Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Publish fails for service principal #454

Open
pownkel opened this issue Mar 26, 2024 · 5 comments
Open

Publish fails for service principal #454

pownkel opened this issue Mar 26, 2024 · 5 comments
Labels
Area: tfx-cli question

Comments

@pownkel
Copy link

pownkel commented Mar 26, 2024

I'm trying to publish our extension with an Azure access token for a service principal, which I've added to my publisher with "Contributor" access (following this blog post). I'm using the Publish extension task in an Azure DevOps release pipeline with a Windows 2019 agent. Looking at debug logs, I can see that the task runs the command tfx extension publish --json --no-color --service-url https://marketplace.visualstudio.com/ --auth-type pat --token $TOKEN --vsix $VSIX_PATH --debug-log-stream stderr.

This is working fine for one of our publishers, but for another it's failing with You need to be logged in with your Microsoft corporate credentials to perform this action. Publishing works fine with a PAT from a user's ADO account, it's only failing for the service principal's access token. In both cases, I'm getting the access token the exact same way, and the service principal is a Contributor for both publishers. What could be causing this issue?
@vmapetr
Copy link

vmapetr commented Apr 3, 2024

Hi @pownkel thanks for reporting!
We are working on more prioritized issues at the moment, but will get back to this one soon.

@vmapetr vmapetr added question and removed triage labels Apr 3, 2024
@sumavangala
Copy link
Member

sumavangala commented Apr 26, 2024
edited
Loading

Saw the same error when the publisher name has Microsoft or Msft in it and using Service Principal for publishing. It worked as expected when we used @microsoft.com account. Check if that is the case with you as well.

@Hevia
Copy link

Hevia commented May 22, 2024

We're experiencing this issue now for our Managed Identity. Our publisher also has the name Microsoft. Can include more info over Teams if needed

@andyleejordan
Copy link
Member

Ahh ok this is coming straight from the marketplace. I too am using a service principal (as PATs are no longer allowed) to publish a VS Code extension (same marketplace backend as far as I know). The user ID needs to specifically allow listed by the VS Code folks to allow it to publish (and that's per publisher ID, as I just found out).

@trevors20
Copy link

@andyleejordan , I'm seeing the same thing when moving to use a service principal. Exactly what needs to happen in order for this to work. I have given the SP Contributor access and I thought that was all that is needed. What other setting needs to be set? Thanks for your help!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Area: tfx-cli question
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
6 participants
@andyleejordan @sumavangala @Hevia @vmapetr @trevors20 @pownkel