I’m the maintainer of the TFVC plugin. Most times I’m working with a DevOps Server in the local network. The build user can use Windows integrated security to get source code details (annotation) from the DevOps server.
Now, a project hosted in DevOps Services gets active. I’m very sure that the authentication using PAT was working in past. But, currently I see, that the configuration provided in SonarQube (Community Edition, on-premises) is not hand-over to the plugin.
Is there any change in handling parameters of type PropertyType.PASSWORD
in the recent SonarQube versions?
I found, the data is saved as clear text in the database.
sonar=# select * from properties where prop_key like 'sonar.tfvc.pat.secured';
prop_key | is_empty | text_value | clob_value | created_at | entity_uuid | uuid | user_uuid
------------------------+----------+------------------------------------------------------+------------+---------------+--------------------------------------+--------------------------------------+-----------
sonar.tfvc.pat.secured | f | gvr***REDACTED*** | | 1653597011313 | | AYECD_1x4c3dypwt6nOy |
sonar.tfvc.pat.secured | f | foo | | 1736432648604 | cc8a581a-2701-4092-8f74-5ac5d3c6a5b6 | a3bd12b5-3534-419c-9fe0-6bcde6704879 |
(2 Zeilen)
I have added debugging output. With this I get the following output:
13:08:45.540 DEBUG: SCM-TFVC: started blaming with executable c:\build\_work\1707\.sonarqube\out\.sonar\.sonartmp\SonarTfsAnnotate2127616622602394596.exe
13:08:45.540 DEBUG: SCM-TFVC: collection uri: https://***REDACTED***
13:08:45.540 DEBUG: SCM-TFVC: user name:
13:08:45.540 DEBUG: SCM-TFVC: password length: 0
13:08:45.540 DEBUG: SCM-TFVC: pat length: 0
But, the PAT is set for all projects and for the specific project.