Azure DevOps: Service connection is not being recognized

Question

I can't seem to authorize access to my Azure subscription in Azure DevOps to run a build whenever a commit is pushed to master. I keep getting the below error:

Also, when I click Authorize resources, it says the authorization was successful, but the next time I run the pipeline, I get the same exact error. I verified in Project settings -> Service connections that I have an active connection to the subscription.

How can I get around this issue? When I go to Deployment Center in Azure Functions and wire up the connection there, it creates a task-based pipeline, but I want to use yaml.

Answer 1

The above indicates the azureSubscription you specified in your azure function deployment task doesn't exist, or you didn't have permission.

If the service connection is already correctly setup, but you still encounter above error. You can follow below to troubleshoot the issue.

1. Check your yaml pipeline.

   The azure subscription is validated at compile time. If you use variables to reference the azure subscription yaml pipeline. You need to make sure the variable can be retrieved at compile time.

   You can check out this thread.

2. Check the service connection security setting.

   Go to project settings-->Service Connections under Pipelines--> Select your azure service connection --> More settings(3 dots)-->Security-->Try adding your pipeline to the Pipeline permissions list.

   

   If the azure subscription service connection is not set up. You need to create an service connection of azure Resource Manager type to connect to your azure subscription. See below steps:

3. Go to project settings-->Service Connections under Pipelines--> New Service connection-->Select Azure Resource Manager--> Next

   

4. Then select the Authentication method. If your Azure DevOps is connected to AAD. You can select Service principal (automatic) as Authentication method. This will automatically create a service principal in your Azure AD.

5. If you want to create new service principal. You can select Service principal (manual). See below document to create service principal in Azure

   Use the portal to create an Azure Active Directory application and a service principal that can access resources

   Use Azure PowerShell to create an Azure service principal with a certificate

6. Then enter the related information in the service connection configuration page.

   

After the your azure subscription service connection is created. You can use it in your yaml pipeline task by specify the service connection name. See below example:

- task: AzureFunctionApp@1
  displayName: Azure Function App Deploy
  inputs:
    azureSubscription: myAzureSubscription  

Note: You need to add the correct role assignment for above service principal to enable the service principal to deploy to your azure resources.

Answer 2

You must create a new connection from the task itself (you may need to use the advanced options to add an existing service principal).

• under "Azure subscription" click the name of the subscription you wish to use
• Click the drop down next to "Authorize" and open advanced options
• Click " use the full version of the service connection dialog."
• Enter all your credentials and hit save

Answer 3

I spent a while trying to figure out why I got the same problem. Compared my yaml to another yaml I had worked on previously and couldn't spot any problems, also verified the service connections.

But as @Levi Lu-MSFT mentions, verifying the yaml lead me to finding what caused my issue so I thought I'd share it here even though it's not 100% related:

My variables weren't indented correctly. I was a bit tired and thought DevOps was just goofing with me. So verify that your yaml is properly setup. Sometimes it can be really small things that causes these issues.