Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

MR decoration not working for Gitlab - log says: The request requires higher privileges than provided by the access token. #907

Closed
ManfredSchenkIOSB opened this issue May 3, 2024 · 4 comments
Closed

MR decoration not working for Gitlab - log says: The request requires higher privileges than provided by the access token. #907

ManfredSchenkIOSB opened this issue May 3, 2024 · 4 comments
Labels
bug Something isn't working

Comments

@ManfredSchenkIOSB
Copy link

ManfredSchenkIOSB commented May 3, 2024
edited by mc1arke

Describe the bug
MR decoration with gitlab is not working.

To Reproduce
Steps to reproduce the behavior:

Follow the documentation how to setup MergeRequest decoration with Gitlab SelfManaged.

Especally the part where it is mentioned that the Access token only needs scope "read_api"

Expected behavior
A clear and concise description of what you expected to happen.

Screenshots
If applicable, add screenshots to help explain your problem.

Software Versions

  • SonarQube Version: 10.4.0.87286
  • Plugin Version: 1.18.0

Additional context

part of the logs mentioning that the scope of the access token is not sufficient to decorate the MR:

2024.05.03 14:54:15 INFO  ce[XXXXXXXXXXXXXX][c.g.m.s.p.c.p.PullRequestPostAnalysisTask] Using pull request decorator com.github.mc1arke.sonarqube.plugin.ce.pullrequest.gitlab.GitlabMergeRequestDecorator
2024.05.03 14:54:16 ERROR ce[XXXXXXXXXXXXXX][c.g.m.s.p.a.g.GitlabRestClient] Gitlab response status did not match expected value. Expected: 201\nHttpResponseProxy{HTTP/1.1 403 Forbidden [Server: nginx, Date: Fri, 03 May 2024 12:54:16 GMT, Content-Type: application/json, Content-Length: 149, Connection: keep-alive, Cache-Control: no-cache, Vary: Origin, X-Gitlab-Meta: {"correlation_id":"XXXXXXXXXXXXXX","version":"1"}, X-Request-Id: XXXXXXXXXXXXXX, X-Runtime: 0.027855, Strict-Transport-Security: max-age=31536000; includeSubDomains, Strict-Transport-Security: max-age=31536000] ResponseEntityProxy{[Content-Type: application/json,Content-Length: 149,Chunked: false]}}\n{"error":"insufficient_scope","error_description":"The request requires higher privileges than provided by the access token.","scope":"api read_api"}
2024.05.03 14:54:16 ERROR ce[XXXXXXXXXXXXXX][o.s.c.t.p.a.p.PostProjectAnalysisTasksExecutor] Execution of task class com.github.mc1arke.sonarqube.plugin.ce.pullrequest.PullRequestPostAnalysisTask failed
java.lang.IllegalStateException: An unexpected response code was returned from the Gitlab API - Expected: 201, Got: 403
	at com.github.mc1arke.sonarqube.plugin.almclient.gitlab.GitlabRestClient.validateResponse(GitlabRestClient.java:232)
	at com.github.mc1arke.sonarqube.plugin.almclient.gitlab.GitlabRestClient.lambda$addMergeRequestDiscussion$0(GitlabRestClient.java:117)
	at com.github.mc1arke.sonarqube.plugin.almclient.gitlab.GitlabRestClient.entity(GitlabRestClient.java:177)
	at com.github.mc1arke.sonarqube.plugin.almclient.gitlab.GitlabRestClient.addMergeRequestDiscussion(GitlabRestClient.java:117)
	at com.github.mc1arke.sonarqube.plugin.ce.pullrequest.gitlab.GitlabMergeRequestDecorator.submitCommitNoteForIssue(GitlabMergeRequestDecorator.java:144)
	at com.github.mc1arke.sonarqube.plugin.ce.pullrequest.gitlab.GitlabMergeRequestDecorator.submitCommitNoteForIssue(GitlabMergeRequestDecorator.java:50)
	at com.github.mc1arke.sonarqube.plugin.ce.pullrequest.DiscussionAwarePullRequestDecorator.lambda$decorateQualityGateStatus$2(DiscussionAwarePullRequestDecorator.java:97)
	at java.base/java.util.ArrayList.forEach(ArrayList.java:1511)
	at com.github.mc1arke.sonarqube.plugin.ce.pullrequest.DiscussionAwarePullRequestDecorator.decorateQualityGateStatus(DiscussionAwarePullRequestDecorator.java:97)
	at com.github.mc1arke.sonarqube.plugin.ce.pullrequest.PullRequestPostAnalysisTask.finished(PullRequestPostAnalysisTask.java:139)
	at org.sonar.ce.task.projectanalysis.api.posttask.PostProjectAnalysisTasksExecutor.executeTask(PostProjectAnalysisTasksExecutor.java:101)
	at org.sonar.ce.task.projectanalysis.api.posttask.PostProjectAnalysisTasksExecutor.finished(PostProjectAnalysisTasksExecutor.java:92)
	at org.sonar.ce.task.step.ComputationStepExecutor.executeListener(ComputationStepExecutor.java:89)
	at org.sonar.ce.task.step.ComputationStepExecutor.execute(ComputationStepExecutor.java:61)
	at org.sonar.ce.task.projectanalysis.taskprocessor.ReportTaskProcessor.process(ReportTaskProcessor.java:75)
	at org.sonar.ce.taskprocessor.CeWorkerImpl$ExecuteTask.executeTask(CeWorkerImpl.java:212)
	at org.sonar.ce.taskprocessor.CeWorkerImpl$ExecuteTask.run(CeWorkerImpl.java:194)
	at org.sonar.ce.taskprocessor.CeWorkerImpl.findAndProcessTask(CeWorkerImpl.java:160)
	at org.sonar.ce.taskprocessor.CeWorkerImpl$TrackRunningState.get(CeWorkerImpl.java:135)
	at org.sonar.ce.taskprocessor.CeWorkerImpl.call(CeWorkerImpl.java:87)
	at org.sonar.ce.taskprocessor.CeWorkerImpl.call(CeWorkerImpl.java:53)
	at com.google.common.util.concurrent.TrustedListenableFutureTask$TrustedFutureInterruptibleTask.runInterruptibly(TrustedListenableFutureTask.java:131)
	at com.google.common.util.concurrent.InterruptibleTask.run(InterruptibleTask.java:76)
	at com.google.common.util.concurrent.TrustedListenableFutureTask.run(TrustedListenableFutureTask.java:82)
	at java.base/java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:539)
	at java.base/java.util.concurrent.FutureTask.run(FutureTask.java:264)
	at java.base/java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(ScheduledThreadPoolExecutor.java:304)
	at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1136)
	at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:635)
	at java.base/java.lang.Thread.run(Thread.java:840)
2024.05.03 14:54:16 INFO  ce[XXXXXXXXXXXXXX][o.s.c.t.p.a.p.PostProjectAnalysisTasksExecutor] Pull Request Decoration | status=FAILED | time=1698ms
@ManfredSchenkIOSB ManfredSchenkIOSB added the bug Something isn't working label May 3, 2024
@xC0dex
Copy link

xC0dex commented May 6, 2024

Hi @ManfredSchenkIOSB, which documentation are you referring to? For MR decoration, you need a token with API write access. For importing projects into SonarQube, a read_api token is enough. So there are basically 2 tokens in the end. One for the MR decoration and one for importing projects.

As a side note: I doubt that the bug label fits in this case, as this is not a plugin bug.

@ManfredSchenkIOSB
Copy link
Author

@xC0dex I agree with you that the bug label doesn't fit here, but the input form only offered the Labels bug or Report Security vulnerability. So I chose bug since security vulnerability would have been a worse choice.
I would have chosen the label unclear documentation if it had been offered to me.

In original documentation of the Sonarqube server only the read_api token is mentioned. Meanwhile I found some statements where the requirement of the api scope is explained. But I think the documentation could be more clear in this case.

@xC0dex
Copy link

xC0dex commented May 6, 2024

But I think the documentation could be more clear in this case.

I see your point, the official documentation can be misleading. However, the documentation is not part of this project. Maybe to improve the docs in their project.

@ManfredSchenkIOSB
Copy link
Author

closing the issue. Perhaps this issue helps other who are faced with the same error message in the future.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@ManfredSchenkIOSB @xC0dex