You're not authorized to run analysis. Ple ase contact the project administrator

SonarQube Server / Community Build
1

What are you trying to accomplish?
[INFO] BUILD FAILURE
[INFO] ------------------------------------------------------------------------
[INFO] Total time: 24.416 s
[INFO] Finished at: 2023-08-02T13:03:47+05:30
[INFO] ------------------------------------------------------------------------
[ERROR] Failed to execute goal org.sonarsource.scanner.maven:sonar-maven-plugin:3.9.1.2184:sonar (default-cli) on project awcp-base-pom: You’re not authorized to run analysis. Ple
ase contact the project administrator. → [Help 1]

Do we need to provide any particular access or do we need to update sonar scanner maven plugin in pom.xml…?

  • Support a new language?
  • Extend an existing one? Which one?
  • Add language-agnostic features?
  • Something else?

What’s your specific coding challenge in developing your plugin?

And, if relevant, please share the code that’s giving you problems:

2

Hey there.

As noted in the template post, what version of SonarQube are you using? How are you providing authentication to the scanner?

3

9.9.1 LTS. We are using LDAP authentication. And I have created one functional account and generated token and provided that token to developers.
And we trying to test our code manually from local system.

Also, I have one question here. Can’t we able to login with project token.

4

Does that user have Execute Analysis permissions? (Administration > Security > Global Permissions)

I’m not sure what you mean.

5

Yes @Colin User has execute analysis permissions.

image
image1256×276 16.4 KB

==============================================
[INFO] SCM Publisher 49/49 source files have been analyzed (done) | time=1779ms
[INFO] CPD Executor 18 files had no CPD blocks
[INFO] CPD Executor Calculating CPD for 20 files
[INFO] CPD Executor CPD calculation finished (done) | time=32ms
[INFO] Load New Code definition
[INFO] Load New Code definition (done) | time=140ms
[INFO] Analysis report generated in 324ms, dir size=718.7 kB
[INFO] Analysis report compressed in 2161ms, zip size=240.6 kB
[INFO] ------------------------------------------------------------------------
[INFO] BUILD FAILURE
[INFO] ------------------------------------------------------------------------
[INFO] Total time: 55.864 s
[INFO] Finished at: 2023-08-04T17:25:11+05:30
[INFO] ------------------------------------------------------------------------
[ERROR] Failed to execute goal org.sonarsource.scanner.maven:sonar-maven-plugin:3.9.1.2184:sonar (default-cli) on project PersonMsg: You’re not authorized to run analysis. Please contact the p
roject administrator. → [Help 1]
[ERROR]
[ERROR] To see the full stack trace of the errors, re-run Maven with the -e switch.
[ERROR] Re-run Maven using the -X switch to enable full debug logging.

6

Then back to this point:

Can you provide an example of where you’re setting the sonar.login or sonar.token information?

7

Hi @Colin
With below command we are trying to authenticate. Please check.

-Dsonar.login=myAuthenticationToken
8

Hi @Colin
we are providing auth through local cli using

-Dsonar.login=myAuthenticationToken
10

@Colin
Its failing during uploading the report

[DEBUG] 18:30:54.059 POST 403 https://sonarqube.apassa.aws.xvv.com/api/ce/submit?projectKey=Person-Message&projectName=Person-Message | time=32ms

11

Hi @Colin

Can you please take a look and provide us any update on it.

Thanks

12

Hi @Colin
Any updates…?

13

Hey there.

This is a free community forum. Sometimes it requires time to look through everything, while managing the rest of the Community. Please do not bump threads and familiarize yourself with the FAQ.

I created a topic, when can I expect a response?

This is an open community with people volunteering their free time to provide assistance. We’re eager to contribute to the community, but you are not guaranteed a fast response.

Be patient

  • Wait a few days before bumping a topic that hasn’t received a response.
  • Do not @name mention individuals not involved in the topic.

Contribute as much as you expect to receive

  • Contribute to the community (helping others) as much as you expect to receive help.
14

While possible that SonarQube is returning the 403, it might also be coming from a layer in between your client and the SonarQube server, namely whatever is serving it over HTTPS, like a reverse proxy (think IIS, Apache, Nginx, a load balancer…)

Let’s see if the request even makes it to the SonarQube server. Do you see the 403 in the access.log of your SonarQube server?

15

Hi @Colin
We had 403 error inside access.log. Can u please take look on below logs and provide us any resolution for it.

10.17.106.245 - - [09/Aug/2023:03:28:27 -0500] “GET /api/projects/search?ps=50&qualifiers=TRK HTTP/1.1” 403 - “https://sonarqube.apa.aws.com/admin/projects_management” “Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36 Edg/103.0.1264.34” “AYnVUCXdfcdkLxDmaBZrABru”

10.17.106.248 - - [09/Aug/2023:00:00:52 -0500] “GET /api/settings/values.protobuf HTTP/1.1” 200 - “-” “ScannerMaven/3.9.1.2184/3.9.3” “AYnVUCXkLxDmaBZrABYFddd”
10.17.106.248 - - [09/Aug/2023:00:00:54 -0500] “GET /api/plugins/download?plugin=hadolint HTTP/1.1” 404 - “-” “ScannerMaven/3.9.1.2184/3.9.3” “AYnVUCXkLxDmaBZrABYGddd”
10.17.106.248 - - [09/Aug/2023:00:00:54 -0500] “GET /api/plugins/download?plugin=hadolint HTTP/1.1” 404 - “-” “ScannerMaven/3.9.1.2184/3.9.3” “AYnVUCXkLxDmaBZrABYHddd”

16

That looks like a different 403 than this one.

18

Hi @Colin
Please check the below logs for better understanding.

From Instance2:

[sonarqube@sonarqubeapp2-plae logs]$ cat access.log | grep -i 403
10.17.107.214 - - [09/Aug/2023:03:58:16 -0500] “GET /api/alm_settings/get_binding?project=harry HTTP/1.1” 403 - “https://sonarqube.apassa.aws.alight.com/dashboard?id=harry” “Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36 Edg/106.0.1370.47” “AYnVUAY+vPRtLieHACDC”
10.17.106.248 - - [09/Aug/2023:06:37:14 -0500] “GET /api/plugins/updates HTTP/1.1” 403 - “https://sonarqube.apassa.aws.com/admin/marketplace” “Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.0.0 Safari/537.36” “AYnZ/gC6iEKRYs0zAAEw”
[sonarqube@sonarqubeapp2-plae logs]$ cd /apps/sonarqube/sonarqube-9.9.1.69595/logs/timed out waiting for input: auto-logout

From Instance 1:

10.17.106.248 - - [09/Aug/2023:03:28:27 -0500] “GET /api/projects/search?ps=50&qualifiers=TRK HTTP/1.1” 403 - “https://sonarqube.apassa.aws.alight.com/admin/projects_management” “Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36 Edg/103.0.1264.77” “AYnVUCXkLxDmaBZrABru”
127.0.0.1 - - [09/Aug/2023:05:16:41 -0500] “GET /api/settings/values.protobuf?component=Person_Message HTTP/1.1” 403 - “-” “ScannerMaven/3.9.1.2184/3.5.4” “AYnVUCXkLxDmaBZrAB94”
10.17.106.248 - - [09/Aug/2023:06:37:14 -0500] “GET /api/plugins/available HTTP/1.1” 403 - “https://sonarqube.apassa.aws.com/admin/marketplace” “Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.0.0 Safari/537.36” “AYnaCxT5mz+oLaAPAAC8”
10.17.106.248 - - [09/Aug/2023:07:02:07 -0500] “GET /api/plugins/updates HTTP/1.1” 403 - “https://sonarqube.apassa.aws.com/admin/marketplace” “Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36 Edg/106.0.1370.47” “AYnaCxT5mz+oLaAPAAGF”

19

And still, none of them are the same 403 that is being returned when the analysis is submitted by the scanner.

Try running the analysis again (today) and see if it appears in the logs. If not, then you’re right (from your deleted post), the issue is probably at the AWS load balancer.

20

Hi @Colin
Still we are getting below error only. Can u please check once again from your end.

INFO] SonarQube version: 9.9.1.69595
[INFO] Default locale: “en_US”, source code encoding: “UTF-8”
[INFO] Load global settings
[INFO] ------------------------------------------------------------------------
[INFO] BUILD FAILURE
[INFO] ------------------------------------------------------------------------
[INFO] Total time: 59.953 s
[INFO] Finished at: 2023-08-10T17:15:40+05:30
[INFO] ------------------------------------------------------------------------
[ERROR] Failed to execute goal org.sonarsource.scanner.maven:sonar-maven-plugin:3.9.1.2184:sonar (default-cli) on project PersonMsg: Not authorized. Please check the properties sonar.login and
sonar.password. → [Help 1]
[ERROR]

Below logs are from access.log file. Earlier we got 403 error and now we are getting 401 error.

10.17.105.102 - - [10/Aug/2023:05:28:51 -0500] “GET /batch/index HTTP/1.1” 200 - “-” “ScannerMaven/3.9.1.2184/3.9.3” “AYne/CWdLuezx1jPAAAM”
10.17.105.102 - - [10/Aug/2023:05:28:53 -0500] “GET /api/settings/values.protobuf HTTP/1.1” 401 - “-” “ScannerMaven/3.9.1.2184/3.9.3” “AYne/CWdLuezx1jPAAAN”
10.17.107.214 - - [10/Aug/2023:05:28:54 -0500] “GET /about HTTP/1.1” 200 - “-” “ELB-HealthChecker/2.0” “AYne/CWdLuezx1jPAAAO”

21

A 401 would indicate that no authentication details are being provided at all. Are you still providing authentication information? Have you tried providing a new token?

Does this work locally still, as you mentioned before?