Sonarqube stage in jenkins pipeline fails with 403 error

I have a pipeline job which keeps failing on Sonar Quality Gate stage with the below error:

[Bitbucket] Build result notified
org.sonarqube.ws.client.HttpException: Error 403 on http://illinXXXX:XXXXX/api/qualitygates/project_status?analysisId=XXXXXXXX
at org.sonarqube.ws.client.BaseResponse.failIfNotSuccessful(BaseResponse.java:34)
I’m able to enter the link and see the projectStatus, so I don’t understand the reason for the failure.

Sonarqube version: 6.7.1 (build 35068).

The auth token is configured in the global Jenkins settings.

anyone?

Hi,

Welcome to the community!

So you know, this is a community of people who drop by in their spare time to see if they can help other folks out. So waiting a couple days - especially on the weekend - isn’t unusual. :wink:

A 403 code indicates that your credentials aren’t being passed. Wanna share your pipeline code?

Also, 6.7.1 has some age on it at this point and is nearly EOL. You should upgrade to either 7.9.1, the current LTS, or 8.1, the current version, at your earliest convenience.

 
Ann

What’s more strange, another pipeline from the same MS, is passing that stage. They both are using the same Sonarquebe user and pass, and the same stage syntax:

                    stage('Sonar Quality Gate') {
                        sleep(time: 300, unit: 'SECONDS')
                        timeout(time: 15, unit: 'MINUTES') {
                            def qg = waitForQualityGate()
                            if (!(qg.status == 'OK' || qg.status == 'WARN')) {
                                error "Pipeline aborted due to quality gate failure: ${qg.status}"
                            }
                        }
                    }

Hi,

Does the user those jobs are using have the same level of rights to both projects?

 
Ann

Yes, exacly the same

any other idea?

Hi @arielman,

I’ll state again what Ann said: this is a community, you can’t be that impatient.

The thing is that SonarQube does not generate 403 HTTP code itself, so it’s likely an intermediate system (proxy, LB, etc.) which does that. The fact that you can browse the URL directly is another sign pointing in that direction.

You can check SQ access.log to see if this query even reached it (from Jenkins, not the one from your browser). Also, check proxy logs, and see if this query went through.

Antoine

Solution was found:
Problem: The execution user/group had permissions to run “Execute Analysis” Solution: Update the default template with permissions and push to projects (Bulk Apply Template)

Could you let me clear your solution.
In my point of view, your issue about token permission on sonar, you have grant full for project ? and then you update default template pipeline by change token sonar and push quality gate on your project ?

It is right @arielman ??