-
Notifications
You must be signed in to change notification settings - Fork 857
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Can't Authorize YAML Build Task to Use Service Connection #1809
Comments
I tried to create a new YAML build definition using the web application and the same YAMLI used above. This time it worked. Does this mean any time I need a new sevice connection in my YAML script, I need to create a new build definition? |
I @hasanayan, I faced a similar issue with an YAML script for ARM template deployment. I was not able to create the right Service Connection otherwise (with the new YAML pipeline). Therefore, is it a real bug or did we miss some configuration here ? |
I think I should clarify what I wrote on my previous message. If you are creating a completely new build definition using the new interface, on the last step (4th) it will show the editor for the yaml file. If you include access to your service here and save your build definition, vsts will scan your yaml file and authorize the service connection you just referred to. Everything will work. However, if your yaml file didn't utilize a service connection initially and you would like to include it in your build definition later on by doing a commit, vsts will not scan the yaml file again to discover and authorize the service connection uses. I think this is not an expected behaviour. I believe whenever a build definition yaml file is updated, it should be scanned for the service connection usages and authorized for the use of it. But then, this makes me question, why is there a build definition authorization at all? Maybe the build definitions in a project should be allowed to consume the service connections in the same. |
We also ran into this issue when deploying ARM templates. When attempting it from an
Just like @SachaLhopital, we noticed that it works when building from the web GUI. But we also noticed that it works when running a build from a |
@sugarjig : I believe this is pure Service Connection Authorization problem, just like @hasanayan explain it in the previous post :
Just like you said, I hope this is NOT a normal behavior ! |
Word. But then again, that would be easy and fun to use. |
I had this same issue. I followed the instructions from the old documentation which fixed my issue. Basically, you need to go through the web UI to get it to reload the build definition and authorize the connection. |
How about we just get this fixed so we don't have to jump through hoops :) |
@hasanayan the trick is, if you make a trivial edit to the definition in the web (e.g. add a variable) then save your build definition, vsts will scan your yaml file and authorize the service connection you just referred to. @rhummelmose we completely agree. This is too much friction. The next step is, we are working on a resource authorization experience on the definition editor page. From that page, you should be able to see what resources are authorized (service connections, queues, secure files), and authorize additional resources. I believe this will be landing in the next 1-2 sprints. We work in 3-week sprints. I agree that in a project you should have an easy way to consume any service connection. This makes the most sense for small team scenarios. Larger organizations may want more control; we have thoughts about additional features to control policy. Solving these problems is on our backlog. |
We have created a new repository for all YAML related issues, please move the current issue to there. |
Adding a variable to the build definition solved this for me (thanks @ericsciple). Following the documentation did not work. I did observe that renaming my YAML file to |
Hello, I have the same problem: Job Job1: Step input certSecureFile references secure file "xxx.p12" which could not be found. The secure file does not exist or has not been authorized for use. For authorization details, refer to https://aka.ms/yamlauthz I don't know where is the problem. I reviewed the configuration and all is ok. How can I do? Thanks. |
@vijayma ? |
@CesarRN Since you are using a new resource in your YAML file, you need to have the pipeline re-scan that YAML file and authorize any new resources. Have you followed the instructions in https://aka.ms/yamlauthz and did that help? We are still working through the details on how to simplify this without going through these additional steps. |
Hello @vijayma I'm sorry, but I can solve the problem. Thanks |
I read the TingluoHuang issue but I think is different. Can someone help me with my configuration? Any ideas? Thanks. |
@CesarRN try change some variable value in your pipeline definition in the UI and save, like change |
Hello @TingluoHuang Thanks |
@CesarRN the issue moved to a different repo, here: microsoft/azure-pipelines-yaml#31 |
just go to the pipeline en press edit in the right order and save. |
When I try to build my source using the yaml below;
I get the following error;
I confirm I have a service connection named AWS.
I tried reading the link in the error message. However, the article doesn't show any directions on how to authorize the build to use the service conneciton.
The text was updated successfully, but these errors were encountered: