jdamata / terraform-provider-sonarqube Goto Github PK
View Code? Open in Web Editor NEWTerraform provider for managing Sonarqube configuration
License: GNU General Public License v3.0
Terraform provider for managing Sonarqube configuration
License: GNU General Public License v3.0
Hi there,
1.3.2
I should be able to create a profile for any language that SonarQube supports
The provider only supports a subset:
[]string{"cs", "css", "flex", "go", "java", "js", "jsp", "kotlin", "php", "py", "ruby", "scala", "ts", "vbnet", "web", "xml"},
so attempting to use terraform for example will result in:
expected language to be one of [cs css flex go java js json jsp kotlin php py ruby scala ts vbnet web xml], got terraform
Please list the steps required to reproduce the issue, for example:
terraform apply
any sonarqube_qualityprofile for the language "terraform"
The offending line of code is here:
This is simply a matter of extending the list but has the following disadvantages
If you retrieve the list of supported languages from /api/languages/list
then you can validate it is one of these.
Disadvantage: This may be non-trivial (or not possible at all) with an SDK plugin but should be using the new framework mode.
This would seem to be the simplest option with few downsides
Here, an error still occurs but it is an API error at apply time rather than a validation error.
From a consumer perspective, there is little different - the error would look like this:
API returned an error: Value of parameter 'language' (bob) must be one of: [cloudformation, cs, css, flex, go, java, js, json, jsp, kotlin, kubernetes, php, py, ruby, scala, terraform, text, ts, vbnet, web, xml, yaml]
(Here I used "bob" as the language since terraform actually is supported).
And the operation fails as expected.
This is the preferred option IMO since we are allowing SonarQube itself to decide what it does/does not support
Hi there,
Getting below Error Error: failed to execute http request
, but when I run a curl command (curl -u ${sonarqube_token}: https://<sonarqube-fqdn>/api/system/info
) from the same Machine it works.
Terraform v1.4.5
Terraform SonarQube Provider Version: 0.16.1
all resources (group, project, permissions)
What actually happened?
Error: failed to execute http request: GET https://<token>:@<sonarqube fqdn>/api/system/info? giving up after 5 attempt(s). Request: &{0x16a4400 <nil> 0xc0000b8800}
with provider["registry.terraform.io/jdamata/sonarqube"],
on sonarqube.tf line 9, in provider "sonarqube":
9: provider "sonarqube" {
Please list the steps required to reproduce the issue, for example:
terraform plan
Thanks in advance.
Terraform v1.1.9
terraform init
What should have happened?
Install the provider
What actually happened?
│ Error: Failed to install provider
│ Error while installing jdamata/sonarqube v0.14.0: could not query provider registry for registry.terraform.io/jdamata/sonarqube: failed to retrieve authentication checksums for provider: 404 Not Found
Terraform v1.0.10
on linux_amd64
resource "sonarqube_project" "project" {
name = "my_project"
project = "my_project"
visibility = "public"
}
When changing project's visibility setting, Terraform should not need to replace the whole project.
There is a dedicated API for managing the project's visibility. POST api/projects/update_visibility
Terraform want's to replace the project.
Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the following symbols:
-/+ destroy and then create replacement
Terraform will perform the following actions:
# sonarqube_project.my_project must be replaced
-/+ resource "sonarqube_project" "projects" {
~ id = "my_project" -> (known after apply)
name = "my_project"
~ visibility = "private" -> "public" # forces replacement
# (1 unchanged attribute hidden)
}
Please list the steps required to reproduce the issue, for example:
terraform apply
Terraform v1.0.9
on linux_amd64
+ provider registry.terraform.io/jdamata/sonarqube v0.0.7
resource "sonarqube_user" "example_user" {
login_name = "user"
name = "Example user"
is_local = false
}
resource "sonarqube_group" "example_users" {
name = "example-users"
description = "Example users"
}
A way to associate the example_user
with the group example_users
No way to associate them currently
Link to API endpoint: /web_api/api/user_groups/add_user
Hi there,
I am using this provider to provision quality gates, roles, permissions, etc.
I have created a permission template which enforces RBAC and I would like to set it as the default permission template to apply to new projects. I have searched the doc/code and did not find any way to do this as of right now.
$ terraform -v
Terraform v1.1.3
on linux_amd64
...
+ provider registry.terraform.io/jdamata/sonarqube v0.15.0
Being able to set a permission template as the default one to apply to new projects when they are created.
No signs of being able to use the permissions/set_default_template
api endpoint.
Hi there,
I am experiencing issues with a number of Sonarqube provider-managed projects, where it seems that a Terraform provider fails to process data retrieved from Sonarqube APIs.
When provisioning new project in Sonarqube, I see a following error:
Error: Provider produced inconsistent result after apply
When applying changes to module.tf-postfix-repo.sonarqube_project.repo,
provider "registry.terraform.io/jdamata/sonarqube" produced an unexpected new
value: Root resource was present, but now absent.
This is a bug in the provider, which should be reported in the provider's own
issue tracker.
This error does not prevent Sonarqube providers from provisioning a project in Sonarqube, but I believe it fails to import/process data to store it in a state file. For example, if I am trying to import created resource I get:
Error: nil entry in ImportState results. This is always a bug with
the resource that is being imported. Please report this as
a bug to Terraform.
The project name I am importing: tf-postfix
Note: it is worth mentioning that we observed this issue only for the projects which start with t
character
0.13.5
Please list the resources as a list, for example:
If this issue appears to affect multiple resources, it may be an issue with Terraform's core, so please mention this.
# Sonarqube project configuration
#
# This file contains all configurations for a sonarqube project, which is used for multiple code validations
resource "sonarqube_project" "repo" {
name = var.name
project = var.name
visibility = "public"
}
# Associate a default PR validation quality gate to a Sonarqube project
resource "sonarqube_qualitygate_project_association" "default_pr" {
gatename = local.default_pr_validation_qg
projectkey = sonarqube_project.repo.project
}
# Associate custom quality gates to the project.
# Configuration taken from `custom_quality_gates` map
resource "sonarqube_qualitygate" "custom" {
for_each = var.custom_quality_gates
name = each.key
}
resource "sonarqube_qualitygate_project_association" "custom" {
for_each = var.custom_quality_gates
gatename = sonarqube_qualitygate.custom[each.key].id
projectkey = sonarqube_project.repo.project
}
resource "sonarqube_qualitygate_condition" "custom" {
for_each = var.custom_quality_gates
gatename = sonarqube_qualitygate.custom[each.key].id
metric = each.value.metric
threshold = each.value.threshold
op = each.value.operator
}
Note: the Sonarqube resources provisioned as a separate internal Terraform module
Terraform should be able to provision/import Sonarqube projects
Terraform failed to import a Sonarqube project into a state file, thus resulting in an untracked resource
Please list the steps required to reproduce the issue, for example:
terraform apply
Sonarqube version: 8.9
Sonarqube provider version: 0.0.3
Hello, I have an issue when deleting a quality gate. The default always changes to the "sonar way" one, regardless of which one is the actual set as default one. When deleting Quality Gates, the instance of Sonarqube also breaks because of this because the /qualitygates/list does not respond 200 anymore
A fix to restore the instance is to create a dummy quality gate using the /qualitygates/create?name=test and then /qualitygates/set_as_default/test
Why do you need to always invoke the set_as_default when destroying a quality gate? I think we need it only if the quality gate to be destroyed is set as default.
Link below:
Best,
l
I am unable to add some quality gate metrics via terraform on SonarQube, specially the OWASP Dependency-Check ones(High Severity Vulnerabilities, Critical Severity Vulnerabilites etc.).
Getting the following error:
Error: API returned an error: There is no metric with key=blocker_issues. (whereas it appears on the UI)
module "set_qualitygate_condition"{
source = "../"
qualitygate_name = "test"
qualitygate_condition_list = [
{
metric = "vulnerabilities",
"threshold" = "10",
"op" = "GT"
},
{
"metric" = "total_vulnerabilities",
"threshold" = "20",
"op" = "GT"
},
{
"metric" = "vulnerable_dependencies",
"threshold" = "10",
"op" = "GT"
},
{
"metric" = "blocker-issues",
"threshold" = "3",
"op" = "GT"
}
]
qualitygate_default = true
}
I was able to add the other three metrics via terraform with the same configuration as mentioned above.
Hi there,
It would be very useful to be able to retrive rules matching a set of supplied criteria as we can with the api/rules/search endpoint.
Terraform v1.2.2 on windows_amd64
I would like to be able to retrieve a set of rules rather than just a single rule.
No way to achieve this using the provider - it is necessary to use a http provider to interact with the API directly/
http://localhost:9000/web_api/api/qualityprofiles/search
e.g. to retrieve all non-deprecated CRITICAL code smells:
http://localhost:9000/api/rules/search?ps=500&languages=cs&types=CODE_SMELL&statuses=READY&severities=CRITICAL
Hi there
1.3.2
Should support settings that accept multiple values.
Only support single values
apply something like this:
resource "sonarqube_setting" "analysis_scope_source_exclusions" {
key = "sonar.global.exclusions"
values = ["**/samples/**/*.*", ".github1/**/*.*", "afoo2"]
}
It simply isn't supported - the current implementation of sonarqube_setting
supports value
only.
There is some commented out beginnings of support for values
and fieldValues
Hi,
it would be nice a have a provider specific proxy config option. (for example like aws provider https://registry.terraform.io/providers/hashicorp/aws/latest/docs#http_proxy)
I know in the current version it's possible via env vars, but running in a large stack it effects every provider and can cause problems.
Do you think, there's any chance to implement this?
Thank you already in advance.
Hi there,
We're facing issues using your provider with a SonarQube instance hosted on a subpath.
If you need any help to fix this, we're open to provide a pull request
Terraform v1.2.5
Global to provider
provider "sonarqube" {
token = "<redacted>"
host = "https://quality-analysis.my-host.io/sonar/"
}
We expect provider to work relatively to provided host.
For instance, version API should be called as following
https://quality-analysis.my-host.io/sonar/api/server/version
Provider fails to call any API, because it's removing subpath when building API URL
terraform plan
on any sonarqube instance hosted on a subpath1.3.7
terraform {
required_providers {
gitlab = {
source = "gitlabhq/gitlab"
version = "3.19.0"
}
google-beta = {
source = "hashicorp/google-beta"
version = "4.10.0"
}
null = {
source = "hashicorp/null"
version = "3.1.0"
}
kubernetes = {
source = "hashicorp/kubernetes"
version = "2.14.0"
}
sonarqube = {
source = "jdamata/sonarqube"
version = "0.15.6"
}
}
required_version = ">= 1.1.0"
}
provider "sonarqube" {
host = "https://sonarqube-${local.hostname}" # Hostname changes depending on the deployment environment (e.g.: dev vs prod)
}
Sonarqube provider config should rely on environment variables for reading user, pass, token, host, etc.
NOTE: Docs do mention that host
is a required parameter, but if the SONAR_HOST
env var could be used I don't see why there needs to be a provider block at all.
Our company runs in an environment where we do not use consistent usernames or passwords and all tokens rotate. We have no problem setting environment variables from kubernetes secrets though or on a one-off basis. All terraform code is checked into git so we avoid hard-coding passwords/token whenever possible.
Sonarqube provider returned the following errors:
╷
│ Error: Missing required argument
│
│ with provider["registry.terraform.io/jdamata/sonarqube"],
│ on <empty> line 0:
│ (source code not available)
│
│ "user": all of `pass,user` must be specified
╵
╷
│ Error: Invalid combination of arguments
│
│ with provider["registry.terraform.io/jdamata/sonarqube"],
│ on <empty> line 0:
│ (source code not available)
│
│ "token": one of `pass,token` must be specified
Please list the steps required to reproduce the issue, for example:
terraform init
terraform plan
Hi
SonarQube made a change in the 9.9
release (SONAR-17818) which automatically adds their "clean as you code" conditions to any quality gate that you create.
This basically makes it impossible to set different values using the terraform provider.
This is what we have been doing:
resource "sonarqube_qualitygate" "default" {
name = "My way"
is_default = true
}
resource "sonarqube_qualitygate_condition" "new_coverage" {
gatename = sonarqube_qualitygate.default.name
metric = "new_coverage"
op = "LT"
threshold = "50"
}
Which will no longer work because the new_coverage
metric is already added when the gate is created but terraform state doesn't know about it - so you get this:
Error: API returned an error: Condition on metric 'Coverage on New Code' already exists.
with sonarqube_qualitygate_condition.new_coverage,
on quality_gates.tf line 29, in resource "sonarqube_qualitygate_condition" "new_coverage":
29: resource "sonarqube_qualitygate_condition" "new_coverage" {
I am not a GO developer but I played around with the provider and it seems like resource_sonarqube_qualitygate.go
does not populate the conditions
array when a gate is created. It looks like it should but this seems to be a bug:
resp.Body
is at the end of the body so conditions
always remains empty.
Anyway I messed around a bit and fixed that to populate from qualityGateReadResponse.Conditions
and now tf state will contain e.g.
resource "sonarqube_qualitygate" "default" {
conditions = [
<snip>
{
error = "80"
id = "AYe40uWkpq_IgwDfAktH"
metric = "new_coverage"
op = "LT"
},
]
id = "My way"
is_default = true
name = "My way"
}
when the gate is created.
This still doesn't help with updating the conditions however since any new ones you create are in a completely different resource - e.g.:
resource "sonarqube_qualitygate_condition" "security_rating" {
gatename = "My way"
id = "AYe48en3pq_IgwDfAktJ"
metric = "security_rating"
op = "GT"
threshold = "1"
}
It feels like the sonarqube_qualitygate
resource needs to handle the conditions in all cases and sonarqube_qualitygate_condition
should be removed as it would be unnecessay at this point.
It is essentially useless for updating any of the conditions that SonarQube adds automatically now anyway.
And migrating to a new version of sonarqube_qualitygate
could be a bit painful/a breaking change.
It feels like the sort of change that would require some discussion @jdamata rather than someone simply pushing a PR and hoping it is accepted :)
And of course there may be other solutions available....such as potentially sonarqube_qualitygate_condition
updating the child resource within the sonarqube_qualitygate
- though that may be a bit hacky even if it is possible?
Should be SONARQUBE_TOKEN
not SONRQUBE_TOKEN
.
Hi,
thank you for your great provider!
It would be great to hava datasources by name for:
like
datasource "sonarqube_permission_template" example {
name =
}
then I could use it by 'sonarqube_permissions' for template_id
or
resource "sonarqube_permissions" example {
...
template = (not only template_id)
}
Thank You
Eugen
Hi,
I have made a MR to add the expirationDate parameter to the user_token creation.
#112
I have build it on my computer under WSL but I didn't test it :'( so look at it carefully.
Thanks,
Frédéric
Hello,
I have the impression that the sonarqube_setting
resource of the provider cannot handle secured settings at this point in time.
We have a terraform project where we use the azuread provider to create an azuread app + service principal for terraform and then we want to configure the resulting values in sonarqube to enable azuread authentication. We fail to set the required application secret and application id.
Please list the resources as a list, for example:
resource "sonarqube_setting" "aad-client-id" {
key = "sonar.auth.aad.clientId.secured"
value = azuread_application.openid_aad_app.application_id
}
resource "sonarqube_setting" "aad-client-secret" {
key = "sonar.auth.aad.clientSecret.secured"
value = azuread_service_principal_password.openid_aad_app_sp_secret.value
}
The setting should have been overwritten with the new/latest value.
Nothing, the terraform execution failed with:
│ Error: resourceSonarqubeSettingsRead: Failed to find setting: sonar.auth.aad.clientId.secured
│
│ with sonarqube_setting.aad-client-id,
│ on sonarqube-settings.tf line 6, in resource "sonarqube_setting" "aad-client-id":
│ 6: resource "sonarqube_setting" "aad-client-id" {
│
╵
╷
│ Error: resourceSonarqubeSettingsRead: Failed to find setting: sonar.auth.aad.clientSecret.secured
│
│ with sonarqube_setting.aad-client-secret,
│ on sonarqube-settings.tf line 11, in resource "sonarqube_setting" "aad-client-secret":
│ 11: resource "sonarqube_setting" "aad-client-secret" {
│
I verified locally with curl and if you try to get the setting value with the key of a secured setting, you get a response from which you can deduct that the setting exists but is secured.
{
"settings":[],
"setSecuredSettings":["sonar.auth.aad.clientId.secured"]
}
Could the provider be adjusted so that, if the setting is secured, the setting can be written without checking the current value?
Hi there, I'm getting this error when running terraform init for this latest version.
Terraform v1.1.7 on linux_amd64
Please list the resources as a list, for example:
terraform {
required_version = ">= 0.13"
required_providers {
sonarqube = {
source = "jdamata/sonarqube"
}
}
}
provider "sonarqube" {
user = "admin"
pass = "admin"
host = "http://127.0.0.1:9000"
installed_version = "8.9.7"
tls_insecure_skip_verify = true
}
What should have happened?
Run the terraform init sucessfully.
What actually happened?
Show the following error:
Error while installing jdamata/sonarqube v0.14.0: could not query provider registry for registry.terraform.io/jdamata/sonarqube: failed to retrieve authentication checksums for provider: 404 Not Found
Please list the steps required to reproduce the issue, for example:
terraform init
Currently the sonarqube_qualitygate
resource only supports two inputs (name
and is_default
).
It would be nice to be able to create Quality Gates by copying an existing gate, just as the Copy
button in the UI (see image below), or the api/qualitygates/copy
endpoint.
My proposed solution is to add an extra argument (copy_from
) to the sonarqube_qualitygate
resource to support copying an existing gate.
Hi @jdamata ,
As per our mail conversations regarding: SonarCloud Terraform-Go Code conversation from your SonarQube related code, Will you be fine if we fork your repository & do the required changes for SonarCloud?
Please approve so that I can go ahead & start doing the required changes for SonarCloud requirement.
I have also replied for your mail. I'll wait for your response.
Thanks again!!
Regards,
Nishanta Banik
Hi there,
Thank you for opening an issue.
Sonarqube version: 9.9.0
Terraform v1.2.9
on linux_amd64
Please list the resources as a list, for example:
sonarqube_gitlab_binding.gitlab-binding: Creating...
╷
│ Error: API returned an error: Unknown url : /api/alm_settings/set_gitlab_binding
│
│ with sonarqube_gitlab_binding.gitlab-binding,
│ on integration.tf line 13, in resource "sonarqube_gitlab_binding" "gitlab-binding":
│ 13: resource "sonarqube_gitlab_binding" "gitlab-binding" {
│
╵
ERRO[0026] 1 error occurred:
* exit status 1
create binding
error
Please list the steps required to reproduce the issue, for example:
terraform apply
Are there any other GitHub issues (open or closed) or Pull Requests that should be linked here? For example:
Terraform v1.0.9
on linux_amd64
sonarqube_user
sonarqube_project
sonarqube_qualityprofile
sonarqube_rule
Data sources exists for some key resources.
Example:
data "sonarqube_qualityprofile" "main" {
name = "example"
}
data.sonarqube_qualityprofile.main.key
no way to get metadata about existing resources in sonar
Hi there,
Thank you for opening an issue.
terraform -v
Terraform v1.4.4
on darwin_arm64
+ provider registry.terraform.io/jdamata/sonarqube v0.15.11
Please list the resources as a list, for example:
the config is simple with a module, but with like around 700 groups to create
resource "sonarqube_group" "group" {
count = var.enable_group ? 1 : 0
name = var.group_name
description = "Managed by terraform"
}
Should create these groups successfully
What actually happened?
terraform apply
, The groups are created successfully, but terraform apply will be failed with error below:│ Error: Provider produced inconsistent result after apply
│
│ When applying changes to
│ module.foo.sonarqube_group.group, provider
│ "provider[\"registry.terraform.io/jdamata/sonarqube\"]" produced an
│ unexpected new value: Root resource was present, but now absent.
│
│ This is a bug in the provider, which should be reported in the provider's
│ own issue tracker.
terraform apply
, command will be failed with group is existed
Thank you for your time.
Terraform v1.0.9
on linux_amd64
sonarqube_qualitygate
sonarqube_qualitygate has "default" attribute of type boolean to be able to set quality gate as default
no way to make quality gate as default
http://localhost:9000/web_api/api/qualitygates/set_as_default
The stripPermissions
method in resource_sonarqube_permissions_go
explicitly removes applicationcreator
and portfoliocreator
.
This causes a problem when trying to set group permissions that include them.
1.3.2
sonarqube_permissions
resource "sonarqube_group" "my_admin_group" {
name = "MyAdministrators"
description = "My Administrators."
}
resource "sonarqube_permissions" "my_admin_group_permissions" {
group_name = sonarqube_group.my_admin_group.name
permissions = ["admin","applicationcreator", "gateadmin", "portfoliocreator", "profileadmin", "provisioning"]
}
The permissions are set on first terraform apply
and are unchanged on subsequent calls
Every call to terraform plan
or terraform apply
after the initial setup decides that my_admin_group_permissions needs to be updated.
Terraform will perform the following actions:
# sonarqube_permissions.my_admin_group_permissions must be replaced
-/+ resource "sonarqube_permissions" "my_admin_group_permissions" {
~ id = "37fa3e90-b42e-4e3e-8485-d81f6e7f1c66" -> (known after apply)
~ permissions = [ # forces replacement
"admin",
+ "applicationcreator",
"gateadmin",
+ "portfoliocreator",
"profileadmin",
# (1 unchanged element hidden)
]
# (1 unchanged attribute hidden)
}
Please list the steps required to reproduce the issue, for example:
terraform apply
using the two resources I listed earlierterraform apply
againI believe this is because when terraform comes to check if the resource needs to be updated or not, because stripPermissions
strips out some permissions, it thinks that the permission list is 2 shorter than it actually is...which does not match with the .tf
file => the resource needs to be updated. And this will happen evey time because the two permissions are always removed.
I am unsure of the circumstance under which it makes sense to remove those two permissions but it seems not to be appropriate in the case where the caller is supplying only the group_name
and permissions
list
Hello @jdamata,
I found a bug while importing a sonarqube group, which isn't delivered via the sonarqube API (/api/user_groups/search?q=) on the first page. Sonarqube paginates results and the terraform provider doesn't browse "pages" in order to find the group.
$ terraform -v
Terraform v1.0.1
on darwin_amd64
+ provider registry.terraform.io/jdamata/sonarqube v0.0.6
https://gist.github.com/scurow-bdr/9d38c438028de7d0c69e17376ec2914b
The provider should recognize paginated entries while importing.
The provider does not find paginated entries while importing.
Please list the steps required to reproduce the issue, for example:
./run.sh
in the aforementioned GIST https://gist.github.com/scurow-bdr/9d38c438028de7d0c69e17376ec2914bTerraform v1.0.9
on linux_amd64
sonarqube_qualityprofile_deactivate_rule
sonarqube_qualityprofile_deactivate_rule exists
no way to deactivate rule on a quality profile.
Sonar API documentation http://localhost:9000/web_api/api/qualityprofiles/deactivate_rule
Terraform v1.0.9
on linux_amd64
sonarqube_qualityprofile_project_association
sonarqube_qualityprofile_project_association has "parent_quality_profile" attribute to be able to set parent quality profile
no way to set parent quality profile
Sonar API documentation http://localhost:9000/web_api/api/qualityprofiles/change_parent
Hello,
Sonarqube is now supporting terraform HCL (starting from 9.3 version) terraform
needs to be added as a valid language in the language parameter of the sonarqube_qualityprofile
resource.
resource "sonarqube_qualityprofile" "terraform_profile" {
name = "example"
language = "terraform"
is_default = false
parent = "sonar way"
}
`Terraform v1.2.4
on linux_amd64
It would be great if the user token resource supports the new token types from SonarQube 9.5.
API Parameter
Besides the current default 'USER_TOKEN' there are two new types 'GLOBAL_ANALYSIS_TOKEN' and 'PROJECT_ANALYSIS_TOKEN' (which requires an additional field 'projectKey'.
The request and response parameters are almost the same, so we probably just need two new terraform variables, which get piped to the api.
Terraform v1.0.9
on linux_amd64
sonarqube_qualityprofile_activate_rules
sonarqube_qualityprofile_activate_rules exists
no way to bulk-activate rules on one quality profile.
Sonar API documentation http://localhost:9000/web_api/api/qualityprofiles/activate_rules
SonarQube supports multiple DevOps integrations (e.g.: GitHub, GitLab, Azure, etc). Configuring these integrations through terraform would be incredibly useful.
These integrations require a SonarQube developer edition or higher installation.
Hi,
I am testing this provider but I get this error when I run terraform plan
. When I copy the same url to my browser it works fine.
Thanks.
Error: Unable to reach sonarqube: GET https://xxx:[email protected]/api/server/version? giving up after 5 attempt(s)
Terraform v1.1.5
on windows_amd64
terraform {
required_version = "~> 1.1"
required_providers {
sonarqube = {
source = "jdamata/sonarqube"
}
}
backend "azurerm" {
resource_group_name = "xxx"
storage_account_name = "xxx"
container_name = "xxx"
key = "xxx"
}
}
provider "sonarqube" {
user = "xxx"
pass = "xxx"
host = "https://sonarqube.mycompany.com"
}
resource "sonarqube_project" "test_project" {
name = "test-project-by-terraform"
project = "test-project-by-terraform"
visibility = "public"
}
Produce the plan
Error failing to connect to SonarQube
Hi there,
tldr
SonarQube will use "is worse than" operator for conditions that have grade rating thresholds. It's not exactly clear which op
to use when provisioning this condition. It turns out that GT
is the only way I found it worked and provisioned what I wanted.
For context, I was able to successfully provision my quality gate; however, I wanted to surface this to see if this was the intended behavior.
Run terraform -v
to show the version. If you are not running the latest version of Terraform, please upgrade because your issue may have already been fixed.
terraform -v
Terraform v1.3.1
on darwin_arm64
Please list the resources as a list, for example:
// Example main.tf that will not successfully apply.
resource "sonarqube_qualitygate" "main" {
name = "My Quality Gate"
is_default = false
condition {
metric = "new_coverage"
op = "LT"
threshold = "50"
}
condition {
metric = "new_duplicated_lines_density"
op = "GT"
threshold = "3"
}
condition {
metric = "new_maintainability_rating"
op = "LT"
threshold = "1"
}
condition {
metric = "new_reliability_rating"
op = "LT"
threshold = "1"
}
condition {
metric = "new_security_hotspots_reviewed"
op = "LT"
threshold = "100"
}
condition {
metric = "new_security_review_rating"
op = "LT"
threshold = "1"
}
}
resource "sonarqube_qualitygate_project_association" "main" {
gatename = sonarqube_qualitygate.main.name
projectkey = var.projectKey
}
I'd assume if I use op = "LT"
that that would be synonymous and/or evaluate to SonarQube's "is worse than" operator.
This will actually not work and yield:
│ Error: resourceSonarqubeQualityGateCreate: Failed to synchronise quality gate conditions: addOrUpdateCondition: Failed to create condition 'new_reliability_rating': API returned an error: Operator LT is not allowed for this metric.
Please list the steps required to reproduce the issue, for example:
terraform apply
Are there any other GitHub issues (open or closed) or Pull Requests that should be linked here? For example:
Hi
The sonarqube_qualitygate
resource looks like it should populate conditions
when the resource is read - see here:
terraform-provider-sonarqube/sonarqube/resource_sonarqube_qualitygate.go
Lines 182 to 186 in e230cdf
The problem is that by the time it hits this code, we have already read the resp.Body
so this is alway empty.
In versions of Sonar prior to 9.9
this was not an issue because no conditions are added when the quality gate is created.
In 9.9
and above however, six conditions are automatically added and so they should be returned here.
Terraform v1.3.9
Please list the resources as a list, for example:
sonarqube_qualitygate`
< 9.9
- no conditions are populated - e.g.
resource "sonarqube_qualitygate" "default" {
conditions = []
id = "My way"
is_default = true
name = "My way"
}
9.9+
- 6 conditions populated - e.g.
resource "sonarqube_qualitygate" "default" {
conditions = [
<snip>
{
error = "80"
id = "AYe40uWkpq_IgwDfAktH"
metric = "new_coverage"
op = "LT"
},
]
id = "My way"
is_default = true
name = "My way"
}
In all cases we get
resource "sonarqube_qualitygate" "default" {
conditions = []
id = "My way"
is_default = true
name = "My way"
}
With a terraform script like this:
resource "sonarqube_qualitygate" "default" {
name = "My way"
}
apply it to a Sonar instance 9.9
or above
#154 refers to the problem but I think fixing the problem does not depend on that and may well form part of the solution to same
We have tf automation that creates git repos for each of our services, and we would like to use this provider to also create SonarQube portfolios for each service. This can be done via the API, see: https://sonarqube.mq01-qa.marqeta.io/web_api/api/views/create. We'd want to provide the parameters allowed by the API via terraform, naturally.
Applying sonarqube_qualityprofile_project_association will create the required association but will exit with error
Error: resourceSonarqubeQualityProfileProjectAssociationRead: Failed to find project association: My way/project_key
this will try to compare project key with project name and will exit with an error as posted above.
Hi,
thank you for the job you do on this great provider!
I have a use case where I need a datasource for “sonarqube_group” and “sonarqube_qualitygate”.
data “sonarqube_group” “my_global_group” {
name = “MyGroup”
}
data “sonarqube_qualitygate” “my_custom_gate” {
name = “MyGate”
}
How can I contribute?
Regards,
Esteban
A number of deprecated API properties were removed in SonarQube v10
.
The provider is still using these so is incompatible with v10.
The integration tests will fail when run against the latest images - you can see the breaking issues in the output of my PR in my fork:
freeranger#2
or if you run the action in #161
The issues are:
2023/04/28 10:44:33 [DEBUG] POST ***127.0.0.1:9000/api/rules/create?custom_key=basicRule&markdown_description=markdown_description&name=name¶ms=&prevent_reactivation=false&severity=INFO&status=READY&template_key=xml%3AXPathCheck&type=VULNERABILITY
--- FAIL: TestAccSonarqubeRuleDataSource (1.16s)
data_source_sonarqube_rule_test.go:31: Step 1/1 error: Error running apply: exit status 1
Error: API returned an error: The 'customKey' parameter is missing
with sonarqube_rule.inrlbihaqx,
on terraform_plugin_test.tf line 3, in resource "sonarqube_rule" "inrlbihaqx":
3: resource "sonarqube_rule" "inrlbihaqx" {
--- FAIL: TestAccSonarqubeGroupBasic (7.45s)
resource_sonarqube_group_test.go:37: Step 4/4 error running import: exit status 1
Error: The provider returned a resource missing an identifier during ImportResourceState. This is generally a bug in the resource implementation for import. Resource import code should not call d.SetId("") or create an empty ResourceData. If the resource is missing, instead return an error. Please report this to the provider developers.
--- FAIL: TestAccSonarqubeQualityprofileActivateRuleBasic (1.99s)
resource_sonarqube_qualityprofile_activate_rule_test.go:48: Step 1/2 error: Error running apply: exit status 1
Error: API returned an error: The 'customKey' parameter is missing
with sonarqube_rule.jtuqefezqq,
on terraform_plugin_test.tf line 8, in resource "sonarqube_rule" "jtuqefezqq":
8: resource "sonarqube_rule" "jtuqefezqq" {
--- FAIL: TestAccSonarqubeRuleBasic (0.97s)
resource_sonarqube_rules_test.go:38: Step 1/2 error: Error running apply: exit status 1
Error: API returned an error: The 'customKey' parameter is missing
with sonarqube_rule.qhpwsfzaxx,
on terraform_plugin_test.tf line 3, in resource "sonarqube_rule" "qhpwsfzaxx":
3: resource "sonarqube_rule" "qhpwsfzaxx" {
Hi @jdamata,
I've just stumbled on this project, awesome to see you are working on a terraform provider for sonarqube. I actually also started with this a couple of weeks ago and was wondering if we can perhaps join efforts?
See https://github.com/labd/terraform-provider-sonarqube
Let me know if you are interested
v1.1.9
resource should have been successfully created
error: resourceSonarqubeProjectRead: Failed to find project
default sonarqube page size is 100. If you have more projects than that and the project is not on the first page, the method resourceSonarqubeProjectRead returns an error.
In the file:
https://github.com/jdamata/terraform-provider-sonarqube/blob/master/sonarqube/resource_sonarqube_project.go
and method: resourceSonarqubeProjectRead the url param should be projects instead of project
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.