Azure File Copy fails due to 'Unsupported authentication scheme 'WorkloadIdentityFederation'

Question

Note: I created a azure devops service connection with WorkloadIdentityFederation.

Error as follows:

##[error]Upload to container: 'sample' in storage account: 'sampleBlob' with blob prefix: 'sample.yaml' failed with error: 'Unsupported authentication scheme 'WorkloadIdentityFederation' for endpoint.' For more info please refer to https://aka.ms/azurefilecopyreadme

Answer 1

Refer this Github issue1 Github issue2 on the same error looks like WorkloadIdentity is not yet supported, You can use Azure Resource manager connection with service principal authentication or normal service connection and asisgn service connection appropritate roles like Azure Storage Blob Data contributor or Azure Storage Blob Data owner role on the Storage account. You can directly make use of SAS token with limited roles in your azcopy url too.

My Azure Devops service connection:-

Assigned Storage Blob Data Owner role to the powershell service principal:-*

My Azure Devops AzFileCopy task:-

trigger:
- main

pool:
  vmImage: windows-latest

steps:
- task: AzureFileCopy@4
  inputs:
    SourcePath: '$(build.sourcesdirectory)'
    azureSubscription: 'PowershellSid'
    Destination: 'AzureBlob'
    storage: 'valleystrg51'
    ContainerName: 'datadest'
    additionalArgumentsForBlobCopy: --recursive=true

Output:-

Answer 2

Yes, the Azure file copy task does not support Azure Resource Manager authentication with workflow identity federation. This has explicitly stated in the documentation of the task. See "Azure file copy task".

You might need to create an ARM service connection with service principal that can be available for the Azure file copy task.

---