[fix][SonarQube]: allow project list with non-admin (Browse) token (fixes #8710)#8731
Merged
klesh merged 1 commit intoapache:mainfrom Feb 26, 2026
Merged
[fix][SonarQube]: allow project list with non-admin (Browse) token (fixes #8710)#8731klesh merged 1 commit intoapache:mainfrom
klesh merged 1 commit intoapache:mainfrom
Conversation
dosubot
bot
added
size:S
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
When adding a SonarQube data scope, the project list was empty even though "Test Connection" succeeded when using a non-admin token. The plugin was calling the projects/search API, which requires admin (or equivalent) permissions. This PR switches to components/search_projects, which works with a token that has Browse permission, so users can list projects and add scopes without an admin token.
Backend: use
components/search_projectsinstead ofprojects/searchinapi/blueprint_v200.go(GetApiProject) andapi/remote_api.go(querySonarqubeProjects).Config UI: add a subLabel on the token field stating that a token with Browse permission is sufficient for listing projects and collecting issues, hotspots, and file metrics; listing Accounts may still require a system admin token on some instances.
Does this close any open issues?
Closes #8710
Screenshots
Include any relevant screenshots here.
Other Information
No change to connection validation; "Test Connection" behavior is unchanged.