build_client.get_artifact_content_zip() raises "The user '' is not authorized

[irwand]

I opened the issue originally at https://developercommunity.visualstudio.com/content/problem/917755/get-artifact-content-zip-always-returns-authorizat.html

I got "TF400813: The user '' is not authorized to access this resource.", when using build_client.get_artifact_content_zip()

I did find that I can only reproduce it on certain artifacts, not all of them. My suspicion is that for artifacts whose downloadUrl points to some other host, the credential doesn't transfer correctly.

Here's the code:

import argparse
import pathlib
import sys
import tempfile
import zipfile

import azure.devops.connection as azdo_connection
import msrest

# NOTE, please run this with python >= 3.6, in venv that has these reqs:
# * azure-devops~=5.1.0b3
# * msrest~=0.6.9


def parser():
    parser = argparse.ArgumentParser(description="Download artifact")
    parser.add_argument(
        "--url", required=True, help="Example: https://dev.azure.com/MY_ORGANIZATION"
    )
    parser.add_argument("--access-token", required=True, help="Access token to use.")
    parser.add_argument("--project", required=True, help="Azdo project.")
    parser.add_argument("--build-id", required=True, help="Current build id.")
    parser.add_argument("--artifact-name", required=True, help="Artifact name.")
    parser.add_argument(
        "--output-dir", default=".", type=pathlib.Path, help="Artifact name."
    )
    return parser


def main(argv=None):
    if argv is None:
        argv = sys.argv
    args = parser().parse_args(argv[1:])

    credentials = msrest.authentication.BasicAuthentication("", args.access_token)
    connection = azdo_connection.Connection(base_url=args.url, creds=credentials)
    build_client = connection.clients_v5_1.get_build_client()
    artifact_info = build_client.get_artifact(
        args.project, args.build_id, args.artifact_name
    )
    print(f"Artifact info: {artifact_info}")
    with tempfile.TemporaryFile() as f:
        for i in build_client.get_artifact_content_zip(
            args.project, args.build_id, args.artifact_name
        ):
            f.write(i)
        f.seek(0)
        zf = zipfile.ZipFile(f)
        outdir = args.output_dir
        outdir.mkdir(parents=True, exist_ok=True)
        zf.extractall(path=outdir)


if __name__ == "__main__":
    sys.exit(main())

A workaround I found is to apply this patch:

@@ -40,9 +42,18 @@ def main(argv=None):
     )
     print(f"Artifact info: {artifact_info}")
     with tempfile.TemporaryFile() as f:
-        for i in build_client.get_artifact_content_zip(
-            args.project, args.build_id, args.artifact_name
-        ):
+        try:
+            stream = build_client.get_artifact_content_zip(
+                args.project, args.build_id, args.artifact_name
+            )
+        except AzureDevOpsServiceError as e:
+            if "The user '' is not authorized to access this resource" in e.message:
+                stream = requests.get(
+                    artifact_info.resource.download_url, auth=("", args.access_token)
+                )
+            else:
+                raise
+        for i in stream:
             f.write(i)
         f.seek(0)
         zf = zipfile.ZipFile(f)

[joergho]

Same problem for me. Using the requests.get command as shown above works fine.

[uvindra]

As of October 2024 this issue has still not been fixed. Thanks to the workaround provided by @irwand here we have a way forward. Would have expected more attention from MS for this issue since it is a vital command line interface for Azure Devops