az repos requires user authentication despite successfull az login

Azure / azure-devops-cli-extension

Azure DevOps Extension for Azure CLI

https://docs.microsoft.com/en-us/cli/azure/ext/azure-devops/?view=azure-cli-latest

MIT License

617 stars 240 forks source link

az repos requires user authentication despite successfull az login #998

Open kkum opened 4 years ago

kkum commented 4 years ago

This is autogenerated. Please review and update as needed.

Describe the bug

Command Name az repos pr list Extension Name: azure-devops. Version: 1.25.7.

Errors:

The requested resource requires user authentication: https://dev.azure.com/MYPROJECT/some-guid/_apis/git/repositories/another-guid/pullRequests?searchCriteria.includeLinks=False

To Reproduce:

Steps to reproduce the behavior. Note that argument values have been redacted, as they may contain sensitive information.

az login (succesfully display output)
az repos pr list

Expected Behavior

list the pr of the MYPROJECT

Environment Summary

Windows-10-10.0.18362-SP0
Python 3.6.6
Installer: MSI

azure-cli 2.5.0 *

Extensions:
azure-devops 1.25.7

Additional Context

smunj commented 4 years ago

you need to set your default org and project using az devops configure -d organization={org_name} project={project_name} and you should login using az devops login

you will be able to view your repo list without authentication

whatisalwaystrue commented 3 years ago

@smunj The issue is with using MSA accounts via az login which the docs say are supported. Your example uses az devops login which prompts for a token. Do you have a solution for MSA accounts?

amccool commented 2 years ago

az login
az devops configure --defaults organization=https://dev.azure.com/yyyy project=zzzzz
$prs = az repos pr list --status completed | ConvertFrom-Json

the following code fails at the az repos pr list command with: 'Access Denied: The Personal Access Token used has expired.'

tillig commented 1 year ago

Just ran into this in the context of trying to run this in an Azure DevOps build pipeline. Had to set the environment to use the PAT from the build principal. The AzureCLI@2 task automatically does the az login part but without setting the PAT explicitly the az repos pr command failed due to authentication.

- task: AzureCLI@2
  displayName: "Ensure PR is set to auto-complete"
  condition: eq(variables['Build.Reason'], 'PullRequest')
  env:
    AZURE_DEVOPS_EXT_PAT: $(System.AccessToken)
  inputs:
    azureSubscription: $(azureDevOpsSubscription)
    scriptType: pscore
    scriptLocation: inlineScript
    inlineScript: |
      $autoComplete = az repos pr show --org $(System.CollectionUri) --id $(System.PullRequest.PullRequestId) --query autoCompleteSetBy.id -o tsv
      If (-not $autoComplete) {
        Write-Host "##vso[task.logissue type=error]Pull requests must be set to auto-complete so there is no gap between approval/deployment and merging back to master. Set the PR to auto-complete and re-queue the build."
        exit 1
      }

Venkat2694 commented 3 months ago

Hi @tillig,

Thanks for the syntax of Azure CLI task. Could you please guide me how to give access to DevOps for azureSubscription: $(azureDevOpsSubscription).

We are using Azure RM Service connection connection in DevOps which is used by service principal authentication. I need to give access to read repos and apply branch policies, status check in Azure Repos.

Please help me on this

Thanks, Venkatraman N