参数化的变量名称作为Azure Pipelines中的任务输入

时间:2020-02-05 12:00:24

标签: azure-devops yaml azure-pipelines azure-pipelines-yaml

我一直在尝试制作一个YAML模板,该模板首先使用AzureKeyVault @ 1任务获取某些Azure KeyVault机密的值,然后将这些机密用于asqlAzureDacpacDeployment @ 1任务中的sqlUsername和sqlPassword。

我想将KeyVault的名称设置为一个参数,以便该模板可用于许多不同的情况。

之前,我已经成功地将这种技术用于AzureKeyVault @ 1任务,然后再用于AzurePowerShell @ 4任务,在其中将机密作为PowerShell脚本的环境变量注入。

这是工作模板的精简版本:

parameters:
- name: subscription
  type: string
- name: keyVaultSecretName
  type: string
- name: keyVault
  type: string
jobs:
- job: Run_PowerShell_With_Secret
  pool:
    name: Azure Pipelines
    vmImage: windows-latest
  steps:
  - task: AzureKeyVault@1
    inputs:
      azureSubscription: ${{ parameters.subscription }}
      keyVaultName:  ${{ parameters.keyVault }}
      secretsFilter: ${{ parameters.keyVaultSecretName }}
  - task: AzurePowerShell@4
    inputs:
      azureSubscription: ${{ parameters.subscription }}
      ScriptPath: 'some_script.ps1'
      azurePowerShellVersion: LatestVersion
    env: 
      SECRETVALUE: $(${{ parameters.keyVaultSecretName }})

这是我无法使用相同技术的模板:

parameters:
- name: subscription
  type: string
- name: keyVault
  type: string
- name: sqlServerName
  type: string
- name: sqlDatabaseName
  type: string
- name: sqlServerAdminSecretName
  type: string
- name: sqlServerPasswordSecretName
  type: string
- name: dacpacName
  type: string
- name: artifactName
  type: string
jobs:
- job: Deploy_SQL_Database
  pool:
    name: Azure Pipelines
    vmImage: windows-latest
  steps:
  - task: DownloadPipelineArtifact@2
    inputs:
      artifact: ${{ parameters.artifactName }}_artifacts
  - task: AzureKeyVault@1
    inputs:
      azureSubscription: ${{ parameters.subscription }}
      keyVaultName:  ${{ parameters.keyVault }}
      secretsFilter: '${{ parameters.sqlServerAdminSecretName }}, ${{ parameters.sqlServerPasswordSecretName }}'
  - task: sqlAzureDacpacDeployment@1
    inputs:
      azureSubscription: ${{ parameters.subscription }}
      ServerName: ${{ parameters.sqlServerName }}.database.windows.net
      DatabaseName: ${{ parameters.sqlDatabaseName }}
      sqlUsername: $(${{ parameters.sqlServerAdminSecretName }})
      sqlPassword: $(${{ parameters.sqlServerPasswordSecretName }})
      DacpacFile:  $(Pipeline.Workspace)\${{ parameters.dacpacName }}.dacpac

如果我对秘密名称进行硬编码,我可以使模板正常工作

parameters:
- name: subscriptionName
  type: string
- name: keyVault
  type: string
- name: sqlServerName
  type: string
- name: sqlDatabaseName
  type: string
- name: dacpacName
  type: string
- name: artifactName
  type: string
jobs:
- job: Deploy_${{ parameters.sqlDatabaseName }}_Database
  pool:
    name: Azure Pipelines
    vmImage: windows-latest
  steps:
  - checkout: none
  - task: AzureKeyVault@1
    inputs:
      azureSubscription: ${{ parameters.subscriptionName }}
      keyVaultName:  ${{ parameters.keyVault }}
      secretsFilter: 'SQLServerAdmin, SQLServerPassword'
  - task: DownloadPipelineArtifact@2
    inputs:
      artifact: ${{ parameters.artifactName }}_artifacts
  - task: sqlAzureDacpacDeployment@1
    inputs:
      azureSubscription: ${{ parameters.subscriptionName }}
      ServerName: ${{ parameters.sqlServerName }}.database.windows.net
      DatabaseName: ${{ parameters.sqlDatabaseName }}
      sqlUsername: $(sqlServerAdmin)
      sqlPassword: $(sqlServerPassword)
      DacpacFile:  $(Pipeline.Workspace)\${{ parameters.dacpacName }}.dacpac

尽管这目前对我们有用,但我发现这不是最理想的。有什么办法可以使这些参数化的变量名称起作用?

0 个答案:

没有答案
相关问题
最新问题