0

In Azure DevOps, I have created a service connection (type: Azure Resource Manager) to be able to upload files to Azure Blob Storage.

Then I have added the Storage Blob Data Contributor role for this service principal under Access Control (IAM) in my Azure Storage account by searching for the service principal's name under Select.

I have noticed that each time I create a new DevOps pipeline that uses the (same) service connection, I need to add the Storage Blob Data Contributor role again because under Select, there are then multiple items with the same (service principal's) name. It's not clear why there are multiple items and it's also unclear which one is the newest, such that I am just adding all items as a workaround.

Is there anything that I am missing to avoid ending up with dozens of items to select when assigning roles for a new pipeline that uses the same service connection?

Andreas Hessenthaler
  • 61
  • 1
  • 9
  • *It's not clear why there are multiple items and it's also unclear which one is the newest.* Looks like service principals are created with the same display name (even though the client ids are different). That's the reason why duplicate items are shown during the role assignment. – Lav G Mar 17 '20 at 13:32
  • May I know what's the status of this before the weekend? Does configure the service connection with full parameters can let you avoid this trouble? Free to comment below if you has any puzzle with that:-) – Mengdi Liang Mar 20 '20 at 08:12

1 Answers1

0

As design, one service connection map to one single service principal.

You issue mostly like you did not ever assign the actual service principal id to that service connection while you configure it. When the system finds there is no principal there, it will automatically create one for it in azure.

Please give the full parameters value there, including service principal id and secret, when you create the service connection.

enter image description here

Then you can just grant the permission to the currently used service principal.

Mengdi Liang
  • 17,577
  • 2
  • 28
  • 35
  • I have tried to find the dialog box that your screenshot shows and came across [this page](https://learn.microsoft.com/en-us/azure/devops/pipelines/library/connect-to-azure?view=azure-devops#create-an-azure-resource-manager-service-connection-with-an-existing-service-principal), however, this information is outdated and I can no longer switch from the simplified to the full view (which I believe is what your screenshot is showing) when configuring a service connection for Azure Resource Manager using service principal (automatic or manual). – Andreas Hessenthaler Mar 25 '20 at 08:14
  • @AndreasHessenthaler. I guess you enabled the new feature of service connection? If this, please check this: https://imgur.com/a/Bn7F4gb – Mengdi Liang Mar 25 '20 at 08:30