Unable to authorize Azure-Devops agent pool, received as a variable
I have multiple agent pools that require a pipeline to request authorization.
When I assign a hardcoded value like pool: STAGING to the pipeline, it stops and asks for authorization.
⚠️ This pipeline needs permission to access a resource before this run can continue to Update environments View
However, when I inject the pool name to the pipeline as a runtime variable, for example as part of a matrix strategy like this:
- job: update
strategy:
matrix:
dev:
poolName: 'DEV'
stg:
poolName: 'STAGING'
maxParallel: 2
pool: $(pool)
It fails, with the authorization error:
##[error]Pipeline does not have permissions to use the referenced pool(s) AWS_STG_02_RELEASE.
For authorization details, refer to https://aka.ms/yamlauthz.
But there's no prompt to authorize.
In Azure DevOps Services
For dynamically assigned pools you'll need to grant the pipeline access to the pool from the pool's configuration instead:
- Navigate to the Project settings
- Expand the Agent Pools blade
- Select the Agent pool you want to authorize
- On the Security tab add the pipeline with the + button
From the docs referenced in the URL that's mentioned in the logs:
Go to the administration experience of the resource. For example, variable groups and secure files are managed in the Library page under Pipelines. Agent pools and service connections are managed in Project settings. Here you can authorize all pipelines to access that resource. This authorization is convenient if you don't have a need to restrict access to a resource - for example, test resources.
In Azure DevOps Server
Unfortunately, this feature hasn't made it into Azure DevOps Server yet (last version checked: 2022.0). I do suspect the REST API exists under the hood.
You could try approving the pipeline by updating the agent pool permissions:
$session = New-Object Microsoft.PowerShell.Commands.WebRequestSession
Invoke-WebRequest -UseBasicParsing -Uri "https://dev.azure.com/jessehouwing/6484ebc3-af16-4af9-aa66-6b3398db7214/_apis/pipelines/pipelinePermissions/queue/24" `
-Method "PATCH" `
-WebSession $session `
-Headers @{
"method"="PATCH"
"accept"="application/json;api-version=5.1-preview.1;excludeUrls=true;enumsAsNumbers=true;msDateFormat=true;noArrayWrap=true"
"x-vss-reauthenticationaction"="Suppress"
} `
-ContentType "application/json" `
-Body "{`"resource`":{},`"pipelines`":[{`"authorized`":true,`"authorizedBy`":null,`"authorizedOn`":null,`"id`":73}]}"
The id being passed in is the id of the pipeline definition.
- The term 'script:' is not recognized as the name of a cmdlet, function, script file, or operable program
- Unable to complete a partial restore of our Azure DevOps database
- Azure Devops Jekyll site build fails, worked previously
- Why I am receiving the error: Error: Template file pattern matches a directory instead of a file: /home/vsts/work/1/s in my yaml file pipeline file?
- Conditional dependent job in Azure Devops YAML pipelines
- Azure DevOps REST API: Match Manual Test Case steps to Test Run results?
- Is there a way to get more than 1000 Packages and versions from Azure DEVOPs Feed RESTAPI for GET Packages?
- Pipeline Shows as Failed When Successful
- Yaml manual approval step in jobs.template
- Environment variables as parameter of type object in Azure DevOps pipelines
- Skip Azure Pipeline jobs (or the whole pipeline) if change is from a merge from a specific branch
- Visual Studio 2022 can't connect to a project due to bad filters
- Azure Data Factory CI npm validate step suddenly crashing
- Error using Azure DevOps REST API and classificationnodes
- Remove TFS Connection From Visual Studio 2019
- Restricting branch creation based on Azure DevOps group permissions
- ADO - Granular Permission for Users on Team
- Dev env is skipping
- Must delete massive inadvertent checkin from remote git repo
- Job Conditions in Azure Pipelines
- Access Denied using Azure App Configuration Task in DevOps Pipeline
- Passing output variable to a template in the same job in Azure devops
- Secrets inject securely Dockerfile during build .NET
- Azure Pipeline: how to delete a variable inside Azure build pipeline
- How do I specify playwright chromium version in azure pipeline
- Azure Devops - YAML - not reading .net version from props file
- Azure yaml trigger pipeline every 14 days on a Saturday
- How can I give a containerRegistry to a DevcontainersCi task in an Azure DevOps YAML Pipeline?
- How to assign organization-level permissions to create repositories across all projects in organization in Azure DevOps?
- Updating Node js on internal windows ADO build agent