Guides
Log InSign UpBlog

Azure DevOps

Suggest Edits

📘

Azure Project Level Permissions

The user who performs the actions below to connect to Azure DevOps must have project administrator permissions in Azure.

Integrating with a VCS provider unlocks the ability to use GitOps workflows, import modules, enable Open Policy Agent, and much more.

Azure requirements

To enable the integration, there are a few key requirements before going through the authentication flow:

  1. Ensure the "Third-party application access via OAuth" setting is enabled in the organization policies by going to:
    1. Organization settings
    2. Click on policies.
  1. The account that is used to create the integration, must have project administrator permissions for the project you are integrating with.

Setting up the Integration:

  1. Go to "Integrations" at the account scope and select Azure DevOps.
  2. Enter the provider name, copy the callback URL, and click the “register a new OAuth application” link.

Only two scopes are required for Scalr, Code (read) and Code (status):

Click Create and then copy the Application ID and Client Secret:

Go back to Scalr, enter the Id and secret. Upon clicking “create” a redirection back to Azure DevOps occurs to complete the authorization.

Pull Request Comments

If enabled, Scalr will send results back as pull request comments to Azure DevOps after a dry run has been executed based on a PR being opened and after the apply finished. To enable comments, go to the Azure integration and enable the pull request comments checkbox:

If you have an existing integration with Azure DevOps, you will need to reauthenticate the integration.

Once this is enabled, you will start seeing the comments posted to pull requests for all new pull requests:

Scalr will also update the comments with the apply results after the run has finished. There is a separate checkbox, "Send the apply summary back to PR comments", that must be enabled for this to work.

Execute Runs from Pull Request Comments

To enable the ability to execute runs from pull request comments, you must enable it at the VCS provider integration level:

  • Allow triggering plan-only runs from the PR comments: Any user who can comment on the PR can execute a plan-only run in Scalr.
  • Allow triggering plan & apply runs from the PR comments: Any user who can comment on the PR can execute an apply run in Scalr.

When enabled, all users who have access to the pull request comment can execute a run. The workspace must have "Enabled VCS-driven dry runs" enabled in the settings for this feature to work.

Updated about 1 month ago