How to grant access to Azure File Copy of Azure Pipeline to Azure Storage?

Question

I would like to copy files with Azure File Copy with Azure Pipeline.

I'm following instruction of https://praveenkumarsreeram.com/2021/04/14/azure-devops-copy-files-from-git-repository-to-azure-storage-account/

I'm using automatically created Service Connection named "My Sandbox (a1111e1-d30e-4e02-b047-ef6a5e901111)"

I'm getting error with AzureBlob File Copy:

 INFO: Authentication failed, it is either not correct, or 
 expired, or does not have the correct permission -> 
 github.com/Azure/azure-storage-blob-go/azblob.newStorageError, 
 /home/vsts/go/pkg/mod/github.com/!azure/azure-storage-blob- 
 go@v0.10.1-0.20201022074806- 
 8d8fc11be726/azblob/zc_storage_error.go:42

 RESPONSE Status: 403 This request is not authorized to perform 
 this operation using this permission.

I'm assuming that Azure Pipeline have no access to Azure Storage. I wonder how do find service principal which should get access to Azure Storage.

Answer 1

I can also reproduce your issue on my side, as different Azure file copy task versions use different versions of AzCopy in behind, then they use different auth ways to call the API to do the operations.

There are two ways to fix the issue.

1. If you use the automatically created service connection, it should have Contributor role in your storage account, you could use Azure file copy task version 3.* instead of 4.*, then it will work.

2. If you want to use Azure file copy task version 4.*, navigate to your storage account -> Access Control (IAM) -> add your service principal used in the service connection as a Storage Blob Data Contributor role, see detailed steps here. It will also work.