Minimal Set of Permissions Required to use Azure Dev Space

[Genysys]

Describe the bug

• I need to lockdown an azure environment and restrict developer access to AKS Service endpoints so that they can use Azure Dev Spaces
• To achieve this , I enabled the Azure Kubernetes Service RBAC Reader Role and the Azure Kubernetes Service Contributor Role
  .
• With these permissions , they are unable to access deploy service to AKS and hit a 403 in the logs.
• It seems that they require Contributor Role, which I think is too permissive.

To Reproduce
Steps to follow to reproduce this issue.

Expected behavior
A clear and concise description of what you expected to happen.

Logs
Attach logs from the following directory:
For Windows: %TEMP%/Azure Dev Spaces
For OSX/Linux: $TMPDIR/Azure Dev Spaces

Environment Details
Client used (CLI/VS Code/Visual Studio): CLI

Azure Dev Spaces CLI
1.0.20200
API v3.2
Client's version:
Operating System:
MacOS
Additional context
Add any other outputs from the clients or context you would like to share.

[rakeshvanga]

@Genysys Are you suggesting to have an option to add another role with a lower scope level than Contributor to enable Azure Dev Spaces?

[Genysys]

Thanks for your response @rakeshvanga .

I am asking if there is any way to enable only access to Dev Space without giving them the full developer role

[rakeshvanga]

@Genysys Not right now. The minimum required role is contributor. I have opened a user story in our backlog.
However, please note that because our engineering efforts are presently focused on Bridge to Kubernetes, this is not at the top of our backlog.

Would you consider giving a try to Bridge to Kubernetes to determine if it can replace Azure Dev Spaces for your scenario? As mentioned above this is where we're investing our engineering efforts, and where we believe we'll offer the best experience.

How Bridge to Kubernetes Works
How to use Bridge to Kubernetes in Visual Studio 2019
How to use Bridge to Kubernetes in Visual Studio Code