search

sbaudoin / sonar-ansible

SonarQube plugin to analyze Ansible playbooks
Apache License 2.0
71 stars 17 forks source link

Sonar-scanner not saving ansible-lint issues #20

Closed jcastrfe closed 3 years ago

jcastrfe commented 4 years ago

Hello.

I've been running some test in our staging instances in order to audit my ansible playbooks with Sonarqube but I faced a very strange issue:

When running sonar-scanner in DEBUG mode (after properly installing ansible-lint and checking that ansible-lint actually analyses) it is not able to save ansible-lint reports and send them back to Sonarqube. Here's sonar-scanner result for that matter:

12:23:55.055 DEBUG: 7 issue(s) found 12:23:55.057 DEBUG: Analyzing file: ejemplo_ansible.yml 12:23:55.057 DEBUG: Executing command: [ansible-lint, -p, --nocolor, /home/master/workspace/REGRESION/ANSIBLE/prueba-analisis-ansible-yaml/src/ejemplo_ansible.yml] 12:23:55.057 DEBUG: Work directory: /home/master/workspace/REGRESION/ANSIBLE/prueba-analisis-ansible-yaml 12:23:55.930 WARN: Errors happened during analysis: Syntax Error while loading YAML. mapping values are not allowed here

The error appears to be in '/home/master/workspace/REGRESION/ANSIBLE/prueba-analisis-ansible-yaml/src/ejemplo_ansible.yml': line 92, column 14, but may be elsewhere in the file depending on the exact syntax problem.

The offending line appears to be:

  - hosts: webservers
         ^ here

12:23:55.930 DEBUG: 0 issue(s) found 12:23:55.930 DEBUG: Saving issues for file:///home/master/workspace/REGRESION/ANSIBLE/prueba-analisis-ansible-yaml/src/docker-compose.yml 12:23:55.931 DEBUG: Saving issues for file:///home/master/workspace/REGRESION/ANSIBLE/prueba-analisis-ansible-yaml/src/docker-compose.yaml 12:23:55.931 DEBUG: Saving issues for file:///home/master/workspace/REGRESION/ANSIBLE/prueba-analisis-ansible-yaml/src/ejemplo.yml 12:23:55.932 DEBUG: Saving issues for file:///home/master/workspace/REGRESION/ANSIBLE/prueba-analisis-ansible-yaml/src/ejemplo_ansible.yml 12:23:55.932 INFO: Sensor Ansible Lint Sensor [ansible] (done) | time=4286ms 1

Although it gets all issues, sonar-scanner is not able to save them correctly, so no issues are shown in Sonarqube. I'm working with:

I'd like to know if there is any related issue to this one, and whether it is any problem related with sonar-ansible or it's about ansible-lint/sonar-scanner.

Thank you very much.

sandro-h commented 4 years ago

Hi, we're seemingly experiencing the same issue: the analysis succeeds, and with debug output I see that ansible-lint reports issues, but these issues are not displayed in Sonar.

Note: if I downgrade ansible-lint to 4.1.0 it works. I think this stems from https://github.com/ansible/ansible-lint/pull/620, which normalized reported file paths.

Compare the outputs between: ansible-lint 4.1.0

cd /projects/projectA/projectA-ansible
ansible-lint -p --nocolor -c .ansible-lint /projects/projectA/projectA-ansible/system-update.yml
/projects/projectA/projectA-ansible/system-update.yml:19: [E301] Commands should not change things if nothing needs doing
/projects/projectA/projectA-ansible/system-update.yml:31: [E301] Commands should not change things if nothing needs doing

ansible-lint 4.2.0

cd /projects/projectA/projectA-ansible
ansible-lint -p --nocolor -c .ansible-lint /projects/projectA/projectA-ansible/system-update.yml
system-update.yml:19: [E301] Commands should not change things if nothing needs doing
system-update.yml:31: [E301] Commands should not change things if nothing needs doing

The problem does not occur if you have a single-module project, because the normalized paths are still valid. But in our case we have multiple gradle submodules and relative to the root project the normalized paths can't be found, and so sonar-ansible reports the issues for non-existent files.

sbaudoin commented 4 years ago

hello,

Thanks a lot for debugging the issue. I'll try to fix that soon. BTW that's odd there is no warning for the files not being found as per the path.

Sylvain

rgaduput commented 4 years ago

Hi, we're seemingly experiencing the same issue: the analysis succeeds, and with debug output I see that ansible-lint reports issues, but these issues are not displayed in Sonar.

  • sonarqube 7.9.2
  • sonar-ansible 2.3.0
  • sonar-yaml 1.5.1
  • ansible-lint 4.2.0
  • sonar-scanner for gradle 2.7

Note: if I downgrade ansible-lint to 4.1.0 it works. I think this stems from ansible/ansible-lint#620, which normalized reported file paths.

Compare the outputs between: ansible-lint 4.1.0

cd /projects/projectA/projectA-ansible
ansible-lint -p --nocolor -c .ansible-lint /projects/projectA/projectA-ansible/system-update.yml
/projects/projectA/projectA-ansible/system-update.yml:19: [E301] Commands should not change things if nothing needs doing
/projects/projectA/projectA-ansible/system-update.yml:31: [E301] Commands should not change things if nothing needs doing

ansible-lint 4.2.0

cd /projects/projectA/projectA-ansible
ansible-lint -p --nocolor -c .ansible-lint /projects/projectA/projectA-ansible/system-update.yml
system-update.yml:19: [E301] Commands should not change things if nothing needs doing
system-update.yml:31: [E301] Commands should not change things if nothing needs doing

The problem does not occur if you have a single-module project, because the normalized paths are still valid. But in our case we have multiple gradle submodules and relative to the root project the normalized paths can't be found, and so sonar-ansible reports the issues for non-existent files.

Hi @sbaudoin , We are also facing this problem, sonar does not report the syntax error if there is any. But i do not see how its related normalized report problems.

I think the problem is here, https://github.com/sbaudoin/sonar-ansible/blob/943c45a10a8cfed7b32a3eeeac003f85d70f98a2/sonar-ansible-api/src/main/java/com/github/sbaudoin/sonar/plugins/ansible/rules/AbstractAnsibleSensor.java#L137

when ansible-linter throws Syntax exception, it is only as Error and not output. where as this utility captures and saves only output lines https://github.com/sbaudoin/sonar-ansible/blob/943c45a10a8cfed7b32a3eeeac003f85d70f98a2/sonar-ansible-api/src/main/java/com/github/sbaudoin/sonar/plugins/ansible/rules/AbstractAnsibleSensor.java#L140

sbaudoin commented 4 years ago

Sorry for the late reply. I'm trying hard to reproduce the various problems listed in this issue.

@jcastrfe For your specific issue, the debug output you see is expected, because the syntax errors are not trapped by the ansible plugin but instead by the yaml plugin. So if you have created a custom profile for Ansible, make sure you have enabled the "YAML parser failure" rule, which the rule for syntax errors.

sbaudoin commented 4 years ago

@rgaduput hello, same as for @jcastrfe : syntax errors are not reported by the ansible plugin, you have to enable the rule "YAML parser failure" from the yaml plugin to get them.

sbaudoin commented 4 years ago

@jcastrfe can you share more details, especially how you launch the scanner and you quality profile, please?

sbaudoin commented 4 years ago

@sandro-h if I launch the sonar-scanner manually everything works with ansible-lint 4.2. The plugin works with absolute paths almost everywhere to avoid such issues. This works when you launch the scanner on the command line but maybe there are troubles when the plugin is called from Maven or Gradle. Is it possible for you to get and post the debug output of the plugin when it fails, please?

sbaudoin commented 4 years ago

I managed to reproduce (or create, I don't know) a very similar issue when running the scanner from the a directory other than the project's home directory. In such a situation, everything's fine with sonar-lint 4.1 but not 4.2 because of the new way the file paths are returned by ansible-lint. I'm going to release a fix soon.