WaitforQualityGate not working with authentication in Jenkins

javidr · August 19, 2019, 1:51pm

Hi

Im trying to create a step in Jenkins that calls waitforQualityGate. According to the pipeline syntax, the format is something like this:

waitForQualityGate abortPipeline: false, credentialsId: ‘my_key’

When executing this, i receive a 403 error:

org.sonarqube.ws.client.HttpException: Error 403 on $URL : {“errors”:[{“msg”:“Insufficient privileges”}]}

If i try to do a curl to the url that retrieves the quality gate with this token, it works fine

curl -k -u $my_key: $URL/api/ce/task?id=$My_ID

Do anybody has an example of how to use waitforqualitygate step in the jenkins pipeline when authentication is enforced?

Thanks

ganncamp · August 20, 2019, 5:09pm

Hi,

The examples are in the docs. Are you sure the error your getting comes from the waitForQualityGate portion of the pipeline and not the earlier analysis step? Because the wait step should be just that: passive waiting to receive a notification from SonarQube.

Ann

ganncamp · March 19, 2020, 12:17pm

A post was split to a new topic: WaitforQualityGate problem

beatngu13 · April 25, 2022, 10:47am

We also have this problem when adding waitForQualityGate to our pipeline, which is similar to the “Declarative pipeline example”:

pipeline {
    agent any
    stages {
        stage('SCM') {
            steps {
                git url: 'https://github.com/foo/bar.git'
            }
        }
        stage('build && SonarQube analysis') {
            steps {
                withSonarQubeEnv('My SonarQube Server') {
                    // Optionally use a Maven environment you've configured already
                    withMaven(maven:'Maven 3.5') {
                        sh 'mvn clean package sonar:sonar'
                    }
                }
            }
        }
        stage("Quality Gate") {
            steps {
                timeout(time: 1, unit: 'HOURS') {
                    // Parameter indicates whether to set pipeline to UNSTABLE if Quality Gate fails
                    // true = set pipeline to UNSTABLE, false = don't
                    waitForQualityGate abortPipeline: true
                }
            }
        }
    }
}

The stack trace is:

org.sonarqube.ws.client.HttpException: Error 403 on https://sonarqube.l-bank.intern.ads/api/qualitygates/project_status?analysisId=AYBMldcKb_BZ4CWWwH2l : {"errors":[{"msg":"Insufficient privileges"}]}
	at org.sonarqube.ws.client.BaseResponse.failIfNotSuccessful(BaseResponse.java:36)
	at hudson.plugins.sonar.client.HttpClient.getHttp(HttpClient.java:38)
	at hudson.plugins.sonar.client.WsClient.requestQualityGateStatus(WsClient.java:70)
	at org.sonarsource.scanner.jenkins.pipeline.WaitForQualityGateStep$Execution.lambda$checkTaskCompleted$0(WaitForQualityGateStep.java:235)
	at org.sonarsource.scanner.jenkins.pipeline.WaitForQualityGateStep$Execution.checkQualityGate(WaitForQualityGateStep.java:288)
	at org.sonarsource.scanner.jenkins.pipeline.WaitForQualityGateStep$Execution.checkTaskCompleted(WaitForQualityGateStep.java:235)
	at org.sonarsource.scanner.jenkins.pipeline.WaitForQualityGateStep$Execution.start(WaitForQualityGateStep.java:171)
	at org.jenkinsci.plugins.workflow.cps.DSL.invokeStep(DSL.java:319)
	[...]

When we remove waitForQualityGate, the pipeline succeeds.

Any ideas?

beatngu13 · April 27, 2022, 7:16am

We were indeed missing permissions. waitForQualityGate no longer fails with:

Browse
See Source Code
Execute Analysis