i am trying to have dedicated service connections per pipeline, so i have removed the "allow all pipelines to use this service connection" and i have pointed a task at the service connection, which works fine. But when i look in the service connection list under "policies" it doesnt show anythinf under "authorized pipelines", from an admin perspective it would be useful to see this. Am i doing something wrong? ive looked all over but cant find anything to suggest what it could be (ive tried in 2 different ado orgs aswell, they have the same issue)
This should relevant with our side, and be delayed due to the time.
If some pipelines created and executed not long ago, it will not display under authorized pipelines immediately. It needs some time to let it updated in the Service Connection page.
Some old pipeline which exists for several days, could be detected by the server. Then displayed under the authorized pipelines pattern:
Just wait for patience, if these pipeline still not display under authorized pipelines pattern. Please raise this issue on our official community: Microsoft Developer Community. We would involve the product group to investigate this abnormal issue.
Related
I have moved a website to a new on-prem server and I'm currently trying to make CI/CD work. The release pipeline was already configured since we have been using Azure devops for years. So the only thing I needed to do was to register the new server in the development group. I ran the registration script, added the proper tags and didn't set a specific account for the Windows service so the default account NT Authorization\System was used.
The problem is that when a release is triggered, the service doesn't seem to be able to list the site as part of the Manage IISwebsite task. It throws a weird error "The device is not ready". It does though manage to change the apppool. See the logs below:
I have ran the command myself directly on the server using my admin account and it works just fine. The NT Authorization\System is a super user and should have all rights granted by default as well, so I'm a bit clueless here..
Does anybody have any ideas, suggestions? What am I missing?
Thanks in advance.
/Kenia
I had the same problem. In my case the error message was misleading.
It turned out that the Physical path in the release pipeline was wrong. It worked after I changed it to the correct one.
I've got a free tier Azure Cloud Account. I used to have a project and requested a free agent for running pipelines. All was ok.
I deleted that project and created a new one.
I'm now trying to create a very basic Hello World kind of pipeline and getting it to run, to test things. The pipeline fails to run with the error below.
Error Message: No hosted parallelism has been purchased or granted. To request a free parallelism grant, please fill out the following form https://aka.ms/azpipelines-parallelism-request
I can see in my organization settings that I have that free agent available and 1800 mins/month of run time available. But i think that agent isn't getting used/found by my pipeline jobs.
I'm a noob at azure, so pardon me for any goof ups in the question.
You just write message to https://aka.ms/azpipelines-parallelism-request with your name, email, project etc. and after 24-48 hours you can run your pipeline
Microsoft comes with some temporary alternative approach until the automate is implemented to grant the permission for those users who requires the free hosted agent pools.
Now users needs to be drop the email to get the free tier access based on the project visibility types.
There is not a standard timeline for approval which someone can predict approval in days, but by considering the mass requests and manual approval process we can consider the timeline of 7 to 15 working days from your email.
For More information -> https://devblogs.microsoft.com/devops/change-in-azure-pipelines-grant-for-private-projects/
Solution: Just after posting this question, I thought of creating another project and make it private. I then ran a sample pipeline and it worked. So basically, my issue was that the pipeline granted to me was for a private project and not a public one. I had forgotten about it as i was revising azure after some time.
I am looking to find access logs for azure devops to
1) List time and date of authorized users who have accessed the code repository
2) List the changes made for all of the the repository and by whom
3) Assuage audit fears of unauthorized users downloading the code
Looks like there is auditing capabilities slotted in the roadmap but I need something now. I tried using the azure portals activity logs but I get zero results for azure devops events
Note: we do not use Active Directory integration yet
Any help is greatly appreciated
For auditing repo changes, every write operation in source control is part of its history.
For limiting read access, you already know the solution, because you said you aren't using it yet: Azure AD. Limit access to within your organization.
For auditing access, as you said, there is no solution yet, it's on the backlog. The reason it's on the backlog is because there is no way to do it at the moment.
I have been able to work in Azure APIM with no problems until yesterday. Another member on my team can edit and save with no problems; but my save to an Inbound Processing rule always fails with:
Could not save policy for "Access API 1.2" API. Please try again
later.
Thoughts?
Of Note:
Our companies security access team verifies that I am a contributor to APIM
I login in through the companies' two factor authentication system into Azure.
Same results on Edge/Chrome.
I can update individual endpoint api policies.
Our company opened a Microsoft Support ticket on this and their response was
You are running into a known issue with APIM integration with ARM. The
dev team is working on a fix for this issue now and we are told it
will get deployed by this evening.
The following day it was working for me
The APIM dev team fixed the issue late yesterday and you should now
see the ability to update policies for the API scope too.
Note to anyone running into this situation in the future the secondary advice given revolved around the browser which was
Make sure you’ll not pulling down cached files. Try loading an
in-private session or press CTRL+F5 to refresh the page and pull down
new files.
I made a web job for my azure website. It works when I click "Run Once" in the azure website web jobs tab but it doesn't work when I set it at determinate time every day.
The web job is marked as success but the it does nothing. I was checking the web jobs logs and it seems that there were five attempts but all of them shows: Http Action - Request to host '******.scm.azurewebsites.net' failed: The job is missing basic auth fields. I have the AzureWebJobsDashboard and AzureWebJobsStorage in the website config, the web job config and in the azure connection string config, I added them everywhere hoping for a fix but it didn’t work.
It was working fine yesterday but today I made a small change, when I uploaded the new version it didn’t work at the time it was set. The change was a new column in a sql query. Has anyone gotten this error? Thank you in advance for your help.
Loading the web job using the azure web page and then configuring the schedule solved the problem. I don´t know why my deploy from visual studio is not working with schedule when it worked fine 2 days ago.
Where exactly are you finding that "missing basic auth fields" error message? What type of scheduled job are you using? I suspect Azure Scheduler. Are you finding this error in the Azure Scheduler logs?
If you're in the Basic or Standard pricing tier, since you're using the WebJobs SDK, there is a simpler schedule mechanism that you can use. See TimerTrigger here.