Azure-pipelines-tasks: AzureFileCopy task does not work for storage accounts in sovereign clouds

Created on 28 May 2020  路  3Comments  路  Source: microsoft/azure-pipelines-tasks

Type: Bug

Task Name: AzureFileCopy

https://github.com/microsoft/azure-pipelines-tasks/tree/master/Tasks/AzureFileCopyV4

Environment

  • Server: Azure Pipelines
  • Agent: Hosted (windows-latest)

Issue Description

The AzureFileCopy task does not work for storage accounts in the Azure sovereign clouds. This is happening since they require different authentication endpoints, but the --aad-endpoint option is not being passed to the AzCopy command.

https://docs.microsoft.com/en-us/azure/storage/common/storage-ref-azcopy-login#options

Task Logs

AzureFileCopyV4-logs.txt

 & "AzCopy\AzCopy.exe" login --service-principal --application-id "***" --tenant-id="***"

Failed to perform login command: 
adal: Refresh request failed. Status Code = '400'. Response body: {"error":"invalid_request","error_description":"AADSTS900439: Confidential Client requests are not supported on the public endpoint (login.microsoftonline.com) for tenants in the Azure Government cloud. Send your login requests to https://login.microsoftonline.us instead.  Please see https://devblogs.microsoft.com/azuregov/azure-government-aad-authority-endpoint-update/ for more details
Trace ID: 013709a0-a5bc-499c-900c-3b745ed7a000
Correlation ID: 9002b4c0-1678-4c4a-be05-137c444d32cf
Timestamp: 2020-05-28 13:55:05Z","error_codes":[900439],"timestamp":"2020-05-28 13:55:05Z","trace_id":"013709a0-a5bc-499c-900c-3b745ed7a000","correlation_id":"9002b4c0-1678-4c4a-be05-137c444d32cf","error_uri":"https://login.microsoftonline.com/error?code=900439"}

NOTE: If your credential was created in the last 5 minutes, please wait a few minutes and try again.
Uploading files from source path: 'D:\a\1\deploy\Setup' to storage account: '***' in container: '***' with blob prefix: ''
 & "AzCopy\AzCopy.exe" copy "D:\a\1\deploy\Setup" "https://***.blob.core.usgovcloudapi.net/***"  --recursive
INFO: Scanning...

failed to perform copy command due to error: no SAS token or OAuth token is present and the resource is not public
 & "AzCopy\AzCopy.exe" logout

failed to perform logout command, no cached token found for current user
Release bug
Source
picture bguidinger
👍1

Most helpful comment

Thanks for pointing this out. We are already in the process of fixing this.

picture asranja on 2 Jun 2020
👍2

All 3 comments

Thanks for pointing this out. We are already in the process of fixing this.

asranja picture asranja on 2 Jun 2020
👍2

@asranja do we have ETA on this fix?

tahazayed picture tahazayed on 10 Jun 2020

It should be available on all accounts within 3 weeks from now.

For the time being, pass the --aad-endpoint "Authority Url of cloud" argument in the _Optional Arguments (for uploading files to blob)_ input and run the pipeline.

asranja picture asranja on 15 Jun 2020
👍1
Was this page helpful?
0 / 5 - 0 ratings

Related issues

MikahB picture MikahB  路  3Comments
divyesh-parikh picture divyesh-parikh  路  3Comments
ThomasBarnekow picture ThomasBarnekow  路  3Comments
fedemkr picture fedemkr  路  3Comments
jabbera picture jabbera  路  3Comments