jenkins/sap-jenkins-library
1
0
Fork 0
mirror of https://github.com/SAP/jenkins-library.git synced 2025-01-30 05:59:39 +02:00
Code Issues Releases Activity

fix(sonar): add default trust store password to SONAR_SCANNER_OPTS (#1941)

Browse Source 
* add trustStorePassword to SONAR_SCANNER_OPTS

-Djavax.net.ssl.trustStorePassword=changeit has to be provided to the SONAR_SCANNER_OPTS otherwise we get a 

ERROR: SonarQube server [https://sonar.wdf.sap.corp] can not be reached on our new jenkins server
Caused by: javax.net.ssl.SSLException: Unexpected error: java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty

we tried to inject via "options" variable of the sonarExecuteScan task, but seems it is not recognized as it is overwritten by the SONAR_SCANNER_OPTS defined in this file.

* adapt tests

* Update sonarExecuteScan.go

* Update sonarExecuteScan_test.go

* Update sonarExecuteScan.go

* Update sonarExecuteScan_test.go

Co-authored-by: Christopher Fenner <26137398+CCFenner@users.noreply.github.com>
This commit is contained in:
veiththomas 2020-08-24 14:39:45 +02:00 committed by GitHub
parent a0bed00fad
commit 48620c3f49
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 6 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
cmd/sonarExecuteScan.go
View File

@ -207,7 +207,7 @@ func loadCertificates(certificateList []string, client piperhttp.Downloader, run
if exists, _ := fileUtilsExists(trustStoreFile); exists {
// use local existing trust store
sonar.addEnvironment("SONAR_SCANNER_OPTS=-Djavax.net.ssl.trustStore=" + trustStoreFile)
sonar.addEnvironment("SONAR_SCANNER_OPTS=-Djavax.net.ssl.trustStore=" + trustStoreFile + " -Djavax.net.ssl.trustStorePassword=changeit")
log.Entry().WithField("trust store", trustStoreFile).Info("Using local trust store")
} else
//TODO: certificate loading is deactivated due to the missing JAVA keytool
@ -239,7 +239,7 @@ func loadCertificates(certificateList []string, client piperhttp.Downloader, run
return errors.Wrap(err, "Adding certificate to keystore failed")
}
}
sonar.addEnvironment("SONAR_SCANNER_OPTS=-Djavax.net.ssl.trustStore=" + trustStoreFile)
sonar.addEnvironment("SONAR_SCANNER_OPTS=-Djavax.net.ssl.trustStore=" + trustStoreFile + " -Djavax.net.ssl.trustStorePassword=changeit")
log.Entry().WithField("trust store", trustStoreFile).Info("Using local trust store")
} else {
log.Entry().Debug("Download of TLS certificates skipped")

8
cmd/sonarExecuteScan_test.go
View File

@ -110,7 +110,7 @@ func TestRunSonar(t *testing.T) {
assert.Contains(t, sonar.options, "-Dsonar.organization=SAP")
assert.Contains(t, sonar.environment, "SONAR_HOST_URL=https://sonar.sap.com")
assert.Contains(t, sonar.environment, "SONAR_TOKEN=secret-ABC")
assert.Contains(t, sonar.environment, "SONAR_SCANNER_OPTS=-Djavax.net.ssl.trustStore="+filepath.Join(getWorkingDir(), ".certificates", "cacerts"))
assert.Contains(t, sonar.environment, "SONAR_SCANNER_OPTS=-Djavax.net.ssl.trustStore="+filepath.Join(getWorkingDir(), ".certificates", "cacerts")+" -Djavax.net.ssl.trustStorePassword=changeit")
assert.FileExists(t, filepath.Join(sonar.workingDir, "sonarExecuteScan_reports.json"))
assert.FileExists(t, filepath.Join(sonar.workingDir, "sonarExecuteScan_links.json"))
})
@ -275,7 +275,7 @@ func TestSonarLoadCertificates(t *testing.T) {
err := loadCertificates([]string{}, &mockClient, &mockRunner)
// assert
assert.NoError(t, err)
assert.Contains(t, sonar.environment, "SONAR_SCANNER_OPTS=-Djavax.net.ssl.trustStore="+filepath.Join(getWorkingDir(), ".certificates", "cacerts"))
assert.Contains(t, sonar.environment, "SONAR_SCANNER_OPTS=-Djavax.net.ssl.trustStore="+filepath.Join(getWorkingDir(), ".certificates", "cacerts")+" -Djavax.net.ssl.trustStorePassword=changeit")
})
t.Run("use local trust store with downloaded certificates", func(t *testing.T) {
@ -300,7 +300,7 @@ func TestSonarLoadCertificates(t *testing.T) {
assert.Equal(t, "https://sap.com/custom-2.crt", mockClient.requestedURL[1])
assert.Regexp(t, "custom-1.crt$", mockClient.requestedFile[0])
assert.Regexp(t, "custom-2.crt$", mockClient.requestedFile[1])
assert.Contains(t, sonar.environment, "SONAR_SCANNER_OPTS=-Djavax.net.ssl.trustStore="+filepath.Join(getWorkingDir(), ".certificates", "cacerts"))
assert.Contains(t, sonar.environment, "SONAR_SCANNER_OPTS=-Djavax.net.ssl.trustStore="+filepath.Join(getWorkingDir(), ".certificates", "cacerts")+" -Djavax.net.ssl.trustStorePassword=changeit")
})
t.Run("use local trust store with downloaded certificates - deactivated", func(t *testing.T) {
@ -317,7 +317,7 @@ func TestSonarLoadCertificates(t *testing.T) {
err := loadCertificates([]string{"any-certificate-url"}, &mockClient, &mockRunner)
// assert
assert.NoError(t, err)
assert.NotContains(t, sonar.environment, "SONAR_SCANNER_OPTS=-Djavax.net.ssl.trustStore="+filepath.Join(getWorkingDir(), ".certificates", "cacerts"))
assert.NotContains(t, sonar.environment, "SONAR_SCANNER_OPTS=-Djavax.net.ssl.trustStore="+filepath.Join(getWorkingDir(), ".certificates", "cacerts")+" -Djavax.net.ssl.trustStorePassword=changeit")
})
t.Run("use no trust store", func(t *testing.T) {