Azure-devops-docs: Handling of $(System.AccessToken) for Windows agent in the doc seems wrong.
Hi, I found a sample code in the document is bit wrong. In the azure-pipelines-steps-win.yml, the process to handover token to azure devop CLI is define as follows.
- script: echo $(System.AccessToken) | az devops login
env:
AZURE_DEVOPS_CLI_PAT: $(System.AccessToken)
displayName: 'Login Azure DevOps Extension'
From a document regards to $(System.AccessToke), user should explicitly map $(System.AccessToken) to the environment variable inside Agents.
Thus, I think example yaml should be something like:
- script: echo $AZURE_DEVOPS_CLI_PAT | az devops login
env:
AZURE_DEVOPS_CLI_PAT: $(System.AccessToken)
displayName: 'Login Azure DevOps Extension'
In fact "AZURE_DEVOPS_CLI_PAT" is already defined via env section in the current example yaml as well.
Is this document's problem or am I missing something?
Document Details
⚠Do not edit this section. It is required for docs.microsoft.com ➟ GitHub issue linking.
- ID: f9480b69-ca1f-55bc-8505-49c51d9f205e
- Version Independent ID: 03df29bf-108d-6ffc-bb3e-b29fb8a1e46c
- Content: Azure DevOps CLI in Azure Pipeline YAML - Azure DevOps
- Content Source: docs/cli/azure-devops-cli-in-yaml.md
- Product: devops
- Technology: devops-ref
- GitHub Login: @KathrynEE
- Microsoft Alias: geverghe
shunkino
All 3 comments
@WilliamAntonRohm - Please assign this to one of the Azure Pipelines writers. This isn't my content area.
KathrynEE
on 11 Mar 2020
@KathrynEE -- Kathryn, thank you for clarifying.
@geverghe -- George, please look into this issue.
WilliamAntonRohm
on 12 Mar 2020
I can't find any way of successfully logging into Azure devops cli using $(System.AccessToken) on either Windows or Linux (different error), following the documentation https://docs.microsoft.com/en-us/azure/devops/cli/azure-devops-cli-in-yaml?view=azure-devops and trying various variations on different plaforms.
Is this even supported? The only alternative is PAT which isn't ideal for Pipelines e.g. manually replace PAT tokens stored in Azure KeyVault / Pipeline variable periodically.
This alternative is not relevant (PAT): https://github.com/MicrosoftDocs/azure-devops-docs/issues/9178
This issue looks the same as here: https://developercommunity.visualstudio.com/content/problem/969087/using-the-azure-devops-cli-in-a-deployment-pipelin.html (can't call az pipelines variable-group list with OAuth token too, I will report it to Product Team)
- script: echo $AZURE_DEVOPS_CLI_PAT | az devops login --organization $(AZDO_ORG_SERVICE_URL)
env:
AZURE_DEVOPS_CLI_PAT: $(System.AccessToken)
displayName: 'Login Azure DevOps Extension'
Error:
Failed to authenticate using the supplied token
Full YML Pipeline below (Windows agent):
# Example of using System.AccessToken (rather than PAT) to authenticate with azure cli devops extension.
# NB: DOES NOT WORK.
# https://aka.ms/yaml
trigger:
- master
variables:
AZDO_ORG_SERVICE_URL: 'https://dev.azure.com/myorg'
project_name: 'projname'
repo_name: 'javaappexample'
pool:
# vmImage: 'ubuntu-18.04'
vmImage: 'windows-2019'
steps:
- script: echo Hello, world!
displayName: 'Run a one-line script'
- script: az --version
displayName: 'Show Azure CLI version'
- script: echo $AZURE_DEVOPS_CLI_PAT | az devops login --organization $(AZDO_ORG_SERVICE_URL)
env:
AZURE_DEVOPS_CLI_PAT: $(System.AccessToken)
displayName: 'Login Azure DevOps Extension'
- script: az devops configure --defaults organization=$(AZDO_ORG_SERVICE_URL) project=$(project_name) --use-git-aliases true
displayName: 'Set default Azure DevOps organization and project'
- script: |
az devops configure --list --output tsv
env:
AZURE_DEVOPS_CLI_PAT: $(System.AccessToken)
displayName: 'Show devops config'
- script: |
az repos list --project $(project_name) --query [].name --output tsv
env:
AZURE_DEVOPS_CLI_PAT: $(System.AccessToken)
displayName: 'Show devops repo list'
rswe
on 2 Sep 2020
Related issues
EM1L
·
3Comments
kieronlanning
·
3Comments
adnanebrahimi
·
3Comments
cijujoseph
·
3Comments
MJECloud
·
3Comments