The token doesn't have the required permissions (Code: Read & Write)

ChrisHolman · January 28, 2021, 11:23am

Attempting to import our Azure DevOps organisation to SonarCloud, i click the + > Analyse New Project > Import another organisation.

I’ve entered the AzureDevOps organisation name ‘glasswall’
I’ve created my PAT and entered the token, but upon doing so i get 'The token doesn’t have the required permissions (Code: Read & Write).

After checking my PAT, i can confirm it has those permissions, but it still isn’t being accepted. So right now, i’m unable to import our Azure DevOps projects.

Any advice on how to solve this problem please?

ChrisHolman · January 28, 2021, 11:31am

After some further digging, it appears that if ‘Enable Azure Active Directory Conditional Access Policy Validation;’ is on, it causes an issue with authenticating with SonarCloud - is there a work around for this?

mickaelcaro · January 28, 2021, 1:18pm

Hi @ChrisHolman and welcome to the community !

I’m afraid there are no workaround possible currently for this.

Mickaël

ChrisHolman · January 28, 2021, 1:20pm

Thanks for the reply Mickaël!

So if this option is switched on, we’re unable to use SonarCloud?

mickaelcaro · January 28, 2021, 1:58pm

This is true, yes.

ChrisHolman · January 28, 2021, 5:34pm

What are the IP addresses associated to SonarCloud? We can add them to the CAP so the communication can succeed.

mickaelcaro · January 29, 2021, 7:17am

Hi @ChrisHolman

We don’t have fixed IPs, you’ll have to rely on the domain itself.

Mickaël

ChrisHolman · January 29, 2021, 9:23am

Thanks! I assume whitelisting sonarcloud.io will be sufficient?

mickaelcaro · January 29, 2021, 9:31am

It should be, but as far as i remember this is not possible to do it like that with the CAP ?

ChrisHolman · January 29, 2021, 4:07pm

We whitelisted the IP associated with sonarloud.io (18.194.60.35) but still get the 'The token doesn’t have the required permissions (Code:Read & Write).