SONAR-17771 Drop the support for 'sonar.password'

Co-authored-by: Eric Giffon <eric.giffon@sonarsource.com>
nagyist · Jan 6, 2025 · df71895 · df71895
1 parent a6805b0
commit df71895
Show file tree

Hide file tree

Showing 10 changed files with 77 additions and 57 deletions.
diff --git a/...test/branch/DeprecatedBranchMediumIT.java → ...erties/UnsupportedPropertiesMediumIT.java b/...test/branch/DeprecatedBranchMediumIT.java → ...erties/UnsupportedPropertiesMediumIT.java
@@ -17,7 +17,7 @@
  * along with this program; if not, write to the Free Software Foundation,
  * Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
  */
-package org.sonar.scanner.mediumtest.branch;
+package org.sonar.scanner.mediumtest.properties;
 
 import com.google.common.collect.ImmutableMap;
 import java.io.File;
@@ -33,9 +33,10 @@
 import org.sonar.xoo.XooPlugin;
 import org.sonar.xoo.rule.XooRulesDefinition;
 
+import static java.nio.charset.StandardCharsets.UTF_8;
 import static org.assertj.core.api.Assertions.assertThatThrownBy;
 
-class DeprecatedBranchMediumIT {
+class UnsupportedPropertiesMediumIT {
 
   @TempDir
   private File temp;
@@ -69,11 +70,7 @@ void prepare() {
 
   @Test
   void scanProjectWithBranch() throws IOException {
-    File srcDir = new File(baseDir, "src");
-    srcDir.mkdir();
-
-    File xooFile = new File(srcDir, "sample.xoo");
-    FileUtils.write(xooFile, "Sample xoo\ncontent");
+    prepareContent();
 
     assertThatThrownBy(() -> tester.newAnalysis()
       .properties(ImmutableMap.<String, String>builder()
@@ -85,4 +82,26 @@ void scanProjectWithBranch() throws IOException {
       .hasMessage("The 'sonar.branch' parameter is no longer supported. You should stop using it. " +
         "Branch analysis is available in Developer Edition and above. See https://www.sonarsource.com/plans-and-pricing/developer/ for more information.");
   }
+
+  @Test
+  void scanProjectWithPassword() throws IOException {
+    prepareContent();
+
+    assertThatThrownBy(() -> tester.newAnalysis()
+      .properties(ImmutableMap.<String, String>builder()
+        .putAll(commonProps)
+        .put("sonar.password", "anything")
+        .build())
+      .execute())
+      .isInstanceOf(MessageException.class)
+      .hasMessage("The property 'sonar.password' is no longer supported. Please pass a token with the 'sonar.token' property instead.");
+  }
+
+  private void prepareContent() throws IOException {
+    File srcDir = new File(baseDir, "src");
+    srcDir.mkdir();
+
+    File xooFile = new File(srcDir, "sample.xoo");
+    FileUtils.write(xooFile, "Sample xoo\ncontent", UTF_8);
+  }
 }
diff --git a/sonar-scanner-engine/src/main/java/org/sonar/scanner/bootstrap/SpringScannerContainer.java b/sonar-scanner-engine/src/main/java/org/sonar/scanner/bootstrap/SpringScannerContainer.java
@@ -337,11 +337,6 @@ protected void doAfterStart() {
     ScanProperties properties = getComponentByType(ScanProperties.class);
     properties.validate();
 
-    properties.get("sonar.branch").ifPresent(deprecatedBranch -> {
-      throw MessageException.of("The 'sonar.branch' parameter is no longer supported. You should stop using it. " +
-        "Branch analysis is available in Developer Edition and above. See https://www.sonarsource.com/plans-and-pricing/developer/ for more information.");
-    });
-
     BranchConfiguration branchConfig = getComponentByType(BranchConfiguration.class);
     if (branchConfig.branchType() == BranchType.PULL_REQUEST && LOG.isInfoEnabled()) {
       LOG.info("Pull request {} for merge into {} from {}", branchConfig.pullRequestKey(), pullRequestBaseToDisplayName(branchConfig.targetBranchName()),

diff --git a/sonar-scanner-engine/src/main/java/org/sonar/scanner/http/DefaultScannerWsClient.java b/sonar-scanner-engine/src/main/java/org/sonar/scanner/http/DefaultScannerWsClient.java
@@ -106,13 +106,13 @@ private void failIfUnauthorized(WsResponse response) {
       response.close();
       if (hasCredentials) {
         // credentials are not valid
-        throw MessageException.of(format("Not authorized. Please check the user token in the property '%s' or the credentials in the properties '%s' and '%s'.",
-          ScannerWsClientProvider.TOKEN_PROPERTY, CoreProperties.LOGIN, CoreProperties.PASSWORD));
+        throw MessageException.of(format("Not authorized. Please check the user token in the property '%s' or '%s' (deprecated).",
+          ScannerWsClientProvider.TOKEN_PROPERTY, CoreProperties.LOGIN));
       }
       // not authenticated - see https://jira.sonarsource.com/browse/SONAR-4048
       throw MessageException.of(format("Not authorized. Analyzing this project requires authentication. " +
-        "Please check the user token in the property '%s' or the credentials in the properties '%s' and '%s'.",
-        ScannerWsClientProvider.TOKEN_PROPERTY, CoreProperties.LOGIN, CoreProperties.PASSWORD));
+        "Please check the user token in the property '%s' or '%s' (deprecated).",
+        ScannerWsClientProvider.TOKEN_PROPERTY, CoreProperties.LOGIN));
     }
     if (code == HTTP_FORBIDDEN) {
       logResponseDetailsIfDebug(response);

diff --git a/sonar-scanner-engine/src/main/java/org/sonar/scanner/http/ScannerWsClientProvider.java b/sonar-scanner-engine/src/main/java/org/sonar/scanner/http/ScannerWsClientProvider.java
@@ -96,7 +96,7 @@ public DefaultScannerWsClient provide(ScannerProperties scannerProps, Environmen
       .responseTimeoutMilliseconds(parseDurationProperty(responseTimeout, SONAR_SCANNER_RESPONSE_TIMEOUT))
       .userAgent(env.toString())
       .url(url)
-      .credentials(login, scannerProps.property(CoreProperties.PASSWORD))
+      .token(login)
       .setSSLSocketFactory(sslContext.getSslSocketFactory())
       .setTrustManager(sslContext.getTrustManager().orElseThrow());
 

diff --git a/...ner-engine/src/main/java/org/sonar/scanner/scan/DeprecatedPropertiesWarningGenerator.java b/...ner-engine/src/main/java/org/sonar/scanner/scan/DeprecatedPropertiesWarningGenerator.java
@@ -33,10 +33,6 @@
 public class DeprecatedPropertiesWarningGenerator {
   private static final Logger LOG = LoggerFactory.getLogger(DeprecatedPropertiesWarningGenerator.class);
 
-  @VisibleForTesting
-  static final String PASSWORD_WARN_MESSAGE = String.format("The properties '%s' and '%s' are deprecated and will be removed in the " +
-      "future. Please pass a token with the '%s' property instead.", CoreProperties.LOGIN, CoreProperties.PASSWORD,
-    ScannerWsClientProvider.TOKEN_PROPERTY);
   @VisibleForTesting
   static final String LOGIN_WARN_MESSAGE = String.format("The property '%s' is deprecated and will be removed in the future. " +
     "Please use the '%s' property instead when passing a token.", CoreProperties.LOGIN, ScannerWsClientProvider.TOKEN_PROPERTY);
@@ -50,20 +46,17 @@ public class DeprecatedPropertiesWarningGenerator {
   private final EnvironmentInformation environmentInformation;
 
   public DeprecatedPropertiesWarningGenerator(Configuration configuration, AnalysisWarnings analysisWarnings,
-                                              EnvironmentInformation environmentInformation) {
+    EnvironmentInformation environmentInformation) {
     this.configuration = configuration;
     this.analysisWarnings = analysisWarnings;
     this.environmentInformation = environmentInformation;
   }
 
   public void execute() {
     Optional<String> login = configuration.get(CoreProperties.LOGIN);
-    Optional<String> password = configuration.get(CoreProperties.PASSWORD);
 
     String warningMessage = null;
-    if (password.isPresent()) {
-      warningMessage = PASSWORD_WARN_MESSAGE;
-    } else if (login.isPresent()) {
+    if (login.isPresent()) {
       warningMessage = LOGIN_WARN_MESSAGE;
     }
 

diff --git a/sonar-scanner-engine/src/main/java/org/sonar/scanner/scan/ScanProperties.java b/sonar-scanner-engine/src/main/java/org/sonar/scanner/scan/ScanProperties.java
@@ -25,6 +25,7 @@
 import org.sonar.api.batch.fs.internal.DefaultInputProject;
 import org.sonar.api.config.Configuration;
 import org.sonar.api.utils.MessageException;
+import org.sonar.scanner.http.ScannerWsClientProvider;
 
 import static org.sonar.core.config.ScannerProperties.BRANCH_NAME;
 import static org.sonar.core.config.ScannerProperties.FILE_SIZE_LIMIT;
@@ -103,5 +104,22 @@ public long fileSizeLimit() {
    */
   public void validate() {
     metadataFilePath();
+    validatePassword();
+    validateBranch();
+  }
+
+  private void validateBranch() {
+    configuration.get("sonar.branch").ifPresent(deprecatedBranch -> {
+      throw MessageException.of("The 'sonar.branch' parameter is no longer supported. You should stop using it. " +
+        "Branch analysis is available in Developer Edition and above. See https://www.sonarsource.com/plans-and-pricing/developer/ for more information.");
+    });
+  }
+
+  private void validatePassword() {
+    configuration.get("sonar.password")
+      .ifPresent(p -> {
+        throw MessageException.of(String.format("The property 'sonar.password' is no longer supported. " +
+          "Please pass a token with the '%s' property instead.", ScannerWsClientProvider.TOKEN_PROPERTY));
+      });
   }
 }
diff --git a/sonar-scanner-engine/src/test/java/org/sonar/scanner/http/DefaultScannerWsClientTest.java b/sonar-scanner-engine/src/test/java/org/sonar/scanner/http/DefaultScannerWsClientTest.java
@@ -145,7 +145,7 @@ public void call_whenUnauthenticatedAndDebugEnabled_shouldLogResponseDetails() {
     assertThatThrownBy(() -> client.call(request))
       .isInstanceOf(MessageException.class)
       .hasMessage("Not authorized. Analyzing this project requires authentication. Please check the user token in the property 'sonar.token' " +
-        "or the credentials in the properties 'sonar.login' and 'sonar.password'.");
+        "or 'sonar.login' (deprecated).");
 
     List<String> debugLogs = logTester.logs(Level.DEBUG);
     assertThat(debugLogs).hasSize(3);
@@ -165,7 +165,7 @@ public void call_whenMissingCredentials_shouldFailWithMsg() {
     assertThatThrownBy(() -> client.call(request))
       .isInstanceOf(MessageException.class)
       .hasMessage("Not authorized. Analyzing this project requires authentication. Please check the user token in the property 'sonar.token' " +
-        "or the credentials in the properties 'sonar.login' and 'sonar.password'.");
+        "or 'sonar.login' (deprecated).");
   }
 
   @Test
@@ -180,7 +180,7 @@ public void call_whenInvalidCredentials_shouldFailWithMsg() {
       new GlobalAnalysisMode(new ScannerProperties(Collections.emptyMap())), analysisWarnings);
     assertThatThrownBy(() -> client.call(request))
       .isInstanceOf(MessageException.class)
-      .hasMessage("Not authorized. Please check the user token in the property 'sonar.token' or the credentials in the properties 'sonar.login' and 'sonar.password'.");
+      .hasMessage("Not authorized. Please check the user token in the property 'sonar.token' or 'sonar.login' (deprecated).");
   }
 
   @Test

diff --git a/...engine/src/test/java/org/sonar/scanner/scan/DeprecatedPropertiesWarningGeneratorTest.java b/...engine/src/test/java/org/sonar/scanner/scan/DeprecatedPropertiesWarningGeneratorTest.java
@@ -36,7 +36,6 @@
 import static org.mockito.Mockito.verifyNoInteractions;
 import static org.mockito.Mockito.when;
 import static org.sonar.scanner.scan.DeprecatedPropertiesWarningGenerator.LOGIN_WARN_MESSAGE;
-import static org.sonar.scanner.scan.DeprecatedPropertiesWarningGenerator.PASSWORD_WARN_MESSAGE;
 import static org.sonar.scanner.scan.DeprecatedPropertiesWarningGenerator.SCANNER_DOTNET_WARN_MESSAGE;
 
 public class DeprecatedPropertiesWarningGeneratorTest {
@@ -54,7 +53,6 @@ public class DeprecatedPropertiesWarningGeneratorTest {
   @Before
   public void setUp() throws Exception {
     settings.removeProperty(CoreProperties.LOGIN);
-    settings.removeProperty(CoreProperties.PASSWORD);
     when(environmentInformation.getKey()).thenReturn("ScannerCLI");
   }
 
@@ -68,17 +66,6 @@ public void execute_whenUsingLogin_shouldAddWarning() {
     Assertions.assertThat(logger.logs(Level.WARN)).contains(LOGIN_WARN_MESSAGE);
   }
 
-  @Test
-  public void execute_whenUsingPassword_shouldAddWarning() {
-    settings.setProperty(CoreProperties.LOGIN, "test");
-    settings.setProperty(CoreProperties.PASSWORD, "winner winner chicken dinner");
-
-    underTest.execute();
-
-    verify(analysisWarnings, times(1)).addUnique(PASSWORD_WARN_MESSAGE);
-    Assertions.assertThat(logger.logs(Level.WARN)).contains(PASSWORD_WARN_MESSAGE);
-  }
-
   @Test
   public void execute_whenUsingLoginAndDotNetScanner_shouldAddWarning() {
     settings.setProperty(CoreProperties.LOGIN, "test");
@@ -90,18 +77,6 @@ public void execute_whenUsingLoginAndDotNetScanner_shouldAddWarning() {
     Assertions.assertThat(logger.logs(Level.WARN)).contains(LOGIN_WARN_MESSAGE + SCANNER_DOTNET_WARN_MESSAGE);
   }
 
-  @Test
-  public void execute_whenUsingPasswordAndDotNetScanner_shouldAddWarning() {
-    settings.setProperty(CoreProperties.LOGIN, "test");
-    settings.setProperty(CoreProperties.PASSWORD, "winner winner chicken dinner");
-    when(environmentInformation.getKey()).thenReturn("ScannerMSBuild");
-
-    underTest.execute();
-
-    verify(analysisWarnings, times(1)).addUnique(PASSWORD_WARN_MESSAGE + SCANNER_DOTNET_WARN_MESSAGE);
-    Assertions.assertThat(logger.logs(Level.WARN)).contains(PASSWORD_WARN_MESSAGE + SCANNER_DOTNET_WARN_MESSAGE);
-  }
-
   @Test
   public void execute_whenNotUsingLoginOrPassword_shouldNotAddWarning() {
     underTest.execute();

diff --git a/sonar-scanner-engine/src/test/java/org/sonar/scanner/scan/ScanPropertiesTest.java b/sonar-scanner-engine/src/test/java/org/sonar/scanner/scan/ScanPropertiesTest.java
@@ -99,4 +99,24 @@ public void validate_fails_if_metadata_file_location_is_not_absolute() {
       .isInstanceOf(MessageException.class)
       .hasMessage("Property 'sonar.scanner.metadataFilePath' must point to an absolute path: relative");
   }
+
+  @Test
+  public void validate_fails_if_sonar_branch_is_set() {
+    settings.setProperty("sonar.branch", "anything");
+
+    assertThatThrownBy(underTest::validate)
+      .isInstanceOf(MessageException.class)
+      .hasMessage("The 'sonar.branch' parameter is no longer supported. You should stop using it. " +
+        "Branch analysis is available in Developer Edition and above. See https://www.sonarsource.com/plans-and-pricing/developer/ for more information.");
+  }
+
+  @Test
+  public void validate_fails_if_sonar_password_is_set() {
+    settings.setProperty("sonar.password", "anything");
+
+    assertThatThrownBy(underTest::validate)
+      .isInstanceOf(MessageException.class)
+      .hasMessage("The property 'sonar.password' is no longer supported. " +
+        "Please pass a token with the 'sonar.token' property instead.");
+  }
 }
diff --git a/sonar-ws/src/testFixtures/java/org/sonarqube/ws/tester/UserTester.java b/sonar-ws/src/testFixtures/java/org/sonarqube/ws/tester/UserTester.java
@@ -66,11 +66,10 @@ void deleteAll() {
       });
   }
 
-  public final String generateToken(String login) {
+  public final UserTokens.GenerateWsResponse generateToken(String login) {
     int id = ID_GENERATOR.getAndIncrement();
     String name = "token" + id;
-    session.wsClient().userTokens().generate(new GenerateRequest().setLogin(login).setName(name));
-    return name;
+    return session.wsClient().userTokens().generate(new GenerateRequest().setLogin(login).setName(name));
   }
 
   public final String generateToken(String login, String type, @Nullable String projectKey) {
@@ -81,6 +80,7 @@ public final String generateToken(String login, String type, @Nullable String pr
     return response.getToken();
   }
 
+  @SafeVarargs
   public final String generateToken(String login, Consumer<GenerateRequest>... populators) {
     int id = ID_GENERATOR.getAndIncrement();
     String name = "token" + id;