Sonarqube version - Community Edition Version 9.9
Sonarqube Deployed as ZIP file
Problem Description: We have defined Gitlab as Oauth provider to authorize users in sonarqube. Also enabled the group sync between Sonarqube and Gitlab. it was working fine till Sonarqube 9.6.1 and stopped working after upgrade to Sonarqube 9.9.
Do I need to make any changes w.r.t group sync configuration between sonarqube and gitlab. ?
Hi,
Welcome to the community!
I’m not aware of anything that changed between 9.6 and 9.9 w/r/t Gitlab group sync.
Per the docs can you confirm that
?
Also, when you say it stopped working… does that mean users aren’t granted new groups in SonarQube? That their groups are removed when they log in to SonarQube? Something else?
Ann
hi Ann, to answer your questions,
Yes group sync is enabled and all the settings related to Application ID, Secret are correctly defined
Group names are also same in gitlab and sonarqube.
However I found that “sonar-auth-gitlab-plugin-1.3.2.jar” plugin was missing from plugins directory. when i added that plugin in the plugins directory and restated the sonar.service , it didnt came up and i got the error " The plugin is not compatible with sonarqube"
As second step, I installed a new plugin for “Open ID Connect” , sonar-auth-oidc-plugin-1.1.0.jar, this worked for me and users got synced.
Now as far as i know, the plugin sonar-auth-gitlab-plugin-1.3.2.jar is default plugin of sonarqube , Q: Is it deprecated in release 9.9 or there is another version ( other than 1.3.2) which is compatible with release 9.9 ?
Note: I referred the plugin matrix in SonarQube documentation and there is no detail found for sonar-auth-gitlab plugin there.
Hi,
Gitlab auth is baked-in. No need for a plugin or lib. However, the fact that it started working for you once you installed the sonar-auth-oidc-plugin plugin makes me wonder: were you previously using this plugin?
Ann
No , I never used this plugin earlier. Infact I was in the same view that Gitlab auth is “in-built” and no special config needed.
I came across this one in one of the discussion forums and tried “sonar-auth-oidc-plugin” and it works.
Hi,
Okay. Thanks for the detail.
I want to go back to this:
And assuming users can still log in, can you bump logging up to DEBUG briefly and log in to see what, if anything, interesting shows up in the logs. Probably web.log.
Ann
This was the error when I tried to use “gitlab-auth” plugin
2023.03.15 18:53:51 WARN web[][o.s.c.a.AnnotationConfigApplicationContext] Exception encountered during context initialization - cancelling refresh attempt: org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'jdk.internal.loader.ClassLoaders$AppClassLoader@5ffd2b27-org.sonar.server.plugins.ServerPluginManager': Initialization of bean failed; nested exception is **The following plugin is no longer compatible with this version of SonarQube: 'authgitlab'**
2023.03.15 18:53:51 ERROR web[][o.s.s.p.PlatformImpl] Web server startup failed
org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'jdk.internal.loader.ClassLoaders$AppClassLoader@5ffd2b27-org.sonar.server.plugins.ServerPluginManager': Initialization of bean failed; nested exception is The following plugin is no longer compatible with this version of SonarQube: 'authgitlab'
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:628)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:542)
at org.springframework.beans.factory.support.AbstractBeanFactory.lambda$doGetBean$0(AbstractBeanFactory.java:335)
at org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:234)
at org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:333)
at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:208)
at org.springframework.beans.factory.support.DefaultListableBeanFactory.preInstantiateSingletons(DefaultListableBeanFactory.java:955)
at org.springframework.context.support.AbstractApplicationContext.finishBeanFactoryInitialization(AbstractApplicationContext.java:918)
at org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:583)
at org.sonar.core.platform.SpringComponentContainer.startComponents(SpringComponentContainer.java:187)
at org.sonar.server.platform.platformlevel.PlatformLevel.start(PlatformLevel.java:80)
at org.sonar.server.platform.platformlevel.PlatformLevel2.start(PlatformLevel2.java:103)
at org.sonar.server.platform.PlatformImpl.start(PlatformImpl.java:196)
at org.sonar.server.platform.PlatformImpl.startLevel2Container(PlatformImpl.java:169)
at org.sonar.server.platform.PlatformImpl.init(PlatformImpl.java:77)
at org.sonar.server.platform.web.PlatformServletContextListener.contextInitialized(PlatformServletContextListener.java:43)
at org.apache.catalina.core.StandardContext.listenerStart(StandardContext.java:4764)
at org.apache.catalina.core.StandardContext.startInternal(StandardContext.java:5222)
at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:183)
at org.apache.catalina.core.ContainerBase$StartChild.call(ContainerBase.java:1393)
at org.apache.catalina.core.ContainerBase$StartChild.call(ContainerBase.java:1383)
at java.base/java.util.concurrent.FutureTask.run(FutureTask.java:264)
at org.apache.tomcat.util.threads.InlineExecutorService.execute(InlineExecutorService.java:75)
at java.base/java.util.concurrent.AbstractExecutorService.submit(AbstractExecutorService.java:145)
at org.apache.catalina.core.ContainerBase.startInternal(ContainerBase.java:916)
at org.apache.catalina.core.StandardHost.startInternal(StandardHost.java:835)
at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:183)
at org.apache.catalina.core.ContainerBase$StartChild.call(ContainerBase.java:1393)
at org.apache.catalina.core.ContainerBase$StartChild.call(ContainerBase.java:1383)
at java.base/java.util.concurrent.FutureTask.run(FutureTask.java:264)
at org.apache.tomcat.util.threads.InlineExecutorService.execute(InlineExecutorService.java:75)
at java.base/java.util.concurrent.AbstractExecutorService.submit(AbstractExecutorService.java:145)
at org.apache.catalina.core.ContainerBase.startInternal(ContainerBase.java:916)
at org.apache.catalina.core.StandardEngine.startInternal(StandardEngine.java:265)
at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:183)
at org.apache.catalina.core.StandardService.startInternal(StandardService.java:430)
at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:183)
at org.apache.catalina.core.StandardServer.startInternal(StandardServer.java:930)
at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:183)
at org.apache.catalina.startup.Tomcat.start(Tomcat.java:486)
at org.sonar.server.app.EmbeddedTomcat.start(EmbeddedTomcat.java:72)
at org.sonar.server.app.WebServer.start(WebServer.java:55)
at org.sonar.process.ProcessEntryPoint.launch(ProcessEntryPoint.java:97)
at org.sonar.process.ProcessEntryPoint.launch(ProcessEntryPoint.java:81)
at org.sonar.server.app.WebServer.main(WebServer.java:104)
Hi,
Yes, as established the compatibility is OOTB. You don’t need a plugin.
Ann
Users were able to login to Sonarqube successfully,
however users addition or deletion in Gitlab group members are not getting synced in Sonarqube group.
There is no other user functionality which is impacted by this.
Hi,
Thanks for the detail.
Can you provide debug-level web.log content from a login, please?
Ann