SonarQube Connected Mode: 'Insufficient privileges' while binding with Project Token authentication

HoldenHalferty · October 8, 2024, 11:25pm

Please provide

Operating system: MacOS Sonoma 14.7
SonarLint plugin version: 10.11.1.79663
IntelliJ version: IntelliJ IDEA 2024.2.2 (Ultimate Edition)
Programming language you’re coding in: Java
Is connected mode used: Yes
- Connected to SonarCloud or SonarQube (and which version): SonarQube Community Edition v10.6

And a thorough description of the problem / question: Is there a way around this error while still authenticating via project token?

I have seen similar posts around this issue, but not exactly the same line of problems. To be clear; I have found a solution to this problem (authenticating via User Token rather than with project token), but I am just looking for some more information on why this is coming about, and if there is a way around it.

For more context the project does have permissions for ‘Anyone’ set to execute analysis currently to testing purposes, and that is how I have confirmed the solution using User Token.

I am currently dealing with an error that is coming up when binding to my SonarQube project via IntelliJ. After binding to the project in Connected Mode, the SonarLint logs are show the following:

[2024-10-08T17:50:24.2] [SonarLint Local Storage Synchronizer] INFO sonarlint - Downloaded plugin list in 399ms
 [2024-10-08T17:50:24.2] [SonarLint Local Storage Synchronizer] INFO sonarlint - [SYNC] Synchronizing analyzer configuration for project 'PROJECT_NAME_REDACTED'
 [2024-10-08T17:50:24.486] [SonarLint Local Storage Synchronizer] INFO sonarlint - Downloaded settings in 273ms
 [2024-10-08T17:50:24.706] [SonarLint Local Storage Synchronizer] INFO sonarlint - [SYNC] Active rules for 'cloudformation' are up-to-date
 [2024-10-08T17:50:24.706] [SonarLint Local Storage Synchronizer] INFO sonarlint - [SYNC] Active rules for 'css' are up-to-date
 [2024-10-08T17:50:24.706] [SonarLint Local Storage Synchronizer] INFO sonarlint - [SYNC] Active rules for 'docker' are up-to-date
 [2024-10-08T17:50:24.706] [SonarLint Local Storage Synchronizer] INFO sonarlint - [SYNC] Active rules for 'java' are up-to-date
 [2024-10-08T17:50:24.706] [SonarLint Local Storage Synchronizer] INFO sonarlint - [SYNC] Active rules for 'js' are up-to-date
 [2024-10-08T17:50:24.706] [SonarLint Local Storage Synchronizer] INFO sonarlint - [SYNC] Active rules for 'kotlin' are up-to-date
 [2024-10-08T17:50:24.706] [SonarLint Local Storage Synchronizer] INFO sonarlint - [SYNC] Active rules for 'kubernetes' are up-to-date
 [2024-10-08T17:50:24.706] [SonarLint Local Storage Synchronizer] INFO sonarlint - [SYNC] Active rules for 'php' are up-to-date
 [2024-10-08T17:50:24.706] [SonarLint Local Storage Synchronizer] INFO sonarlint - [SYNC] Active rules for 'py' are up-to-date
 [2024-10-08T17:50:24.706] [SonarLint Local Storage Synchronizer] INFO sonarlint - [SYNC] Active rules for 'ruby' are up-to-date
 [2024-10-08T17:50:24.706] [SonarLint Local Storage Synchronizer] INFO sonarlint - [SYNC] Active rules for 'scala' are up-to-date
 [2024-10-08T17:50:24.706] [SonarLint Local Storage Synchronizer] INFO sonarlint - [SYNC] Active rules for 'secrets' are up-to-date
 [2024-10-08T17:50:24.706] [SonarLint Local Storage Synchronizer] INFO sonarlint - [SYNC] Active rules for 'terraform' are up-to-date
 [2024-10-08T17:50:24.706] [SonarLint Local Storage Synchronizer] INFO sonarlint - [SYNC] Active rules for 'ts' are up-to-date
 [2024-10-08T17:50:24.706] [SonarLint Local Storage Synchronizer] INFO sonarlint - [SYNC] Active rules for 'web' are up-to-date
 [2024-10-08T17:50:24.706] [SonarLint Local Storage Synchronizer] INFO sonarlint - [SYNC] Active rules for 'xml' are up-to-date
 [2024-10-08T17:50:24.706] [SonarLint Local Storage Synchronizer] INFO sonarlint - [SYNC] Active rules for 'yaml' are up-to-date
[2024-10-08T17:50:24.913] [SonarLint Local Storage Synchronizer] ERROR sonarlint - Error while fetching new code definition
java.lang.IllegalStateException: Insufficient privileges
	at org.sonarsource.sonarlint.core.serverapi.ServerApiHelper.handleError(ServerApiHelper.java:145)
	at org.sonarsource.sonarlint.core.serverapi.ServerApiHelper.get(ServerApiHelper.java:74)
	at org.sonarsource.sonarlint.core.serverapi.newcode.NewCodeApi.getNewCodeDefinition(NewCodeApi.java:59)
	at org.sonarsource.sonarlint.core.serverconnection.LocalStorageSynchronizer.synchronizeAnalyzerConfig(LocalStorageSynchronizer.java:86)
	at org.sonarsource.sonarlint.core.serverconnection.ServerConnection.sync(ServerConnection.java:61)
	at org.sonarsource.sonarlint.core.sync.SynchronizationService.lambda$synchronizeConnectionAndProjectsIfNeededSync$16(SynchronizationService.java:319)
	at java.base/java.util.HashMap.forEach(HashMap.java:1429)
	at org.sonarsource.sonarlint.core.sync.SynchronizationService.synchronizeConnectionAndProjectsIfNeededSync(SynchronizationService.java:316)
	at org.sonarsource.sonarlint.core.sync.SynchronizationService.lambda$synchronizeConnectionAndProjectsIfNeededAsync$12(SynchronizationService.java:292)
	at java.base/java.util.Optional.ifPresent(Optional.java:178)
	at org.sonarsource.sonarlint.core.sync.SynchronizationService.lambda$synchronizeConnectionAndProjectsIfNeededAsync$13(SynchronizationService.java:292)
	at java.base/java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:572)
	at java.base/java.util.concurrent.FutureTask.run(FutureTask.java:317)
	at java.base/java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(ScheduledThreadPoolExecutor.java:304)
	at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1144)
	at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:642)
	at java.base/java.lang.Thread.run(Thread.java:1583)

There is also a similar stack trace with [2024-10-08T17:50:25.434] [SonarLint Local Storage Synchronizer] ERROR sonarlint - Error running task 'Synchronizing projects...' java.lang.IllegalStateException: Insufficient privileges
listed as reasoning after the above(can get full stacktrace for this if needed as well).

The New Code definition for the project is set to the “Global” setting, and the “Global” setting is currently just set to the option of “Previous Version (default)”

tobias.hahnen · October 9, 2024, 7:02am

Hi @HoldenHalferty,

we currently only allow User Tokens in SonarLint, there is no way around it.

A User Token is required for numerous reasons when it comes to privileges or actions that can be taken from inside SonarLint that will take effect on SonarQube (or SonarCloud, not your case here).
As an example, you can Mark an Issue as Resolved inside SonarLint for the resolution to appear on SonarQube. This is only possible with a User Token, as the information is key to who did it, and the action is only available if you have the required privileges so not everyone can just resolve issues.

So, all in all, SonarLint requires a User Token, and there is no workaround to it.

Best,
Tobias

HoldenHalferty · October 9, 2024, 1:38pm

That makes sense, and I appreciate the information you have passed along!

system · October 17, 2024, 8:59am

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.