Authenticate sonar-runner via basic auth

Question

Our sonarqube server is behind http basic authentication and local runner fails with 401 error. Is it somehow possible to provide credentials to it? AOfficial docs shows how to provide sonarqube's internal user...

UPD #1:

sonarqube: v5.3, sonar-runner: v2.5

Debug log of runner:

INFO: Scanner configuration file: /Users/user/Documents/Projects/Project1/sonar-scanner-2.5/conf/sonar-runner.properties
INFO: Project configuration file: /Users/user/Documents/Projects/Project1/sonar-project.properties
INFO: SonarQube Scanner 2.5
INFO: Java 1.8.0_45 Oracle Corporation (64-bit)
INFO: Mac OS X 10.11.3 x86_64
INFO: Error stacktraces are turned on.
DEBUG: cache: /Users/user/.sonar/ws_cache/https%3A%2F%2Fexample.com%2Fsonar%2F/global
INFO: User cache: /Users/user/.sonar/cache
DEBUG: Extract sonar-runner-batch in temp...
DEBUG: Get bootstrap index...
DEBUG: Download: https://example.com/sonar/batch_bootstrap/index
INFO: ------------------------------------------------------------------------
INFO: EXECUTION FAILURE
INFO: ------------------------------------------------------------------------
INFO: Total time: 1.171s
INFO: Final Memory: 5M/245M
INFO: ------------------------------------------------------------------------
ERROR: Error during SonarQube Scanner execution
org.sonar.runner.impl.RunnerException: Unable to execute SonarQube
    at org.sonar.runner.impl.IsolatedLauncherFactory$1.run(IsolatedLauncherFactory.java:100)
    at org.sonar.runner.impl.IsolatedLauncherFactory$1.run(IsolatedLauncherFactory.java:87)
    at java.security.AccessController.doPrivileged(Native Method)
    at org.sonar.runner.impl.IsolatedLauncherFactory.createLauncher(IsolatedLauncherFactory.java:87)
    at org.sonar.runner.impl.IsolatedLauncherFactory.createLauncher(IsolatedLauncherFactory.java:83)
    at org.sonar.runner.api.EmbeddedRunner.doStart(EmbeddedRunner.java:249)
    at org.sonar.runner.api.EmbeddedRunner.start(EmbeddedRunner.java:187)
    at org.sonar.runner.api.EmbeddedRunner.start(EmbeddedRunner.java:182)
    at org.sonarsource.scanner.cli.Main.execute(Main.java:75)
    at org.sonarsource.scanner.cli.Main.main(Main.java:66)
Caused by: java.lang.IllegalStateException: Fail to download libraries from server
    at org.sonar.runner.impl.Jars.downloadFiles(Jars.java:93)
    at org.sonar.runner.impl.Jars.download(Jars.java:70)
    at org.sonar.runner.impl.JarDownloader.download(JarDownloader.java:40)
    at org.sonar.runner.impl.IsolatedLauncherFactory$1.run(IsolatedLauncherFactory.java:91)
    ... 9 more
Caused by: java.lang.IllegalStateException: Status returned by url [https://example.com/sonar/batch_bootstrap/index] is not valid: [401]
    at org.sonar.runner.impl.ServerConnection.callUrl(ServerConnection.java:186)
    at org.sonar.runner.impl.ServerConnection.downloadString(ServerConnection.java:121)
    at org.sonar.runner.impl.ServerConnection.tryServerFirst(ServerConnection.java:148)
    at org.sonar.runner.impl.ServerConnection.download(ServerConnection.java:112)
    at org.sonar.runner.impl.Jars.downloadFiles(Jars.java:78)
    ... 12 more

To clarify: there's a proxy between `sonar-runner` and SonarQube server right ? and it's the proxy who's returning the 401 because of unauthenticated request ? please share `sonar-runner` logs — Nicolas B., Mar 04 '16 at 08:09
`Caused by: java.lang.IllegalStateException: Status returned by url [https://xxx/sonar/batch_bootstrap/index] is not valid: [401] at org.sonar.runner.impl.ServerConnection.callUrl(ServerConnection.java:186) at org.sonar.runner.impl.ServerConnection.downloadString(ServerConnection.java:121) at org.sonar.runner.impl.ServerConnection.tryServerFirst(ServerConnection.java:148) at org.sonar.runner.impl.ServerConnection.download(ServerConnection.java:112) at org.sonar.runner.impl.Jars.downloadFiles(Jars.java:78)` — nKognito, Mar 04 '16 at 08:11
It doesn't seem to be possible, but you can always add that functionality yourself. — Genti Saliu, Mar 04 '16 at 08:13
There's something fishy here. `sonar-runner` queries `api/server/version` before `batch_bootstrap/index`, and only the latter fails. Please edit your question will necessary details: SonarQube version, `sonar-runner` version, link to *full* debug logs of `sonar-runner`. — Nicolas B., Mar 04 '16 at 08:22

score 0 · Answer 1 · answered Mar 04 '16 at 09:20

0

No it doesn't look like sonar-runner supports proxy authentication. SonarQube has built-in access control so I'm not sure why you'd need proxy authentication on top of that. Maybe you could disable proxy authentication for SonarQube's URL.

answered Mar 04 '16 at 09:20

Nicolas B.

7,245
17
29

Arigion · Answer 2 · 2020-02-09T01:31:42.110

The sonar-runner, even if configured with credentials, does not use these to make it's first call to the server. The endpoint is /batch/index. You have to allow public access to that endpoint. For all other urls basic auth is fine.

More details about my working setup in my answer here: https://stackoverflow.com/a/60132667/1838233

I've tried that setup with the runner and a sonar-project.properties file containing:

    sonar.host.url=https://myserver/sonar/
    sonar.login=${env.SONARUSER}
    sonar.password=${env.SONARPWD}

and could access Sonar behind Apache basic auth that way.

score 0 · Answer 3 · answered Nov 02 '21 at 23:41

0

I have been looking for this too and failed to find any options to allow this. One use case I can think of for needing this is you have the sonar client running on the far end of a GCP IAP away from the sonar server. You'd need to have the client pass through the initial proxy to get to the sonar server. Even if the sonar server supports this auth natively you need some way for the client to pass an auth header.

This is for scenarios where you either don't trust sonar or you don't trust the deployment of sonar by some novice, but you do trust a zero-trust protected proxy by gcp's platform

answered Nov 02 '21 at 23:41

Philip Waters

1

1

Your answer could be improved with additional supporting information. Please [edit] to add further details, such as citations or documentation, so that others can confirm that your answer is correct. You can find more information on how to write good answers [in the help center](/help/how-to-answer). – Community Nov 03 '21 at 09:21
This does not really answer the question. If you have a different question, you can ask it by clicking [Ask Question](https://stackoverflow.com/questions/ask). To get notified when this question gets new answers, you can [follow this question](https://meta.stackexchange.com/q/345661). Once you have enough [reputation](https://stackoverflow.com/help/whats-reputation), you can also [add a bounty](https://stackoverflow.com/help/privileges/set-bounties) to draw more attention to this question. - [From Review](/review/late-answers/30243898) – user12256545 Nov 05 '21 at 14:24

Authenticate sonar-runner via basic auth

3 Answers3