Sonarqube TFS任务返回错误(401)未授权在一个项目上而不是其他项目
[英]Sonarqube TFS task returning error (401) Unauthorized on one project but not others
问题描述
We have been using Sonarqube for about the last 2 months on our TFS 2017 server. 
我们在TFS 2017服务器上使用了Sonarqube大约2个月。 Overall it has been very helpful, but a few weeks ago one of our builds started failing due to Sonarqube returning a 401 error (Unauthorised). 总的来说它非常有用,但几周前,由于Sonarqube返回401错误(未经授权),我们的一个版本开始失败。
2017-10-12T15:11:19.7921253Z ##[error]16:11:19.729 Failed to request and parse ' http://sonarqube.local:9000/api/settings/values?component=MYPROJECTNAME%3Amaster ': The remote server returned an error: (401) Unauthorized.
2017-10-12T15:11:19.7921253Z ##[error]16:11:19.729 Could not authorize while connecting to the SonarQube server.
The curious thing about this is that other builds from other projects are working absolutely fine, using the same API token. 奇怪的是,使用相同的API令牌,其他项目的其他构建工作绝对正常。 I've even created a new Sonarqube endpoint in the failing project, then again in a known good project - again using the same API key on both - only for the same thing to happen. 我甚至在失败的项目中创建了一个新的Sonarqube端点,然后再次在一个已知的好项目中 - 再次在两者上使用相同的API密钥 - 只是为了发生同样的事情。 One fails with the above error, the other is fine. 一个失败,上面的错误,另一个很好。
I thought this might have been a security/permission option within sonarqube itself, so I tried creating a completely new sonarqube project but again - one TFS project fails, while another succeeds when both are pointing to this new project. 我认为这可能是sonarqube本身的安全/许可选项,所以我尝试创建一个全新的sonarqube项目但又一次 - 一个TFS项目失败,而另一个TFS项目指向这个新项目时成功。
I suspect this issue stems from the TFS project's security settings, but after comparing a good project with the bad project, nothing is jumping out at me as to what the cause may be - they seem to be set up the same. 我怀疑这个问题源于TFS项目的安全设置,但是在将一个好的项目与糟糕的项目进行比较后,没有任何事情可以告诉我原因可能是什么 - 它们似乎设置相同。 I enabled debugging on both a good build and the bad build and compared the outputs. 我在良好的构建和坏构建上启用了调试并比较了输出。 As far as I can tell, the only real difference between the two is that the "Failing" build is picking up a sonar.password from somewhere whereas the good build is not: 据我所知,两者之间唯一真正的区别是“失败”构建从某个地方拾取了一个sonar.password而良好的构建不是:
Good: 好:
2017-10-12T15:13:07.1067146Z ##[debug]Processed: ##vso[task.setvariable variable=MSBuild.SonarQube.ServerPassword;]
2017-10-12T15:13:07.2785974Z ##[debug] arguments = /c ""Y:\\2017_agent_work_tasks\\SonarQubeScannerMsBuildBegin_15b84ca1-b62f-4a2a-a403-89b77a063157\\3.0.2\\SonarQubeScannerMsBuild\\MSBuild.SonarQube.Runner.exe" begin /k:"MYPROJECTNAME" /n:"MYPROJECTNAME" /v:"20171012.7" /d:sonar.host.url="http://sonarqube.local:9000/" /d:sonar.login=******** /d:sonar.cs.vscoveragexml.reportsPaths="***.coveragexml" /d:sonar.branch="master""
Bad: 坏:
2017-10-12T15:11:19.5733714Z ##[debug]Processed: ##vso[task.setvariable variable=MSBuild.SonarQube.ServerPassword;]********
2017-10-12T15:11:19.5733714Z ##[debug] Path: Z:\\2017_agent_work_tasks\\SonarQubeScannerMsBuildBegin_15b84ca1-b62f-4a2a-a403-89b77a063157\\3.0.2\\SonarQubeScannerMsBuild\\MSBuild.SonarQube.Runner.exe 2017-10-12T15:11:19.5733714Z ##[debug] Arguments: begin /k:"MYPROJECTNAME" /n:"MYPROJECTNAME" /v:"20171012.3" /d:sonar.host.url="http://sonarqube.local:9000/" /d:sonar.login=******** /d:sonar.password=******** /d:sonar.cs.vscoveragexml.reportsPaths="***.coveragexml" /d:sonar.branch="master"
(Note: Although the good/bad ran on different build agents in this instance, the agents are identical and I've confirmed that "good" projects work on all of our agents while the "bad" project fails with the same result on all agents). (注意:虽然在这种情况下,不同的构建代理程序运行良好/不良,但代理程序是相同的,我已经确认“好”项目对我们所有代理程序都有效,而“坏”项目失败并且所有代理程序都有相同的结果剂)。
However, I have no idea where it's getting this password from - there is no sonar.properties file in the repository. 但是,我不知道从哪里获取此密码 - 存储库中没有sonar.properties文件。 To be absolutely sure, I cloned the repository for the failing TFS project, pushed it into a repository in a working TFS project, replicated the build and it works. 为了绝对肯定,我克隆了失败的TFS项目的存储库,将其推入到正在运行的TFS项目的存储库中,复制了构建并且它正常工作。
I've checked the logs from Sonarqube itself and they are less than helpful 我已经检查了Sonarqube本身的日志,但它们并没有帮助
What could I have missed? 我能错过什么?
TFS 2017 is 15.117.26714.0 TFS 2017是15.117.26714.0
Sonarqube is 6.5.0.27846 Sonarqube是6.5.0.27846
Sonarqube task version is 3.0.2 Sonarqube任务版本是3.0.2
EDIT: I have managed to get a temporary workaround for this by editing the build task to NOT insert sonar.password into the command line and this works. 编辑:我已经设法得到一个临时的解决方法,通过编辑构建任务不插入sonar.password到命令行,这是有效的。 That does prove that the root issue is the task pulling this mystery password from "somewhere" but I'm still at a loss as to where it would be picking it up. 这确实证明了根本问题是将这个神秘密码从“某个地方”拉出来的任务,但我仍然不知道它将在哪里捡起它。 I cannot find much information on what sets MSBuild.SonarQube.ServerPassword 我找不到有关什么设置MSBuild.SonarQube.ServerPassword
1 个解决方案
解决方案1
3 已采纳 2017-10-16 14:20:52
Based on the (401) Unauthorized. 基于(401)未经授权。 Generally speaking you need to specify the authentication token in the SonarQube service endpoint in TFS: click! 一般来说,您需要在TFS中的SonarQube服务端点中指定身份验证令牌: 单击! To obtain a user token in SonarQube follow these steps However, according to the troubleshooting you have done and one project worked, another not work, this should not related to your issue. 要在SonarQube中获取用户令牌,请按照以下步骤进行操作:但是,根据您已完成的故障排除和一个项目的工作,另一个项目无法正常工作,这与您的问题无关。
Just be sure the sonar.login and sonar.password properties in SonarQube.Analysis.xml are commented out, otherwise the token won't be used. 请确保sonar.login和sonar.password属性已被注释掉,否则将不会使用该令牌。
Also suggest you to compare the build definition of good build and bad build. 还建议您比较良好构建和错误构建的构建定义。 Another way is creating a new build definition only with sonar qube related task for the bad project. 另一种方法是仅为坏项目的声纳qube相关任务创建新的构建定义。 To see if the authentication works, this will narrow down if the issue related to build definition. 要查看身份验证是否有效,如果问题与构建定义相关,则会缩小范围。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.