Publishing to Azure from UI works; yml isn't for some reason.

cyberkruz's Avatar

cyberkruz

16 Jun, 2014 09:55 PM

Hi there,

I have a build setup with yml using your new yml sequence feature. For some reason I am getting a 403 (forbidden) when it goes to publish to azure service. However, when I use the UI with the Environments section and publish by hand everything works fine even though they are using the same credentials. Where should I start in terms of debugging this (I am just getting one error line: 403 (Forbidden)). Here is a snippet from my yml:

-
  shallow_clone: true
  version: 3.7.{build}
  branches:
    only:
      - myawesomebranch
  configuration: Staging
  before_build:
    - cmd: cd src
    - cmd: nuget restore
    - cmd: cd ..
  build:
    project: src/MyProject.sln
    verbosity: normal
    publish_azure: true
  assembly_info:
    patch: true
    file: AssemblyInfo.*
    assembly_version: "{version}"
    assembly_file_version: "{version}"
    assembly_informational_version: "{version}"
  deploy:
    provider: AzureCS
    subscription_id: [SubscriptionId Pasted From Environment]
    subscription_certificate: [Cert Pasted From Environment]
    storage_account_name: [My Storage Account]
    storage_access_key:
      secure: [Access Key Pasted From Environment]
    service: [My Service]
    slot: production
  1. Support Staff 1 Posted by Feodor Fitsner on 16 Jun, 2014 10:01 PM

    Feodor Fitsner's Avatar

    Try surrounding [Cert Pasted From Environment] into double quotes like "[Cert Pasted From Environment]". Also, make sure it's a single line.

  2. Support Staff 2 Posted by Feodor Fitsner on 16 Jun, 2014 10:33 PM

    Feodor Fitsner's Avatar

    Also, what's in a build log related to this issue?

    - Feodor

  3. 3 Posted by cyberkruz on 16 Jun, 2014 10:59 PM

    cyberkruz's Avatar

    The weird thing is that it doesn't give any errors besides the 403. Does my config look correct (besides not showing you the actual keys)?

  4. Support Staff 4 Posted by Feodor Fitsner on 16 Jun, 2014 11:17 PM

    Feodor Fitsner's Avatar

    Artifact IS copied to blog, so storage settings are OK.

    My another guess could be is that you pasted encrypted (secure) value of [Cert Pasted From Environment], but not under secure key. If [Cert Pasted From Environment] is encrypted then it should be:

    subscription_certificate:
      secure: [Cert Pasted From Environment]
    

    The same applies to Subscription ID.

  5. Support Staff 5 Posted by Feodor Fitsner on 16 Jun, 2014 11:19 PM

    Feodor Fitsner's Avatar

    Otherwise, if cert value is not encrypted make sure you fully copied it from UI. Sometimes when you double-click with the mouse it selects the string before first terminating symbol like /.

  6. 6 Posted by cyberkruz on 17 Jun, 2014 05:15 AM

    cyberkruz's Avatar

    I've been attempting this for a few hours now. Interesting thing. If I add the secure key or change the values to anything but the subscription_certificate and subscription_id from the first post I get a different error:

    ForbiddenError: The server failed to authenticate the request. Verify that the certificate is valid and is associated with this subscription.
    

    So it seems like the subscription_id and the subscription_certificate is correct.

    Now I have in the UI environments section an environment variable of "Configuration" = "Staging". I don't have to set that in the deploy section of the yml right because I have it before the deploy section as configuration: Staging? Other than that I am super confused.

  7. 7 Posted by cyberkruz on 17 Jun, 2014 05:53 AM

    cyberkruz's Avatar

    I figured it out! Well you hinted at it. I actually needed the storage access key setup without secure. So:

    deploy:
        provider: AzureCS
        subscription_id: [SubscriptionId Pasted From Environment]
        subscription_certificate: [Cert Pasted From Environment]
        storage_account_name: [My Storage Account]
        storage_access_key:
          secure: [Access Key Pasted From Environment]
        service: [My Service]
        slot: production
    

    became

    deploy:
        provider: AzureCS
        subscription_id: [SubscriptionId Pasted From Environment]
        subscription_certificate: [Cert Pasted From Environment]
        storage_account_name: [My Storage Account]
        storage_access_key [Access Key Pasted From Environment]
        service: [My Service]
        slot: Production
    

    Thank you so much for sticking with the problem. Hopefully it can help someone else.

  8. Support Staff 8 Posted by Feodor Fitsner on 17 Jun, 2014 05:15 PM

    Feodor Fitsner's Avatar

    Glad it worked for you! Though that's strange secure variable didn't work there.

  9. 9 Posted by James on 02 Aug, 2014 01:30 PM

    James's Avatar

    I also had to remove the secure: settings from these fields and it worked for me also :)

  10. 10 Posted by julian.elve on 01 Sep, 2014 05:13 PM

    julian.elve's Avatar

    Strangely I've just seen a similar problem with a newly updated project - 403 from Azure on deploying to Blob unless I put the access key in clear. Another project configured a few months ago doesn't suffer from this bug - i.e. it still works with a secure access key

  11. 11 Posted by mainak on 13 Oct, 2016 04:28 PM

    mainak's Avatar

    Hi,

       I am getting this error. I tried using both secure as well as without secure still wouldn't work. Certificate value was tried with both quotes and without however still this error

    ForbiddenError: The server failed to authenticate the request. Verify that the certificate is valid and is associated with this subscription.

    Here is yml file

    deploy:
      provider: AzureCS
      subscription_id: 112233etc
      subscription_certificate:
        secure: "certificatestring"
      storage_account_name: myaccountname
      storage_access_key: storagekeyhere
      service: myservice
      slot: production
      deployment_label: $(appveyor_build_version)
      artifact: myartifactCloudService.cspkg
      target_profile: Cloud # optional .cscfg configuration name to deploy with
      do_not_start_deployment: false
      recreate_deployment: false

  12. 12 Posted by Ilya Finkelshte... on 13 Oct, 2016 06:04 PM

    Ilya Finkelshteyn's Avatar

    I assume you are using YAML configuration. If yes, please try let UI to form YAML for you,

    1. Download fresh Azure Publishing settings even though you already downloaded it before.
    2. Copy value of ManagementCertificate into Deployment > Azure Cloud Service > Subscription certificate in Appveyor UI.
    3. Fill other required fields. Press Save.
    4. Press Export YAML and copy/paste deploy part into your appveyor.yml file.

    Please let us know if this helps.

    --ilya.

  13. 13 Posted by Ilya Finkelshte... on 13 Oct, 2016 06:12 PM

    Ilya Finkelshteyn's Avatar

    Also I see this target_profile: Cloud # optional .cscfg configuration name to deploy with. This does not look like valid value, seems like copy-paste from documentation. As I said, please use UI with minimum number of only required settings and export that into YAML.

  14. Ilya Finkelshteyn closed this discussion on 25 Aug, 2018 02:09 AM.

Comments are currently closed for this discussion. You can start a new one.

Keyboard shortcuts

Generic

? Show this help
ESC Blurs the current field

Comment Form

r Focus the comment reply box
^ + ↩ Submit the comment

You can use Command ⌘ instead of Control ^ on Mac