Azure DevOps Pipeline Unable to work with ARM template deployment yaml template for Azure Data Factory Build Pipeline
I am attempting to execute an Pipeline which uses the ARM template deployment to execute pipelines to Azure
The yaml script is as follows:
- task: AzureResourceManagerTemplateDeployment@3
inputs:
deploymentScope: 'Resource Group'
azureResourceManagerConnection: 'NewAzureConnection'
subscriptionId: 'xxxxxx-xxxx-xxx-xxxxxxxx03'
action: 'Create Or Update Resource Group'
resourceGroupName: '$(ResourceGroupUAT)'
location: '$(Location)'
templateLocation: 'Linked artifact'
csmFile: '$(System.DefaultWorkingDirectory)/adf-xxxxabric-dev/ARMTemplateForFactory.json'
csmParametersFile: '$(System.DefaultWorkingDirectory)/adf-xxxxxx-dev/ARMTemplateParametersForFactory.json'
overrideParameters: '-factoryName $(DataFactoryUAT)'
deploymentMode: 'Incremental'
The full script is as follows:
# Starter pipeline
# Start with a minimal pipeline that you can customize to build and deploy your code.
# Add steps that build, run tests, deploy, and more:
# https://aka.ms/yaml
trigger:
- adf_publish
pool:
vmImage: ubuntu-latest
steps:
- script: |
tree $(System.DefaultWorkingDirectory)
displayName: Show file structure of System.DefaultWorkingDirectory during a build
- task: AzurePowerShell@5
inputs:
azureSubscription: 'NewAzureConnection'
ScriptType: 'FilePath'
ScriptPath: '$(System.DefaultWorkingDirectory)/adf-xxxxx-xxxxx-dev/PrePostDeploymentScript.ps1'
ScriptArguments: '-armTemplate "$(System.DefaultWorkingDirectory)/adf-xxxx-xxxx-dev/ARMTemplateForFactory.json" -ResourceGroupName $(ResourceGroupUAT) -DataFactoryName $(DataFactoryUAT) -predeployment $true -deleteDeployment $false'
azurePowerShellVersion: 'LatestVersion'
- task: AzureResourceManagerTemplateDeployment@3
inputs:
deploymentScope: 'Resource Group'
azureResourceManagerConnection: 'NewAzureConnection'
subscriptionId: 'xxxxxx-xxxx-xxx-xxxxxxxx03'
action: 'Create Or Update Resource Group'
resourceGroupName: '$(ResourceGroupUAT)'
location: '$(Location)'
templateLocation: 'Linked artifact'
csmFile: '$(System.DefaultWorkingDirectory)/adf-xxxxabric-dev/ARMTemplateForFactory.json'
csmParametersFile: '$(System.DefaultWorkingDirectory)/adf-xxxxxx-dev/ARMTemplateParametersForFactory.json'
overrideParameters: '-factoryName $(DataFactoryUAT)'
deploymentMode: 'Incremental'
I when I run the pipeline it fails on the task: AzureResourceManagerTemplateDeployment@3 with the following error: ##[error]Failed to check the resource group status. Error: {"statusCode":403}
Any thoughts on what is causing the error?
The ARM Template Settings are as follows:
I added 'Data Factory Contributer' to the Subscription and the original problem was resolved, but I now have the following issue
error: ##[error]Failed to check the resource group status. Error: {"statusCode":403}
The error means the service principal used in your Azure DevOps service connection does not have enough permission to perform the action.
To solve the issue, you need to add an Azure RBAC role for the service principal.
You can navigate to the Project Settings -> Service connections -> find the service connection you used -> select Manage service connection roles.
Then it will open a page for the Azure subscription in Azure portal, navigate to the Access control (IAM) -> add the service principal as a Contributor role. This is the Azure Subscription level Contributor.
Or you can navigate to the target Resource Group -> Access control (IAM) and grant the Contributor role to Service Principal. This is the Resource Group level Contributor.
Then you can re-run the Pipeline to deploy the ARM template in Azure Pipeline.
Note: To assign the role for your service principal, your user account needs to have the RBAC role e.g. Owner, User Access Administrator.
- YAML CI is flattening file structure
- How to add new secrets (from Azure Key Vault) to the variable group in Azure Devops
- Best practice for SPA rollback on Azure Static Webapp with Azure Devops Deployment?
- Azure Pipeline: Unable to locate executable file: 'gulp'. during task Gulp@1
- Azure Pipeline dynamic parameters to template file from YAML pipeline
- How to Simplify a Complex Azure DevOps Release Pipeline with 11 Environments and Unique Task
- (Azure DevOps Testplans) Is it possible to associate an automated Test to a testcase without Visual Studio?
- Can't update Azure Pipepline. Error: Failed to fetch App Service publishing credentials
- View is not found when a Web App is deployed with Azure DevOps
- Re-checking for merge conflicts in VSTS (Azure DevOps)
- How to pass Environment Variables to Helmfile Values file
- Create a new pipeline from existing YML file in the repository (Azure Pipelines)
- How to reference a secret variable from an AzurePowerShell@5 task
- How can you insert suggestions on a PR in Azure Devops?
- .Net Core - Use AzureAD/EntraID Authentication to Access Azure DevOps REST APIs
- Azure-DevOps clone shows references as warnings
- Is it possible to rename a release?
- How to assign test point to a tester in Azure DevOps with API
- Access Azure Devops Query Results Using C#
- What does --runAsAutoLogon do when configuring an Azure Devops Windows self-hosted agent?
- How to export multiple Azure DevOps Variable Groups?
- Passing branch names between pipelines
- Show list of work items I am following in VSTS?
- Prevent Azure Pipelines from failing build: No Agent Found in Pool which satisfies demand
- How do I get my Azure DevOps Pipeline build to fail when my linting script returns an error?
- Encountered conflicts when cherry-picking commit . This operation needs to be performed locally error in Azure DevOps
- Adding / setting Virtual Applications (Path mappings) to a Web App (App Service Azure) - via Powershell Script
- How do I filter releases for a specific Environment (Stage)?
- Python Script to crawl ADO Project for specific file and download it
- Run pre-built artefact in azure yaml pipeline