Must-share information (formatted with Markdown):
- which versions are you using (SonarQube, Scanner, Plugin, and any relevant extension) - Upgrading from Sonar Scanner for Ant task 2.7.1 to SonarScanner CLI 6.1, and also upgrading server from 8.9.6 to 10.6
- how is SonarQube deployed: zip, Docker, Helm - On Prem server deployment
- what are you trying to achieve - Resolve issues with token authentication no longer working when upgrading to SonarScanner CLI 6.1
- what have you tried so far to achieve this - Updated all build processes to generate correct sonar-project.properties file, correctly set attributes, have gone through attempting to use TLS server cert, as I was getting an error “You’re Not Authorized to run analysis”, even though when using the Ant Task 2.7.1, and setting the sonar.login (not sonar.token) properties to my token auth, it works. What gives? Is TLS server cert required when working on prem?
Do not share screenshots of logs – share the text itself (bonus points for being well-formatted)!
Hello,
Our large enterprise organization is currently forcing migration from SonarQube 8.9.6 to Server version 10.6. I manage all integration for the largest internal organization which uses SonarQube in my company. I’m facing a major issue, though. I currently have a project which implements a very customized ant build framework, which I had previously integrated SonarScanner using the Sonar Ant scanner 2.7.1. However, as of SonarQube 10.6, that scanner has been fully deprecated, with documentation stipulating that we must move to using the SonarScanner CLI 6.1, since the ant task scanner was simply a wrapper for the CLI in the first place.
So, I’ve done all the work to auto-generate our sonar-project.properties files at the root of every project we build, and scan, which includes my token authentication as the sonar.token property. However, when running the scan, using the same authentication methods as before when using the ant task (IMPORTANT: We have not upgraded the server yet to 10.6!!!), it fails, with the error message: “Caused by: You’re not authorized to run analysis. Please contact the project administrator.”
Down the rabbit hole I went, and discovered that a TLS server cert might the reason why it’s failing. I used openssl to get the server cert, created a trust store, and then generated the property “sonar.scanner.truststorePath”, setting the value to the cert store (sadly, I used pem format, when it should have been DER, because now I’m getting the following error: “Caused by: java.io.IOException: toDerInputStream rejects tag type 45”).
This seems insane, to me. If this is fact, and I can no longer authenticate with a simple token auth, when using SonarScanner CLI 6.1, SonarQube has succeeded in breaking pretty much most integration, especially if mutual TLS is preferred (can you imagine managing hundreds of build clients in that scenario?), for a ton of people in my very situation. We do not use SonarCloud, because we are incredibly data sensitive.
Please HELP! Is there a property I can set to use token authentication when using SonarScanner CLI 6.1, only. Our server still accepts token auth, too. I am right now running jobs with the ant task, using the same server version prior to upgrade, and successfully authenticating with that.
Thank you so much, in advance.
Sincerely,
John Bain
Now I can respond, and hopefully put you out of your misery.