Search code examples
azure-devopsterraformazure-pipelinesterraform-provider-azureterraform-template-file

There was a resource authorization issue: "The pipeline is not valid. > Job validate: Step TerraformTaskV1

I get this error in Azure devops pipeline when I split a yaml to make templates

There was a resource authorization issue: "The pipeline is not valid. Job validate: Step TerraformTaskV1 input backendServiceArm references service connection azurerm which could not be found. The service connection does not exist or has not been authorized for use. For authorization details, refer to https://aka.ms/yamlauthz."

here a solution is given to remove task and add again. But it did not work for me.

When I had terraform in one yaml file, it worked.

stages:
  - stage: validate
    jobs:
    - job: validate
      continueOnError: false
      steps: 
      - task: TerraformInstaller@0
        displayName: 'install'
        inputs:
          terraformVersion: '0.12.26'
      - task: TerraformTaskV1@0
        displayName: init
        inputs:
          provider: 'azurerm'
          command: 'init'
          backendServiceArm: 'azure-spn'
          backendAzureRmResourceGroupName: 'terraform-rg'
          backendAzureRmStorageAccountName: 'adsstatetr'
          backendAzureRmContainerName: 'sktfcontainer'
          backendAzureRmKey: 'terraform.tfstate'
      - task: TerraformTaskV1@0
        displayName: validate
        inputs:
          provider: 'azurerm'
          command: 'validate'

When I split into two (templates)

stages:
  - stage: validate
    jobs:
    - template: terraform-validate.yml
      parameters:
        version: '0.12.26'
        sp: 'azurerm'
        rg: 'terraform-rg'
        sg: 'adsstatetr'
        sgContainer: 'sktfcontainer'
        skey: 'terraform.tfstate'

It failed and gave the error written above!

parameters:
 version: ''
 sp: ''
 rg: ''
 sg: ''
 sgContainer: ''
 skey: ''
jobs: 
  - job: validate
    continueOnError: false
    steps: 
    - task: TerraformInstaller@0
      displayName: 'install'
      inputs:
        terraformVersion: '0.12.26'
    - task: TerraformTaskV1@0
      inputs:
        provider: 'azurerm'
        command: 'init'
        backendServiceArm: '${{ parameters.sp }}'
        backendAzureRmResourceGroupName: '${{ parameters.rg }}'
        backendAzureRmStorageAccountName: '${{ parameters.sg }}'
        backendAzureRmContainerName: '${{ parameters.sgContainer }}'
        backendAzureRmKey: '${{ parameters.skey }}'

It also is showing a strange Authorize resource. clicking 'approve' does not fix either. Again why? If there is any issue with service connection, why should my single file yaml work? There is no approval issue here! enter image description here

Solution

  • In working example as arm connection you pass backendServiceArm: 'azure-spn' and in template it is sp: 'azurerm', so if you change to sp: 'azure-spn', you should be fine.