I'm attempting to build out my DevOps pipeline to deploy a DataFactory, Databricks Notebooks & Azure Data Warehouse,
I have my resource subscriptions setup for both Dev and Prod. deploying to Prod is more tricky than it seems.
my keyvault has GET/LIST Permissions for both Secret & Keys for the Target DataFactory.
https://docs.microsoft.com/en-us/azure/data-factory/continuous-integration-deployment
I have used the above guide to setup my target data factory in prod - and it is stood up correctly with all the connection strings setup and keyvault permissions set.
but I am stuck on this portion :
Grant permissions to the Azure Pipelines agent The Azure Key Vault task may fail with an Access Denied error if the proper permissions aren't present. Download the logs for the release, and locate the .ps1 file with the command to give permissions to the Azure Pipelines agent. You can run the command directly, or you can copy the principal ID from the file and add the access policy manually in the Azure portal. Get and List are the minimum permissions required.
when I deploy my release I get the following error on the KeyVault task :
The specified Azure service connection needs to have Get, List secret management permissions on the selected key vault. To set these permissions, download the ProvisionKeyVaultPermissions.ps1 script from build/release logs and execute it, or set them from the Azure portal
I've added this power shell script ProvisionKeyVaultPermissions.ps1 to my repo and added it to my task but it just runs forever ? unsure if I'm missing something here.
hope this is clear/ please ask for any additional info.
