Sonar REST api call from Jenkins pipeline

Hi,

I’m trying to make an sonarqube rest api call from jenkins pipeline script. However it is failing with 401 (Unauthorized) error if I use groovy URL(url).openConnection() module, but it works with curl.

sample snippet

node {
withSonarQubeEnv(sonar.env) {
def sonarUrl = env.SONAR_HOST_URL
def sonarAuthToken = env.SONAR_AUTH_TOKEN

*def query = “{sonarUrl}/api/issues/search?componentKeys={sonar.projId}&branch={sonar.projBranch}&statuses=OPEN,REOPENED,CLOSED&pageSize={pageSize}&pageIndex=${pageIndex}” *

def conn = new URL(query).openConnection();
conn.setRequestProperty(‘Accept’, ‘application/json’)
conn.setRequestProperty(“Authorization”, “Basic ${sonarAuthToken }” )
conn.setConnectTimeout(10000)

def getRC = conn.getResponseCode();

if(getRC.equals(200)) {
println(“I’m good”)
} else {
error “Query: {query}\nResCode: {conn.responseCode}\nResMsg: ${conn.responseMessage}”
}

}
}

But with curl it works fine

node {
withSonarQubeEnv(sonar.env) {
def sonarUrl = env.SONAR_HOST_URL
def sonarAuthToken = env.SONAR_AUTH_TOKEN

*def query = “{sonarUrl}/api/issues/search?componentKeys={sonar.projId}&branch={sonar.projBranch}&statuses=OPEN,REOPENED,CLOSED&pageSize={pageSize}&pageIndex=${pageIndex}” *

sh “curl {query} -v -u {sonarAuthToken}”
}
}

Any idea how I can get it working with URL(url).openConnection()?

I’m using “SonarQube Scanner for Jenkins” plugin version 2.8.1

Hi,
is your sonarAuthToken base64 encoded, and does it end with the separator : ?
Here is my groovy snippet for such cases and it works fine:

import groovy.json.*

def sonarRest(url,method) {
  jsonSlurper = new JsonSlurper()
  raw = 'your u s e r t o k e n:'
  bauth = 'Basic ' + javax.xml.bind.DatatypeConverter.printBase64Binary(raw.getBytes())
  conn = new URL(url).openConnection() as HttpURLConnection
  conn.setRequestMethod(method)
  conn.setRequestProperty("Authorization", bauth)
  conn.connect()
  httpstatus = conn.responseCode
  object = jsonSlurper.parse(conn.content)
}

Regards,
Gilbert

Actually sonarAuthToken is nothing but env.SONAR_AUTH_TOKEN which is already set in withSonarQubeEnv block along with below sonar env’s

SONARQUBE_SCANNER_PARAMS={ "sonar.host.url" : "http:\/\/localhost:9000", "sonar.login" : "******"}
SONAR_HOST_URL=http://localhost:9000
SONAR_AUTH_TOKEN=******
SONAR_CONFIG_NAME=sonarqube_prd
SONAR_MAVEN_GOAL=sonar:sonar

Hi,

seems like the base64 encoding is handled by curl and the Sonarqube Jenkins plugin internally.
If you use it with Groovy you have to do it yourself.

Regards,
Gilbert

Thanks for the pointer, will give it a try.

Hi Punith,

I am also trying to run an API ( to find whether a project is exist) using CURL within withSonarQubeEnv but getting 403.
Note: sonarAuthToken is coming as ***** ( masked ) . I suspect the masked token is causing an issue here.

Any idea how to overcome this . Thanks in advance

Hi @nnr ,

403 means forbidden, so i guess your user has no admin rights.
Have a look on https://yoursonarhost/web_api/api/ and check whether api docs has
Requires 'System Administrator' permission or similar in your case.

Gilbert

The masking in Jenkins is generally how the output is displayed in the log, not how it’s being passed to your API call.

Thanks Gilbert for your time. yes aware of the admin permissions. If I try with Basic Auth using username:password then i am getting response as follows

{ [46 bytes data]
100 46 100 46 0 0 14 0 0:00:03 0:00:03 --:–:-- 14{“errors”:[{“msg”:“Insufficient privileges”}]}

I am expecting the same when I use token. Please correct in my understanding is wrong

Thanks Richard, That good to know.

Hi,

with usertoken it’s similar, use an api call that needs admin rights, e.g.

curl -v -u someusertoken: https://somesonarhost/api/user_tokens/search

Note that it has to be used usertoken plus separator :

Gilbert