[BUG]: Cannot re-run failed jobs with ARM workload identity federation service connections

[andrewholler]

New issue checklist

• I searched for existing GitHub issues
• I read pipeline troubleshooting guide
• I checked how to collect logs

Task name

AzureResourceGroupDeployment

Task version

2.231.0

Issue Description

The pipeline fails due to issues with authentication with OIDC ARM service connections when re-running a pipeline job that has failed for an unrelated reason.

Environment type (Please select at least one enviroment where you face this issue)

• Self-Hosted
• Microsoft Hosted
• VMSS Pool
• Container

Azure DevOps Server type

dev.azure.com (formerly visualstudio.com)

Azure DevOps Server Version (if applicable)

No response

Operation system

windows-latest (20231126.1.0), Microsoft Windows Server 2022

Relevant log output

2023-12-06T18:19:29.1107979Z ##[section]Starting: Validate SQL Server
2023-12-06T18:19:29.1244563Z ==============================================================================
2023-12-06T18:19:29.1244734Z Task         : Azure resource group deployment
2023-12-06T18:19:29.1244842Z Description  : Deploy an Azure Resource Manager (ARM) template to a resource group and manage virtual machines
2023-12-06T18:19:29.1244998Z Version      : 2.231.0
2023-12-06T18:19:29.1245077Z Author       : Microsoft Corporation
2023-12-06T18:19:29.1245159Z Help         : https://docs.microsoft.com/azure/devops/pipelines/tasks/deploy/azure-resource-group-deployment
2023-12-06T18:19:29.1245307Z ==============================================================================
2023-12-06T18:19:30.2335236Z Checking if the following resource group exists: hr-ops-prod.
2023-12-06T18:19:30.5668230Z ##[error]Unhandled: Cannot read properties of null (reading 'oidcToken')
2023-12-06T18:19:30.5688910Z ##[error]TypeError: Cannot read properties of null (reading 'oidcToken')
    at D:\a\_tasks\AzureResourceGroupDeployment_94a74903-f93f-4075-884f-dc11f34058b4\2.231.0\node_modules\azure-pipelines-tasks-azure-arm-rest\azure-arm-common.js:153:35
    at processTicksAndRejections (node:internal/process/task_queues:96:5)
2023-12-06T18:19:30.5795776Z ##[section]Finishing: Validate SQL Server

Full task logs with system.debug enabled

Cannot replicate because this requires starting a new run with system.debug set to true. This issue occurs when re-running a failed pipeline for unrelated reasons

Repro steps

jobs:
  - deployment: Validate_Provision_Deploy
    displayName: Validate & Provision Resources, Deploy Code
    pool:
      vmImage: windows-latest
    environment: ${{ variables['deploymentEnv'] }}
    strategy:
      runOnce:
        deploy:
          steps:
          # ARM Template and Parameter Validation
          - task: AzureResourceGroupDeployment@2
            displayName: Validate SQL Server
            inputs:
              azureSubscription: $(subscriptionConnectionName)
              action: Create Or Update Resource Group
              resourceGroupName: $(resourceGroupName)
              location: $(location)
              templateLocation: Linked artifact
              csmFile: $(Pipeline.Workspace)/buildArtifacts/sql-server-w-database.json
              csmParametersFile: $(Pipeline.Workspace)/buildArtifacts/$(deploymentEnv)/sql-server-w-database.param.json
              deploymentMode: Validation

[andrewholler]

It looks like a fix for this issue may be coming out in the next few weeks.

https://developercommunity.visualstudio.com/t/Service-Connection-with-WI-federation-is/10516076