azureazure-devopsazure-blob-storage

Why i get 403 while uploading static content to azure blob


I have set my azure blob, so it can hold static content. After setting, it created a new "$web" container for that. Then i defined a new deploy (AzureBlob File Copy) step in my release pipeline in azure devops:

enter image description here

While executing this step i got:


> 2024-10-06T09:38:24.9936431Z ##[section]Starting: AzureBlob File Copy
> 2024-10-06T09:38:24.9943320Z ==============================================================================
> 2024-10-06T09:38:24.9943500Z Task         : Azure file copy
> 2024-10-06T09:38:24.9943591Z Description  : Copy files to Azure Blob Storage or virtual machines
> 2024-10-06T09:38:24.9943749Z Version      : 6.245.3
> 2024-10-06T09:38:24.9943831Z Author       : Microsoft Corporation
> 2024-10-06T09:38:24.9943941Z Help         : https://docs.microsoft.com/azure/devops/pipelines/tasks/deploy/azure-file-copy
> 2024-10-06T09:38:24.9944293Z ==============================================================================
> 2024-10-06T09:38:26.7779601Z Added TLS 1.2 in session.
> 2024-10-06T09:38:27.2112545Z ##[command]Import-Module -Name C:\Modules\az_12.1.0\Az.Accounts\3.0.4\Az.Accounts.psd1 -Global
> 2024-10-06T09:38:50.7742131Z ##[warning]You're using AzureRM which will be retired soon, please schedule an update.
> 2024-10-06T09:38:51.9973706Z ##[command]Clear-AzContext -Scope CurrentUser -Force -ErrorAction SilentlyContinue
> 2024-10-06T09:38:52.5430243Z ##[command]Clear-AzContext -Scope Process
> 2024-10-06T09:38:52.6428530Z ##[command]Connect-AzAccount 
> 2024-10-06T09:38:52.6429258Z Name                           Value                                                                                   
> 2024-10-06T09:38:52.6430350Z ----                           -----                                                                                   
> 2024-10-06T09:38:52.6431158Z Tenant                         XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX                                                    
> 2024-10-06T09:38:52.6431767Z Scope                          Process                                                                                 
> 2024-10-06T09:38:52.6432325Z Environment                    AzureCloud                                                                              
> 2024-10-06T09:38:52.6433586Z ApplicationId                  ***                                                    
> 2024-10-06T09:38:52.6434164Z ServicePrincipal               True                                                                                    
> 2024-10-06T09:38:52.6487784Z 
> 2024-10-06T09:38:52.6661161Z 
> 2024-10-06T09:38:52.6662007Z 
> 2024-10-06T09:38:54.8178683Z 
> 2024-10-06T09:38:54.8874184Z ##[command]Set-AzContext 
> 2024-10-06T09:38:54.8874509Z Name                           Value                                                                                   
> 2024-10-06T09:38:54.8874882Z ----                           -----                                                                                   
> 2024-10-06T09:38:54.8875270Z SubscriptionId                 XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX                                                    
> 2024-10-06T09:38:54.8878375Z 
> 2024-10-06T09:38:54.8878685Z 
> 2024-10-06T09:38:54.8878924Z 
> 2024-10-06T09:38:56.0040545Z ##[command]Import-Module -Name C:\Modules\az_12.1.0\Az.Resources\7.2.0\Az.Resources.psd1 -Global
> 2024-10-06T09:39:02.4357216Z ##[command]Import-Module -Name C:\Modules\az_12.1.0\Az.Storage\7.1.0\Az.Storage.psd1 -Global
> 2024-10-06T09:39:05.3353803Z ##[command]Import-Module -Name C:\Modules\az_12.1.0\Az.Compute\8.1.0\Az.Compute.psd1 -Global
> 2024-10-06T09:39:08.6767687Z ##[command]Import-Module -Name C:\Modules\az_12.1.0\Az.Network\7.8.0\Az.Network.psd1 -Global
> 2024-10-06T09:39:09.6704453Z ##[warning]The names of some imported commands from the module 'Microsoft.Azure.PowerShell.Cmdlets.Network' include unapproved verbs that might make them less discoverable. To find the commands with unapproved verbs, run the Import-Module command again with the Verbose parameter. For a list of approved verbs, type Get-Verb.
> 2024-10-06T09:39:09.9816008Z ##[warning]The names of some imported commands from the module 'Az.Network' include unapproved verbs that might make them less discoverable. To find the commands with unapproved verbs, run the Import-Module command again with the Verbose parameter. For a list of approved verbs, type Get-Verb.
> 2024-10-06T09:39:15.2561244Z  mime: D:\a\_tasks\AzureFileCopy_eb72cb01-a7e5-427b-a8a1-1b31ccac8a43\6.245.3\MimeMapping.json
> 2024-10-06T09:39:15.2599191Z Subscription name          Tenant                              
> 2024-10-06T09:39:15.2600838Z -----------------          ------                              
> 2024-10-06T09:39:15.2601744Z Nutzungsbasierte Bezahlung XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
> 2024-10-06T09:39:15.2601874Z 
> 2024-10-06T09:39:15.2608365Z Name               : Nutzungsbasierte Bezahlung (XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX) - 
> 2024-10-06T09:39:15.2609026Z                      XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX - ***
> 2024-10-06T09:39:15.2609412Z Subscription       : XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
> 2024-10-06T09:39:15.2611320Z Account            : ***
> 2024-10-06T09:39:15.2611636Z Environment        : AzureCloud
> 2024-10-06T09:39:15.2612021Z Tenant             : XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
> 2024-10-06T09:39:15.2612654Z TokenCache         : 
> 2024-10-06T09:39:15.2613524Z VersionProfile     : 
> 2024-10-06T09:39:15.2614673Z ExtendedProperties : {}
> 2024-10-06T09:39:15.2615297Z 
> 2024-10-06T09:39:15.2618997Z Uploading files from source path: 'D:\a\r1\a\_Saigkill.Toolbox-.NET Desktop-CI-Prod\drop\saigkills-toolbox' to storage account: 'moongladestorage2024' in container: '$web' with blob prefix: ''
> 2024-10-06T09:39:15.2726483Z ##[command] & "AzCopy\AzCopy.exe" copy "D:\a\r1\a\_Saigkill.Toolbox-.NET Desktop-CI-Prod\drop\saigkills-toolbox" "https://moongladestorage2024.blob.core.windows.net/`$web/"  --log-level=INFO --recursive
> 2024-10-06T09:39:15.4790614Z INFO: Scanning...
> 2024-10-06T09:39:16.0131540Z INFO: AzCopy.exe 10.25.1: A newer version 10.26.0 is available to download
> 2024-10-06T09:39:16.0131958Z 
> 2024-10-06T09:39:20.5260455Z INFO: Login with Powershell context succeeded
> 2024-10-06T09:39:20.5262077Z INFO: Authenticating to destination using Azure AD
> 2024-10-06T09:39:20.5263072Z INFO: Any empty folders will not be processed, because source and/or destination doesn't have full folder support
> 2024-10-06T09:39:20.6424227Z 
> 2024-10-06T09:39:20.6425572Z Job 47f7cd08-70e5-7946-51b6-c8689e1fb108 has started
> 2024-10-06T09:39:20.6426138Z Log file is located at: C:\Users\VssAdministrator\.azcopy\47f7cd08-70e5-7946-51b6-c8689e1fb108.log
> 2024-10-06T09:39:20.6426423Z 
> 2024-10-06T09:39:22.4319368Z INFO: Authentication failed, it is either not correct, or expired, or does not have the correct permission PUT https://moongladestorage2024.blob.core.windows.net/$web/saigkills-toolbox/api/Generators.TemporaryDirectory.html
> 2024-10-06T09:39:22.4326093Z --------------------------------------------------------------------------------
> 2024-10-06T09:39:22.4326749Z RESPONSE 403: 403 This request is not authorized to perform this operation using this permission.
> 2024-10-06T09:39:22.4327133Z ERROR CODE: AuthorizationPermissionMismatch
> 2024-10-06T09:39:22.4327602Z --------------------------------------------------------------------------------
> 2024-10-06T09:39:22.4328937Z <?xml version="1.0" encoding="utf-8"?><Error><Code>AuthorizationPermissionMismatch</Code><Message>This request is not authorized to perform this operation using this permission.
> 2024-10-06T09:39:22.4329758Z RequestId:a70b8e89-301e-005c-44d3-17b435000000
> 2024-10-06T09:39:22.4331169Z Time:2024-10-06T09:39:22.3879172Z</Message></Error>
> 2024-10-06T09:39:22.4331672Z --------------------------------------------------------------------------------
> 2024-10-06T09:39:22.4331870Z 
> 2024-10-06T09:39:22.5536133Z 
> 2024-10-06T09:39:22.5539066Z 0.0 %, 0 Done, 1 Failed, 189 Pending, 0 Skipped, 190 Total, 2-sec Throughput (Mb/s): 2.7855
> 2024-10-06T09:39:22.5539328Z 
> 2024-10-06T09:39:22.5539447Z 
> 2024-10-06T09:39:22.5539896Z Job 47f7cd08-70e5-7946-51b6-c8689e1fb108 summary
> 2024-10-06T09:39:22.5540283Z Elapsed Time (Minutes): 0.0336
> 2024-10-06T09:39:22.5540570Z Number of File Transfers: 190
> 2024-10-06T09:39:22.5540858Z Number of Folder Property Transfers: 0
> 2024-10-06T09:39:22.5541145Z Number of Symlink Transfers: 0
> 2024-10-06T09:39:22.5542347Z Total Number of Transfers: 190
> 2024-10-06T09:39:22.5543669Z Number of File Transfers Completed: 0
> 2024-10-06T09:39:22.5545104Z Number of Folder Transfers Completed: 0
> 2024-10-06T09:39:22.5547042Z Number of File Transfers Failed: 1
> 2024-10-06T09:39:22.5547733Z Number of Folder Transfers Failed: 0
> 2024-10-06T09:39:22.5548045Z Number of File Transfers Skipped: 0
> 2024-10-06T09:39:22.5548341Z Number of Folder Transfers Skipped: 0
> 2024-10-06T09:39:22.5548629Z Total Number of Bytes Transferred: 0
> 2024-10-06T09:39:22.5548909Z Final Job Status: Cancelled
> 2024-10-06T09:39:22.5549083Z 
> 2024-10-06T09:39:22.9862460Z ##[error]Upload to container: '$web' in storage account: 'moongladestorage2024' with blob prefix: '' failed with error: 'AzCopy.exe exited with non-zero exit code while uploading files to blob storage.' For more info please refer to https://aka.ms/azurefilecopyreadme
> 2024-10-06T09:39:23.0357260Z ##[section]Finishing: AzureBlob File Copy

Does anyone know, why this happend? Inside the step i defined a subscription so it should work.

Read the docs about AzCopy and Authentication.


Solution

  • Assigning the role Storage Blob Data Contributor to the application used by the Azure Resource Manager service connection can resolve the the error.

    1. Find the application used by the Azure Resource Manager service connection.

      enter image description here

    2. Assign the role Storage Blob Data Contributor to the application.

      enter image description here

    For more information, see the documentation "AzureFileCopy@6 - Azure file copy v6 task".

    enter image description here