Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
[Feature Request] service-endpoint create needs option to specify pipeline policies
See original GitHub issueWhen you create a service connection via the GUI, you get a check box to specific “Allow all pipelines to use this connection”. This causes not only a POST connection to be sent to the _apis/serviceendpoint/endpoints REST API, but also a PATCH request to _apis/build/authorizedresources containing:
[{"authorized":true,"id":"the-resource-id","name":"the-resource-name","type":"endpoint"}]
If instead you use the CLI to create a service connection using:
az devops service-endpoint create ----service-endpoint-configuration foo.json
the PATCH request is not sent, and by default the service connection cannot be accessed by the pipeline until you enable that manually in the GUI. There may be a way to manipulate this permission using the az CLI (and if there is I’d love to know about it), it would be very convenience to add a command line option named something like --all-pipelines-use which would default the access to the service connection to all pipelines in the project. Even better would be explicit CLI support to manipulate access from specific pipelines if required.
Issue Analytics
- State:
- Created 4 years ago
- Comments:17 (6 by maintainers)
Top Results From Across the Web
Top Related Medium Post
Top Related StackOverflow Question
Troubleshoot Live Code
Top Related Reddit Thread
Top Related Hackernoon Post
Top Related Tweet
Top Related Dev.to Post
Top Related Hashnode Post
I can confirm that:
az devops service-endpoint update --id $DOCKER_CONNECTION_ID --enable-for-all
correctly sets the “Grant access permission to all pipelines” property for my recently created Docker Hub service connection, and I no longer need to use “az devops invoke --http-method patch …”.
Thank you very much!
@jfpanisset I am not exactly sure of this… but this is a probable explanation of the behavior you see.
When you are the owner of the service connection and you execute the first run of the pipeline that service connection is authorized to be used by the pipeline implicitly.
Problem happens when you try to use someone else’s service connection in your pipeline. The pipeline run will fail until either that service connection is marked to be authorized for all pipelines OR the owner of the service connection authorizes this one pipeline to be authorized by triggering the first run.
Using APIs this functionality of authorizing only a single pipeline for using a service connection is not exposed.