search

getsentry / sentry

Developer-first error tracking and performance monitoring
https://sentry.io
Other
39.09k stars 4.2k forks source link

Azure DevOps Integration Problem: Allow use of service principals #78249

Open hauskens opened 1 month ago

hauskens commented 1 month ago

Environment

SaaS (https://sentry.io/)

Steps to Reproduce

Due to #77570 we will need to add the integration again, and doing so requires some additional permissions to be approved. This would normally not be a problem for most users, but organizations can put restrictions on this, which will result in below message:

Image

In my case i am not allowed to get these permissions on my own user, but i can get a App Registrations with these permissions. It is very common for applications to utilize existing service principals to authenticate by configuring a Client ID, Client Secret and Tenant ID.

I will not be able to connect our sentry environment with Azure Devops if i am not able to use an existing App Registrations to authenticate with due to the permissions that are requested on behalf of my user and my organizations policy.

Expected Result

Allow users to authenticate the integration with App Registrations

Actual Result

See above

Product Area

Settings - Integrations

Link

No response

DSN

No response

Version

No response

getsantry[bot] commented 1 month ago

Auto-routing to @getsentry/product-owners-settings-integrations for triage ⏲️

sentaur-athena commented 1 month ago

@hauskens https://github.com/getsentry/sentry/issues/77570 didn't change the permission requirements of the app. Were you able to install the previous sentry azure installation? or was this an issue with the previous version of our App too?

hauskens commented 1 month ago

@hauskens #77570 didn't change the permission requirements of the app. Were you able to install the previous sentry azure installation? or was this an issue with the previous version of our App too?

Hi @sentaur-athena , this could be correct, I guess we didn't need to re-add the integrations until now, so this may have been a problem for us for a long time undetected.

sentaur-athena commented 1 month ago

@hauskens at the moment we don't support app registrations. I recommend working with Microsoft to get at least a user in your org to have admin access and get unblocked with installing the integration.

hauskens commented 1 month ago

Hi @sentaur-athena , thanks for the swift reply. We have over hundred thousand users in our AD tenant, the admins does not grant such permissions easily directly to users as app registrations is the preferred(and common) way to authenticate applications.

Are there any plans to support app registrations in the future?

sentaur-athena commented 1 month ago

This is not planned in the near future. This permission is only needed at the time of installation though, can an admin do the installation and unblock everyone?