Closed anstein-msft closed 1 month ago
Additional Context:
The same service connection in the same pipeline, DOES successfully execute the Power Platform Import Solution step.
Getting the same issue regardless of service connections. WhoamI works fine and other functions work fine too.
Noting that the service principal ID also doesn't match with the actual service principal ID.
For an App / Service Principal to talk to the Admin endpoints, it needs to be registered with the BAP Admin API.
The simplest way to do this is with the PAC CLI via pac admin application register --application-id [AppID]
, which will need to be run by another user that has the proper permissions.
(The documentation on this, Registering an admin management application, needs to updated to reflect that the PAC Command works for this.)
Describe the bug Power Platform Backup Environment does not work with managed identity.
To Reproduce Steps to reproduce the behavior:
Assign the Managed Identity as the Identity of a hosted/self-hosted ADO pool (or scale set, as appliable)
Set up a classic release pipeline with a "Power Platform Backup Environment" step, configured to use the ADO service connection created in step 1.
Expected behavior
Backup step completes without error.
Actual Result
Backup step fails with following log message:
`2024-08-02T20:40:37.0626589Z ##[section]Starting: Power Platform Backup Environment 2024-08-02T20:40:37.0630300Z ============================================================================== 2024-08-02T20:40:37.0630389Z Task : Power Platform Backup Environment 2024-08-02T20:40:37.0630461Z Description : Power Platform Backup Environment 2024-08-02T20:40:37.0630517Z Version : 2.0.74 2024-08-02T20:40:37.0630561Z Author : Microsoft 2024-08-02T20:40:37.0630620Z Help : https://aka.ms/buildtoolsdoc Ideas, feedback: https://github.com/microsoft/powerplatform-build-tools/discussions 2024-08-02T20:40:37.0630723Z ============================================================================== 2024-08-02T20:40:37.2007507Z [ 'authN to admin API: authType=SPN; cloudInstance: Public' ] 2024-08-02T20:40:39.9386838Z [ 2024-08-02T20:40:39.9387966Z "'' authenticated successfully." 2024-08-02T20:40:39.9388382Z ] 2024-08-02T20:40:41.0054300Z [ 'Authentication profile created' ] 2024-08-02T20:40:41.0490612Z [ 2024-08-02T20:40:41.0491474Z ' UNIVERSAL : ** Public ' 2024-08-02T20:40:41.0491721Z ] 2024-08-02T20:40:41.0491899Z [ '' ] 2024-08-02T20:40:41.1981514Z [ 2024-08-02T20:40:41.1982767Z "The Authentication Result: '' authenticated successfully.,Authentication profile created, * UNIVERSAL : Public ," 2024-08-02T20:40:41.1983119Z ] 2024-08-02T20:40:41.1988886Z Discovered environment url from explicit input parameter 'Environment': 2024-08-02T20:40:41.1996432Z [ 2024-08-02T20:40:41.1996969Z 'Calling pac cli inputs: admin backup --environment --label Full Backup - 20240801.2' 2024-08-02T20:40:41.1997209Z ] 2024-08-02T20:40:42.5886991Z [ 'Connected as ' ] 2024-08-02T20:40:44.3895065Z [ '' ] 2024-08-02T20:40:44.3895659Z [ 'Backing up your environment with label : Full Backup - 20240801.2' ] 2024-08-02T20:40:44.5664089Z [ 'Microsoft PowerPlatform CLI' ] 2024-08-02T20:40:44.5668248Z [ 'Version: 1.33.5+g1621296' ] 2024-08-02T20:40:44.5670911Z [ 'Online documentation: https://aka.ms/PowerPlatformCLI' ] 2024-08-02T20:40:44.5671320Z [ 2024-08-02T20:40:44.5671778Z 'Feedback, Suggestions, Issues: https://github.com/microsoft/powerplatform-build-tools/discussions' 2024-08-02T20:40:44.5672086Z ] 2024-08-02T20:40:44.5677084Z [ '' ] 2024-08-02T20:40:44.5677323Z [ 2024-08-02T20:40:44.5678928Z "Error: The service principal with id '' for application does not have permission to access the path 'https://10.0.5.15:21093/providers/Microsoft.BusinessAppPlatform/environments//backups?api-version=2020-08-01' in tenant ."
2024-08-02T20:40:44.5679537Z ]
2024-08-02T20:40:44.5679712Z [ '' ]
2024-08-02T20:40:44.5679865Z [ '' ]
2024-08-02T20:40:44.7233532Z ##[error]error: 1
2024-08-02T20:40:44.7240579Z ##[error]failed: Connected as ***
Backing up your environment with label : Full Backup - 20240801.2 Microsoft PowerPlatform CLI Version: 1.33.5+g1621296 Online documentation: https://aka.ms/PowerPlatformCLI Feedback, Suggestions, Issues: https://github.com/microsoft/powerplatform-build-tools/discussions
Error: The service principal with id '' for application does not have permission to access the path 'https://10.0.5.15:21093/providers/Microsoft.BusinessAppPlatform/environments//backups?api-version=2020-08-01' in tenant .
2024-08-02T20:40:46.3139434Z [ 'Authentication profiles and token cache removed' ] 2024-08-02T20:40:46.4931020Z [ 2024-08-02T20:40:46.4931581Z 'The Clear Authentication Result: Authentication profiles and token cache removed' 2024-08-02T20:40:46.4931723Z ] 2024-08-02T20:40:46.4935856Z ##[error]Error: Connected as ***
Backing up your environment with label : Full Backup - 20240801.2 Microsoft PowerPlatform CLI Version: 1.33.5+g1621296 Online documentation: https://aka.ms/PowerPlatformCLI Feedback, Suggestions, Issues: https://github.com/microsoft/powerplatform-build-tools/discussions
Error: The service principal with id '' for application does not have permission to access the path 'https://10.0.5.15:21093/providers/Microsoft.BusinessAppPlatform/environments//backups?api-version=2020-08-01' in tenant .
2024-08-02T20:40:46.4994221Z ##[section]Finishing: Power Platform Backup Environment `
Desktop (please complete the following information):