I have multiple agent pools that require a pipeline to request authorization.
When I assign a hardcoded value like pool: STAGING
to the pipeline, it stops and asks for authorization.
⚠️ This pipeline needs permission to access a resource before this run can continue to Update environments View
However, when I inject the pool name to the pipeline as a runtime variable, for example as part of a matrix strategy like this:
- job: update
poolName: 'DEV'
poolName: 'STAGING'
maxParallel: 2
pool: $(pool)
It fails, with the authorization error:
##[error]Pipeline does not have permissions to use the referenced pool(s) AWS_STG_02_RELEASE.
For authorization details, refer to https://aka.ms/yamlauthz.
But there's no prompt to authorize.
For dynamically assigned pools you'll need to grant the pipeline access to the pool from the pool's configuration instead:
From the docs referenced in the URL that's mentioned in the logs:
Go to the administration experience of the resource. For example, variable groups and secure files are managed in the Library page under Pipelines. Agent pools and service connections are managed in Project settings. Here you can authorize all pipelines to access that resource. This authorization is convenient if you don't have a need to restrict access to a resource - for example, test resources.
Unfortunately, this feature hasn't made it into Azure DevOps Server yet (last version checked: 2022.0). I do suspect the REST API exists under the hood.
You could try approving the pipeline by updating the agent pool permissions:
$session = New-Object Microsoft.PowerShell.Commands.WebRequestSession
Invoke-WebRequest -UseBasicParsing -Uri "https://dev.azure.com/jessehouwing/6484ebc3-af16-4af9-aa66-6b3398db7214/_apis/pipelines/pipelinePermissions/queue/24" `
-Method "PATCH" `
-WebSession $session `
-Headers @{
} `
-ContentType "application/json" `
-Body "{`"resource`":{},`"pipelines`":[{`"authorized`":true,`"authorizedBy`":null,`"authorizedOn`":null,`"id`":73}]}"
The id
being passed in is the id
of the pipeline definition.