Jul 24 2023
09:12 AM
- last edited on
Mar 05 2024
02:53 PM
by
TechCommunityAP
Jul 24 2023
09:12 AM
- last edited on
Mar 05 2024
02:53 PM
by
TechCommunityAP
I currently have two stages in a YAML devops release pipeline. The first stage pickups up the build and deploys the logic app. outputting it's ID at the end of the deployment.
The second stage uses the managed identity provided by stage 1 to create / apply managed identity plus roles to the logic app.
My problem lies in passing the ID over to the second stage:
stages:
- stage: 'BuildandDeployLogicApp'
displayName: 'Pick up and deploy the build'
jobs:
- job: 'PickupAndDeploy'
# I do a few things then
# Deploy the logic app
- task: AzureResourceManagerTemplateDeployment@3
displayName: 'Deploy-the-logic-app'
name: 'Deploylogicapp'
inputs:
deploymentScope: 'Resource Group'
azureResourceManagerConnection: '$(az-DevOpsServceConnection)'
subscriptionId: '$(az-subscriptionId)'
action: 'Create Or Update Resource Group'
resourceGroupName: '$(az-resourceGroupName)'
location: '$(az-location)'
templateLocation: 'Linked artifact'
csmFile: '$(System.ArtifactsDirectory)\_$(ObjectName)\Logic_app\${{parameters.downloadedTemplate}}'
csmParametersFile: '$(System.ArtifactsDirectory)\_$(ObjectName)\Logic_App\$(Template)'
deploymentMode: 'Incremental'
deploymentOutputs: ManagedID
# echo the managed identity for debug purposes
- task: PowerShell@2
displayName: 'Capture ManagedID params'
name: 'CaptureMD'
inputs:
targetType: inline
script: |
echo "##vso[task.setvariable variable=ManagedID;isOutput=true]$(ManagedID)"
# write-host "##vso[task.setvariable variable=intManagedID;isOutput=true]${env:MANAGEDID}"
echo Outout from deployment: '$(ManagedID)'
echo Graph Permissions: '$(GRAPHPermissions)'
echo SharePoint Permissions: '$(SPPermissions)'
echo environment variable: ${env:MANAGEDID}
- stage: 'CheckForManagedIdentity'
displayName: 'Check for Managed Identity'
dependsOn:
- BuildandDeployLogicApp
variables:
- name: LAManagedID
value: $[stageDependencies.BuildandDeployLogicApp.PickupAndDeploy.outputs['PickupAndDeploy.Deploy-the-logic-app.ManagedID']]
# echo the managed identity for debug purposes
- task: PowerShell@2
displayName: 'Echo Managed Identity and required permissions'
inputs:
targetType: inline
script: |
# echo Outout from deployment: ${env:MANAGEDID}
echo output: '$(variables.LAManagedID)'
echo Graph Permissions: '$(GRAPHPermissions)'
echo SharePoint Permissions: '$(SPPermissions)'
The next task after the above is to supply the MD to a powershell script which in turn creates and / or applies the roles in AAD. The problem is the value returned to stage 2 is nil, even though a value is outputted in the first stage.
Jul 27 2023 01:09 AM - edited Jul 27 2023 01:43 AM
SolutionSo found the solution, and its in 5 parts.
1. In the YAML pipeline create an environmental variable - here it's called ManagedID. Ensure it can be edited by the user during the pipelines execution.
2. Line 24 - the output from the deployment - assign it the same name
3. Line 34 - use Write-Host not echo as for some reason echo removed the first curly bracket rendering the JSON useless.
4. Point the global variable at the environment variable, thus the line becomes:
write-host "##vso[task.setvariable variable=ManagedID;isOutput=true]${env:MANAGEDID}"
5. Line 43 - In the next stage add a dependency to the stage based on the previous stage
6. Line 45 - 46 - Grab the Global variable for use in that stage:
dependsOn:
- BuildandDeployLogicApp
variables:
- name: LAManagedID
value: $[stageDependencies.BuildandDeployLogicApp.PickupAndDeploy.outputs['CaptureMD.ManagedID']]
The problem was caused by the echo command missing the bracken off and compounded by the variable being destroyed at the end of the stage, hence the push up to an environment variable then back to a global.
Jul 27 2023 01:09 AM - edited Jul 27 2023 01:43 AM
SolutionSo found the solution, and its in 5 parts.
1. In the YAML pipeline create an environmental variable - here it's called ManagedID. Ensure it can be edited by the user during the pipelines execution.
2. Line 24 - the output from the deployment - assign it the same name
3. Line 34 - use Write-Host not echo as for some reason echo removed the first curly bracket rendering the JSON useless.
4. Point the global variable at the environment variable, thus the line becomes:
write-host "##vso[task.setvariable variable=ManagedID;isOutput=true]${env:MANAGEDID}"
5. Line 43 - In the next stage add a dependency to the stage based on the previous stage
6. Line 45 - 46 - Grab the Global variable for use in that stage:
dependsOn:
- BuildandDeployLogicApp
variables:
- name: LAManagedID
value: $[stageDependencies.BuildandDeployLogicApp.PickupAndDeploy.outputs['CaptureMD.ManagedID']]
The problem was caused by the echo command missing the bracken off and compounded by the variable being destroyed at the end of the stage, hence the push up to an environment variable then back to a global.