Pull Request Decoration not working with Azure DevOps Server 2019

SonarQube 8.0 Developer Edition
Azure Devops Server Version 17.143.28621.4
Pull Requests are not being Decorated Getting the following error messages in my logs:

WARN Failed to decorate Azure DevOps Pull Request: API resource location df68f296-7ed4-4dfe-8dbd-ea8787e9acf2 is not registered on https://ados.domain.internal/Project/. HTTP 401 Unauthorized

I have updated my security tokens in both ADOS and SonarQube DE. The Scans are being successfully ran, I can seeing the branch scan results in SonarQube. Just Azure Devops Server is not getting a Status Update or Pull Request Decorations.

Is there a problem with the API Version inconsistencies between Azure Devops Server and SonarQube?
Azure DevOps I believe is on Api Version 5.1 while the latest Azure DevOps Server 2019 is Api Version 5.0. Is SonarQube handling these API Version Differences?

Hi @nicksterx and welcome to the community !

SonarQube still targets version 3.1 of the API to ensure retro-compatibility with older versions of TFS;

This message is a “generic” message (at least the first part where it says that API resource location is not registered) handled by the lib we use.

That being said, the second part is the most relevant and generally told you a bit more about the “real” error.

In you case, as you are exposing your AzDo instance through SSL and you are getting a 401, i suggest that you check that all the certificate path of your AzDo instance is well declare in the machine where your SQ instance is run (and when i said all the certificate path, that includes not only the certificate itself, but also the root and the intermediate if they are not the same authority as your SQ instance).

HTH,
Mickaël

1 Like

That is good to know. Their API versioning is a bit of a pain.

I have tested my certificate chain I believe correctly and the intermediate and root certificates return in a way that I would expect them.
openssl s_client -connect ados.domain.internal:443

Is there another test I should try to run?

Or is it my Azure DevOps Instance not having the correct certificates?

More logs that might help clarify

2020.02.12 18:10:27 WARN ce[REMOVED][c.s.C.C.B.C] Failed to decorate Azure DevOps Pull Request: API resource location 225f7195-f9c7-4d14-ab28-a83f7ff77e1f is not registered on https://ados.domain.internal/Project/. HTTP 401 Unauthorized
2020.02.12 18:10:27 INFO ce[REMOVED][o.s.c.t.p.a.p.PostProjectAnalysisTasksExecutor] Pull Request decoration | status=SUCCESS | time=1169ms
2020.02.12 18:10:27 INFO ce[REMOVED][o.s.c.t.CeWorkerImpl] Executed task | project=REMOVED | type=REPORT | pullRequest=REMOVED | id=REMOVED | submitter=REMOVED | status=SUCCESS | time=2352ms

  • Go To Administration
  • Hover over Projects
  • Select Background Tasks
  • Click the Gear Icon of a task that has recently failed to decorate a Pull Request
  • Select Show Warnings
  • Mine said the following

“Pull request decoration failed because the token specified in the settings does not have sufficient rights. Please check the permissions of this token.”

  • Created a new Token and saved it under configuration

Not related to the certificate at all. The Background Tasks area provided more details about what was wrong over the logs.