Azure DevOps does not return LIST of service endpoints but works for SHOW of specific endpoint ID

Question

I have an org and a project in it for which I created a service connector of type AWS.

Long story short ->

I want to fetch in my pipeline that specific connector, delete it and create a new one.

What I was planning on doing was something like this to fetch it ->

env:
  AZURE_DEVOPS_EXT_PAT: $(System.AccessToken)
script: |
  az devops service-endpoint list

but it returns an empty array -> [].

I've double checked, and yes, I have a lot of service connections created in my project settings tab, and yes, all of them (including the one I want to play with) have been enabled for all pipelines.

As a test, I've randomly tried this ->

env:
  AZURE_DEVOPS_EXT_PAT: $(System.AccessToken)
script: |
  az devops service-endpoint show id=uuid-of-the-service-endpoint-I-want-to-play-with

And guess what, it works, as it returns a JSON with the definition of the endpoint.

So, WHY oh god WHY, does the LIST not work but the SHOW works ?

Thanks!

Answer 1

I can reproduce the issue with below YAML pipeline. This is because the pipeline service account doesn't have sufficient permissions to list all the service connections in a project.

steps:
- checkout: none
- script: |
    az devops configure --defaults organization=$(System.CollectionUri) project="$(System.TeamProject)"
    az devops service-endpoint list
  env:
    AZURE_DEVOPS_EXT_PAT: $(System.AccessToken)

Please navigate to Project Settings -> Service connections -> click on More options button -> Security and grant the pipeline service account with Administrator role. Kindly be also advised to select the respective service account according to your job authorization scope. Then, the pipeline is able to list the expected service connections.