![](/img/trans.png)
[英]How to pass azure-pipelines.yml variables to ARM templates with AzureResourceManagerTemplateDeployment
[英]How to pass an Azure pipeline variable to an ARM template used by AzureResourceManagerTemplateDeployment@3 task?
我正在嘗試在每天晚上安排的 Azure 管道中執行以下兩個步驟:
在密鑰庫中創建證書的第一步對我來說效果很好:
# import the self-signed certificate ccg-self-signed-cert into the Keyvault
- task: AzurePowerShell@5
inputs:
azureSubscription: '${{ parameters.ArmConnection }}'
ScriptType: 'InlineScript'
azurePowerShellVersion: '3.1.0'
Inline: |
$Pwd = ConvertTo-SecureString -String 'MyPassword' -Force -AsPlainText
$Base64 = 'MIIKqQ____3000_CHARS_HERE______1ICAgfQ=='
$Cert = Import-AzKeyVaultCertificate -VaultName $(KeyVaultName) -Name my-self-signed-cert -CertificateString $Base64 -Password $Pwd
echo "##vso[task.setvariable variable=Thumbprint;isOutput=true]$Cert.Thumbprint"
而且我想我通過echo
顯線設置了管道變量(不太確定,如何驗證...)
但是如何在下一個管道任務中將保存證書指紋值的管道變量傳遞給 ARM 模板?
# deploy SF cluster by ARM template and use the SF Cluster certificate thumbsprint as admin cert
- task: AzureResourceManagerTemplateDeployment@3
inputs:
deploymentScope: 'Resource Group'
azureResourceManagerConnection: '${{ parameters.ArmConnection }}'
subscriptionId: 'XXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXX'
action: 'Create Or Update Resource Group'
resourceGroupName: '${{ parameters.resourceGroupName }}'
location: 'West Europe'
templateLocation: 'Linked artifact'
csmFile: '$(Build.SourcesDirectory)/pipelines/templates/sfcluster.json'
csmParametersFile: '$(Build.SourcesDirectory)/pipelines/templates/sfcluster-params.json'
deploymentMode: 'Incremental'
我正在使用azure-quickstart-template創建 SF 集群。
如果您查看它,它需要一個證書指紋作為參數:
"certificateThumbprint": {
"type": "string",
"metadata": {
"description": "Certificate Thumbprint"
}
},
"certificateUrlValue": {
"type": "string",
"metadata": {
"description": "Refers to the location URL in your key vault where the certificate was uploaded, it is should be in the format of https://<name of the vault>.vault.azure.net:443/secrets/<exact location>"
}
},
如何將 AzurePowerShell@5 任務中的值傳遞給后續 AzureResourceManagerTemplateDeployment@3 任務使用的 ARM 模板?
更新:
我已經嘗試按照 Nilay 的建議並將 3 個變量放入我的 sfcluster.json ARM 模板中:
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"clusterName": {
"type": "string",
"defaultValue": "ccg-sfcluster",
"minLength": 5,
"metadata": {
"description": "Name of the SF cluster"
}
},
"certificateThumbprint": {
"type": "string",
"defaultValue": "[$env:THUMBPRINT]",
"metadata": {
"description": "Certificate Thumbprint"
}
},
"sourceVaultResourceId": {
"type": "string",
"defaultValue": "[$env:KEYVAULTID]",
"metadata": {
"description": "Resource Id of the key vault, is should be in the format of /subscriptions/<Sub ID>/resourceGroups/<Resource group name>/providers/Microsoft.KeyVault/vaults/<vault name>"
}
},
"certificateUrlValue": {
"type": "string",
"defaultValue": "[$env:SECRETID]",
"metadata": {
"description": "Refers to the location URL in your key vault where the certificate was uploaded, it is should be in the format of https://<name of the vault>.vault.azure.net:443/secrets/<exact location>"
}
}
},
"variables": {
但是我收到語法錯誤:
2020-05-27T12:31:54.1327314Z There were errors in your deployment. Error code: InvalidTemplate.
2020-05-27T12:31:54.1354742Z ##[error]Deployment template language expression evaluation failed: 'The language expression '$env:THUMBPRINT' is not valid: the string character ':' at position '4' is not expected.'. Please see https://aka.ms/arm-template-expressions for usage details.
2020-05-27T12:31:54.1361090Z ##[debug]Processed: ##vso[task.issue type=error;]Deployment template language expression evaluation failed: 'The language expression '$env:THUMBPRINT' is not valid: the string character ':' at position '4' is not expected.'. Please see https://aka.ms/arm-template-expressions for usage details.
如果我省略方括號
"defaultValue": "$env:THUMBPRINT",
您需要在部署任務上設置覆蓋參數。 刪除您添加到模板中的所有默認值。 您的任務 yaml 將類似於:
- task: AzureResourceManagerTemplateDeployment@3
inputs:
deploymentScope: 'Resource Group'
action: 'Create Or Update Resource Group'
overrideParameters: '-certificateThumbprint $(Thumbprint) -sourceVaultResourceId $(vaultId) -certificateUrlValue $(certUrl)'
$(paren) 語法是您在任務定義中引用變量的方式 - 所以將它們更改為您命名變量的任何內容。
您可以通過在其后執行另一個 PowerShell 步驟並執行 Write-Host 來驗證您的變量 Thumbprint 是否具有該值。
Write-Host $env:THUMBPRINT
您可以使用 $env:THUMBPRINT 引用您在 ARM 模板參數中創建的變量
以下是對我有用的方法,但布賴恩建議使用overrideParameters
效果更好,因此我將其設置為可接受的答案。
首先是我使用錯誤的格式來設置變量。
對於正確的字符串外推,我必須使用$
char 兩次(如在$($Cert.Thumbprint)
中)並且我並不真正需要;isOutput=true
因為它是一個單一的工作:
# import the self-signed certificate ccg-self-signed-cert into the Keyvault
- task: AzurePowerShell@5
inputs:
azureSubscription: '${{ parameters.ArmConnection }}'
ScriptType: 'InlineScript'
azurePowerShellVersion: '3.1.0'
Inline: |
$Pwd = ConvertTo-SecureString -String 'MyPassword' -Force -AsPlainText
$Base64 = 'MIIKqQ____3000_CHARS_HERE______1ICAgfQ=='
$Cert = Import-AzKeyVaultCertificate -VaultName $(KeyVaultName) -Name my-self-signed-cert -CertificateString $Base64 -Password $Pwd
echo "##vso[task.setvariable variable=Thumbprint]$($Cert.Thumbprint)"
echo "##vso[task.setvariable variable=SecretId]$($Cert.SecretId)"
然后我添加了一個任務來替換我需要的 3 個值:
# replace Thumbprint, SecretId and KeyvaultId in the sfcluster-params.json file
- task: replacetokens@3
displayName: 'Replace tokens in sfcluster-params.json'
inputs:
rootDirectory: '$(Build.SourcesDirectory)/pipelines/templates/'
targetFiles: '$(Build.SourcesDirectory)/pipelines/templates/sfcluster-params.json'
encoding: 'auto'
writeBOM: true
actionOnMissing: 'fail'
keepToken: false
tokenPrefix: '$('
tokenSuffix: ')'
雖然我的整個 sfcluster-params.json 文件如下(KEYVAULTID 來自 keyvault ARM 部署):
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"clusterName": {
"value": "my-sfcluster"
},
"certificateThumbprint": {
"value": "$(THUMBPRINT)"
},
"sourceVaultResourceId": {
"value": "$(KEYVAULTID)"
},
"certificateUrlValue": {
"value": "$(SECRETID)"
}
}
}
最后我已經部署了 SF 集群:
# deploy SF cluster by ARM template and use the SF Cluster certificate thumbsprint as admin cert
- task: AzureResourceManagerTemplateDeployment@3
inputs:
deploymentScope: 'Resource Group'
azureResourceManagerConnection: '${{ parameters.ArmConnection }}'
subscriptionId: 'XXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXX'
action: 'Create Or Update Resource Group'
resourceGroupName: '${{ parameters.resourceGroupName }}'
location: 'West Europe'
templateLocation: 'Linked artifact'
csmFile: '$(Build.SourcesDirectory)/pipelines/templates/sfcluster.json'
csmParametersFile: '$(Build.SourcesDirectory)/pipelines/templates/sfcluster-params.json'
deploymentMode: 'Incremental'
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.