如何在Azure Pipelines的每个阶段使用不同的服务连接? [英] How to use different Service Connection for every stage in Azure Pipelines?
问题描述
在Azure Pipelines中使用yaml中的多级管道时并且每个阶段都将资源部署到单独的环境中,我想为每个阶段使用专用的服务连接.就我而言,每个阶段都使用相同的部署作业,即yaml模板.因此,我使用了许多变量,这些变量具有取决于环境的特定值.除服务连接外,此方法均能正常工作.
When using multistage pipelines from yaml in Azure Pipelines and every stage is deploying resources to a separate environment, I'd like to use a dedicated service connection for each stage. In my case every stage is making use of the same deployment jobs, i.e. yaml templates. So I'm using a lot of variables that have specific values dependent on the environment. This works fine, except for the service connection.
理想地,将包含服务连接名称的变量添加到阶段级别,如下所示:
Ideally, the variable that contains the service connection name, is added to the stage level like this:
stages:
- stage: Build
# (Several build-stage specific jobs here)
- stage: DeployToDEV
dependsOn: Build
condition: succeeded()
variables:
AzureServiceConnection: 'AzureSubscription_DEV' # This seems like a logical solution
jobs:
# This job would ideally reside in a yaml template
- job: DisplayDiagnostics
pool:
vmImage: 'Ubuntu-16.04'
steps:
- checkout: none
- task: AzurePowerShell@4
inputs:
azureSubscription: $(AzureServiceConnection)
scriptType: inlineScript
inline: |
Get-AzContext
azurePowerShellVersion: LatestVersion
- stage: DeployToTST
dependsOn: Build
condition: succeeded()
variables:
AzureServiceConnection: 'AzureSubscription_TST' # Same variable, different value
jobs:
# (Same contents as DeployToDEV stage)
执行此代码段后,将导致错误消息:
When this code snippet is executed, it results in the error message:
存在资源授权问题:管道无效.作业显示诊断:步骤AzurePowerShell输入ConnectedServiceNameARM引用服务连接$(AzureServiceConnection)找不到.服务连接不存在或尚未被授权使用.为了授权详细信息,请参阅 https://aka.ms/yamlauthz .
So, it probably can't expand the variable AzureServiceConnection soon enough when the run is started. But if that's indeed the case, then what's the alternative solution to make use of separate service connections for every stage?
可以肯定使用的一个选项是直接为所有任务设置服务连接名称,但这将涉及到在每个阶段复制相同的Yaml任务,我显然想避免.
One option that works for sure is setting the service connection name directly to all tasks, but that would involve duplicating identical yaml tasks for every stage, which I obviously want to avoid.
有人对此有任何线索吗?预先感谢!
Anyone has a clue on this? Thanks in advance!
推荐答案
当前,您不能将变量作为serviceConnection传递.显然,服务连接名称是在push/commit上获取的,无论那里有什么都可以获取.
Currently you can not pass a variable as a serviceConnection. Apparently the service connection name is picked up on push/commit and whatever that is there will be picked up.
例如如果您有$(变量),它将选择$(变量)而不是值.
E.g. if you have a $(variable) it will pick $(variable) instead of the value.
到目前为止,我一直使用的解决方法是在每个阶段的步骤中使用模板,并通过serviceConnection传递不同的参数.
Workaround I have used so far is to use a template for the steps at each stage and pass a different parameter with the serviceConnection.
引用: https://github.com/venura9/azure-devops-yaml/blob/master/azure-pipelines.yml 进行示例实施.非常欢迎您提出更新请求.
Refer: https://github.com/venura9/azure-devops-yaml/blob/master/azure-pipelines.yml for a sample implementation. you are more than welcome to pull request with updates.
- stage: DEV
displayName: 'DEV(CD)'
condition: and(succeeded('BLD'), eq(variables['Build.SourceBranch'], 'refs/heads/develop'))
dependsOn:
- BLD
variables:
stage: 'dev'
jobs:
- job: Primary_AustraliaSouthEast
pool:
vmImage: $(vmImage)
steps:
- template: 'pipelines/infrastructure/deploy.yml'
parameters: {type: 'primary', spn: 'SuperServicePrincipal', location: 'australiasoutheast'}
- template: 'pipelines/application/deploy.yml'
parameters: {type: 'primary', spn: 'SuperServicePrincipal'}
这篇关于如何在Azure Pipelines的每个阶段使用不同的服务连接?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
