Docs feedback: Add needed Azure AD settings to documentation on Microsoft Graph Mailer
Problem to solve
The doumented configuration for the new Microsoft Graph Mailer option is not directly sufficient for GitLab to send Mails. When using this configuration (and, additionally, registering GitLab as an Azure AD App for Authentification), I get the following error:
azureuser@vm-ubuntu-gitlab:~$ sudo gitlab-rails console
--------------------------------------------------------------------------------
Ruby: ruby 2.7.5p203 (2021-11-24 revision f69aeb8314) [x86_64-linux]
GitLab: 15.5.2-ee (767831e030c) EE
GitLab Shell: 14.12.0
PostgreSQL: 13.6
------------------------------------------------------------[ booted in 39.85s ]
Loading production environment (Rails 6.1.6.1)
irb(main):001:0> Notify.test_email('XXX@XXX.XX', 'GitLab Mail Test', 'Test, test, test').deliver_now
Delivered mail 6368c9b6eccb9_2b2e846dc87920@vm-ubuntu-gitlab.mail (310.3ms)
Traceback (most recent call last):
1: from (irb):1
OAuth2::Error (#<SnakyHash::StringKeyed code="ErrorAccessDenied" message="Access is denied. Check credentials and try again.">: )
{"error":{"code":"ErrorAccessDenied","message":"Access is denied. Check credentials and try again."}}
Presumably, the app needs further Azure AD permissions. I asume this is the app permission Mail.Send
. However, I need to be able to give precise instructions to our IT department, which is (understandibly) avert to "experimenting" with permission settings.
Further details
The Microsoft Graph Mailer option was relatively newly implemented in #365524 (closed) (Milestone &8259 (closed)) and released with %15.5. (Many thanks to @bdenkovych, btw.!)
Proposal
Add a short section listing the necessary app permissions, similar to this documentation page: https://docs.gitlab.com/ee/integration/azure.html#register-an-azure-application
Who can address the issue
People with experience in Azure AD configuration. Possibly @bdenkovych or anyone involved in &8259 (closed).
Other links/references
- Current documentation: https://docs.gitlab.com/omnibus/settings/microsoft_graph_mailer.html
- Similar documentation for OAuth configuration: https://docs.gitlab.com/ee/integration/azure.html#register-an-azure-application
- MS documentation on possible application permissions: https://learn.microsoft.com/en-us/graph/permissions-reference#application-permissions-39