Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Error creating ACR Service connection with Service Principal Bearer token #681

Open
XtratusCloud opened this issue Aug 29, 2023 · 2 comments
Open

Error creating ACR Service connection with Service Principal Bearer token #681

XtratusCloud opened this issue Aug 29, 2023 · 2 comments

Comments

@XtratusCloud
Copy link

Executing the following request to the Azure DevOps REST API for the creation of a Service Connection of type ACR, the endpoint fails with the error "A valid refresh token for identity 1fd109e5-3592-7532-7532-9201-1b545d36bdb2 was not found."

POST: https://dev.azure.com/{{organization}}/{{projectName}}/_apis/serviceendpoint/endpoints/?api-version=7.1-preview.4
Headers:

  • Authentication: Bearer {{ServicePrincipalAccessToken}}
    Request Body:
    {
    "data": {
    "registryId": "/subscriptions/{{subscriptionId}}/resourceGroups/{{resourceGroup}}/providers/Microsoft.ContainerRegistry/registries/{{acrName}}",
    "registrytype": "ACR",
    "subscriptionId": "{{subscriptionId}}",
    "subscriptionName": "{{subscriptionName}}"
    },
    "name": "{{acrName}}",
    "type": "dockerregistry",
    "url": "https://{{acrName}}.azurecr.io",
    "description": "ACR Service Connection for {{acrName}}.",
    "authorization": {
    "parameters": {
    "loginServer": "acrwecterratest01.azurecr.io",
    "scope": "/subscriptions/{{subscriptionId}}/resourceGroups/{{resourceGroup}}/providers/Microsoft.ContainerRegistry/registries/{{acrName}}",
    "role": "8311e382-0749-4cb8-b61a-304f252e45ec",
    "authenticationType": "spnKey",
    "tenantId": "{{tenantId}}"
    },
    "scheme": "ServicePrincipal"
    },
    "isShared": false,
    "owner": "library",
    "serviceEndpointProjectReferences": [
    {
    "projectReference": {
    "id": "{{projectId}}",
    "name": "{{projectName}}"
    },
    "name": "{{acrName}}",
    "description": "ACR Service Connection for {{acrName}}."
    }
    ]
    }

Making the request with an Access Token from an Azure AD user, the request works correctly.
In both cases, the credentials used have the following permissions (as at least).:

  • Application Administrator role in Azure AD.
  • Member of Endpoint Creator group in DevOps Project
  • User Access Administrator role in Azure subscription.
@surajshenoy
Copy link
Contributor

Hi @XtratusCloud, Will you please let us know which lab from Azuredevopslabs page you are pointing to?. This will help us to provide you inputs on the concern

@XtratusCloud
Copy link
Author

Hi @surajshenoy, the request and the issue reported is related to the DevOps REST API, and not related with Azuredevopslabs.
Probably I have opened the incident in the wrong place.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@surajshenoy @XtratusCloud