Using Azure File Copy from DevOps yaml pipeline
I learned that it's not enough to authorize Azure Resource Manager access from DevOps
Oh boy, did I waste time on this one :(. So I had my pipeline pretty naively doing an upload to blob storage:
- task: [email protected]
displayName: Upload Vsix
I used a service principal managed by DevOps which is the recommended approach. The blob storage account was under the same subscription, where the automatically created app properly showed up in IAM:
Access control (IAM) pane for storage account
as a contributor:
DevOps-managed app as contributor to the storage account
I kept getting a 403 response when the task run, with the message
This request is not authorized to perform this operation using this permission.
In the process I learned how DevOps creates the app registration and what-not, but still, not fun.