如何将Azure管道变量传递给AzureResourceManagerTemplateDeployment @ 3任务使用的ARM模板? [英] How to pass an Azure pipeline variable to an ARM template used by AzureResourceManagerTemplateDeployment@3 task?
问题描述
我试图在计划每晚执行的Azure管道中执行以下2个步骤:
I am trying to perform the following 2 steps in my Azure pipeline scheduled for every night:
- 将自签名证书放入密钥库
- 通过ARM模板部署Service Fabric集群,并使用证书指纹和秘密ID作为参数.
在密钥库中创建证书的第一步对我来说很有效:
The first step of creating the certificate in the keyvault works well for me:
# import the self-signed certificate ccg-self-signed-cert into the Keyvault
- task: AzurePowerShell@5
inputs:
azureSubscription: '${{ parameters.ArmConnection }}'
ScriptType: 'InlineScript'
azurePowerShellVersion: '3.1.0'
Inline: |
$Pwd = ConvertTo-SecureString -String 'MyPassword' -Force -AsPlainText
$Base64 = 'MIIKqQ____3000_CHARS_HERE______1ICAgfQ=='
$Cert = Import-AzKeyVaultCertificate -VaultName $(KeyVaultName) -Name my-self-signed-cert -CertificateString $Base64 -Password $Pwd
echo "##vso[task.setvariable variable=Thumbprint;isOutput=true]$Cert.Thumbprint"
我想我通过 echo 行设置了管道变量(不太确定,如何验证...)
And I think I set the pipeline variable by the echo line (not quite sure, how to verify that...)
但是如何在下一个管道任务中将持有cert指纹值的管道变量传递给ARM模板?
But how can I pass the pipeline variable holding the cert thumbprint value to the ARM template in the next pipeline task?
# deploy SF cluster by ARM template and use the SF Cluster certificate thumbsprint as admin cert
- task: AzureResourceManagerTemplateDeployment@3
inputs:
deploymentScope: 'Resource Group'
azureResourceManagerConnection: '${{ parameters.ArmConnection }}'
subscriptionId: 'XXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXX'
action: 'Create Or Update Resource Group'
resourceGroupName: '${{ parameters.resourceGroupName }}'
location: 'West Europe'
templateLocation: 'Linked artifact'
csmFile: '$(Build.SourcesDirectory)/pipelines/templates/sfcluster.json'
csmParametersFile: '$(Build.SourcesDirectory)/pipelines/templates/sfcluster-params.json'
deploymentMode: 'Incremental'
I am using the azure-quickstart-template for creating an SF cluster.
如果您查看它,它希望将证书指纹作为参数:
And if you look at it, it expects a certificate thumbprint as a parameter:
"certificateThumbprint": {
"type": "string",
"metadata": {
"description": "Certificate Thumbprint"
}
},
"certificateUrlValue": {
"type": "string",
"metadata": {
"description": "Refers to the location URL in your key vault where the certificate was uploaded, it is should be in the format of https://<name of the vault>.vault.azure.net:443/secrets/<exact location>"
}
},
如何将值从AzurePowerShell @ 5任务传递到后续AzureResourceManagerTemplateDeployment @ 3任务所使用的ARM模板?
How to pass the value from the AzurePowerShell@5 taks to the ARM template used by the subsequent AzureResourceManagerTemplateDeployment@3 task?
更新:
我尝试遵循Nilay的建议,并将3个变量放入我的sfcluster.json ARM模板中:
I have tried following Nilay's suggestion and have put 3 variables into my sfcluster.json ARM template:
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"clusterName": {
"type": "string",
"defaultValue": "ccg-sfcluster",
"minLength": 5,
"metadata": {
"description": "Name of the SF cluster"
}
},
"certificateThumbprint": {
"type": "string",
"defaultValue": "[$env:THUMBPRINT]",
"metadata": {
"description": "Certificate Thumbprint"
}
},
"sourceVaultResourceId": {
"type": "string",
"defaultValue": "[$env:KEYVAULTID]",
"metadata": {
"description": "Resource Id of the key vault, is should be in the format of /subscriptions/<Sub ID>/resourceGroups/<Resource group name>/providers/Microsoft.KeyVault/vaults/<vault name>"
}
},
"certificateUrlValue": {
"type": "string",
"defaultValue": "[$env:SECRETID]",
"metadata": {
"description": "Refers to the location URL in your key vault where the certificate was uploaded, it is should be in the format of https://<name of the vault>.vault.azure.net:443/secrets/<exact location>"
}
}
},
"variables": {
但是我收到语法错误:
2020-05-27T12:31:54.1327314Z There were errors in your deployment. Error code: InvalidTemplate.
2020-05-27T12:31:54.1354742Z ##[error]Deployment template language expression evaluation failed: 'The language expression '$env:THUMBPRINT' is not valid: the string character ':' at position '4' is not expected.'. Please see https://aka.ms/arm-template-expressions for usage details.
2020-05-27T12:31:54.1361090Z ##[debug]Processed: ##vso[task.issue type=error;]Deployment template language expression evaluation failed: 'The language expression '$env:THUMBPRINT' is not valid: the string character ':' at position '4' is not expected.'. Please see https://aka.ms/arm-template-expressions for usage details.
如果我省略
"defaultValue": "$env:THUMBPRINT",
推荐答案
您需要在部署任务上设置替代参数.删除所有添加到模板的defaultValues.您的任务Yaml如下所示:
You need to set the override parameters on the deployment task. Remove all of those defaultValues you added to the template. You task yaml will look something like:
- task: AzureResourceManagerTemplateDeployment@3
inputs:
deploymentScope: 'Resource Group'
action: 'Create Or Update Resource Group'
overrideParameters: '-certificateThumbprint $(Thumbprint) -sourceVaultResourceId $(vaultId) -certificateUrlValue $(certUrl)'
$(paren)语法是您在任务定义中引用变量的方式-将其更改为您命名的变量.
The $(paren) syntax is how you reference a variable in the task defintion - so change those to whatever you named the variable.
这篇关于如何将Azure管道变量传递给AzureResourceManagerTemplateDeployment @ 3任务使用的ARM模板?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
