I am using a Full Access PAT token to query and create workitems/bugs when some of my tests fail. Locally it all works perfectly fine when I feed it my PAT manually and is able to create the workitems.
However, in my release pipeline I am integrating my code using .NET Core task and have my PAT set as a secret variable in my pipeline. I have mapped my PAT to a environment variable.
env:
Mapped_PAT: $(PAT)
And then I use the following C# code in the pipeline to access the value of Mapped_PAT:
string mapped_pat = Environment.GetEnvironmentVariable("MAPPED_PAT", EnvironmentVariableTarget.Process);
When the release pipeline runs it builds fine, yet when it gets to using the PAT it outputs the following exception error:
Unhandled exception. Microsoft.VisualStudio.Services.Common.VssUnauthorizedException: VS30063: You are not authorized to access https://dev.azure.com.
2023-03-30T19:32:02.8705595Z at Microsoft.VisualStudio.Services.Common.VssHttpMessageHandler.SendAsync(HttpRequestMessage request, CancellationToken cancellationToken)
2023-03-30T19:32:02.8709311Z at System.Net.Http.HttpClient.<SendAsync>g__Core|83_0(HttpRequestMessage request, HttpCompletionOption completionOption, CancellationTokenSource cts, Boolean disposeCts, CancellationTokenSource pendingRequestsCts, CancellationToken originalCancellationToken)
2023-03-30T19:32:02.8710466Z at Microsoft.VisualStudio.Services.WebApi.VssHttpClientBase.SendAsync(HttpRequestMessage message, HttpCompletionOption completionOption, Object userState, CancellationToken cancellationToken)
2023-03-30T19:32:02.8711424Z at Microsoft.VisualStudio.Services.WebApi.VssHttpClientBase.SendAsync[T](HttpRequestMessage message, Object userState, CancellationToken cancellationToken)
2023-03-30T19:32:02.8713547Z at Microsoft.VisualStudio.Services.WebApi.VssHttpClientBase.GetResourceLocationsAsync(Boolean allHostTypes, Object userState, CancellationToken cancellationToken)
2023-03-30T19:32:02.8714732Z at Microsoft.VisualStudio.Services.WebApi.VssHttpClientBase.EnsureResourceLocationsPopulated(Object userState, CancellationToken cancellationToken)
2023-03-30T19:32:02.8715955Z at Microsoft.VisualStudio.Services.WebApi.VssHttpClientBase.GetResourceLocationAsync(Guid locationId, Object userState, CancellationToken cancellationToken)
2023-03-30T19:32:02.8718068Z at Microsoft.VisualStudio.Services.WebApi.VssHttpClientBase.CreateRequestMessageAsync(HttpMethod method, IEnumerable`1 additionalHeaders, Guid locationId, Object routeValues, ApiResourceVersion version, HttpContent content, IEnumerable`1 queryParameters, Object userState, CancellationToken cancellationToken, String mediaType)
2023-03-30T19:32:02.8719344Z at Microsoft.VisualStudio.Services.WebApi.VssHttpClientBase.SendAsync[T](HttpMethod method, IEnumerable`1 additionalHeaders, Guid locationId, Object routeValues, ApiResourceVersion version, HttpContent content, IEnumerable`1 queryParameters, Object userState, CancellationToken cancellationToken)
Anyone have any ideas what I might be missing for it to properly find the secret PAT in the pipeline? I know my PAT isn't expired and has full access, so I am kinda confused.
I have tried checking that in fact the mapped_pat environment value does receive a value from the PAT, which it does as in the pipeline logs it shows ***. I was expecting the mapping to work since the PAT on its own cannot be called since it is secret and must be mapped to a new variable.
I read from a Microsoft employee on a webpage that PATs have trailing commas, so I am currently attempting it with a Mapped_PAT.Trim(','); However I am not too sure this will work as it was a single comment on a thread with no likes.
Solution In the end I used a SYSTEM_ACCESSTOKEN in the environment variable section of the azure pipeline: azure pipeline usage
