Using Azure File Copy from DevOps yaml pipeline

I learned that it's not enough to authorize Azure Resource Manager access from DevOps

PreviousShared secret authorization with Azure SignalR Service NextCode-less redirection with serverless Azure Functions

Last updated 3 years ago

Using Azure File Copy from DevOps yaml pipeline

I learned that it's not enough to authorize Azure Resource Manager access from DevOps

Oh boy, did I waste time on this one :(. So I had my pipeline pretty naively doing an upload to blob storage:

- task: AzureFileCopy@4
  displayName: Upload Vsix
  inputs:
    SourcePath: '$(Pipeline.Workspace)\vsix\RoslynDeployment.$(Build.BuildId).vsix'
    azureSubscription: 'roslyn-Azure'
    Destination: 'AzureBlob'
    storage: 'roslyn'
    ContainerName: 'vsix'
    BlobPrefix: '$(Build.SourceBranchName)/RoslynDeployment.$(Build.BuildId).vsix'

I used a service principal . The blob storage account was under the same subscription, where the automatically created app properly showed up in IAM:

as a contributor:

I kept getting a 403 response when the task run, with the message This request is not authorized to perform this operation using this permission.

In the process I learned how DevOps creates the app registration and what-not, but still, not fun.

PreviousShared secret authorization with Azure SignalR Service NextCode-less redirection with serverless Azure Functions

Last updated 3 years ago