-
Notifications
You must be signed in to change notification settings - Fork 35
-
Notifications
You must be signed in to change notification settings - Fork 35
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Unique ID Requirement in SQ 7.2 #45
Comments
Hello, We are facing the same problem when trying to migrate from 7.0 to 7.2 version of SonarQube. Potential SonarQube improvement ticket that is causing the issue => https://jira.sonarsource.com/browse/SONAR-10599 Here is the log of the error:
|
Same issue here. |
I'm actually working on a patch right now that should resolve the issue. I'll submit it here as soon as I have it tested a bit more. |
Thanks srvrguy for the fix. When can we expect it to be released? |
I'm not sure when an official build will be made, but if you need it in a pinch, you can always try building the software yourself or I can provide an unofficial binary. |
@srvrguy is there a way to download the artifacts for any build from Travis? I am looking for a hotfixed version so we can continue using this login plugin, would be happy even if it's an unofficial one. Thanks! |
@srvrguy It would be good if we can have a an unofficial version of this plugin to download. Then we can test again to upgrade to the latest version of SonarQube and see if everything works fine now. Thanks again for your help. |
Thanks, @srvrguy I wonder when another version will be released as it seems this plugin is kind of dead. It would be very kind to provide a way to get this unofficial build. I will then try to convince my Information Security team to accept the use of this plugin. I really want to push for the use of Sonar in my company and do everything I can but Sonarqube team is not really helping on this... |
There isn't a way to get the build artifacts from Travis-CI. There is a way to configure an upload to S3 during the run, but no way after the fact. If you trust that I'm not malicious, you can download an unofficial build here. It's built from commit eedb377. Alternately, you can compile it yourself. It's not too complex to do via maven directly or via a maven docker image. One note: If you're upgrading to 7.2 and already have users via this plugin, you either need to install this on your current system and have everyone log in (so their data is updated), or manually update the users table to ensure that the schema upgrade will succeed. If you have questions about how to do this, let me know. Also, this plugin isn't managed by SonarSource, the company behind SonarQube. It's a community-contributed plugin and is only supported by the maintainer of this repository. |
Excellent. Just did a quick check, all looks good, thanks a lot! I've noticed 2 things:
Thanks! |
Odd, I never ran into a duplicate user issue in my testing. The plugin shouldn't manipulate that area either, which makes it even weirder. The plugin is basically an OAuth2 provider, and adds entries (if you allow sign-up) and sets the external_login and external_identity_provider columns to mark the "owner" of the account. It'll use "aad" for external_identity_provider rather than "sonarqube" and will use the user's e-mail address for "external_login". The value for "login" will depend on the login strategy you choose (it'll use the e-mail address with "@aad" appended for unique and the e-mail address by itself for same as). Other than that during login, SQ itself handles all the user display features. Not sure what you mean by test dependencies. |
For example the mockito-extensions? It wasn't part of the original package. Also pom.xml contains several test dependencies. |
I see what you mean now. That mockito-extensions folder won't bother anything, but I can submit a PR to move it where it won't be included in the package. The pom.xml will contain packages with a test scope, that's normal. I suppose this could be configured so that none of the maven meta-inf contents are included if it's a big concern. If you would like those cleaned up, can you open a new issue? I'll make some PRs against them then. |
Thanks a lot for your help on this issue @srvrguy
I completely understand this but when a company is advertising on its website that something is compatible it should be at least tested, even if it was not developed internally.
|
The newly released version 7.2 of SonarQube seems to fail on the db migration when you have AAD users. Specifically, it seems to now require that the external_identity column in the users table be unique. This column is set to "Azure AD" for every AAD login, which makes the index creation fail.
The text was updated successfully, but these errors were encountered: