0

I have created an end-to-end CI/CD pipeline in Azure DevOps. I am trying to clone the original repository and create new pipelines using the Azure CLI(v1), using the below command:

az pipelines create --name {PIPELINE_NAME} --description {PIPELINE_DESCRIPTION} --repository {REPOSITORY_NAME} --branch {BRANCH_NAME} --repository-type {tfsgit} --project {PROJECT_NAME} --organization {ORGANIZATION_NAME} --yml-path {YAML_PATH} --service-connection {SERVICE_CONNECTION_NAME} --subscription {SUBCRIPTION_ID} --skip-first-run {true}

I am trying to execute the newly created pipeline using the below command:

az pipelines build queue --branch {BRANCH_NAME} --org {ORGANIZATION_NAME} --project {PROJECT_NAME} --definition-id {PIPELINE_ID} --subscription {SUBCRIPTION_ID}

The problem is, after executing the above commands, I always need to go to the Azure DevOps portal and manually authorize the pipeline to use the Service Connection. It shows a message like this in the portal This pipeline needs permission to access a resource before this run can continue.

I am using this command to log in to the portal echo {PAT} | az devops login --organization {ORGANIZATION_NAME}.

How can I avoid this problem of not going to the portal every time to authorize the pipeline to use the service connection? Is there a way I can do this using the CLI? enter image description here

PS: All the above commands are executed using Python SubProcess.

Saugata Paul
  • 59
  • 1
  • 9

1 Answers1

1

According to the description, you could check the following steps:

  1. Please check the security of the service connection: Project Settings>Pipelines>Service connections name (the service connection you use in the YAML pipeline)>…(In the upper right corner of the service connection page)>Security, then you can check whether there is a YAML pipeline you authorized under Pipeline permissions. You could also try to grant access permission to all pipelines.

  2. Check the pipeline permissions. Project Collection Administrators, Project Administrators, and Build Administrators are given all of the above permissions by default.

Hitesh Sahu
  • 41,955
  • 17
  • 205
  • 154
Ging Yuan-MSFT
  • 689
  • 2
  • 6
  • Thanks for the reply. Is there a way we can give these permissions using the Azure CLI, instead of going back to the DevOps UI? – Saugata Paul Jun 29 '22 at 05:32
  • Have you checked if it works when you set the permissions? – Ging Yuan-MSFT Jun 29 '22 at 07:35
  • @SaugataPaul did you get chance to try above – noor syyed Jan 24 '23 at 14:27
  • I too have a similar scenario, where I'm using script files location in another repo, which I referenced in my pipeline yaml. I don't want this permission flout the very first time I run pipeline, want to pre authorise for all pipelines, as my shared scripts is another repo in same team project I don't have to use service connections – noor syyed Jan 24 '23 at 14:32