Sonarqube stage in jenkins pipeline fails with 403 error

[arielman]

I have a pipeline job which keeps failing on Sonar Quality Gate stage with the below error:

[Bitbucket] Build result notified
org.sonarqube.ws.client.HttpException: Error 403 on http://illinXXXX:XXXXX/api/qualitygates/project_status?analysisId=XXXXXXXX
    at org.sonarqube.ws.client.BaseResponse.failIfNotSuccessful(BaseResponse.java:34)
I'm able to enter the link and see the projectStatus, so I don't understand the reason for the failure.
Sonarqube version: 6.7.1 (build 35068).

The auth token is configured in the global Jenkins settings.

[arielman]

anyone?

[rkrisztian]

Might be related to #25.

[arielman]

I forgot to mention. I check and tried it. didn't work

[sandro-h]

Hi @arielman,

If the auth token in your Jenkins has Browse permissions on the project, or your project is set to 'public', it should work.

Have you tried verifying that the auth token works if you use it directly? E.g. with a curl command:

curl -v -u abc1234: http://illinXXXX:XXXXX/api/qualitygates/project_status?analysisId=XXXXXXXX

Where abc1234 is your token. The colon at the end of it is required.
If that command succeeds, the next points to check are:

• Is the token propagated to your Sonar execution? I'm not very familiar with Jenkins, so I can't really point you to where to check that. Perhaps setting sonar.verbose=true will provide a hint in the build log.
• Is your Sonar server behind a coorporate proxy? The 403 error suggests it's really a response from the Sonar server, but worth to check just in case.

[arielman]

curl command is working.
What’s more strange, another pipeline from the same MS, is passing that stage. They both are using the same Sonarquebe user and pass, and the same stage syntax:

                    stage('Sonar Quality Gate') {
                        sleep(time: 300, unit: 'SECONDS')
                        timeout(time: 15, unit: 'MINUTES') {
                            def qg = waitForQualityGate()
                            if (!(qg.status == 'OK' || qg.status == 'WARN')) {
                                error "Pipeline aborted due to quality gate failure: ${qg.status}"
                            }
                        }
                    }

[sandro-h]

Hi @arielman,

I'm a bit confused. Based on your stage syntax, you're using the SonarQube Scanner for Jenkins plugin, right? That has nothing to do with the sonar-build-breaker plugin here. I think your best bet is asking in the https://community.sonarsource.com forums, since the Jenkins plugin is maintained by SonarSource.