Authorization Permission Mismatch error with Azure Storage
When attempting to copy files in an Azure DevOps pipeline to an Azure Storage account, I received the following error:
##[error]Upload to container: 'StorageContainer' in storage account: 'ContosoStorageAccount' with blob prefix: '736' failed with error: 'AzCopy.exe exited with non-zero exit code while uploading files to blob storage.' For more info please refer to https://aka.ms/azurefilecopyreadme.
After reviewing the Azure DevOps raw pipeline logs I noticed the following:
2024-05-06T06:25:34.1051117Z -------------------------------------------------------------------------------- 2024-05-06T06:25:34.1052461Z RESPONSE 403: 403 This request is not authorized to perform this operation using this permission. 2024-05-06T06:25:34.1053291Z ERROR CODE: AuthorizationPermissionMismatch 2024-05-06T06:25:34.1055333Z --------------------------------------------------------------------------------
The fix was to make sure that the Service Principal that Azure DevOps is using to read/write to the Azure Storage account has the correct permissions to the Data plane *not just the Management plane.
In my case, I needed to assign the Storage Blob Data Contributor role to the Service Principal.