Thanks for reaching out. Azure DevOps and its services are not supported on the Microsoft Q&A platform.
Requesting you to post your query on Developer Community instead, where the Azure DevOps Team and community are active and answering questions.
This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
Hi guys,
Yesterday, without any changes on our side, our CI/CD pipeline started to fail. The task at fault was/is the Azure File copy. It has 3 such tasks, the first one I have managed to 'fix' by falling back to version 1, this task uploads a blob to a container in a GEN 1 storage account. The next two upload a blob to a GEN 2, as per documentation GEN 2 needs to use version 2 minimum, so can't use version 1.
The error We get is: "AuthorizationFailed : The client 'xxxxxxxxxxx' with object id 'xxxxxxxxx' does not have authorization to perform action 'Microsoft.Storage/storageAccounts/read' over scope '/subscriptions/xxxxxxxxxx' or the scope is invalid. If access was recently granted, please refresh your credentials."
When creating a service connection you can have it so a service principals get's created too in ur AD and it would either get resource group RBAC contributor role, or if you have not chosen are resource group from within a subscription, it'll get it on the subscription itself.
As I said this has been working for months now as it was. Trying to get the pipeline task to succeed I have given the service principal further RBAC permissions. Namely: Storage Blob Data Owner and Storage account contributor, but the task still fails... or it says it fails, but I actually used Storage explorer to explore the container and the artifacts where there.... quite weird. Problem is because the feedback is that it fails the rest of the tasks never actually happen and the pipeline does not complete.
Can you shed any light on this matter?
Thanks!
Thanks for reaching out. Azure DevOps and its services are not supported on the Microsoft Q&A platform.
Requesting you to post your query on Developer Community instead, where the Azure DevOps Team and community are active and answering questions.