You do not have permission to create a service connection
Opened this issue · 6 comments
I am getting the below issue but ONLY when my template contains 2 or more repos:
Error while creating service endpoint: You do not have permission to create a service connection. You need to be a Creator for service connections in this project.
Firstly, the error message is incorrect. I do have permission to create these. I have tested this manually. Secondly, why is the first repo migrated correctly??
Lets say I have repo A and repo B in my template.:
ImportSourceCode/
─ A.json
─ B.json
ServiceEndpoints/
─ A-code.json
─ B-code.json
The order of events is (I assume):
- Create repo A in the new project
- Create service connection A
- Import code using the service connection A into repo A
- Delete service connection A
- Create repo B in the new project
- Create service connection B (at this point the app crashes with the above error)
Possible causes? Is the app trying to create service connections too fast? Is the app trying to create a service connection before the old one is deleted? Can this be reproduced on your end?
Thanks
@axc450 Thank you for reaching us. This seems to be the error from the custom-generated template.
The error which you're receiving is from the Azure DevOps REST API, which says about the permission.
The process is - to create all the required service connections first, then import the source code.
In ImportSourceCode\A.json , there is the property which is set to true "deleteServiceEndpointAfterImportIsDone": true
This deletes the service connections once the repository has been imported.
We have a few templates where it needs to import the source code from multiple repositories, viz., SmartHotel360 template, we don't see the similar issue here.
Please make sure that you have admin permission in both the source and destination organizations.
You can try removing the property in case it is causing the problem.
Thank you so much for the fast reply! 😄
I have been doing some testing this morning, and my only conclusion is that this is a bug with the Azure Devops API. This is not a permissions issue, despite what the error message returns. I did try removing the deleteServiceEndpointAfterImportIsDone and it made no difference.
I started to remove various things from the zip package to see if that makes any difference. I now have a zip that sometimes creates a new project and sometimes doesn't! I can get job IDs if you require them to prove that, given the same project template, the Azure Devops API can return different things. This is very strange!
While I think this is a bug with the ADO API (must be some sort of race condition or something to do with sending requests to fast), please can we implement a retry mechanism within the app? Something like the following;
- Send a request to the ADO API
- Check response, if the request had an error code...
- ... wait a second and try again
- If the response still failed, wait 5 seconds and try again
- Error if it failed a 3rd time
This should eliminate any issues with race conditions within Azure Devops without affecting performance. You could even apply the above only to service connection requests, but given the fragility of the ADO API, it should probably be applied to every request.
Happy to test and verify this if you have a test environment these changes can be applied too.
Thank you so much for considering the above request 👍
Thank you for your suggestion. We will consider your request, we are working on the latest version of .Net and we will include the retry operation in future releases of the Demo Generator. We will let you know once the new version is available for testing.
Any workaround ? I run into the same problem ?
I too face the same issue. Is there any update on this?
Facing the same problem here too. I don't think there has been any solution