如何将Azure管道变量传递给AzureResourceManagerTemplateDeployment @ 3任务使用的ARM模板?

Posted

tags:

篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了如何将Azure管道变量传递给AzureResourceManagerTemplateDeployment @ 3任务使用的ARM模板?相关的知识,希望对你有一定的参考价值。

我试图在计划于每晚的Azure管道中执行以下两个步骤:

  1. 将自签名证书放入密钥库
  2. 通过ARM模板部署Service Fabric群集,并使用证书指纹和秘密ID作为参数。

在密钥库中创建证书的第一步对我来说很有效:

# import the self-signed certificate ccg-self-signed-cert into the Keyvault
- task: AzurePowerShell@5
  inputs:
    azureSubscription: '${{ parameters.ArmConnection }}'
    ScriptType: 'InlineScript'
    azurePowerShellVersion: '3.1.0'
    Inline: |
      $Pwd = ConvertTo-SecureString -String 'MyPassword' -Force -AsPlainText
      $Base64 = 'MIIKqQ____3000_CHARS_HERE______1ICAgfQ=='
      $Cert = Import-AzKeyVaultCertificate -VaultName $(KeyVaultName) -Name my-self-signed-cert -CertificateString $Base64 -Password $Pwd
      echo "##vso[task.setvariable variable=Thumbprint;isOutput=true]$Cert.Thumbprint"

而且我想我通过echo行设置了管道变量(不太确定,如何验证...)

但是如何在下一个管道任务中将持有cert指纹值的管道变量传递给ARM模板?

# deploy SF cluster by ARM template and use the SF Cluster certificate thumbsprint as admin cert
- task: AzureResourceManagerTemplateDeployment@3
  inputs:
    deploymentScope: 'Resource Group'
    azureResourceManagerConnection: '${{ parameters.ArmConnection }}'
    subscriptionId: 'XXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXX'
    action: 'Create Or Update Resource Group'
    resourceGroupName: '${{ parameters.resourceGroupName }}'
    location: 'West Europe'
    templateLocation: 'Linked artifact'
    csmFile: '$(Build.SourcesDirectory)/pipelines/templates/sfcluster.json'
    csmParametersFile: '$(Build.SourcesDirectory)/pipelines/templates/sfcluster-params.json'
    deploymentMode: 'Incremental'

我正在使用azure-quickstart-template创建SF群集。

并且,如果您查看它,它希望将证书指纹作为参数:

"certificateThumbprint": {
  "type": "string",
  "metadata": {
    "description": "Certificate Thumbprint"
  }
},

"certificateUrlValue": {
  "type": "string",
  "metadata": {
    "description": "Refers to the location URL in your key vault where the certificate was uploaded, it is should be in the format of https://<name of the vault>.vault.azure.net:443/secrets/<exact location>"
  }
},

如何将值从AzurePowerShell @ 5任务传递到后续AzureResourceManagerTemplateDeployment @ 3任务使用的ARM模板?

UPDATE:

我尝试遵循Nilay的建议,并将3个变量放入我的sfcluster.json ARM模板中:

{
    "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
    "contentVersion": "1.0.0.0",
    "parameters": {
        "clusterName": {
            "type": "string",
            "defaultValue": "ccg-sfcluster",
            "minLength": 5,
            "metadata": {
                "description": "Name of the SF cluster"
            }
        },
        "certificateThumbprint": {
            "type": "string",
            "defaultValue": "[$env:THUMBPRINT]",
            "metadata": {
                "description": "Certificate Thumbprint"
            }
        },
        "sourceVaultResourceId": {
            "type": "string",
            "defaultValue": "[$env:KEYVAULTID]",
            "metadata": {
                "description": "Resource Id of the key vault, is should be in the format of /subscriptions/<Sub ID>/resourceGroups/<Resource group name>/providers/Microsoft.KeyVault/vaults/<vault name>"
            }
        },
        "certificateUrlValue": {
            "type": "string",
            "defaultValue": "[$env:SECRETID]",
            "metadata": {
                "description": "Refers to the location URL in your key vault where the certificate was uploaded, it is should be in the format of https://<name of the vault>.vault.azure.net:443/secrets/<exact location>"
            }
        }
    },
    "variables": {

但是我收到语法错误:

2020-05-27T12:31:54.1327314Z There were errors in your deployment. Error code: InvalidTemplate.
2020-05-27T12:31:54.1354742Z ##[error]Deployment template language expression evaluation failed: 'The language expression '$env:THUMBPRINT' is not valid: the string character ':' at position '4' is not expected.'. Please see https://aka.ms/arm-template-expressions for usage details.
2020-05-27T12:31:54.1361090Z ##[debug]Processed: ##vso[task.issue type=error;]Deployment template language expression evaluation failed: 'The language expression '$env:THUMBPRINT' is not valid: the string character ':' at position '4' is not expected.'. Please see https://aka.ms/arm-template-expressions for usage details.

如果我省略了方括号中的类似错误,则会出现>

"defaultValue": "$env:THUMBPRINT",

我正在尝试按计划在每晚执行的Azure管道中执行以下两个步骤:通过ARM模板将自签名证书放入keyvault Deploy Service Fabric群集中,并使用证书...

答案
您需要在部署任务上设置替代参数。删除所有添加到模板的defaultValues。您的任务Yaml将类似于:
另一答案
您可以通过在其后执行另一个PowerShell步骤并执行Write-Host来验证变量Thumbprint具有该值。
另一答案
下面是对我有用的,但是Brian建议使用overrideParameters的效果更好,所以我将其设置为可接受的答案。

以上是关于如何将Azure管道变量传递给AzureResourceManagerTemplateDeployment @ 3任务使用的ARM模板?的主要内容,如果未能解决你的问题,请参考以下文章

如何将Azure管道变量传递给AzureResourceManagerTemplateDeployment @ 3任务使用的ARM模板?

无法将环境变量传递给 azure 管道 yaml 中的 powershell 脚本(非内联)

如何使用 azure 数据工厂下载 blob

如何在数据工厂管道中将路由传递给 Azure 函数(C#)http 触发器?

在 azure 中的发布管道之间传递变量(触发 azure 管道扩展)

azure管道:访问机密变量