boz987
commented
2 months ago Full discussion: https://github.com/microsoft/azure-pipelines-terraform/pull/214
Open andrewdmay opened 2 months ago
boz987
commented
2 months ago Full discussion: https://github.com/microsoft/azure-pipelines-terraform/pull/214
jaredfholgate
commented
2 months ago Starting this morning (4/30/2024) we have been getting this error when trying to run a Terraform plan or apply where the init was done with a Service Connection using Workload Identity Federation and using the
azurermbackend.Failed to load state: blobs.Client#Get: Failure responding to request: StatusCode=403 -- Original Error: autorest/azure: Service returned an error. Status=403 Code="AuthorizationPermissionMismatch" Message="This request is not authorized to perform this operation using this permission.
In our Azure DevOps extensions it appears that the extension updated from
0.1.25to0.1.24last night andTerraformTaskV4@4updated from4.227.24to4.238.25in the Azure DevOps logs.Terraform Version: 1.7.4.
We use a different Service connection for the Terraform state and the Terraform plan or apply.
There was an outage of WIF this morning, so I think that is what you were seeing here.
jaredfholgate
commented
2 months ago Starting this morning (4/30/2024) we have been getting this error when trying to run a Terraform plan or apply where the init was done with a Service Connection using Workload Identity Federation and using the
azurermbackend.Failed to load state: blobs.Client#Get: Failure responding to request: StatusCode=403 -- Original Error: autorest/azure: Service returned an error. Status=403 Code="AuthorizationPermissionMismatch" Message="This request is not authorized to perform this operation using this permission.
In our Azure DevOps extensions it appears that the extension updated from
0.1.25to0.1.24last night andTerraformTaskV4@4updated from4.227.24to4.238.25in the Azure DevOps logs.Terraform Version: 1.7.4.
We use a different Service connection for the Terraform state and the Terraform plan or apply.
There was an outage of WIF this morning, so I think that is what you were seeing here.
Apologies, it looks like the change did go live so likely the reason for this error. Will add a flag to revert to previous behaviour ASAP.
In the meantime you should be able to pin to the older version by specifying the full version as 4.227.24 per this article: https://blogs.blackmarble.co.uk/rfennell/pinning-specific-azure-devops-task-versions/?darkschemeovr=1
andrewdmay
commented
2 months ago Thanks for digging into this. I've gone ahead and pinned to the 4.227.24 version and that seems to fix the pipelines that were broken (we'd switched most of the backend service connections to using a service principal secret as a work around).
Being able to use a plan that's more than 10 minutes old will be a big improvement, but we will need to reorganize our service connections in preparation for using the same one for backend and environment.
srvmsr
commented
1 month ago Issue seems to be be still open , resulting in failures of all of our pipelines. Tagging verison of task to 4.227.24. can be a temp fix
mericstam
commented
1 month ago Hi, We have fix for the issue but we are having issues with the publisher authentication in the pipeline. As soon as that been resolved a new version will be published
mericstam
commented
4 weeks ago Update: We are still struggling with solving the authentication changes. Hopefully by the end of next week our new environment will be up and running.
mericstam
commented
1 week ago version 0.1.26 deployed
Starting this morning (4/30/2024) we have been getting this error when trying to run a Terraform plan or apply where the init was done with a Service Connection using Workload Identity Federation and using the
azurermbackend.In our Azure DevOps extensions it appears that the extension updated from
0.1.25to0.1.24last night andTerraformTaskV4@4updated from4.227.24to4.238.25in the Azure DevOps logs.Terraform Version: 1.7.4.
We use a different Service connection for the Terraform state and the Terraform plan or apply.