SCANJLIB-169 Rework the API to support functional errors

The bootstrapper now returns a result with a boolean allowing the caller to terminate without throwing an exception.
This is used to log auth errors, but it may be also useful for other functional errors.

Author: henryju

its/it-simple-scanner/src/main/java/com/sonar/scanner/lib/it/Main.java

@@ -21,11 +21,13 @@
 
 import java.util.HashMap;
 import java.util.Map;
+import java.util.concurrent.atomic.AtomicBoolean;
 import org.sonarsource.scanner.lib.EnvironmentConfig;
 import org.sonarsource.scanner.lib.ScannerEngineBootstrapper;
 
 public class Main {
   public static void main(String[] args) {
+    AtomicBoolean success = new AtomicBoolean(false);
     try {
 
       Map<String, String> props = new HashMap<>(EnvironmentConfig.load());
@@ -36,20 +38,25 @@ public static void main(String[] args) {
         }
       }
 
-      runProject(props);
+      success.set(runScanner(props));
     } catch (Exception e) {
       e.printStackTrace();
-      System.exit(1);
+      System.exit(2);
     }
-    System.exit(0);
+    System.exit(success.get() ? 0 : 1);
   }
 
-  private static void runProject(Map<String, String> props) throws Exception {
+  private static boolean runScanner(Map<String, String> props) throws Exception {
 
-    try (var scannerEngine = ScannerEngineBootstrapper.create("Simple Scanner", "1.0")
+    try (var bootstrapResult = ScannerEngineBootstrapper.create("Simple Scanner", "1.0")
       .addBootstrapProperties(props)
       .bootstrap()) {
-      scannerEngine.analyze(props);
+      if (bootstrapResult.isSuccessful()) {
+        bootstrapResult.getEngineFacade().analyze(props);
+        return true;
+      } else {
+        return false;
+      }
     }
   }
 }

its/it-tests/src/test/java/com/sonar/scanner/lib/it/ProxyTest.java

@@ -206,8 +206,8 @@ public void simple_analysis_with_proxy_auth() throws Exception {
     params.put("sonar.scanner.proxyPort", "" + httpProxyPort);
 
     BuildResult buildResult = scanner.executeSimpleProject(project("js-sample"), ORCHESTRATOR.getServer().getUrl(), params, Map.of());
-    assertThat(buildResult.getLastStatus()).isEqualTo(1);
-    assertThat(buildResult.getLogs()).contains("Error status returned by url", ": 407");
+    assertThat(buildResult.getLastStatus()).isNotZero();
+    assertThat(buildResult.getLogs()).contains("Failed to query server version: Proxy Authentication Required.");
     assertThat(seenByProxy).isEmpty();
 
     params.put("sonar.scanner.proxyUser", PROXY_USER);

its/it-tests/src/test/java/com/sonar/scanner/lib/it/SSLTest.java

@@ -115,7 +115,7 @@ private static void startSSLTransparentReverseProxy(boolean requireClientAuth) t
 
     // Handler Structure
     HandlerCollection handlers = new HandlerCollection();
-    handlers.setHandlers(new Handler[] {proxyHandler(), new DefaultHandler()});
+    handlers.setHandlers(new Handler[]{proxyHandler(), new DefaultHandler()});
     server.setHandler(handlers);
 
     ServerConnector http = new ServerConnector(server, new HttpConnectionFactory(httpConfig));
@@ -178,7 +178,7 @@ public void simple_analysis_with_server_and_client_certificate() throws Exceptio
     BuildResult buildResult = scanner.executeSimpleProject(project("js-sample"), "https://localhost:" + httpsPort);
 
     assertThat(buildResult.getLastStatus()).isNotZero();
-    assertThat(buildResult.getLogs()).contains("javax.net.ssl.SSLHandshakeException");
+    assertThat(buildResult.getLogs()).contains("None of the TrustManagers trust this certificate chain");
 
     Path clientTruststore = Paths.get(SSLTest.class.getResource(KEYSTORE_CLIENT_WITH_CA_KEYTOOL).toURI()).toAbsolutePath();
     assertThat(clientTruststore).exists();
@@ -204,7 +204,7 @@ public void simple_analysis_with_server_and_without_client_certificate_is_failin
     BuildResult buildResult = scanner.executeSimpleProject(project("js-sample"), "https://localhost:" + httpsPort);
 
     assertThat(buildResult.getLastStatus()).isNotZero();
-    assertThat(buildResult.getLogs()).contains("javax.net.ssl.SSLHandshakeException");
+    assertThat(buildResult.getLogs()).contains("None of the TrustManagers trust this certificate chain");
 
     Path clientTruststore = Paths.get(SSLTest.class.getResource(KEYSTORE_CLIENT_WITH_CA_KEYTOOL).toURI()).toAbsolutePath();
     assertThat(clientTruststore).exists();
@@ -218,16 +218,10 @@ public void simple_analysis_with_server_and_without_client_certificate_is_failin
     // Voluntary missing client keystore
 
     buildResult = scanner.executeSimpleProject(project("js-sample"), "https://localhost:" + httpsPort, params, Map.of());
-    assertThat(buildResult.getLastStatus()).isEqualTo(1);
+    assertThat(buildResult.getLastStatus()).isNotZero();
 
-    // different exception is thrown depending on the JDK version. See: https://bugs.java.com/bugdatabase/view_bug.do?bug_id=8172163
-    String failedAnalysis = "(?s).*java\\.lang\\.IllegalStateException: Failed to get server version.*";
     assertThat(buildResult.getLogs())
-      .matches(p -> p.matches(failedAnalysis + "Caused by: javax\\.net\\.ssl\\.SSLException: Broken pipe \\(Write failed\\).*") ||
-        p.matches(failedAnalysis + "Caused by: javax\\.net\\.ssl\\.SSLProtocolException: Broken pipe \\(Write failed\\).*") ||
-        p.matches(failedAnalysis + "Caused by: javax\\.net\\.ssl\\.SSLHandshakeException: Received fatal alert: bad_certificate.*") ||
-        p.matches(failedAnalysis + "Caused by: java\\.net\\.SocketException: Broken pipe.*") ||
-        p.matches(failedAnalysis + "Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target.*"));
+      .contains("Failed to query server version: Call to URL [https://localhost:" + httpsPort + "/api/v2/analysis/version] failed: Received fatal alert: bad_certificate");
   }
 
   private static Path project(String projectName) {
@@ -244,7 +238,7 @@ public void simple_analysis_with_server_certificate(String clientTrustStore, Str
 
     BuildResult buildResult = scanner.executeSimpleProject(project("js-sample"), "https://localhost:" + httpsPort);
     assertThat(buildResult.getLastStatus()).isNotZero();
-    assertThat(buildResult.getLogs()).contains("javax.net.ssl.SSLHandshakeException");
+    assertThat(buildResult.getLogs()).contains("None of the TrustManagers trust this certificate chain");
 
     Path clientTruststore = Paths.get(SSLTest.class.getResource(clientTrustStore).toURI()).toAbsolutePath();
     assertThat(clientTruststore).exists();
@@ -265,7 +259,7 @@ public void simple_analysis_with_server_certificate(String clientTrustStore, Str
 
   @DataProvider()
   public static Object[][] variousClientTrustStores() {
-    return new Object[][] {
+    return new Object[][]{
       {KEYSTORE_CLIENT_WITH_CA_KEYTOOL, CLIENT_WITH_CA_KEYSTORE_PASSWORD, true},
       {KEYSTORE_CLIENT_WITH_CA_OPENSSL, CLIENT_WITH_CA_KEYSTORE_PASSWORD, false},
       {KEYSTORE_CLIENT_WITH_CERTIFICATE_KEYTOOL, CLIENT_WITH_CERTIFICATE_KEYSTORE_PASSWORD, true},

lib/src/main/java/org/sonarsource/scanner/lib/EnvironmentConfig.java

@@ -40,7 +40,7 @@ public class EnvironmentConfig {
   private static final String GENERIC_ENV_PREFIX = "SONAR_SCANNER_";
   private static final String SONAR_HOST_URL_ENV_VAR = "SONAR_HOST_URL";
   private static final String SONAR_USER_HOME_ENV_VAR = "SONAR_USER_HOME";
-  private static final String TOKEN_ENV_VARIABLE = "SONAR_TOKEN";
+  static final String TOKEN_ENV_VARIABLE = "SONAR_TOKEN";
 
   private EnvironmentConfig() {
     // only static methods

lib/src/main/java/org/sonarsource/scanner/lib/ScannerEngineBootstrapResult.java

@@ -0,0 +1,41 @@
+/*
+ * SonarScanner Java Library
+ * Copyright (C) 2011-2024 SonarSource SA
+ * mailto:info AT sonarsource DOT com
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 3 of the License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with this program; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
+ */
+package org.sonarsource.scanner.lib;
+
+/**
+ * Closing this will automatically close the {@link ScannerEngineFacade} that it contains, if any.
+ */
+public interface ScannerEngineBootstrapResult extends AutoCloseable {
+
+  /**
+   * Allow to test if the bootstrapping has been successful. If not, the {@link ScannerEngineFacade} should not be used.
+   * A log message should have been emitted in case of failure.
+   *
+   * @return true if the bootstrapping has been successful, false otherwise
+   */
+  boolean isSuccessful();
+
+  /**
+   * Get the facade to interact with the engine. Only call this method if {@link #isSuccessful()} returns true.
+   *
+   * @return the facade to interact with the engine
+   */
+  ScannerEngineFacade getEngineFacade();
+}

lib/src/main/java/org/sonarsource/scanner/lib/ScannerEngineBootstrapper.java

@@ -33,14 +33,18 @@
 import org.apache.commons.lang3.StringUtils;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
+import org.sonarsource.scanner.lib.internal.FailedBootstrap;
 import org.sonarsource.scanner.lib.internal.InternalProperties;
+import org.sonarsource.scanner.lib.internal.MessageException;
+import org.sonarsource.scanner.lib.internal.SuccessfulBootstrap;
 import org.sonarsource.scanner.lib.internal.cache.FileCache;
 import org.sonarsource.scanner.lib.internal.facade.forked.NewScannerEngineFacade;
 import org.sonarsource.scanner.lib.internal.facade.forked.ScannerEngineLauncherFactory;
 import org.sonarsource.scanner.lib.internal.facade.inprocess.InProcessScannerEngineFacade;
 import org.sonarsource.scanner.lib.internal.facade.inprocess.IsolatedLauncherFactory;
 import org.sonarsource.scanner.lib.internal.facade.simulation.SimulationScannerEngineFacade;
 import org.sonarsource.scanner.lib.internal.http.HttpConfig;
+import org.sonarsource.scanner.lib.internal.http.HttpException;
 import org.sonarsource.scanner.lib.internal.http.ScannerHttpClient;
 import org.sonarsource.scanner.lib.internal.http.ssl.CertificateStore;
 import org.sonarsource.scanner.lib.internal.util.ArchResolver;
@@ -111,10 +115,7 @@ public ScannerEngineBootstrapper setBootstrapProperty(String key, String value)
     return this;
   }
 
-  /**
-   * Bootstrap the scanner-engine.
-   */
-  public ScannerEngineFacade bootstrap() {
+  public ScannerEngineBootstrapResult bootstrap() {
     if (LOG.isDebugEnabled()) {
       LOG.debug("Scanner max available memory: {}", FileUtils.byteCountToDisplaySize(Runtime.getRuntime().maxMemory()));
     }
@@ -125,22 +126,59 @@ public ScannerEngineFacade bootstrap() {
     var isSimulation = immutableProperties.containsKey(InternalProperties.SCANNER_DUMP_TO_FILE);
     var sonarUserHome = resolveSonarUserHome(immutableProperties);
     var fileCache = FileCache.create(sonarUserHome);
-    var httpConfig = new HttpConfig(immutableProperties, sonarUserHome);
-    scannerHttpClient.init(httpConfig);
-    String serverVersion = null;
-    if (!isSonarCloud) {
-      serverVersion = getServerVersion(scannerHttpClient, isSimulation, immutableProperties);
-    }
 
     if (isSimulation) {
-      return new SimulationScannerEngineFacade(immutableProperties, isSonarCloud, serverVersion);
-    } else if (isSonarCloud || VersionUtils.isAtLeastIgnoringQualifier(serverVersion, SQ_VERSION_NEW_BOOTSTRAPPING)) {
-      var launcher = scannerEngineLauncherFactory.createLauncher(scannerHttpClient, fileCache, immutableProperties);
-      return new NewScannerEngineFacade(immutableProperties, launcher, isSonarCloud, serverVersion);
+      var serverVersion = immutableProperties.getOrDefault(InternalProperties.SCANNER_VERSION_SIMULATION, "9.9");
+      return new SuccessfulBootstrap(new SimulationScannerEngineFacade(immutableProperties, isSonarCloud, serverVersion));
+    }
+
+    // No HTTP call should be made before this point
+    try {
+      var httpConfig = new HttpConfig(immutableProperties, sonarUserHome);
+      scannerHttpClient.init(httpConfig);
+
+      var serverVersion = !isSonarCloud ? getServerVersion(scannerHttpClient) : null;
+      if (isSonarCloud || VersionUtils.isAtLeastIgnoringQualifier(serverVersion, SQ_VERSION_NEW_BOOTSTRAPPING)) {
+        var launcher = scannerEngineLauncherFactory.createLauncher(scannerHttpClient, fileCache, immutableProperties);
+        return new SuccessfulBootstrap(new NewScannerEngineFacade(immutableProperties, launcher, isSonarCloud, serverVersion));
+      } else {
+        var launcher = launcherFactory.createLauncher(scannerHttpClient, fileCache);
+        var adaptedProperties = adaptDeprecatedPropertiesForInProcessBootstrapping(immutableProperties, httpConfig);
+        return new SuccessfulBootstrap(new InProcessScannerEngineFacade(adaptedProperties, launcher, false, serverVersion));
+      }
+    } catch (MessageException e) {
+      return handleException(e);
+    }
+  }
+
+  private static ScannerEngineBootstrapResult handleException(MessageException e) {
+    var message = new StringBuilder(e.getMessage());
+    if (e.getCause() instanceof HttpException) {
+      var httpEx = (HttpException) e.getCause();
+      var code = httpEx.getCode();
+      if (code == 401 || code == 403) {
+        var helpMessage = "Please check the property " + ScannerProperties.SONAR_TOKEN +
+          " or the environment variable " + EnvironmentConfig.TOKEN_ENV_VARIABLE + ".";
+        message.append(". ").append(helpMessage);
+      }
+      if (code == 407) {
+        var helpMessage = "Please check the properties " + ScannerProperties.SONAR_SCANNER_PROXY_USER +
+          " and " + ScannerProperties.SONAR_SCANNER_PROXY_PASSWORD + ".";
+        message.append(". ").append(helpMessage);
+      }
+    }
+    logWithStacktraceOnlyIfDebug(message.toString(), e);
+    return new FailedBootstrap();
+  }
+
+  /**
+   * For functional errors, the stacktrace is not necessary. It is only useful for debugging.
+   */
+  private static void logWithStacktraceOnlyIfDebug(String message, Throwable t) {
+    if (LOG.isDebugEnabled()) {
+      LOG.error(message, t);
     } else {
-      var launcher = launcherFactory.createLauncher(scannerHttpClient, fileCache);
-      var adaptedProperties = adaptDeprecatedPropertiesForInProcessBootstrapping(immutableProperties, httpConfig);
-      return new InProcessScannerEngineFacade(adaptedProperties, launcher, false, serverVersion);
+      LOG.error(message);
     }
   }
 
@@ -195,20 +233,21 @@ private static Path resolveSonarUserHome(Map<String, String> properties) {
     return Paths.get(sonarUserHome);
   }
 
-  private static String getServerVersion(ScannerHttpClient scannerHttpClient, boolean isSimulation, Map<String, String> properties) {
-    if (isSimulation) {
-      return properties.getOrDefault(InternalProperties.SCANNER_VERSION_SIMULATION, "5.6");
-    }
-
+  private static String getServerVersion(ScannerHttpClient scannerHttpClient) {
     try {
       return scannerHttpClient.callRestApi("/analysis/version");
     } catch (Exception e) {
-      try {
-        return scannerHttpClient.callWebApi("/api/server/version");
-      } catch (Exception e2) {
-        var ex = new IllegalStateException("Failed to get server version", e2);
-        ex.addSuppressed(e);
-        throw ex;
+      if (e instanceof HttpException && ((HttpException) e).getCode() == 404) {
+        // Fallback to the old endpoint
+        try {
+          return scannerHttpClient.callWebApi("/api/server/version");
+        } catch (Exception e2) {
+          var ex = new MessageException("Failed to query server version: " + e2.getMessage(), e2);
+          ex.addSuppressed(e);
+          throw ex;
+        }
+      } else {
+        throw new MessageException("Failed to query server version: " + e.getMessage(), e);
       }
     }
   }

lib/src/main/java/org/sonarsource/scanner/lib/ScannerEngineFacade.java

@@ -21,7 +21,6 @@
 
 import java.util.Map;
 
-
 public interface ScannerEngineFacade extends AutoCloseable {
 
   /**

lib/src/main/java/org/sonarsource/scanner/lib/internal/FailedBootstrap.java

@@ -0,0 +1,41 @@
+/*
+ * SonarScanner Java Library
+ * Copyright (C) 2011-2024 SonarSource SA
+ * mailto:info AT sonarsource DOT com
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 3 of the License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with this program; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
+ */
+package org.sonarsource.scanner.lib.internal;
+
+import org.sonarsource.scanner.lib.ScannerEngineBootstrapResult;
+import org.sonarsource.scanner.lib.ScannerEngineFacade;
+
+public class FailedBootstrap implements ScannerEngineBootstrapResult {
+
+  @Override
+  public boolean isSuccessful() {
+    return false;
+  }
+
+  @Override
+  public ScannerEngineFacade getEngineFacade() {
+    throw new UnsupportedOperationException("No engine facade available");
+  }
+
+  @Override
+  public void close() {
+    // No operation
+  }
+}

lib/src/main/java/org/sonarsource/scanner/lib/internal/MessageException.java

@@ -0,0 +1,33 @@
+/*
+ * SonarScanner Java Library
+ * Copyright (C) 2011-2024 SonarSource SA
+ * mailto:info AT sonarsource DOT com
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 3 of the License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with this program; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
+ */
+package org.sonarsource.scanner.lib.internal;
+
+/**
+ * Functional error that should not log a stacktrace by default
+ */
+public class MessageException extends RuntimeException {
+  public MessageException(String message) {
+    super(message);
+  }
+
+  public MessageException(String message, Throwable cause) {
+    super(message, cause);
+  }
+}