SonarQube tries to delete all comments in an ADS PR thread

Hi!

Is the following expected behavior?

Whenever someone comments on a comment thread that was started by SonarQube’s decorator’s user in Azure DevOps Server and the found issue is resolved, SonarQube attempts to delete each comment of that thread, even those not posted by it.

This leads to the following error in SonarQube’s Compute Engine log:

2023.10.09 05:40:45 ERROR <some ID I guess>[o.s.a.c.a.AzureDevOpsHttpClient] Azure API call to [<API endpoint: https://learn.microsoft.com/en-us/rest/api/azure/devops/git/pull-request-thread-comments/delete>?api-version=3.0] failed with 400 http code. Azure response content : [{"$id":"1","innerException":null,"message":"Only the comment author and project admins can delete a comment.","typeName":"System.ArgumentException, mscorlib","typeKey":"ArgumentException","errorCode":0,"eventId":0}]

Every SonarQube interaction with the PR afterwards always gives that error (warning in SonarQube web UI) until all comments on all of SonarQube’s comment threads in the PR are deleted (i.e. including all comments of any user).

Thanks for any insights and help :slight_smile:

  • Versions:
    • SonarQube 10.2.0.77647
    • Oracle JDK 17.0.8 (64-bit)
    • SonarQube extension for Azure DevOps 5.15.0
    • Azure DevOps Server 2020 Update 1.2
1 Like

Hey @ChristoWolf ,

Yes, this is kind of intended behavior, I think that initially it was not designed for other users to interact with the comments posted by SonarQube.

Nevertheless, I see your point, though I’m curious if you are more disturbed by the fact that there are errors logged and/or if you would like to keep whole conversations in a thread.

Best,
Jacek

Hi @jacek.poreda!

Thanks for the feedback.
I am not sure what I would actually be expecting, but having SonarQube fail at decorating the PR whenever there is a thread that it cannot delete is certainly problematic.
Sorry about not mentioning this in my original post.
The originally mentioned error makes SonarQube error out of every action that it would have done during that run.

1 Like

Hey!

Ah, okay, then it changes things a bit.

I tried to verify it on my side, though I was unable to reproduce it with two different users.

We think that there is a permission issue with a user that you are using for PR decoration (SonarQube’s decorator’s user). Could you check the permissions on this user? Could you clarify what user are you using and what are the role/permissions assigned to it?

Any information will be helpful like users being in different teams, roles, and permissions.

1 Like

Hey again :slight_smile:

As the error says, the user that I use for the decoration does not have the appropriate permissions, on purpose, as it should not be able to delete any other comments.
I am just surprised that this (i.e. SonarQube trying to delete other user’s comments) is expected behavior, or do I misunderstand?

Yes, it is intended. As I said, the initial design was not expecting users to interact with it.

Anyway to me this requirement does make sense, though in order to move it forward I need at least to reproduce this issue, hence I’m asking about specific permissions you are setting for that user.

Hi again @jacek.poreda!

Sorry for the late reply, I tried to find what you requested, hope it’s sufficient.

The user that we use for PR decoration is project admin in our Azure DevOps Server and its PAT, that is then used in SonarQube, has Code Read & Write permissions category as specified in the SonarQube docs.

Yes, it is intended. As I said, the initial design was not expecting users to interact with it.

Knowing this is more than sufficient for now, so I will enforce the proper workflow were needed.

Thanks!

1 Like

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.