · September 14, 2023, 6:32am

Okay, I figure it out. I finally can analyze the c-family example.
The problem come from the project token.
I chose the option [Use existing token] before because it is convenient to use the same token.
I chose the other option [Generate a project token] to generate a new token.
I run the command from the website and the analysis runs successfully.
INFO: Analysis total time: 15.888 s
INFO: ------------------------------------------------------------------------
INFO: EXECUTION SUCCESS
INFO: ------------------------------------------------------------------------
INFO: Total time: 17.556s
INFO: Final Memory: 34M/128M
INFO: ------------------------------------------------------------------------

Thanks for your assistance!

Colin · September 14, 2023, 9:13am

Thanks for the update. Project analysis tokens are project specific and can’t be used for other projects.

Andy_Evans · September 15, 2023, 1:48am

It turns out my issue was unrelated. A Firewall was returning a 403 status code on only the api/ce/submit endpoint. The client interpreted the 403 as coming from the server and returned the error above. After updating the firewall the error went away.

EDIT:
See here. It just checks the code without examining the body.

github.com

SonarSource/sonarqube/blob/40ed04f6b3f5f95749c35ccc88e2dc94137efbba/sonar-scanner-engine/src/main/java/org/sonar/scanner/bootstrap/DefaultScannerWsClient.java#L119


      
            if (hasCredentials) {
              // credentials are not valid
              throw MessageException.of(format("Not authorized. Please check the user token in the property '%s' or the credentials in the properties '%s' and '%s'.",
                ScannerWsClientProvider.TOKEN_PROPERTY, CoreProperties.LOGIN, CoreProperties.PASSWORD));
            }
            // not authenticated - see https://jira.sonarsource.com/browse/SONAR-4048
            throw MessageException.of(format("Not authorized. Analyzing this project requires authentication. " +
              "Please check the user token in the property '%s' or the credentials in the properties '%s' and '%s'.",
              ScannerWsClientProvider.TOKEN_PROPERTY, CoreProperties.LOGIN, CoreProperties.PASSWORD));
          }
          if (code == HTTP_FORBIDDEN) {
            logResponseDetailsIfDebug(response);
            throw MessageException.of("You're not authorized to analyze this project or the project doesn't exist on SonarQube" +
              " and you're not authorized to create it. Please contact an administrator.");
          }
          if (code == HTTP_BAD_REQUEST) {
            String jsonMsg = tryParseAsJsonError(response.content());
            if (jsonMsg != null) {
              throw MessageException.of(jsonMsg);
            }
          }