First of all I am sorry if the answers to this question are obvious. I am still on the very steep learning path on this topic.
I have a pipeline in Azure Pipelines using a YAML pipeline defined in a BitBucket Cloud repository. It was created by a user where the account must be removed. The trouble is now this:
- Disabling the account in BitBucket immediately cause the pipeline to fail due to access denied.
- There is a BitBucket Cloud Service Connection defined in Azure Pipelines which was used when creating the pipeline originally.
Just to be sure I made another pipeline using my own user and got in response a new service connection with my name on it. Upon deleting this service connection, the pipeline will not run at all.
Recreating the service connection again with my own user goes well, but of course this is no longer the same UUID as the error message says. It did however confirm that this service connection is bound to the pipeline somewhere.
In effect this means I either can never get rid of this user account/service connection, or if I want to, I have to recreate the pipeline at the cost of loosing all build history, rententions, logs, and so on. This is for so many reasons unacceptable in a production environment.
My questions are:
- How can I exchange the service connection used with a pipeline to use a different one?
- How can I specify in the YAML file which service connection to use? (I am aware that one user connection is used to create the pipeline initially, but then I want to move it)
- How can I specify to use a specific service connection when setting up a pipeline?
- How can I create a Service Connection which is not bound to ex. my user account?
As for 4. a user/password connection could be something to look for. I wonder if there are better ways?
I hope the clever people on StackOverflow can help me out here.
As a simplified a test case the following summarises the exact issues I face:
The example pipeline azure-pipelines.yml:
trigger: none
stages:
- stage: "Compile"
pool:
vmImage: ubuntu-latest
jobs:
- job: compile_job
steps:
- task: Bash@3
inputs:
targetType: 'inline'
script: |
echo "compile coode"
This pipeline is placed in BitBucked cloud in a repository my user account can see.
Creating the pipeline is just following the "new pipeline" flow. The pipeline is created using a service connection associated with my user account.
Lots of builds happen, some are retained, releases are made, and so on. Lots of important history.
Question 1:
Now someone inadvertently delete this Service connection. Azure Pipelines can no longer run the pipeline, see the YAML file, and edit it. The first image illustrates the error message: Service Connection cannot be found in the project .
Okay, we create a new Service Connection and want to associate this with the pipeline => How?
Question 2:
Same code as above. We need to specify a new Service Connection to use for accessing some code in BitBucket which is not visible by the user who created the pipeline in the first place.
Which lines must be inserted in the YAML code to select that particular Service Connection? I simply cannot find any hints in the online documentation.
Question 3:
Same code as above. When setting up a new pipeline I need to use a specific Service Connection - like one which is a service account, not an account associated with a person which might leave the company.
I think I got this one: At the bottom of the repo list some user can see, there is an option to use another service connection:
Question 4:
Here is am wondering if Azure Pipelines has an option to use an OAuth application connection to BitBucket which is not bound to a user account. I have found no such option, and wonder how people in general cope with these connections? Using User service accounts - which requires a user in some (A)AD, email redirection, and takes up a license permanently?
I hope this edit clarifies things, and that someone has some advice.