AzureFunctionAppV1 and AzureRmWebAppDeploymentV4 fail when used with Management Group Service Connection

cstrempfer commented 3 years ago

Copied from #13779, because it was closed incorrectly and nobody reopened it since 3 months.

Justification:

Service Connections support Management Groups
App Service Tasks support Service Connections
App Service Tasks fail if used with a Management Group Service Connection => Bug, because it isn't compatible with the Azure Pipelines' standard and users cannot fix it themselves

Required Information

Question, Bug, or Feature? Type: Bug?

Enter Task Name: AzureFunctionAppV1 and AzureRmWebAppDeploymentV4

Environment

Server - Azure Pipelines
- If using Azure Pipelines, provide the account name, team project name, build definition name/build number: not specific to our environment....
Agent - Hosted
- If using Hosted agent, provide agent queue name: Azure Pipelines

Issue Description

When using the two mentioned tasks to deploy a WebApp/FunctionApp we get the error: "'subscriptionId' cannot be null" when using a Management Group Service connection. Checking the code both tasks don't support the subscriptionId yet. Using the tasks with the normal Subscription Level Service connection works fine.

Task logs

[error]Error: 'subscriptionId' cannot be null.

Error logs

[error]Error: 'subscriptionId' cannot be null.

cstrempfer commented 3 years ago

It could be easily avoided if there would be an optional "subscriptionId" parameter in addition to the "azureSubscription" parameter (which is actually pointing to a service connection), and if its value would be applied in case that a service connection with Management Group is selected. If you put this logic into "InitializeAzModuleFunctions.ps1" you could use the same mechanism for other Pipeline Tasks as well, because I've seen other bug reports for similar issues.

20shivangi commented 3 years ago

@cstrempfer As pointed out earlier, Management Group service connection will not work for deploying to a web app. Since Management Group service connection does not take subscription id while creation but for deploying to resources like a web app, we do need the subscription id. And for your idea of being having an optional "subscriptionId" parameter in case of Management Group service connection, we will reach out to PMs and confirm about this requirement.

cstrempfer commented 3 years ago

@20shivangi I'm not sure we are on the same page here, because I don't know which PMs you mean (those of the Service Connection or those of the Tasks?). Service connections should not have an additional subscription id, because that would defeat the purpose of using management groups in service connections. My suggestion was to add a subscription id to the pipeline tasks, so that it can handle both kinds of service connections.

Trying to put the subscription id anywhere else would ignore increasing adoption of management groups. I created this as a bug, because there is no obvious reason for not supporting Management Groups already and because there is no documented limitation.

20shivangi commented 3 years ago

@cstrempfer I totally agree what you said "Service connections should not have an additional subscription id, because that would defeat the purpose of using management groups in service connections."

What I am saying is that , having an optional "subscriptionId" parameter in addition to the "azureSubscription" parameter (which is actually pointing to a service connection), and its value would be applied in case that a service connection with Management Group is selected, we will confirm this with our PMs about this.

KZeronimo commented 3 years ago

@20shivangi any update on this - in general, the Tasks ecosystem needs to catch up with management group scoped service connections - AzureResourceManagerTemplateDeployment@3 is a good pattern with a clear separation of the required params

azureResourceManagerConnection for the service connection and subscriptionId for the subscription id

github-actions[bot] commented 3 years ago

This issue is stale because it has been open for 180 days with no activity. Remove the stale label or comment on the issue otherwise this will be closed in 5 days

nadesu commented 3 years ago

@v-jkarri for visibility, @vijayma for prioritisation

github-actions[bot] commented 2 years ago

This issue is stale because it has been open for 180 days with no activity. Remove the stale label or comment on the issue otherwise this will be closed in 5 days

cstrempfer commented 2 years ago

Still waiting for a solution...

SamBonavika commented 2 years ago

Allow me to add my 2 cents:

Half of Microsoft pushes really hard to promote a top-down strategy for managing policy and security ...

Half of Microsoft pushes really hard to "empower" the Azure DevOps user community to create truly dynamic CI/CD pipeline implementations ...

But unfortunately, these two halves never seem to intersect, leaving those of us who really really REALLY want to invest in the entire MS tech stack out in the cold pulling our hair and gnashing our teeth in ABJECT FRUSTRATION!!!!

Please escalate this issue to a Tech PM who has actually USED these products and who understands how the omission of a seemingly trivial feature can result in such chaos to the user community.

FinVamp1 commented 2 years ago

Hi, I am following up on this request and will come back to you on this thread.

Codemagedon commented 2 years ago

@FinVamp1 do we have any updates for this, those of us in the MSP and SI space are really interested in a working product here and I am personally really bored of writing workaround PowerShell scripts or having to directly scope to a subscription.

FinVamp1 commented 1 year ago

Hello,

This is an enhancement for the agent overall that the team is tracking. Adding @geekzter to help

github-actions[bot] commented 1 year ago

This issue is stale because it has been open for 180 days with no activity. Remove the stale label or comment on the issue otherwise this will be closed in 5 days

cstrempfer commented 1 year ago

Another year passes by ...

steve-carlson commented 1 year ago

Wondering how this is still an issue that has been left unresolved by MS. A comment that is over a year old at this point by SamBonavika could not be more spot on yet there is absolutely no response to these challenges and concerns which makes this even more frustrating.

FinVamp1 commented 1 year ago

Hello, I'm following up with the Azure DevOps to help understand if there is another work item tracking overall Task Support for Management Group Service Connections as opposed to implementing for specific Tasks as asked in this item.

FinVamp1 commented 1 year ago

@geekzter Can you update this work item with the plans for this?

FMERI001 commented 1 year ago

Any word from MS on this issue?

FinVamp1 commented 10 months ago

Updated the labels and my assignment. @geekzter can follow up on this.

github-actions[bot] commented 3 months ago

This issue is stale because it has been open for 180 days with no activity. Remove the stale label or comment on the issue otherwise this will be closed in 5 days

cstrempfer commented 3 months ago

😴

SamBonavika commented 3 months ago

Anyone? Anyone? Bueller???

msterin commented 3 weeks ago

bump. Any update ?

microsoft / azure-pipelines-tasks