> For the complete documentation index, see [llms.txt](https://til.cazzulino.com/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://til.cazzulino.com/azure/using-azure-file-copy-from-devops-yaml-pipeline.md). # Using Azure File Copy from DevOps yaml pipeline Oh boy, did I waste time on this one :(. So I had my pipeline pretty naively doing an upload to blob storage: ``` - task: AzureFileCopy@4 displayName: Upload Vsix inputs: SourcePath: '$(Pipeline.Workspace)\vsix\RoslynDeployment.$(Build.BuildId).vsix' azureSubscription: 'roslyn-Azure' Destination: 'AzureBlob' storage: 'roslyn' ContainerName: 'vsix' BlobPrefix: '$(Build.SourceBranchName)/RoslynDeployment.$(Build.BuildId).vsix' ``` I used a service principal [managed by DevOps which is the recommended approach](https://docs.microsoft.com/en-us/azure/devops/pipelines/library/connect-to-azure?view=azure-devops#create-an-azure-resource-manager-service-connection-using-automated-security). The blob storage account was under the same subscription, where the automatically created app properly showed up in IAM: ![Access control (IAM) pane for storage account](/files/-M9nrbiYTx2HwJZmmjdD) as a contributor: ![DevOps-managed app as contributor to the storage account](/files/-M9nsIQM-CBl30nDjcBt) I kept getting a 403 response when the task run, with the message `This request is not authorized to perform this operation using this permission.` Turns out being a **Contributor** is not enough. I tried [changing guest user permissions](https://docs.microsoft.com/en-us/azure/devops/pipelines/release/azure-rm-endpoint?view=azure-devops#insufficient-privileges-to-complete-the-operation), but in the end the only thing that worked was manually adding the [Storage Blob Data Contributor role](https://github.com/MicrosoftDocs/azure-docs/issues/36454), which I found mentioned in a[ blog post](https://www.catrina.me/azcopy-403-error/). In the process I learned how DevOps creates the app registration and what-not, but still, not fun. [Submitted a doc fix](https://github.com/MicrosoftDocs/azure-devops-docs/pull/8622) for the [AzureFileCopy task docs](https://docs.microsoft.com/en-us/azure/devops/pipelines/tasks/deploy/azure-file-copy-version3?view=azure-devops) so this is more easily discoverable. --- # Agent Instructions This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com. ## Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter, and the optional `goal` query parameter: ``` GET https://til.cazzulino.com/azure/using-azure-file-copy-from-devops-yaml-pipeline.md?ask=&goal= ``` `ask` is the immediate question: it should be specific, self-contained, and written in natural language. `goal` is optional and describes the broader end goal you are ultimately trying to accomplish on behalf of the user. GitBook uses it to tailor the answer towards what is most useful for that goal. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.