[Question]: @AzureFileCopy6 cannot find the storage account with WIF service connection if the UMI is in different subscription

[hancheng-ms]

Task name

AzureFileCopy

Task version

6.248.3

Environment type (Please select at least one enviroment where you face this issue)

• Self-Hosted
• Microsoft Hosted
• VMSS Pool
• Container

Azure DevOps Server type

dev.azure.com (formerly visualstudio.com)

Azure DevOps Server Version (if applicable)

No response

Operation system

MMS windows 2022

Question

My pipeline to upload file to blob storage hit this error: ##[error]Storage account: csdngpstorage not found. The selected service connection 'Service Principal' supports storage accounts of Azure Resource Manager type only.

I think the UMI has all necessary permissions (reader, container blob contributor and so on) to access this subscription. The task tried to set Set-AzContext against a different subscription where the storage account was not created in. This reminded me to an issue I hit before in my custom az script. Because we manually created the WIF service connection and use this single UMI to access all azure subscriptions in MS tenant, we just need to add the umi to be "reader" of these subs and it worked well for most devops pipelines. Except I need to add one line to select the right subscription context to the azCLI script to make it pick right subscription need to work on.

Does AzureFileCopy support this scenario? How can I pick the subscription in the AzureFileCopy? Do we need a feature change to this pipeline task?

[v-schhabra]

Hi @hancheng-ms
Thanks for reporting this issue.
Could you pls share the complete pipeline logs by adding the variable "system.debug" to true?

[hancheng-ms]

Upload the log in this file, AzureFileCopy6.log, also if you are MS employee you can use this link https://microsoft.visualstudio.com/OSGCXE/_build/results?buildId=111440037&view=logs&j=d9011fe4-49d8-516e-6af1-e5afc7ba01d4&t=be5330e2-f88e-5b94-f22f-9affc1ee0a93