The token doesn't have the required permissions (Code: Read & Write)

Attempting to import our Azure DevOps organisation to SonarCloud, i click the + > Analyse New Project > Import another organisation.

I’ve entered the AzureDevOps organisation name ‘glasswall’
I’ve created my PAT and entered the token, but upon doing so i get 'The token doesn’t have the required permissions (Code: Read & Write).

After checking my PAT, i can confirm it has those permissions, but it still isn’t being accepted. So right now, i’m unable to import our Azure DevOps projects.

Any advice on how to solve this problem please?

After some further digging, it appears that if ‘Enable Azure Active Directory Conditional Access Policy Validation;’ is on, it causes an issue with authenticating with SonarCloud - is there a work around for this?

Hi @ChrisHolman and welcome to the community !

I’m afraid there are no workaround possible currently for this.

Mickaël

Thanks for the reply Mickaël!

So if this option is switched on, we’re unable to use SonarCloud?

This is true, yes.

What are the IP addresses associated to SonarCloud? We can add them to the CAP so the communication can succeed.

Hi @ChrisHolman

We don’t have fixed IPs, you’ll have to rely on the domain itself.

Mickaël

Thanks! I assume whitelisting sonarcloud.io will be sufficient?

It should be, but as far as i remember this is not possible to do it like that with the CAP ?

We whitelisted the IP associated with sonarloud.io (18.194.60.35) but still get the 'The token doesn’t have the required permissions (Code:Read & Write).

Hi Chris / Michael, were you ever able to get SonarCloud working with Azure AD Conditional Access Policies enabled? We also have CAPs enforced, but would like to use SonarCloud.

Michael,
Are all SonarCloud services hosted in the AWS eu-central-1 region?

If you whitelist all AWS EC2 IP Addresses from the following link, you’ll be able to use CAPs with SonarCloud. These ranges may be changed, so if you are experiencing issues, you’ll need to refresh the IP Addresses in your Azure AD CAP.

https://ip-ranges.amazonaws.com/ip-ranges.json

1 Like

Hi @AliK

Yes for now this is the only solution we can propose, we’re working on a proper one, but this is just ideation for now, no ETA to give.

Thanks!

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.