I have an integration test task in my Azure DevOps pipeline. The test needs access to a particular Azure KeyVault when I run the task. I need to specify the principle under which the job is running in DevOps access to the KeyVault. Sometimes I get confused about which principle the job is running under.
The test fails with this error(I replaced the GUID for security reasons):
Microsoft.Azure.Services.AppAuthentication.AzureServiceTokenProviderException : Parameters: Connection String: [No connection string specified], Resource: https://vault.azure.net, Authority: https://login.windows.net/<SOME_GUID>. Exception Message: Tried the following 3 methods to get an access token, but none of them worked.
Parameters: Connection String: [No connection string specified], Resource: https://vault.azure.net, Authority: https://login.windows.net/<SOME_GUID>. Exception Message: Tried to get token using Managed Service Identity. Access token could not be acquired. Received a non-retryable error. MSI ResponseCode: BadRequest, Response: {"error":"invalid_request","error_description":"Identity not found"}
Parameters: Connection String: [No connection string specified], Resource: https://vault.azure.net, Authority: https://login.windows.net/<SOME_GUID>. Exception Message: Tried to get token using Visual Studio. Access token could not be acquired. Environment variable LOCALAPPDATA not set.
Parameters: Connection String: [No connection string specified], Resource: https://vault.azure.net, Authority: https://login.windows.net/<SOME_GUID>. Exception Message: Tried to get token using Azure CLI. Access token could not be acquired. Please run 'az login' to setup account.
Is there another principle that is running the job? Is there something that I am missing?
