Search code examples
azureazure-devopsazure-pipelinesazure-cliazure-pipelines-yaml

ERROR: The requested resource requires user authentication: in AzureCLI task build pipeline

I am unable to trigger azure pipeline build from azureCLI task

Task :

- task: AzureCLI@2
  inputs:
    azureSubscription: 'Free Trial(My subscription)'
    scriptType: 'pscore'
    scriptLocation: 'inlineScript'
    inlineScript: |
      az --version
      echo "Running : az account show"
      az account show
      #export AZURE_DEVOPS_EXT_PAT='mypat'
      $env:AZURE_DEVOPS_EXT_PAT='mypat'
      az pipelines create --name newPipeline --org https://dev.azure.com/AbiNilOrg/ --project azure-devops-kubernetes-terraform --branch master

The output with error :

Running : az account show
{
  "environmentName": "AzureCloud",
  "homeTenantId": "***",
  "id": "73c1af29-384c-4574-bd88-92d7bb392cfc",
  "isDefault": true,
  "managedByTenants": [],
  "name": "Free Trial",
  "state": "Enabled",
  "tenantId": "***",
  "user": {
    "name": "***",
    "type": "servicePrincipal"
  }
}
WARNING: This command is in preview and under development. Reference and support 
levels: https://aka.ms/CLI_refstatus
ERROR: The requested resource requires user authentication: 
https://dev.azure.com/AbiNilOrg/azure-devops-kubernetes- 
terraform/_apis/serviceendpoint/endpoints
##[error]Script failed with exit code: 1

I understand that azure is unable to form the correct URI to hit the rest point

ERROR: The requested resource requires user authentication: 
https://dev.azure.com/AbiNilOrg/azure-devops-kubernetes- 
terraform/_apis/serviceendpoint/endpoints

The suffix serviceendpoint/endpoints of the URI isnt correct.

ADO guys, if have any idea on this can please help!

Thanks in advace! Nilotpal

Solution

  • When you set env:AZURE_DEVOPS_EXT_PAT you still need to login via calling:

    az devops login --organization https://dev.azure.com/contoso

    because:

    If you have already signed in with az login interactively or using user name and password, then you don't have to provide a token as az devops commands now support sign in through az login. However, service principal log in via az login isn't supported, in which case a PAT token is required.

    And here this task behing the scene login via service principal what you also see on account show:

      "user": {
    "name": "***",
    "type": "servicePrincipal"
  }

    For more details please check documentation here