Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Azure DevOps personal access token - Permissions #63

Open
pareion opened this issue Nov 15, 2023 · 0 comments
Open

Azure DevOps personal access token - Permissions #63

pareion opened this issue Nov 15, 2023 · 0 comments

Comments

@pareion
Copy link
Contributor

pareion commented Nov 15, 2023
edited
Loading

Hello!

We're in the initial phase of setting up the GitOps Connector in our Kubernetes Cluster.

We're using FluxCD and Azure Repos, which leads me to the question.

What kind of permissions should we grant the Personal Access Token required for the GitOps Connector.

We would love to go with only the minimal amount of permissions instead of everything, but we can't find anything in the documentation related to what kind of permissions the Personal Access Token needs.

Can you extend the documentation with the required permissions for the Azure DevOps PAT?

Notes:
I scanned the repository and compiled a list of the Azure DevOps REST APIs you're using. Based on this list, I found the following scopes are needed.

API list I found:

I wasn't able to find the endpoints in these files in Azures Rest API documentation

Scopes needed to use the APIs:

  • vso.code_write
  • vso.code_status
  • vso.code

Update:
I managed to get the status on commits and callback to Azure DevOps pipelines to work with the following permissions:
vso.build_execute vso.code_write vso.code_status
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@pareion