How to set all existing projects to private in SonarQube?

Hi,

How to set all existing projects to private in SonarQube?

How to change sonar-users permission for all existing projects?

Which template will be applicable if multiple templates matches the criteria (including default one)?

Thanks,
Farooq

Hi,

You can easily do this by creating a new permissions template that doesnā€™t grant the Anyone pseudo-group any permissions and apply it to all projects.

HOWEVER before you do that, you should be aware that applying such a template will overwrite all existing permissions settings for your projects, so this should be approached with extreme caution.

Another option is to require users to log in just to access the instance (Administration > Security > Force user authentication). It doesnā€™t remove anonymous rights from your projects, but it does keep anonymous users from getting to your projects to exercise their rights, which is pretty much just as good.

 
HTH,
Ann

Thanks for the response.

As you mentioned if a new template is created & applied then it will overwrite existing permission settings.
We have multiple templates applied for different group of projects. If we create a new template to not grant Anyone group any access then all existing permission sets will be lost.

Is there any easy option or any option via Web API?

Moreover, it would be very helpful if you can share your feedback on other 2 queries as well.

How to change sonar-users permission for all existing projects?

Which template will be applicable if multiple templates matches the criteria (including default one)?

Thanks
Farooq

Hi Farooq,

The answer for the sonar-users group is pretty much the same as for Anyone.

However, given that you do have multiple extant permissions templates you can simply edit them to reflect the changes you want and reapply them one by one.

To be specific about that, templates have no on-going relationships with projects. If I create a project, some permission template will be applied. If I then edit the template, the project is unaffected until and unless I reapply the template to the project. You can easily do that on the Projects
page (Administration > Projects > Management > Bulk Apply Permission Template), presumably after youā€™ve run a search to narrow the set of projects to affect.

This question is only relevant at project creation. If there are multiple templates with a matching Project Key Pattern, Iā€™m not sure which one will be applied. Ideally, youā€™ll avoid the question.

 
Ann

Thanks a lot Ann.

We want to make all existing projects private so that we can remove ā€œsee source codeā€ permission from sonar-users group, as that option appears only when we make project private. Screenshots given below.

Hence, currently we have 2 main requirements:

  1. Make all existing projects private (in a go).
  2. Remove ā€œsee source codeā€ permission from sonar-users group for all existing projects.

You think there is any other way to achieve this ?

Thanks,
Farooq

Hi Farooq,

Iā€™ve given you what comes to mind.

Ā 
Ann

Hi Ann,

So it means there is no option to make all existing projects private in one go?
We need to do it project by project? I am actually checking because we have 498 projects totally.

Thanks,
Farooq

Hi All,

I have the same requirement. We just rolled out to many applications and everyone can see everyoneā€™s source code. As I have thousands of projects, need to web api to update the projects to private. Any Suggestions please. Thank you,

Sagar

Hi Sagar,

Welcome to the community. A review of this old thread reminds me that I shared several scenarios for making this happen. Can you be explicit about how the advice given above isnā€™t clear to you?

Ā 
Thx,
Ann

Hi Ann,

The solution mentioned by you is not sufficient for my requirement. Need is to make bulk existing projects private in one go .

Thx

Farooq

Hi again Farooq,

As I said earlier, your best bet is to set a permission template to the permissions you want and bulk apply it via Administration > Projects > Management.

Ā 
Ann

Hi Ann,

Thanks. It a pleasure to be part of the Sonar Community. Applying permission template does not include the feature to make the project private, so the solution will not help.

But I was able to find the api to make bulk update to make projects private. I created a simple Jenkins job and run for about 2k projects which took about 15 mins to update all projects as Private. Following is the command I used and hope this helps others. Thank you,

curl -X POST -v -u user:passwod ā€˜http://localhost:9000/api/projects/update_visibility?project=<prj_key>&visibility=privateā€™

Thanks
Sagar

2 Likes

Thanks a lot Sagar.
This is really helpful.

This was the solution I was looking for.

1 Like

Hi guys,

I was going to reply that public/private was just a shortcut for changes you could make by applying a permissions template. But a little experimentation has reminded me that for public projects you canā€™t turn off Browse and See Source Code, regardless of whatā€™s in your template.

This behavior was initially introduced to accommodate SonarCloud, but there have been questions about whether itā€™s really appropriate in SonarQube. Iā€™ll bring this up internally. Sorry Iā€™ve been so dense about this.

Ā 
Ann

Hi Ann,

I agree, even though the project is public. There should an option not to show the source code. This will help securing the source code. Thank you

Regards,
Sagar

Glad it helped!

Any progress on this? I have about 200 projects to set to private and most of them have different permission templates.

Hello,
I am a newcomer. Now I have the same issue, all existing projects are public.
I can set the existing projects to private one by one but one project can a few developers work together. How can we allow access?

For those using PowerShell the following has worked using the api ā€˜api/projects/update_visibilityā€™.
Http:

[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
$user = "<admin_user>"
$securedValue = Read-Host "Please Enter Password " -AsSecureString
$bstr = [System.Runtime.InteropServices.Marshal]::SecureStringToBSTR($securedValue)
$value = [System.Runtime.InteropServices.Marshal]::PtrToStringAuto($bstr)
$combocred = "$($user):$($value)"
$encodedCreds = [System.Convert]::ToBase64String([System.Text.Encoding]::UTF8.GetBytes($combocred))
$headers = @{"Authorization" = "Basic "+$encodedCreds}
Invoke-RestMethod -Uri "http://<sonarqubeurl>:9000/api/projects/update_visibility?project=<Project_Key>&visibility=private" -Method Post -Headers $headers -ContentType "application/json"

HTTPS:

[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
$user = "<admin_user>"
$securedValue = Read-Host "Please Enter Password " -AsSecureString
$bstr = [System.Runtime.InteropServices.Marshal]::SecureStringToBSTR($securedValue)
$value = [System.Runtime.InteropServices.Marshal]::PtrToStringAuto($bstr)
$combocred = "$($user):$($value)"
$encodedCreds = [System.Convert]::ToBase64String([System.Text.Encoding]::UTF8.GetBytes($combocred))
$headers = @{"Authorization" = "Basic "+$encodedCreds}
Invoke-RestMethod -Uri "https://<sonarqubeurl>/api/projects/update_visibility?project=<Project_Key>&visibility=private" -Method Post -Headers $headers -ContentType "application/json"
2 Likes