-
Bug
-
Resolution: Cannot Reproduce
-
Blocker
-
None
-
Jenkins version 2.91 installed on Azure VM
Azure VM agents version 0.4.8
I'm trying to add a "Microsoft Azure VM Agents" Cloud with a valid Azure Credential (this credential is OK when validating it on Credential Management Panel)
When i'm trying to validate the new Cloud instance, one error is displayed
Trying to get the real cause of it on Jenkins log on it (CF Issue https://issues.jenkins-ci.org/browse/JENKINS-46337 )
Error shown in logs
Caused by: java.util.concurrent.ExecutionException: com.microsoft.azure.vmagent.exceptions.AzureCloudException: Exceeded maximum retry count 3: Status code 403, {"error":{"code":"AuthorizationFailed","message":"The client '3f7e9fcf-1d40-4b43-ba60-89be3db09aa0' with object id '3f7e9fcf-1d40-4b43-ba60-89be3db09aa0' does not have authorization to perform action 'Microsoft.Storage/storageAccounts/read' over scope '/subscriptions/90f11acb-fb53-4aff-9a5f-672791875bed/resourceGroups/jenkins/providers/Microsoft.Storage/storageAccounts/CI_SYSTEM'."}} at java.util.concurrent.FutureTask.report(FutureTask.java:122) at java.util.concurrent.FutureTask.get(FutureTask.java:192) at com.microsoft.azure.vmagent.util.ExecutionEngine.executeWithRetry(ExecutionEngine.java:41) ... 89 more Caused by: com.microsoft.azure.vmagent.exceptions.AzureCloudException: Exceeded maximum retry count 3: Status code 403, {"error":{"code":"AuthorizationFailed","message":"The client '3f7e9fcf-1d40-4b43-ba60-89be3db09aa0' with object id '3f7e9fcf-1d40-4b43-ba60-89be3db09aa0' does not have authorization to perform action 'Microsoft.Storage/storageAccounts/read' over scope '/subscriptions/90f11acb-fb53-4aff-9a5f-672791875bed/resourceGroups/jenkins/providers/Microsoft.Storage/storageAccounts/CI_SYSTEM'."}} at com.microsoft.azure.vmagent.exceptions.AzureCloudException.create(AzureCloudException.java:49) at com.microsoft.azure.vmagent.retry.ExponentialRetryStrategy.canRetry(ExponentialRetryStrategy.java:60) at com.microsoft.azure.vmagent.retry.ExponentialRetryStrategy.handleRetry(ExponentialRetryStrategy.java:48) at com.microsoft.azure.vmagent.retry.RetryTask.call(RetryTask.java:52) at java.util.concurrent.FutureTask.run(FutureTask.java:266) ... 3 more
It seems, this plugin try to search for a ResourceGroup called CI_SYSTEM first then allow us to specify one, this doesn't reflect the real error.
The issue is that I don't have "read access" to any ressource groups (my current subscription disallow me to do that), BUT I can use a specified one.
In this case, we should enter a specified resource group without browsing it on Azure (so not using a select field, but a textfield)