jdamata / terraform-provider-sonarqube Goto Github PK

Hi there,

Terraform Version

1.3.2

Affected Resource(s)

• sonarqube_qualityprofile

Expected Behavior

I should be able to create a profile for any language that SonarQube supports

Actual Behavior

The provider only supports a subset:

[]string{"cs", "css", "flex", "go", "java", "js", "jsp", "kotlin", "php", "py", "ruby", "scala", "ts", "vbnet", "web", "xml"},

so attempting to use terraform for example will result in:

expected language to be one of [cs css flex go java js json jsp kotlin php py ruby scala ts vbnet web xml], got terraform

Steps to Reproduce

Please list the steps required to reproduce the issue, for example:
terraform apply any sonarqube_qualityprofile for the language "terraform"

References

The offending line of code is here:

Options to fix

Simply add the missing languages

This is simply a matter of extending the list but has the following disadvantages

1. you have to keep updating the provider as more languages are supported.
2. Some editions of SonarQube may not support all languages

Dynamically validate the list.

If you retrieve the list of supported languages from /api/languages/list then you can validate it is one of these.
Disadvantage: This may be non-trivial (or not possible at all) with an SDK plugin but should be using the new framework mode.

Remove the check completely.

This would seem to be the simplest option with few downsides
Here, an error still occurs but it is an API error at apply time rather than a validation error.
From a consumer perspective, there is little different - the error would look like this:

API returned an error: Value of parameter 'language' (bob) must be one of: [cloudformation, cs, css, flex, go, java, js, json, jsp, kotlin, kubernetes, php, py, ruby, scala, terraform, text, ts, vbnet, web, xml, yaml]

(Here I used "bob" as the language since terraform actually is supported).

And the operation fails as expected.

This is the preferred option IMO since we are allowing SonarQube itself to decide what it does/does not support

Hi there,

Getting below Error Error: failed to execute http request, but when I run a curl command (curl -u ${sonarqube_token}: https://<sonarqube-fqdn>/api/system/info) from the same Machine it works.

Terraform Version

Terraform v1.4.5
Terraform SonarQube Provider Version: 0.16.1

Affected Resource(s)

all resources (group, project, permissions)

Actual Behavior

What actually happened?

Error: failed to execute http request: GET https://<token>:@<sonarqube fqdn>/api/system/info? giving up after 5 attempt(s). Request: &{0x16a4400 <nil> 0xc0000b8800}

   with provider["registry.terraform.io/jdamata/sonarqube"],
   on sonarqube.tf line 9, in provider "sonarqube":
    9: provider "sonarqube" {

Steps to Reproduce

Please list the steps required to reproduce the issue, for example:

1. terraform plan

Thanks in advance.

Terraform Version

Terraform v1.1.9

Terraform command

terraform init

Expected Behavior

What should have happened?

Install the provider

Actual Behavior

What actually happened?

│ Error: Failed to install provider

│ Error while installing jdamata/sonarqube v0.14.0: could not query provider registry for registry.terraform.io/jdamata/sonarqube: failed to retrieve authentication checksums for provider: 404 Not Found

Terraform Version

Terraform v1.0.10
on linux_amd64

Affected Resource(s)

• sonarqube_project

Terraform Configuration Files

resource "sonarqube_project" "project" {
  name       = "my_project"
  project    = "my_project"
  visibility = "public"
}

Expected Behavior

When changing project's visibility setting, Terraform should not need to replace the whole project.

There is a dedicated API for managing the project's visibility. POST api/projects/update_visibility

Actual Behavior

Terraform want's to replace the project.

Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the following symbols:
-/+ destroy and then create replacement

Terraform will perform the following actions:

  # sonarqube_project.my_project must be replaced
-/+ resource "sonarqube_project" "projects" {
      ~ id         = "my_project" -> (known after apply)
        name       = "my_project"
      ~ visibility = "private" -> "public" # forces replacement
        # (1 unchanged attribute hidden)
    }

Steps to Reproduce

Please list the steps required to reproduce the issue, for example:

1. Change project's visibility from "private" to "public" in Terraform's config.
2. terraform apply

Terraform Version

Terraform v1.0.9
on linux_amd64
+ provider registry.terraform.io/jdamata/sonarqube v0.0.7

Affected Resource(s)

• sonarqube_group
• sonarqube_user

Terraform Configuration Files

resource "sonarqube_user" "example_user" {
  login_name = "user"
  name       = "Example user"
  is_local   = false
}

resource "sonarqube_group" "example_users" {
  name        = "example-users"
  description = "Example users"
}

Expected Behavior

A way to associate the example_user with the group example_users

Actual Behavior

No way to associate them currently

References

Link to API endpoint: /web_api/api/user_groups/add_user

Hi there,

I am using this provider to provision quality gates, roles, permissions, etc.
I have created a permission template which enforces RBAC and I would like to set it as the default permission template to apply to new projects. I have searched the doc/code and did not find any way to do this as of right now.

Terraform Version

$ terraform -v

Terraform v1.1.3
on linux_amd64
...
+ provider registry.terraform.io/jdamata/sonarqube v0.15.0

Affected Resource(s)

• sonarqube_permission_template
• sonarqube_permission

Expected Behavior

Being able to set a permission template as the default one to apply to new projects when they are created.

Actual Behavior

No signs of being able to use the permissions/set_default_template api endpoint.

Hi there,

I am experiencing issues with a number of Sonarqube provider-managed projects, where it seems that a Terraform provider fails to process data retrieved from Sonarqube APIs.

When provisioning new project in Sonarqube, I see a following error:

Error: Provider produced inconsistent result after apply

When applying changes to module.tf-postfix-repo.sonarqube_project.repo,
provider "registry.terraform.io/jdamata/sonarqube" produced an unexpected new
value: Root resource was present, but now absent.

 This is a bug in the provider, which should be reported in the provider's own
issue tracker.

This error does not prevent Sonarqube providers from provisioning a project in Sonarqube, but I believe it fails to import/process data to store it in a state file. For example, if I am trying to import created resource I get:

Error: nil entry in ImportState results. This is always a bug with
the resource that is being imported. Please report this as
a bug to Terraform.

The project name I am importing: tf-postfix

Note: it is worth mentioning that we observed this issue only for the projects which start with t character

Terraform Version

0.13.5

Affected Resource(s)

Please list the resources as a list, for example:

• sonarqube_project

If this issue appears to affect multiple resources, it may be an issue with Terraform's core, so please mention this.

Terraform Configuration Files

# Sonarqube project configuration
#
# This file contains all configurations for a sonarqube project, which is used for multiple code validations

resource "sonarqube_project" "repo" {
  name       = var.name
  project    = var.name
  visibility = "public"
}

# Associate a default PR validation quality gate to a Sonarqube project
resource "sonarqube_qualitygate_project_association" "default_pr" {
  gatename   = local.default_pr_validation_qg
  projectkey = sonarqube_project.repo.project
}

# Associate custom quality gates to the project. 
# Configuration taken from `custom_quality_gates` map
resource "sonarqube_qualitygate" "custom" {
  for_each = var.custom_quality_gates

  name = each.key
}

resource "sonarqube_qualitygate_project_association" "custom" {
  for_each = var.custom_quality_gates

  gatename   = sonarqube_qualitygate.custom[each.key].id
  projectkey = sonarqube_project.repo.project
}

resource "sonarqube_qualitygate_condition" "custom" {
  for_each = var.custom_quality_gates

  gatename  = sonarqube_qualitygate.custom[each.key].id
  metric    = each.value.metric
  threshold = each.value.threshold
  op        = each.value.operator
}

Note: the Sonarqube resources provisioned as a separate internal Terraform module

Expected Behavior

Terraform should be able to provision/import Sonarqube projects

Actual Behavior

Terraform failed to import a Sonarqube project into a state file, thus resulting in an untracked resource

Steps to Reproduce

Please list the steps required to reproduce the issue, for example:

1. terraform apply

Important Factoids

Sonarqube version: 8.9
Sonarqube provider version: 0.0.3

Hello, I have an issue when deleting a quality gate. The default always changes to the "sonar way" one, regardless of which one is the actual set as default one. When deleting Quality Gates, the instance of Sonarqube also breaks because of this because the /qualitygates/list does not respond 200 anymore

A fix to restore the instance is to create a dummy quality gate using the /qualitygates/create?name=test and then /qualitygates/set_as_default/test

Why do you need to always invoke the set_as_default when destroying a quality gate? I think we need it only if the quality gate to be destroyed is set as default.

Link below:

Best,
l

I am unable to add some quality gate metrics via terraform on SonarQube, specially the OWASP Dependency-Check ones(High Severity Vulnerabilities, Critical Severity Vulnerabilites etc.).

Getting the following error:

Error: API returned an error: There is no metric with key=blocker_issues. (whereas it appears on the UI)

module "set_qualitygate_condition"{
  source = "../"

  qualitygate_name = "test"
  qualitygate_condition_list = [
    {
      metric = "vulnerabilities",
      "threshold" = "10",
      "op" = "GT"
    },
    {
      "metric" = "total_vulnerabilities",
      "threshold" = "20",
      "op" = "GT"
    },
    {
      "metric" = "vulnerable_dependencies",
      "threshold" = "10",
      "op" = "GT"
    },
    {
      "metric" = "blocker-issues",
      "threshold" = "3",
      "op" = "GT"
    }
  ]
  qualitygate_default = true
}

I was able to add the other three metrics via terraform with the same configuration as mentioned above.

Hi there,

It would be very useful to be able to retrive rules matching a set of supplied criteria as we can with the api/rules/search endpoint.

Terraform Version

Terraform v1.2.2 on windows_amd64

Affected Data Source

• sonarqube_rule

Expected Behavior

I would like to be able to retrieve a set of rules rather than just a single rule.

Actual Behavior

No way to achieve this using the provider - it is necessary to use a http provider to interact with the API directly/

References

http://localhost:9000/web_api/api/qualityprofiles/search

e.g. to retrieve all non-deprecated CRITICAL code smells:
http://localhost:9000/api/rules/search?ps=500&languages=cs&types=CODE_SMELL&statuses=READY&severities=CRITICAL

Hi there

Terraform Version

1.3.2

Affected Resource(s)

• sonarqube_setting

Expected Behavior

Should support settings that accept multiple values.

Actual Behavior

Only support single values

Steps to Reproduce

apply something like this:

resource "sonarqube_setting" "analysis_scope_source_exclusions" {
  key    = "sonar.global.exclusions"
  values = ["**/samples/**/*.*", ".github1/**/*.*", "afoo2"]
}

It simply isn't supported - the current implementation of sonarqube_setting supports value only.
There is some commented out beginnings of support for values and fieldValues

Hi,

it would be nice a have a provider specific proxy config option. (for example like aws provider https://registry.terraform.io/providers/hashicorp/aws/latest/docs#http_proxy)

I know in the current version it's possible via env vars, but running in a large stack it effects every provider and can cause problems.

Do you think, there's any chance to implement this?

Thank you already in advance.

Hi there,

We're facing issues using your provider with a SonarQube instance hosted on a subpath.
If you need any help to fix this, we're open to provide a pull request

Terraform Version

Terraform v1.2.5

Affected Resource(s)

Global to provider

Terraform Configuration Files

provider "sonarqube" {
    token  = "<redacted>"
    host  = "https://quality-analysis.my-host.io/sonar/"
}

Expected Behavior

We expect provider to work relatively to provided host.
For instance, version API should be called as following
https://quality-analysis.my-host.io/sonar/api/server/version

Actual Behavior

Provider fails to call any API, because it's removing subpath when building API URL

Steps to Reproduce

1. Run terraform plan on any sonarqube instance hosted on a subpath

Terraform Version

1.3.7

Affected Provider

• sonarqube

Terraform Configuration Files

terraform {
  required_providers {
    gitlab = {
      source  = "gitlabhq/gitlab"
      version = "3.19.0"
    }
    google-beta = {
      source  = "hashicorp/google-beta"
      version = "4.10.0"
    }
    null = {
      source  = "hashicorp/null"
      version = "3.1.0"
    }
    kubernetes = {
      source  = "hashicorp/kubernetes"
      version = "2.14.0"
    }
    sonarqube = {
      source = "jdamata/sonarqube"
      version = "0.15.6"
    }
  }
  required_version = ">= 1.1.0"
}

provider "sonarqube" {
  host = "https://sonarqube-${local.hostname}"  # Hostname changes depending on the deployment environment (e.g.: dev vs prod)
}

Expected Behavior

Sonarqube provider config should rely on environment variables for reading user, pass, token, host, etc.
NOTE: Docs do mention that host is a required parameter, but if the SONAR_HOST env var could be used I don't see why there needs to be a provider block at all.

Our company runs in an environment where we do not use consistent usernames or passwords and all tokens rotate. We have no problem setting environment variables from kubernetes secrets though or on a one-off basis. All terraform code is checked into git so we avoid hard-coding passwords/token whenever possible.

Actual Behavior

Sonarqube provider returned the following errors:

╷                                                                                                                         
│ Error: Missing required argument
│
│   with provider["registry.terraform.io/jdamata/sonarqube"],
│   on <empty> line 0:
│   (source code not available)
│
│ "user": all of `pass,user` must be specified
╵
╷
│ Error: Invalid combination of arguments
│
│   with provider["registry.terraform.io/jdamata/sonarqube"],
│   on <empty> line 0:
│   (source code not available)
│
│ "token": one of `pass,token` must be specified

Steps to Reproduce

Please list the steps required to reproduce the issue, for example:

1. terraform init
2. terraform plan

References

• https://registry.terraform.io/providers/jdamata/sonarqube/latest/docs#argument-reference

Hi

SonarQube made a change in the 9.9 release (SONAR-17818) which automatically adds their "clean as you code" conditions to any quality gate that you create.
This basically makes it impossible to set different values using the terraform provider.

This is what we have been doing:

resource "sonarqube_qualitygate" "default" {
  name       = "My way"
  is_default = true
}

resource "sonarqube_qualitygate_condition" "new_coverage" {
  gatename  = sonarqube_qualitygate.default.name
  metric    = "new_coverage"
  op        = "LT"
  threshold = "50"
}

Which will no longer work because the new_coverage metric is already added when the gate is created but terraform state doesn't know about it - so you get this:

 Error: API returned an error: Condition on metric 'Coverage on New Code' already exists.

   with sonarqube_qualitygate_condition.new_coverage,
   on quality_gates.tf line 29, in resource "sonarqube_qualitygate_condition" "new_coverage":
   29: resource "sonarqube_qualitygate_condition" "new_coverage" {

I am not a GO developer but I played around with the provider and it seems like resource_sonarqube_qualitygate.go does not populate the conditions array when a gate is created. It looks like it should but this seems to be a bug:

Anyway I messed around a bit and fixed that to populate from qualityGateReadResponse.Conditions and now tf state will contain e.g.

resource "sonarqube_qualitygate" "default" {
    conditions = [
<snip>
        {
            error  = "80"
            id     = "AYe40uWkpq_IgwDfAktH"
            metric = "new_coverage"
            op     = "LT"
        },
    ]
    id         = "My way"
    is_default = true
    name       = "My way"
}

when the gate is created.
This still doesn't help with updating the conditions however since any new ones you create are in a completely different resource - e.g.:

resource "sonarqube_qualitygate_condition" "security_rating" {
    gatename  = "My way"
    id        = "AYe48en3pq_IgwDfAktJ"
    metric    = "security_rating"
    op        = "GT"
    threshold = "1"
}

It feels like the sonarqube_qualitygate resource needs to handle the conditions in all cases and sonarqube_qualitygate_condition should be removed as it would be unnecessay at this point.
It is essentially useless for updating any of the conditions that SonarQube adds automatically now anyway.

And migrating to a new version of sonarqube_qualitygate could be a bit painful/a breaking change.

It feels like the sort of change that would require some discussion @jdamata rather than someone simply pushing a PR and hoping it is accepted :)

And of course there may be other solutions available....such as potentially sonarqube_qualitygate_condition updating the child resource within the sonarqube_qualitygate - though that may be a bit hacky even if it is possible?

Should be SONARQUBE_TOKEN not SONRQUBE_TOKEN.

Hi,

thank you for your great provider!

It would be great to hava datasources by name for:

like

datasource "sonarqube_permission_template" example {
name =
}

then I could use it by 'sonarqube_permissions' for template_id

or

resource "sonarqube_permissions" example {
...
template = (not only template_id)
}

Thank You
Eugen

Hi,

I have made a MR to add the expirationDate parameter to the user_token creation.
#112

I have build it on my computer under WSL but I didn't test it :'( so look at it carefully.

Thanks,
Frédéric

Hello,

I have the impression that the sonarqube_setting resource of the provider cannot handle secured settings at this point in time.
We have a terraform project where we use the azuread provider to create an azuread app + service principal for terraform and then we want to configure the resulting values in sonarqube to enable azuread authentication. We fail to set the required application secret and application id.

Affected Resource(s)

Please list the resources as a list, for example:

• sonarqube_setting

Terraform Configuration Files

resource "sonarqube_setting" "aad-client-id" {
  key   = "sonar.auth.aad.clientId.secured"
  value = azuread_application.openid_aad_app.application_id
}

resource "sonarqube_setting" "aad-client-secret" {
  key   = "sonar.auth.aad.clientSecret.secured"
  value = azuread_service_principal_password.openid_aad_app_sp_secret.value
}

Expected Behavior

The setting should have been overwritten with the new/latest value.

Actual Behavior

Nothing, the terraform execution failed with:

│ Error: resourceSonarqubeSettingsRead: Failed to find setting: sonar.auth.aad.clientId.secured
│
│ with sonarqube_setting.aad-client-id,
│ on sonarqube-settings.tf line 6, in resource "sonarqube_setting" "aad-client-id":
│ 6: resource "sonarqube_setting" "aad-client-id" {
│
╵
╷
│ Error: resourceSonarqubeSettingsRead: Failed to find setting: sonar.auth.aad.clientSecret.secured
│
│ with sonarqube_setting.aad-client-secret,
│ on sonarqube-settings.tf line 11, in resource "sonarqube_setting" "aad-client-secret":
│ 11: resource "sonarqube_setting" "aad-client-secret" {
│

References / additional info:

I verified locally with curl and if you try to get the setting value with the key of a secured setting, you get a response from which you can deduct that the setting exists but is secured.

{
"settings":[],
"setSecuredSettings":["sonar.auth.aad.clientId.secured"]
}

Could the provider be adjusted so that, if the setting is secured, the setting can be written without checking the current value?

As discussed in #19 support for SonarQube 7.9 would be appreciated. Following @jdamata 's check against SQ 7.9, some work needs to be done:

FAIL
coverage: 55.5% of statements
FAIL    github.com/jdamata/terraform-provider-sonarqube/sonarqube       37.708s
FAIL1

Hi there, I'm getting this error when running terraform init for this latest version.

Terraform Version

Terraform v1.1.7 on linux_amd64

Affected Resource(s)

Please list the resources as a list, for example:

• sonarqube_project

Terraform Configuration Files

terraform {
  required_version = ">= 0.13"

  required_providers {
    sonarqube = {
      source = "jdamata/sonarqube"
    }
  }
}

provider "sonarqube" {
    user   = "admin"
    pass   = "admin" 
    host   = "http://127.0.0.1:9000"
    installed_version = "8.9.7"
    tls_insecure_skip_verify = true
}

Expected Behavior

What should have happened?
Run the terraform init sucessfully.

Actual Behavior

What actually happened?
Show the following error:

Error while installing jdamata/sonarqube v0.14.0: could not query provider registry for registry.terraform.io/jdamata/sonarqube: failed to retrieve authentication checksums for provider: 404 Not Found

Steps to Reproduce

Please list the steps required to reproduce the issue, for example:

1. terraform init

Currently the sonarqube_qualitygate resource only supports two inputs (name and is_default).

It would be nice to be able to create Quality Gates by copying an existing gate, just as the Copy button in the UI (see image below), or the api/qualitygates/copy endpoint.

My proposed solution is to add an extra argument (copy_from) to the sonarqube_qualitygate resource to support copying an existing gate.

Expected Behavior

I would like to be able to have terraform resources for configuring the project specific settings here:

Actual Behavior

This ability is currently not available. We can only create projects and assign quality gates/profiles. Nothing more.

Hi @jdamata ,

As per our mail conversations regarding: SonarCloud Terraform-Go Code conversation from your SonarQube related code, Will you be fine if we fork your repository & do the required changes for SonarCloud?
Please approve so that I can go ahead & start doing the required changes for SonarCloud requirement.
I have also replied for your mail. I'll wait for your response.

Thanks again!!

Regards,
Nishanta Banik

Hi there,

Thank you for opening an issue.

Terraform Version

Sonarqube version: 9.9.0
Terraform v1.2.9
on linux_amd64

• provider registry.terraform.io/gavinbunney/kubectl v1.14.0
• provider registry.terraform.io/hashicorp/aws v3.59.0
• provider registry.terraform.io/hashicorp/helm v2.9.0
• provider registry.terraform.io/hashicorp/local v2.3.0
• provider registry.terraform.io/hashicorp/vsphere v2.2.0
• provider registry.terraform.io/jdamata/sonarqube v0.15.11

Affected Resource(s)

Please list the resources as a list, for example:

• sonarqube_gitlab_binding
• sonarqube_project

Terraform Configuration Files

sonarqube_gitlab_binding.gitlab-binding: Creating...
╷
│ Error: API returned an error: Unknown url : /api/alm_settings/set_gitlab_binding
│ 
│   with sonarqube_gitlab_binding.gitlab-binding,
│   on integration.tf line 13, in resource "sonarqube_gitlab_binding" "gitlab-binding":
│   13: resource "sonarqube_gitlab_binding" "gitlab-binding" {
│ 
╵
ERRO[0026] 1 error occurred:
        * exit status 1

Expected Behavior

create binding

Actual Behavior

error

Steps to Reproduce

Please list the steps required to reproduce the issue, for example:

1. terraform apply

References

Are there any other GitHub issues (open or closed) or Pull Requests that should be linked here? For example:

• GH-1234

Terraform Version

Terraform v1.0.9
on linux_amd64

Affected Resource(s)

sonarqube_user
sonarqube_project
sonarqube_qualityprofile
sonarqube_rule

Expected Behavior

Data sources exists for some key resources.

Example:

data "sonarqube_qualityprofile" "main" {
    name = "example"
}

data.sonarqube_qualityprofile.main.key

Actual Behavior

no way to get metadata about existing resources in sonar

Hi there,

Thank you for opening an issue.

Terraform Version

terraform -v       
Terraform v1.4.4
on darwin_arm64
+ provider registry.terraform.io/jdamata/sonarqube v0.15.11

Affected Resource(s)

Please list the resources as a list, for example:

• sonarqube_group

Terraform Configuration Files

the config is simple with a module, but with like around 700 groups to create

resource "sonarqube_group" "group" {
  count       = var.enable_group ? 1 : 0
  name        = var.group_name
  description = "Managed by terraform"
}

Expected Behavior

Should create these groups successfully

Actual Behavior

What actually happened?

• At the first time to execute terraform apply, The groups are created successfully, but terraform apply will be failed with error below:

│ Error: Provider produced inconsistent result after apply
│
│ When applying changes to
│ module.foo.sonarqube_group.group, provider
│ "provider[\"registry.terraform.io/jdamata/sonarqube\"]" produced an
│ unexpected new value: Root resource was present, but now absent.
│
│ This is a bug in the provider, which should be reported in the provider's
│ own issue tracker.

• At the second run with terraform apply, command will be failed with group is existed

Thank you for your time.

Terraform Version

Terraform v1.0.9
on linux_amd64

Affected Resource(s)

sonarqube_qualitygate

Expected Behavior

sonarqube_qualitygate has "default" attribute of type boolean to be able to set quality gate as default

Actual Behavior

no way to make quality gate as default

References

http://localhost:9000/web_api/api/qualitygates/set_as_default

Hi ,

Am able to assign custom quality gates manage permission to specific user/ group via UI,

The stripPermissions method in resource_sonarqube_permissions_go explicitly removes applicationcreator and portfoliocreator.

This causes a problem when trying to set group permissions that include them.

Terraform Version

1.3.2

Affected Resource(s)

sonarqube_permissions

Terraform Configuration Files

resource "sonarqube_group" "my_admin_group" {
  name        = "MyAdministrators"
  description = "My Administrators."
}

resource "sonarqube_permissions" "my_admin_group_permissions" {
  group_name  = sonarqube_group.my_admin_group.name
 permissions =  ["admin","applicationcreator", "gateadmin", "portfoliocreator", "profileadmin", "provisioning"]
}

Expected Behavior

The permissions are set on first terraform apply and are unchanged on subsequent calls

Actual Behavior

Every call to terraform plan or terraform apply after the initial setup decides that my_admin_group_permissions needs to be updated.

Terraform will perform the following actions:

  # sonarqube_permissions.my_admin_group_permissions must be replaced
-/+ resource "sonarqube_permissions" "my_admin_group_permissions" {
      ~ id          = "37fa3e90-b42e-4e3e-8485-d81f6e7f1c66" -> (known after apply)
      ~ permissions = [ # forces replacement
            "admin",
          + "applicationcreator",
            "gateadmin",
          + "portfoliocreator",
            "profileadmin",
            # (1 unchanged element hidden)
        ]
        # (1 unchanged attribute hidden)
    }

Steps to Reproduce

Please list the steps required to reproduce the issue, for example:

1. terraform apply using the two resources I listed earlier
2. terraform apply again

I believe this is because when terraform comes to check if the resource needs to be updated or not, because stripPermissions strips out some permissions, it thinks that the permission list is 2 shorter than it actually is...which does not match with the .tf file => the resource needs to be updated. And this will happen evey time because the two permissions are always removed.

I am unsure of the circumstance under which it makes sense to remove those two permissions but it seems not to be appropriate in the case where the caller is supplying only the group_name and permissions list

Hello @jdamata,

I found a bug while importing a sonarqube group, which isn't delivered via the sonarqube API (/api/user_groups/search?q=) on the first page. Sonarqube paginates results and the terraform provider doesn't browse "pages" in order to find the group.

Terraform Version

$ terraform -v
Terraform v1.0.1
on darwin_amd64
+ provider registry.terraform.io/jdamata/sonarqube v0.0.6

Affected Resource(s)

• sonarqube_group
• maybe more... I haven't tested, but I can imagine it affects all paginated resources

Example GIST

https://gist.github.com/scurow-bdr/9d38c438028de7d0c69e17376ec2914b

Expected Behavior

The provider should recognize paginated entries while importing.

Actual Behavior

The provider does not find paginated entries while importing.

Steps to Reproduce

Please list the steps required to reproduce the issue, for example:

1. ./run.sh in the aforementioned GIST https://gist.github.com/scurow-bdr/9d38c438028de7d0c69e17376ec2914b

Terraform Version

Terraform v1.0.9
on linux_amd64

Affected Resource(s)

sonarqube_qualityprofile_deactivate_rule

Expected Behavior

sonarqube_qualityprofile_deactivate_rule exists

Actual Behavior

no way to deactivate rule on a quality profile.

References

Sonar API documentation http://localhost:9000/web_api/api/qualityprofiles/deactivate_rule

Terraform Version

Terraform v1.0.9
on linux_amd64

Affected Resource(s)

sonarqube_qualityprofile_project_association

Expected Behavior

sonarqube_qualityprofile_project_association has "parent_quality_profile" attribute to be able to set parent quality profile

Actual Behavior

no way to set parent quality profile

References

Sonar API documentation http://localhost:9000/web_api/api/qualityprofiles/change_parent

Hello,

Sonarqube is now supporting terraform HCL (starting from 9.3 version) terraform needs to be added as a valid language in the language parameter of the sonarqube_qualityprofile resource.

Affected Resource(s)

• sonarqube_qualityprofile

Terraform Configuration Files

resource "sonarqube_qualityprofile" "terraform_profile" {
    name     = "example"
    language = "terraform"
    is_default = false
    parent = "sonar way"
}

Terraform Version

`Terraform v1.2.4
on linux_amd64

• provider registry.terraform.io/jdamata/sonarqube v0.15.0`

Affected Resource(s)

• sonarqube_user_token

Expected Behavior

It would be great if the user token resource supports the new token types from SonarQube 9.5.
API Parameter

Besides the current default 'USER_TOKEN' there are two new types 'GLOBAL_ANALYSIS_TOKEN' and 'PROJECT_ANALYSIS_TOKEN' (which requires an additional field 'projectKey'.

The request and response parameters are almost the same, so we probably just need two new terraform variables, which get piped to the api.

Terraform Version

Terraform v1.0.9
on linux_amd64

Affected Resource(s)

sonarqube_qualityprofile_activate_rules

Expected Behavior

sonarqube_qualityprofile_activate_rules exists

Actual Behavior

no way to bulk-activate rules on one quality profile.

References

Sonar API documentation http://localhost:9000/web_api/api/qualityprofiles/activate_rules

SonarQube supports multiple DevOps integrations (e.g.: GitHub, GitLab, Azure, etc). Configuring these integrations through terraform would be incredibly useful.

• alm_settings API
• alm_integrations API

These integrations require a SonarQube developer edition or higher installation.

Hi,
I am testing this provider but I get this error when I run terraform plan. When I copy the same url to my browser it works fine.

Thanks.

Error: Unable to reach sonarqube: GET https://xxx:[email protected]/api/server/version? giving up after 5 attempt(s)

Terraform Version

Terraform v1.1.5
on windows_amd64

• provider registry.terraform.io/jdamata/sonarqube v0.0.11

Affected Resource(s)

• sonarqube_project

Terraform Configuration Files

terraform {
  required_version = "~> 1.1"

  required_providers {
    sonarqube = {
      source = "jdamata/sonarqube"
    }
  }

  backend "azurerm" {
    resource_group_name  = "xxx"
    storage_account_name = "xxx"
    container_name       = "xxx"
    key                  = "xxx"
  }
}

provider "sonarqube" {
  user = "xxx"
  pass = "xxx"
  host = "https://sonarqube.mycompany.com"
}

resource "sonarqube_project" "test_project" {
  name       = "test-project-by-terraform"
  project    = "test-project-by-terraform"
  visibility = "public"
}

Expected Behavior

Produce the plan

Actual Behavior

Error failing to connect to SonarQube

Hi there,

tldr

SonarQube will use "is worse than" operator for conditions that have grade rating thresholds. It's not exactly clear which op to use when provisioning this condition. It turns out that GT is the only way I found it worked and provisioned what I wanted.

For context, I was able to successfully provision my quality gate; however, I wanted to surface this to see if this was the intended behavior.

Terraform Version

Run terraform -v to show the version. If you are not running the latest version of Terraform, please upgrade because your issue may have already been fixed.

terraform -v
Terraform v1.3.1
on darwin_arm64

Affected Resource(s)

Please list the resources as a list, for example:

• sonarqube_qualitygate

Terraform Configuration Files

// Example main.tf that will not successfully apply.

resource "sonarqube_qualitygate" "main" {
    name = "My Quality Gate"
    is_default = false

    condition {
        metric    = "new_coverage"
        op        = "LT"
        threshold = "50"
    }

    condition {
        metric    = "new_duplicated_lines_density"
        op        = "GT"
        threshold = "3"
    }

    condition {
        metric    = "new_maintainability_rating"
        op        = "LT"
        threshold = "1"
    }

    condition {
        metric    = "new_reliability_rating"
        op        = "LT"
        threshold = "1"
    }

    condition {
        metric    = "new_security_hotspots_reviewed"
        op        = "LT"
        threshold = "100"
    }

    condition {
        metric    = "new_security_review_rating"
        op        = "LT"
        threshold = "1"
    }
}

resource "sonarqube_qualitygate_project_association" "main" {
  gatename   = sonarqube_qualitygate.main.name
  projectkey = var.projectKey
}

Expected Behavior

I'd assume if I use op = "LT" that that would be synonymous and/or evaluate to SonarQube's "is worse than" operator.

Actual Behavior

This will actually not work and yield:

│ Error: resourceSonarqubeQualityGateCreate: Failed to synchronise quality gate conditions: addOrUpdateCondition: Failed to create condition 'new_reliability_rating': API returned an error: Operator LT is not allowed for this metric.

Steps to Reproduce

Please list the steps required to reproduce the issue, for example:

1. terraform apply

References

Are there any other GitHub issues (open or closed) or Pull Requests that should be linked here? For example:

• N/A

Hi

The sonarqube_qualitygate resource looks like it should populate conditions when the resource is read - see here:

The problem is that by the time it hits this code, we have already read the resp.Body so this is alway empty.

In versions of Sonar prior to 9.9 this was not an issue because no conditions are added when the quality gate is created.
In 9.9 and above however, six conditions are automatically added and so they should be returned here.

Terraform Version

Terraform v1.3.9

Affected Resource(s)

Please list the resources as a list, for example:sonarqube_qualitygate`

Expected Behavior

< 9.9 - no conditions are populated - e.g.

resource "sonarqube_qualitygate" "default" {
    conditions = []
    id         = "My way"
    is_default = true
    name       = "My way"
}

9.9+ - 6 conditions populated - e.g.

resource "sonarqube_qualitygate" "default" {
    conditions = [
        <snip>
        {
            error  = "80"
            id     = "AYe40uWkpq_IgwDfAktH"
            metric = "new_coverage"
            op     = "LT"
        },
    ]
    id         = "My way"
    is_default = true
    name       = "My way"
}

Actual Behavior

In all cases we get

resource "sonarqube_qualitygate" "default" {
    conditions = []
    id         = "My way"
    is_default = true
    name       = "My way"
}

Steps to Reproduce

With a terraform script like this:

resource "sonarqube_qualitygate" "default" {
  name       = "My way"
}

apply it to a Sonar instance 9.9 or above

References

#154 refers to the problem but I think fixing the problem does not depend on that and may well form part of the solution to same

We have tf automation that creates git repos for each of our services, and we would like to use this provider to also create SonarQube portfolios for each service. This can be done via the API, see: https://sonarqube.mq01-qa.marqeta.io/web_api/api/views/create. We'd want to provide the parameters allowed by the API via terraform, naturally.

Applying sonarqube_qualityprofile_project_association will create the required association but will exit with error

Error: resourceSonarqubeQualityProfileProjectAssociationRead: Failed to find project association: My way/project_key

1. terraform-provider-sonarqube/sonarqube/resource_sonarqube_qualityprofile_project_association.go

   Line 53 in e4f4279

   Description: "Project name",

   should be "Project key" according to http://localhost:9000/web_api/api/qualityprofiles/add_project. Also if you try to use project name apply will fail with error not being able to find a project.

2. terraform-provider-sonarqube/sonarqube/resource_sonarqube_qualityprofile_project_association.go

   Lines 165 to 167 in e4f4279

   	if idSlice[1] == value.Name {
   	d.SetId(d.Id())
   	d.Set("project", value.Name)

this will try to compare project key with project name and will exit with an error as posted above.

Hi,
thank you for the job you do on this great provider!

I have a use case where I need a datasource for “sonarqube_group” and “sonarqube_qualitygate”.

Affected Resource(s)

• sonarqube_group
• sonarqube_qualitygate

data “sonarqube_group” “my_global_group” {
	name = “MyGroup”
}

data “sonarqube_qualitygate” “my_custom_gate” {
	name = “MyGate”
}

How can I contribute?

Regards,
Esteban

A number of deprecated API properties were removed in SonarQube v10.
The provider is still using these so is incompatible with v10.
The integration tests will fail when run against the latest images - you can see the breaking issues in the output of my PR in my fork:
freeranger#2
or if you run the action in #161

The issues are:

2023/04/28 10:44:33 [DEBUG] POST ***127.0.0.1:9000/api/rules/create?custom_key=basicRule&markdown_description=markdown_description&name=name&params=&prevent_reactivation=false&severity=INFO&status=READY&template_key=xml%3AXPathCheck&type=VULNERABILITY
--- FAIL: TestAccSonarqubeRuleDataSource (1.16s)
    data_source_sonarqube_rule_test.go:31: Step 1/1 error: Error running apply: exit status 1
        
        Error: API returned an error: The 'customKey' parameter is missing
        
          with sonarqube_rule.inrlbihaqx,
          on terraform_plugin_test.tf line 3, in resource "sonarqube_rule" "inrlbihaqx":
           3: 		resource "sonarqube_rule" "inrlbihaqx" {
        
--- FAIL: TestAccSonarqubeGroupBasic (7.45s)
    resource_sonarqube_group_test.go:37: Step 4/4 error running import: exit status 1
        
        Error: The provider returned a resource missing an identifier during ImportResourceState. This is generally a bug in the resource implementation for import. Resource import code should not call d.SetId("") or create an empty ResourceData. If the resource is missing, instead return an error. Please report this to the provider developers.

--- FAIL: TestAccSonarqubeQualityprofileActivateRuleBasic (1.99s)
    resource_sonarqube_qualityprofile_activate_rule_test.go:48: Step 1/2 error: Error running apply: exit status 1
        
        Error: API returned an error: The 'customKey' parameter is missing
        
          with sonarqube_rule.jtuqefezqq,
          on terraform_plugin_test.tf line 8, in resource "sonarqube_rule" "jtuqefezqq":
           8: 		resource "sonarqube_rule" "jtuqefezqq" {
        
--- FAIL: TestAccSonarqubeRuleBasic (0.97s)
    resource_sonarqube_rules_test.go:38: Step 1/2 error: Error running apply: exit status 1
        
        Error: API returned an error: The 'customKey' parameter is missing
        
          with sonarqube_rule.qhpwsfzaxx,
          on terraform_plugin_test.tf line 3, in resource "sonarqube_rule" "qhpwsfzaxx":
           3: 		resource "sonarqube_rule" "qhpwsfzaxx" {
       

Hi @jdamata,

I've just stumbled on this project, awesome to see you are working on a terraform provider for sonarqube. I actually also started with this a couple of weeks ago and was wondering if we can perhaps join efforts?

See https://github.com/labd/terraform-provider-sonarqube

Let me know if you are interested

Terraform Version

v1.1.9

Affected Resource(s)

• sonarqube_project

Expected Behavior

resource should have been successfully created

Actual Behavior

error: resourceSonarqubeProjectRead: Failed to find project

Steps to Reproduce

default sonarqube page size is 100. If you have more projects than that and the project is not on the first page, the method resourceSonarqubeProjectRead returns an error.

Solution

In the file:
https://github.com/jdamata/terraform-provider-sonarqube/blob/master/sonarqube/resource_sonarqube_project.go

and method: resourceSonarqubeProjectRead the url param should be projects instead of project