Az pipeline create command does not work with login using Service Principal or PAT Token in Azure Pipelines

[AbhishekB15]

Describe the bug "az pipeline create" command does not work with az login using Service Principal or PAT Token. User Authentication is required for creation of this resource using Azure Pipeline. However, if we try to do user authentication in Azure pipeline, it is also supported "az login -u <> -p <>" use in azure pipeline gives below error.

"Logging in through command line is not supported. For cross-check, try 'az login' to authenticate through browser."

To Reproduce Azure Cli Version: Powershell task in Azure Pipeline Use az --version Look for something like- azure-cli (2.0.70)

Azure-Devops extension version: 0.18.0 Use az --version Look for something like- Extensions: azure-devops (0.18.0)

Steps to reproduce the behavior:

1. login using az login -u <> -p <> in Azure Pipelines
2. setup defaults..
3. Run command.... "az pipelines create --name "" --description "" --repository <> --repository-type tfsgit --branch master --yml-path <>"
4. See error

Expected behavior A clear and concise description of what you expected to happen. The azure devops pipeline should get created using Service Prinicpal or PAT token authentication

Screenshots If applicable, add screenshots to help explain your problem.

Debug logs Add the output of the command running it with debug mode (--debug) 2020-05-06T17:19:23.3670636Z Logging in through command line is not supported. For cross-check, try 'az login' to authenticate through browser. 2020-05-06T17:19:25.4113305Z Extension 'azure-devops' is already installed. 2020-05-06T17:19:29.3636841Z This command is in preview. It may be changed/removed in a future release. 2020-05-06T17:19:30.4908067Z The requested resource requires user authentication: https://dev.azure.com/XXXXXXXXXXX/c9d62b77-2134-480b-a41f-e60c78cd23dc/_apis/distributedtask/queues

Additional context Add any other context about the problem here.

[vsaroopchand]

Try az devops login with your PAT, see docs here. You run az devops login before any az pipeline commands.

[carlosonunez]

I also ran into this issue upon providing the PAT as an environment variable. I would have liked to use az devops login and specify the PAT that way, but I then ran into this issue.

[jkewley]

Fairly certain that this used to work. We tested the scenario where users were logged in to CLI with one account while using a PAT from another. Our script creates a pipeline and board items by piping a PAT to az devops login. It worked until recently, seemingly when users upgraded CLI to 2.11.1 from 2.9.1

$env:AZURE_DEVOPS_EXT_PAT | az devops login --organization $organizationUrl
az devops configure --defaults organization="$($organizationUrl)" project="$($Project)"
...
az pipelines create --organization=$($organizationUrl) --project='$($Project)' --name $($pipelineName) --repository $($Repo.$unit) --folder-path parent/$($Child) --branch master --yml-path $AppName_Title/$yamlFileName --repository-type TfsGit --skip-first-run true

What's interesting is that the error surfaces as lack of access to the repository where the yaml file is stored.

TF401019: The Git repository with name or identifier REPO_NAME does not exist or you do not have permissions for the operation you are attempting.

Looking at #1050 I wonder if there isn't something else going on with repos

[Daleyon]

Today, I finally resolved my error by trying This specifically, the example: cat my_pat_token.txt | az devops login --organization https://dev.azure.com/contoso/.

In my case, I stored my txt file on the 'D:\a\1\s...' path then PowerShell task filepath. Within ps1 file: $AzureDevOpsPAT = Get-Item -Path $KVPath | Get-Content -TotalCount 1 ... $AzureDevOpsPAT | az devops login --organization $orgUrls

I will admit it was glitchy at first 😂 Hopefully soon there is a permanent fix.