CODEWITHSUNDEEP
azureazure-devopsazure-pipelinesazure-cliazure-pipelines-yaml
Nilotpal
Nilotpal

Reputation: 3588

ERROR: The requested resource requires user authentication: in AzureCLI task build pipeline

I am unable to trigger azure pipeline build from azureCLI task

Task :

- task: AzureCLI@2
  inputs:
    azureSubscription: 'Free Trial(My subscription)'
    scriptType: 'pscore'
    scriptLocation: 'inlineScript'
    inlineScript: |
      az --version
      echo "Running : az account show"
      az account show
      #export AZURE_DEVOPS_EXT_PAT='mypat'
      $env:AZURE_DEVOPS_EXT_PAT='mypat'
      az pipelines create --name newPipeline --org https://dev.azure.com/AbiNilOrg/ --project azure-devops-kubernetes-terraform --branch master

The output with error :

Running : az account show
{
  "environmentName": "AzureCloud",
  "homeTenantId": "***",
  "id": "73c1af29-384c-4574-bd88-92d7bb392cfc",
  "isDefault": true,
  "managedByTenants": [],
  "name": "Free Trial",
  "state": "Enabled",
  "tenantId": "***",
  "user": {
    "name": "***",
    "type": "servicePrincipal"
  }
}
WARNING: This command is in preview and under development. Reference and support 
levels: https://aka.ms/CLI_refstatus
ERROR: The requested resource requires user authentication: 
https://dev.azure.com/AbiNilOrg/azure-devops-kubernetes- 
terraform/_apis/serviceendpoint/endpoints
##[error]Script failed with exit code: 1

I understand that azure is unable to form the correct URI to hit the rest point

ERROR: The requested resource requires user authentication: 
https://dev.azure.com/AbiNilOrg/azure-devops-kubernetes- 
terraform/_apis/serviceendpoint/endpoints

The suffix serviceendpoint/endpoints of the URI isnt correct.

ADO guys, if have any idea on this can please help!

Thanks in advace! Nilotpal

Upvotes: 10

Views: 13845

Answers (2)

ccoutinho
ccoutinho

Reputation: 4626

Setting the AZURE_DEVOPS_EXT_PAT environment variable to a Personal Access Token with Build (Read & Execute) permissions, and running the command below without explicitly logging in, worked out for me on a GitHub workflow.

az pipelines build queue --definition-name $azure_devops_cd_pipeline_name --organization $azure_devops_organisation_url --project $project_name --branch $git_branch

I would expect this to work in Azure DevOps as well.

Upvotes: 1

Krzysztof Madej
Krzysztof Madej

Reputation: 40939

When you set env:AZURE_DEVOPS_EXT_PAT you still need to login via calling:

az devops login --organization https://dev.azure.com/contoso

because:

If you have already signed in with az login interactively or using user name and password, then you don't have to provide a token as az devops commands now support sign in through az login. However, service principal log in via az login isn't supported, in which case a PAT token is required.

And here this task behing the scene login via service principal what you also see on account show:

  "user": {
    "name": "***",
    "type": "servicePrincipal"
  }

For more details please check documentation here

Upvotes: 8

Related Questions