search

bryanbcook / azdevops-testplan-extension

Azure DevOps extension that can publish cross-platform test results to a Test Plan
13 stars 4 forks source link

##[error]TF400813: The user is not authorized to access this resource. #8

Closed quotschmacher closed 7 months ago

quotschmacher commented 7 months ago

Description

The run of the pipeline stops with the following error: ##[error]TF400813: The user 'aaaaaaaa-aaaa-aaaa-aaaa-aaaaaaaaaaaa' is not authorized to access this resource.

provide sample usage of the task, if applicable

steps:
- task: bcook.azdevops-testplan-extension.publishtestplanresults.PublishTestPlanResults@0
  displayName: 'Publish Test Results'
  inputs:
    testPlan: 'UI Test mit Testcafe'
    testResultFormat: xUnit
    testResultDirectory: '$(System.DefaultWorkingDirectory)'
    testResultFiles: 'testcafe/**/report.xml'

The result is

Starting: Publish Test Results
==============================================================================
Task         : Publish Test Plan Results
Description  : Publishes cross-platform test results (xUnit, JUnit) to an Azure DevOps Test Plan
Version      : 0.1.6
Author       : Bryan Cook
Help         : 
==============================================================================
##[error]TF400813: The user 'aaaaaaaa-aaaa-aaaa-aaaa-aaaaaaaaaaaa' is not authorized to access this resource.
Finishing: Publish Test Results

With the following environment:

Tried to run it with multiple users

image

but the error message still prompts the same user id.

Screenshots DId some research and already assured that this option is activated image

bryanbcook commented 7 months ago

I don't think the oAuth setting in your image is related. It's for connecting third-party services like TerraForm Enterprise to independently consume data from Azure DevOps.

The manifest of this extension declares which 'scopes' (permissions) are required. The built-in agent should have these permissions by default.

Few questions:

Few things that you can try:

quotschmacher commented 7 months ago

the Test Plan is in the same Project as the pipeline

yes

have you made customizations to the permissions in the project to limit access to Test Plans?

don't know - have to ask my admin tomorrow...

You mentioned you tried it with multiple users. How are you doing this?

this is why i posted the screenshot - the scheduled task is for another user, the manually triggered task is for me - don't know if this has any impact on the user runnig the test.

Run the pipeline with diagnostics enabled or set the system.debug

##[debug]Evaluating condition for step: 'Publish Test Results'
##[debug]Evaluating: succeeded()
##[debug]Evaluating succeeded:
##[debug]=> True
##[debug]Result: True
Starting: Publish Test Results
==============================================================================
Task         : Publish Test Plan Results
Description  : Publishes cross-platform test results (xUnit, JUnit) to an Azure DevOps Test Plan
Version      : 0.1.6
Author       : Bryan Cook
Help         : 
==============================================================================
##[debug]Using node path: /home/vsts/agents/3.232.3/externals/node16/bin/node
##[debug]agent.TempDirectory=/home/vsts/work/_temp
##[debug]loading inputs and endpoints
##[debug]loading INPUT_ACCESSTOKEN
##[debug]loading INPUT_COLLECTIONURI
##[debug]loading INPUT_PROJECTNAME
##[debug]loading INPUT_TESTPLAN
##[debug]loading INPUT_TESTRESULTFORMAT
##[debug]loading INPUT_TESTRESULTDIRECTORY
##[debug]loading INPUT_TESTRESULTFILES
##[debug]loading INPUT_TESTCASEMATCHSTRATEGY
##[debug]loading INPUT_TESTCASEPROPERTY
##[debug]loading INPUT_TESTCASEREGEX
##[debug]loading INPUT_TESTCONFIGPROPERTY
##[debug]loading INPUT_DRYRUN
##[debug]loading INPUT_TESTRUNTITLE
##[debug]loading ENDPOINT_AUTH_SYSTEMVSSCONNECTION
##[debug]loading ENDPOINT_AUTH_SCHEME_SYSTEMVSSCONNECTION
##[debug]loading ENDPOINT_AUTH_PARAMETER_SYSTEMVSSCONNECTION_ACCESSTOKEN
##[debug]loaded 16
##[debug]Agent.ProxyUrl=undefined
##[debug]Agent.CAInfo=undefined
##[debug]Agent.ClientCert=undefined
##[debug]Agent.SkipCertValidation=undefined
##[debug]reading TestContextParameters from task inputs.
##[debug]accessToken=$(System.AccessToken)
##[debug]collectionUri=https://xxx.visualstudio.com/
##[debug]projectName=xxxWeb
##[debug]testPlan=UI Test mit Testcafe
##[debug]testConfigFilter=undefined
##[debug]testConfigAliases=undefined
##[debug]SYSTEM_DEBUG=True
##[debug]task result: Failed
bryanbcook commented 7 months ago

It looks like the value for accessToken isn't being resolved in your pipeline. Is this a YAML-based pipeline or a classic ui-designer based pipeline?

YAML-based pipelines always have access to the $(System.AccessToken). From my YAML pipeline, it shows as:

##[debug]accessToken=***

If this is a Classic UI-Designer based pipeline, you need to grant the pipeline access to the oAuth token.

image

bryanbcook commented 7 months ago

I was able to reproduce your error using a Classic Designer Pipeline without granting it access to the OAuth token. So for your immediate concerns, you should be able to set the "Allow scripts to access the OAuth token" outlined above to unblock you.

Some research suggests that custom tasks should be able to access the System.AccessToken through the ENDPOINT_AUTH_PARAMETER_SYSTEMVSSCONNECTION_ACCESSTOKEN.

bryanbcook commented 7 months ago

I'm closing this because the applied fix should resolve your issue.

Please let me know if you continue to see errors related to this. Otherwise, open a new issue.

quotschmacher commented 7 months ago

forgot to answer yesterday.... yes - "allow scripts to access the oauth token" did it for me. if this is still required maybe you shoul add it to the readme.

bryanbcook commented 7 months ago

It's no longer required. I've added code that allows custom tasks to access the accesstoken natively, so no changes are required at the pipeline level.