SCANJLIB-230 Add warning when sonar.login (and sonar.token simultaneously) is used

Author: aleksandra-bozhinoska-sonarsource

lib/src/main/java/org/sonarsource/scanner/lib/ScannerEngineBootstrapper.java

@@ -56,10 +56,12 @@
 import static java.util.Optional.ofNullable;
 import static org.sonarsource.scanner.lib.ScannerProperties.SCANNER_ARCH;
 import static org.sonarsource.scanner.lib.ScannerProperties.SCANNER_OS;
+import static org.sonarsource.scanner.lib.ScannerProperties.SONAR_LOGIN;
 import static org.sonarsource.scanner.lib.ScannerProperties.SONAR_SCANNER_KEYSTORE_PASSWORD;
 import static org.sonarsource.scanner.lib.ScannerProperties.SONAR_SCANNER_KEYSTORE_PATH;
 import static org.sonarsource.scanner.lib.ScannerProperties.SONAR_SCANNER_TRUSTSTORE_PASSWORD;
 import static org.sonarsource.scanner.lib.ScannerProperties.SONAR_SCANNER_TRUSTSTORE_PATH;
+import static org.sonarsource.scanner.lib.ScannerProperties.SONAR_TOKEN;
 
 /**
  * Entry point to run a Sonar analysis programmatically.
@@ -71,6 +73,7 @@ public class ScannerEngineBootstrapper {
   private static final String SONARCLOUD_HOST = "https://sonarcloud.io";
   private static final String SONARCLOUD_REST_API = "https://api.sonarcloud.io";
   static final String SQ_VERSION_NEW_BOOTSTRAPPING = "10.6";
+  static final String SQ_VERSION_TOKEN_AUTHENTICATION = "10.0";
   private static final String JAVAX_NET_SSL_TRUST_STORE = "javax.net.ssl.trustStore";
   private static final String JAVAX_NET_SSL_TRUST_STORE_PASSWORD = "javax.net.ssl.trustStorePassword";
   private static final String JAVAX_NET_SSL_KEY_STORE = "javax.net.ssl.keyStore";
@@ -138,6 +141,11 @@ public ScannerEngineBootstrapResult bootstrap() {
       scannerHttpClient.init(httpConfig);
 
       var serverVersion = !isSonarCloud ? getServerVersion(scannerHttpClient) : null;
+
+      if (!isSonarCloud && VersionUtils.isAtLeastIgnoringQualifier(serverVersion, SQ_VERSION_TOKEN_AUTHENTICATION) && Objects.nonNull(httpConfig.getLogin())) {
+        LOG.warn("Use of {} property has been deprecated in favor of {}. Please use the {} property when passing a token.", SONAR_LOGIN, SONAR_TOKEN, SONAR_TOKEN);
+      }
+
       ScannerEngineFacade scannerFacade;
       if (isSonarCloud || VersionUtils.isAtLeastIgnoringQualifier(serverVersion, SQ_VERSION_NEW_BOOTSTRAPPING)) {
         var launcher = scannerEngineLauncherFactory.createLauncher(scannerHttpClient, fileCache, immutableProperties);

lib/src/main/java/org/sonarsource/scanner/lib/internal/http/HttpConfig.java

@@ -27,6 +27,7 @@
 import java.time.Duration;
 import java.time.format.DateTimeParseException;
 import java.util.Map;
+import java.util.Objects;
 import javax.annotation.Nullable;
 import org.apache.commons.lang3.StringUtils;
 import org.slf4j.Logger;
@@ -87,6 +88,10 @@ public HttpConfig(Map<String, String> bootstrapProperties, Path sonarUserHome) {
     this.restApiBaseUrl = StringUtils.removeEnd(bootstrapProperties.get(ScannerProperties.API_BASE_URL), "/");
     this.token = bootstrapProperties.get(ScannerProperties.SONAR_TOKEN);
     this.login = bootstrapProperties.get(ScannerProperties.SONAR_LOGIN);
+    if (Objects.nonNull(this.login) && Objects.nonNull(this.token)) {
+      LOG.warn("Both sonar.token and sonar.login properties are set, but only sonar.token will be used.");
+    }
+
     this.password = bootstrapProperties.get(ScannerProperties.SONAR_PASSWORD);
     this.userAgent = format("%s/%s", bootstrapProperties.get(InternalProperties.SCANNER_APP), bootstrapProperties.get(InternalProperties.SCANNER_APP_VERSION));
     this.socketTimeout = loadDuration(bootstrapProperties, SONAR_SCANNER_SOCKET_TIMEOUT, READ_TIMEOUT_SEC_PROPERTY, DEFAULT_READ_TIMEOUT_SEC);

lib/src/test/java/org/sonarsource/scanner/lib/ScannerEngineBootstrapperTest.java

@@ -65,6 +65,7 @@
 import static org.mockito.Mockito.verify;
 import static org.mockito.Mockito.when;
 import static org.sonarsource.scanner.lib.ScannerEngineBootstrapper.SQ_VERSION_NEW_BOOTSTRAPPING;
+import static org.sonarsource.scanner.lib.ScannerEngineBootstrapper.SQ_VERSION_TOKEN_AUTHENTICATION;
 
 class ScannerEngineBootstrapperTest {
 
@@ -122,6 +123,29 @@ void should_use_new_bootstrapping_with_sonarqube_10_6() throws Exception {
       assertThat(bootstrapResult.getEngineFacade().isSonarCloud()).isFalse();
       verifySonarQubeServerTypeLogged(SQ_VERSION_NEW_BOOTSTRAPPING);
       assertThat(bootstrapResult.getEngineFacade().getServerVersion()).isEqualTo(SQ_VERSION_NEW_BOOTSTRAPPING);
+      assertThat(logTester.logs(Level.WARN)).isEmpty();
+    }
+  }
+
+  @Test
+  void should_issue_deprecation_warning_for_sonar_login_property_sonarqube_10_0() throws Exception {
+    IsolatedLauncherFactory launcherFactory = mock(IsolatedLauncherFactory.class);
+    when(launcherFactory.createLauncher(eq(scannerHttpClient), any(FileCache.class)))
+      .thenReturn(mock(IsolatedLauncherFactory.IsolatedLauncherAndClassloader.class));
+
+    ScannerEngineBootstrapper bootstrapper = new ScannerEngineBootstrapper("Gradle", "3.1", system, scannerHttpClient,
+      launcherFactory, scannerEngineLauncherFactory);
+    when(scannerHttpClient.callRestApi("/analysis/version")).thenThrow(new HttpException(URI.create("http://myserver").toURL(), 404, "Not Found", null));
+    when(scannerHttpClient.callWebApi("/api/server/version")).thenReturn(SQ_VERSION_TOKEN_AUTHENTICATION);
+
+    try (var bootstrapResult = bootstrapper.setBootstrapProperty(ScannerProperties.HOST_URL, "http://localhost").setBootstrapProperty(ScannerProperties.SONAR_LOGIN,
+      "mockTokenValue").bootstrap()) {
+      verify(launcherFactory).createLauncher(eq(scannerHttpClient), any(FileCache.class));
+      assertThat(bootstrapResult.getEngineFacade().isSonarCloud()).isFalse();
+      assertThat(logTester.logs(Level.WARN)).contains("Use of sonar.login property has been deprecated in favor of sonar.token. Please use the sonar.token property when passing " +
+        "a token.");
+      verifySonarQubeServerTypeLogged(SQ_VERSION_TOKEN_AUTHENTICATION);
+      assertThat(bootstrapResult.getEngineFacade().getServerVersion()).isEqualTo(SQ_VERSION_TOKEN_AUTHENTICATION);
     }
   }
 

lib/src/test/java/org/sonarsource/scanner/lib/internal/http/HttpConfigTest.java

@@ -26,7 +26,10 @@
 import java.util.Map;
 import org.junit.jupiter.api.BeforeEach;
 import org.junit.jupiter.api.Test;
+import org.junit.jupiter.api.extension.RegisterExtension;
 import org.junit.jupiter.api.io.TempDir;
+import org.slf4j.event.Level;
+import testutils.LogTester;
 
 import static org.assertj.core.api.Assertions.assertThat;
 import static org.assertj.core.api.Assertions.assertThatThrownBy;
@@ -37,6 +40,9 @@ class HttpConfigTest {
 
   private final Map<String, String> bootstrapProperties = new HashMap<>();
 
+  @RegisterExtension
+  private final LogTester logTester = new LogTester();
+
   @TempDir
   private Path sonarUserHomeDir;
   private Path sonarUserHome;
@@ -74,5 +80,14 @@ void it_should_throw_if_invalid_proxy_port() {
       .hasMessage("sonar.scanner.proxyPort is not a valid integer: not_a_number");
   }
 
+  @Test
+  void should_warn_if_both_login_and_token_properties_set() {
+    bootstrapProperties.put("sonar.login", "mockTokenValue");
+    bootstrapProperties.put("sonar.token", "mockTokenValue");
+
+    new HttpConfig(bootstrapProperties, sonarUserHome);
+
+    assertThat(logTester.logs(Level.WARN)).contains("Both sonar.token and sonar.login properties are set, but only sonar.token will be used.");
+  }
 
 }