SonarScanner 6.x: The properties 'sonar.login' and 'sonar.password' are deprecated

guwirth · August 19, 2024, 7:49am

Hi,

with the new Scanner I get the warning:

The properties 'sonar.login' and 'sonar.password' are deprecated and will be removed in the future. Please pass a token with the 'sonar.token' property instead.

In the past, it was possible to install a new version of SonarQube in a CI/CD system and then execute integration tests. To start SQ and run the scanner, login/password=admin/admin could be used.

If login/password is no longer supported in the scanner and a token is required, the integration test can no longer be executed. How do I get a token in such a setup?

Regards,

Colin · August 20, 2024, 5:44am

Hey @guwirth

You may be interested at looking what we do for our own integration tests:

github.com

SonarSource/orchestrator/blob/e1d97e7f1b4c35efd599b5b331286183445c4dba/sonar-orchestrator/src/main/java/com/sonar/orchestrator/Orchestrator.java#L278


      
          }
          
          public String getDefaultAdminToken() {
            if (this.adminToken != null) {
              return this.adminToken;
            }
            return generateDefaultAdminToken();
          }
          
          private String generateDefaultAdminToken() {
            HttpCall httpCall = server.newHttpCall("api/user_tokens/generate")
              .setParam("name", UUID.randomUUID().toString())
              .setMethod(HttpMethod.POST)
              .setAdminCredentials();
            HttpResponse response = httpCall.execute();
            if (response.isSuccessful()) {
              this.adminToken = ofNullable(Json.parse(response.getBodyAsString()).asObject().get("token"))
                .map(JsonValue::asString)
                .orElseThrow(() -> new IllegalStateException("Could not extract admin token from response: " + response.getBodyAsString()));
              return this.adminToken;
            } else {

Basically, call POST API/user_tokens/generate using the default credentials (admin/admin) and use that token in the scans.

guwirth · August 26, 2024, 5:49pm

Hi @Colin,

Thanks for your hint!

It’s working: I’m able to use the Web API with the default admin/admin to create a token.

Regards,
Günter

system · September 2, 2024, 5:50pm

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.