Context: trying to upload files from a YAML pipeline to an Azure storage account's file share. It should use the Azure Connected Service (service principle/app registration in Azure), and not the storage account key or a SAS token. The connected service has (various) contributor rights to the storage account and a reader role to the resource group.
Problem: if I leave out the '--account-name' and '--account-key' (because I don't want to use them), I get the error message: 'You need to provide either an account shared key or SAS token when creating a storage service'.
If I use the variant for blob 'az storage blob upload-batch' I can add the '--auth-mode login' parameter to force the service principle to be used.
Why does the file upload-batch variant not support this '--auth-mode'?
The work-around for this now seems to be: use AzureFileCopy@5 to upload to blob, and then AzureCLI@2 to copy the files from blob to file share within the same storage account.
According to this MS-Document, the
az storage file upload-batchcommand does not support the--auth-modeparameter because it is designed to use the storage account key or a SAS token for authorization.I agree with Thomas's comment,
AzureCLI@2task can manage authentication using a service principal.yml:
addSpnToEnvironment: truefor Accessing service principal details in the script.Output:
Reference: Use Azure DevOps service principal details in Azure Powershell task - Stack Overflow by LoLance.