I’ve written a simple AzureCLI script which should update a variable group value for a project. I’ve tested the script locally and this workds find so I know its an ADO issue, this script is:
echo $Pat_key| az devops login
az devops configure -d organization=https://dev.azure.com/****/ project=***
az pipelines variable-group variable update --id 365 --name release.version --value **-Release-1.2.0
I’ve tried a few differnt flavours, either running in powershell or adding the PAT token manually or not at all and either get AzureCLI just hanging and not progressing the task. If I get an error message, this is what I get:
ERROR: TF400813: The user 'aaaaaaaa-aaaa-aaaa-aaaa-aaaaaaaaaaaa' is not authorized to access this resource.
Any help would be amazing. Thanks again!
2
Answers
The error shows that the user accessing the resources with anonymous access.
I hope you are logged in with
az devops loginonly once when running the pipeline. If not avoid multiple logins.Steps to fix the issue:
I had the same issue as well. Locally in powershell this was working fine, only through azure devops pipelines I got this error.
Locally it worked so definitely its not a PAT issue.
Later I figured out you dont even have to use azure devops login before running azure devops configure if you are using PAT as environment variable.
Here is an example
displayName: Test run
condition: and(succeeded())
env:
AZURE_DEVOPS_EXT_PAT: $(AZURE_DEVOPS_EXT_PAT)
Create a variable group with the above name and set it as secret value.
Refer this for more info
https://learn.microsoft.com/en-us/azure/devops/cli/log-in-via-pat?view=azure-devops&tabs=windows