Why can I not adjust settings via the API until a project has been analysed?

I have been experimenting with using the sonar web API as I have many projects to onboard.
After some playing around I think I have most things working. There are two things that puzzle me which I am posting as separate questions / issues.

  1. It does not seem to be possible to adjust settings for a project until after it has first been analysed.
    The API incorrectly (or at least unhelpfully) reports that the project does not exist.

Can you explain why this is and raise this as a feature request.

>curl -u $SONAR_TOKEN: "https://sonarcloud.io/api/settings/values?organization=MY_ORG&component=MY_PROJECT&keys=sonar.branch.longLivedBranches.regex" | jq
{
  "settings": [
    {
      "key": "sonar.branch.longLivedBranches.regex",
      "value": "(branch|release)-.*",
      "inherited": true
    }
  ]
}

>curl -u $SONAR_TOKEN: -XPOST 'https://sonarcloud.io/api/settings/set?organization=MY_ORG&component=MY_PROJECT&key=sonar.branch.longLivedBranches.regex&value=(develop|release|master).*'

{
  "errors": [
    {
      "msg": "Project doesn't exist"
    }
  ]
}

Once the project has been analysed it is possible to adjust these settings.
At the very least the error message is wrong it should say “project has not been analysed”.
Is there a good reason why these settings cannot or should not be allowed to be set at this point?

As I have many projects (>100) to onboard I would like to automate creating them and setting them up via the API. This issue prevents me doing that in a single step.
Currently I need two separate scripts - one to create the projects and a second one which cannot be run until each project has had its first analysis.

In my case there are, I think, only three settings I need to change for each project:

sonar.branch.longLivedBranches.regex
sonar.pullrequest.provider=“Azure DevOps Services”
sonar.pullrequest.vsts.token.secured

In the web user interface sonar.branch.longLivedBranches.regex is disabled until a project is analysed and the administrations menu item on the left had nav is not visible / does not exist.

I note that I can set the quality gate before the project is analysed using

>curl -u $SONAR_TOKEN: -XPOST "https://sonarcloud.io/api/qualitygates/select?organization=MY_ORG&projectKey=MY_PROJECT&gateId=53773

Also that API could be made less awkward if it accepted a quality gate name rather than a gateId which has to be looked up via api/qualitygates/show

Hey there.

I can’t reproduce this – I’m able to set sonar.branch.longLivedBranches.regex no problem on projects that have been provisioned, but not had a first analysis.

I expect you’re even able to do this in the UI yourself if you workaround the UI and visit https://sonarcloud.io/project/branches_list?id=<PROJECT_KEY>

Perhaps it is a subtle permissions issue?

Compare this newly created project:

with this existing one:

Note the administration menu item is missing for the new project on the bottom left as is the pen icon on the top right allowing you to edit the regex for long lived branches.

I have another example from a new project. This one has analysed a pull request but has not yet analysed the master branch (because of course I have not merged the pull request yet).

As before the long lived branches definition regex is not editable and there is no administration menu option on the left hand nav.

It looks like you aren’t being added as a Project Administrator on new projects. If you are an administrator of the SonarCloud organization, you should check the permission templates under global Administration > Permission Templates.

Screenshot 2022-09-22 at 10.37.39

As a global admin can also restore access to a project under Administration > Projects Management

This should help you get to a place where you can Administer all new projects.

That sounds like it is the problem. I will ask an administrator to sort my permissions.

I was just about to add an update that after successful faking a first analysis (merge to master and analysing via CLI instead of dev ops) I still can’t administer the project. This is consistent with your analysis.

Please also forward to your internal team that the API (api/settings/set) should return “permission denied” rather than “project does not exist”.

Hey there.

This should already be the case (tested with both an organization admin who doesn’t have Administer rights on a project, and a user who is not an organization admin and only has Browse access on the project)

curl -X POST -u TOKEN: 'https://sonarcloud.io/api/settings/set?key=afsdddsfsdf'

{"errors":[{"msg":"Insufficient privileges"}]}

If the user

That seems like an odd query as it uses a key that doens’t exist and lacks a value.
I have to add the organisation and project name as well but I still get my usual:

curl -s -u $SONAR_TOKEN: -XPOST ‘https://sonarcloud.io/api/settings/set?organization=MY_ORG&component=SOME_PROJECT&key=zuul’ | jq

{
  "errors": [
    {
      "msg": "Project doesn't exist"
    }
  ]
}

Hey @KantarBruceAdams

You’re right – when I ran POST api/settings/set without any query parameter, I assumed that when the response key was missing, it referred to a project key. The Web API isn’t exactly consistent when it comes to “the query parameter that means project key” (it can be projectKey, component, componentKey

Now it’s the afternoon and the coffee has kicked in. :slight_smile:

You’re right. I can reproduce this. I’ll flag it for attention.