Tasks seem to be unable to use new "Workload Identity Federation" Service Connections

[ncx-kevinCefalu]

Hi, I'm experiencing an issue with these tasks being unable to use Azure DevOps Workload Identity Federation service connections to any of our Azure subscriptions. The pipeline runs like normal, and as soon as one of the tasks are triggered, I receive the following message:

I've verified that the service connection id is correct. Once I swap to a different service principal, everything works as expected. I've also verified that other tasks in the same/other pipelines are able to use the newer service connection.

Any guidance on how this can be corrected would be greatly appreciated.

[riezebosch]

I'm not sure, also have to look into that. Maybe you even have more success using the built-in AzureCLI task like this? That's something I lean towards anyway, since you don't have to use specific requirements for passing the credentials in your packer-file. But until recently packer was unable to use Service Principal credentials like that, if I'm correct.

Otherwise, I found some hints how to implement it here: https://github.com/microsoft/azure-pipelines-tasks/blob/5c92158ea309ecc460a6c58c7ba6f9d77367d31a/Tasks/AzureCLIV1/azureclitask.ts#L166-L180 🎉

And how to work with packer and OIDC here: https://www.hashicorp.com/blog/version-2-packer-azure-plugin-now-available