Publish Quality Gate Result is getting a 401

We are running 9.9 version and using azure pipeline.

Recently had a token expire for our project, after creating a new project token we are getting 401 errors for Publish Quality Gate Result. When we created the the token we were running an older version (sorry I don’t remember it). Am I missing some sort of permission setting? this was working before the the token expired.

Starting: SonarQubePublish
==============================================================================
Task         : Publish Quality Gate Result
Description  : Publish SonarQube's Quality Gate result on the Azure DevOps build result, to be used after the actual analysis.
Version      : 5.2.0
Author       : sonarsource
Help         : Version: 5.2.0. [More Information](http://redirect.sonarsource.com/doc/install-configure-scanner-tfs-ts.html)
==============================================================================
##[error][SQ] Could not fetch metrics
##[error][SQ] API GET '/api/metrics/search' failed, status code was: 401
##[error][SQ] API GET '/api/ce/task' failed, status code was: 401
##[error][SQ] Could not fetch task for ID 'AYsfJ_j5-fN3XT_GHcKH'
Finishing: SonarQubePublish

we are using a project token in the prepare step
task: SonarQubePrepare@5
inputs:
SonarQube: ‘OneApp iOS SonarQube service’
scannerMode: ‘CLI’
configMode: ‘manual’
cliProjectKey: ‘$(SONAR_ONEAPP_IOS_PROJECT_KEY)’
cliSources: ‘.’
extraProperties: |
sonar.login=$(SONAR_ONEAPP_IOS_SECRET)
sonar.language=swift
sonar.c.file.suffixes=-
sonar.cpp.file.suffixes=-
sonar.objc.file.suffixes=-
sonar.sources=OneApp/
sonar.tests=OneApp/
sonar.test.inclusions=OneApp//*Tests//*
sonar.exclusions=OneApp/Pods//*,OneApp/Customers//,OneApp/fastlane/**/,OneApp/OneAppTestDoubles/**/*,
sonar.swift.swiftLint.report=Output/sonarqube-swiftlint-report.xml
sonar.coverageReportPaths=Output/sonarqube-generic-coverage.xml

Welcome

there are different kinds of token, see

Normally your build engine has a technical user that has global admin permissions, so if your
user has admin permissions its user token should work - either for analysis of any project or using the web api like i.e.

I would recheck if it’s really a user token for an Sonarqube admin user.

Gilbert

I see maybe we had it setup wrong? We are/were passing a project token to the pipeline to authenticate. So it is best to create a user token for the Admin user and use that instead? or at least a user that has full privileges.

Question why would the user token work over just the project analyiss token

I guess your azure devops user needs to serve more than one project !?
This user needs Sonarqube global admin permissions, then use an user token.

A user token gives you all the permissions of the user who issued it. For example, a global admin’s user token gives you full rights to the instance.

I will definitely give it a try right now, we implemented each project with its own project token that is how we have been running if for a year now. they have their own pipelines too so they each call the secret separately.

Each project with its own token is hard to maintain.
We’re using AD groups with its relevant Sonarqube groups and our technical Jenkins user
is part of the Sonarqube admin group.

Hmmm it does sound easier that way. I will run the pipeline again later today will let you know if that helps the 401 issue. Appreciate the help thanks.

Hmmm I still get the same Error, is there some other permissions that I am missing? Like I can analyze the code, I see the quality gate results but this task still fails.

A user token of any user with global admin permissions should work.
You could test with login as builtin Sonarqube admin user and create a user token.

I get why most of these post end with no resolution… so my embarrassing ending I forgot to check the service connection. So that has our new token in it now too and we seem to be past this issue. Thank you Gilbert

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.