How to create SonarQube account using Web API and ExternalProvider=gitlab

KiYiul · March 21, 2022, 12:26am

Must-share information (formatted with Markdown):

which versions are you using (SonarQube, Scanner, Plugin, and any relevant extension)
- SonarQube Community Edition 8.9.6 build 50800
what are you trying to achieve
- trying to create SonarQube account using Web API
- GitLab, using as OAuth v2 provider. so SonarQube can using GitLab as OAuth v2 provider
- That SonarQube account must associate by GitLab account
what have you tried so far to achieve this

I tried below bash script to create account

        curl -s -X POST -u "$sonarce_token:" "$sonarce_url/api/users/create" \
         -F login=$gitlab_username \
         -F name=$gitlab_name \
         -F email=$gitlab_username@adt.co.kr \
         -F local=false

and I tried to as below to update

        curl -s -X POST -u "$sonarce_token:" "$sonarce_url/api/users/update" \
         -F login=$members_username \
         -F name=$members_name \
         -F email=$members_username@adt.co.kr

and update identity provider to gitlab

        curl -s -X POST -u "$sonarce_token:" "$sonarce_url/api/users/update_identity_provider" \
         -F login=$members_username \
         -F newExternalIdentity=$members_username \
         -F newExternalProvider=gitlab

so, the account has been shown on SonarQube > Administration > Users. please see below screenshot.
the kdh7565@adt.co.kr account was created by upper bash script. so purple color painted icon is indicated the GitLab account.

However, using the kdh7565@ gitlab account to login SonarQube, not worked just error popup.

“You’re not authorized to access this page. Please contact the administrator. Reason: Failed to authenticate with login ‘kdh7565’”

Otherside, I can login using GitLab account which created by manually just click UI NOT API.

And, I cannot gathering any information on log files about kdh7565@ login.
(web.log, es.log, ce.log, access.log)

ganncamp · March 21, 2022, 9:06pm

Hi,

If creating accounts via the UI is working, then that’s the way to go forward.

The best way to master the API is to perform the desired action via the UI and eavesdrop to see which calls the UI made to accomplish the action.

HTH,
Ann

KiYiul · March 22, 2022, 11:48pm

I want to create account using API not UI, because of I want to create account automatically some account which in GitLab’s specific project.

again, How to create SonarQube account using Web API which ExternalProvider=gitlab ?

ganncamp · March 23, 2022, 8:53pm

Again, the best way to learn how to use the API is to perform the action in the UI and eavesdrop to see what calls it makes.

Ann

KiYiul · March 24, 2022, 12:14am

Hello @ganncamp, Thanks response.
I found some point of the issue.

I was tested with two account newly.

kiyiul@
tfsadsync@

The two account was already created so, I deactivated the two account. and I log in with kiyiul@gitlab account using Web UI successfully.

Then, run below script that using API.

members_name="TFSADSync"
members_username=tfsadsync

curl -s -X POST -u "$sonarce_token:" "$sonarce_url/api/users/create" \
     -F login=$members_username \
	 -F name=$members_name \
	 -F email=$members_username@adt.co.kr \
	 -F local=false

curl -s -X POST -u "$sonarce_token:" "$sonarce_url/api/users/update" \
     -F login=$members_username \
	 -F name=$members_name \
	 -F email=$members_username@adt.co.kr

curl -s -X POST -u "$sonarce_token:" "$sonarce_url/api/users/update_identity_provider" \
     -F login=$members_username \
	 -F newExternalIdentity=$members_username \
	 -F newExternalProvider=gitlab

the third API with newExternalProvider response poped up below error.

{"errors":[{"msg":"An error has occurred. Please contact your administrator"}]}

It is NOT able to log in with tfsadsync@gitlab account.

So I run below script to view account status.

curl -s -X GET -u "$sonarce_token": "$sonarce_url""/api/users/search?p=1&ps=500" | jq

The reponse of tfsadsync@ is below,

    {
      "login": "tfsadsync",
      "name": "TFSADSync",
      "active": true,
      "email": "tfsadsync@adt.co.kr",
      "groups": [
        "sonar-users"
      ],
      "tokensCount": 0,
      "local": false,
      "externalIdentity": "tfsadsync",
      "externalProvider": "sonarqube",
      "avatar": "15729c649de2e02045e3e07990d55952"
    },

Although runing API script using newExternalProvider parameter, externalProvider of tfsadsyc value is NOT update.

According to deactivate tfsadmin@ and log in using UI is successfully, it seems to update externalProvider feature is working properly but API is NOT working properly.

How can I to solve it?

KiYiul · March 24, 2022, 12:28pm

Additionally, when I run API bash script about update_identity_provider, web.log is below.

2022.03.24 21:16:26 ERROR web[AX7SikYCijSwnuouAKOV][o.s.s.w.WebServiceEngine] Fail to process request http://127.0.0.1:9000/api/users/update_identity_provider
org.apache.ibatis.exceptions.PersistenceException:
### Error updating database.  Cause: org.postgresql.util.PSQLException: 오류: 중복된 키 값이 "uniq_external_login" 고유 제약 조건을 위반함
  Detail: (external_identity_provider, external_login)=(gitlab, tfsadsync) 키가 이미 있습니다.
### The error may exist in org.sonar.db.user.UserMapper
### The error may involve org.sonar.db.user.UserMapper.update-Inline
### The error occurred while setting parameters
### SQL: update users set         login = ?,         name = ?,         email = ?,         active = ?,         scm_accounts = ?,         external_id = ?,         external_login = ?,         external_identity_provider = ?,         user_local = ?,         onboarded = ?,         reset_password = ?,         salt = ?,         crypted_password = ?,         hash_method = ?,         homepage_type = ?,         homepage_parameter = ?,         last_connection_date = ?,         last_sonarlint_connection = ?,         updated_at = ?         where         uuid = ?
### Cause: org.postgresql.util.PSQLException: 오류: 중복된 키 값이 "uniq_external_login" 고유 제약 조건을 위반함
  Detail: (external_identity_provider, external_login)=(gitlab, tfsadsync) 키가 이미 있습니다.
        at org.apache.ibatis.exceptions.ExceptionFactory.wrapException(ExceptionFactory.java:30)

“오류: 중복된 키 값이 “uniq_external_login” 고유 제약 조건을 위반함” mean is,
“error: Duplicate key value violate “uniq_external_login” unique constraint”

“키가 이미 있습니다.” mean is,
“The key already exists.”

KiYiul · March 27, 2022, 2:42am

Hello @ganncamp
Can I know how to delete account clearly in database? Due to exist user information, it seems the update_identity_provider API can not apply.

ganncamp · March 28, 2022, 11:47am

Hi,

For referential integrity reasons, deleting a user from the DB isn’t supported.

Ann

KiYiul · March 28, 2022, 12:16pm

Hello, @ganncamp so,
As you know that I want what to do, how can I resolve this issue?

I want to apply update externalProvider using API.
but due to existing information about user, the API can not applied.

KiYiul · March 31, 2022, 11:45pm

I solved that issue by delete database information and matching GitLab user ID, newExternalIdentity.

delete user information in database.

delete  from users where external_login = 'user login id' ;

Delete elasticsearch index
SonarQube service restart
create user and update externalIdentity

	curl -s -X POST -u "$sonarce_token:" "$sonarce_url/api/users/create" \
    -F login=$gitlab_username \
	-F name=$gitlab_name \
	-F local=false
	  
    curl -s -X POST -u "$sonarce_token:" "$sonarce_url/api/users/update_identity_provider" \
    -F login=$members_username \
	-F newExternalIdentity=$gitlab_userID \
	-F newExternalProvider=gitlab

system · April 7, 2022, 11:46pm

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.