1

I have a yaml. where I need to pass serviceconnections to a script/template based on an another task which retrieve all required subscriptions. Question is : Can I pass a dynamic value to a service connection? It is giving me compile time error.

My code below:

trigger: none
pr: none

parameters:
- name: AzureSubscription
  type: object
  default: 
    xxx:
      Sub: xxx
    yyy:
      Sub: yyy

jobs:
- job:  Updating
  condition: succeeded()
  pool: 
    vmImage: "windows-latest"
  strategy:
      maxParallel: 10
      matrix: ${{ parameters.AzureSubscription }} 
  steps:
    - task: AzurePowerShell@5
      displayName: Tes
      inputs:
        azureSubscription: 'zzz'
        ScriptType: 'InlineScript'
        Inline: |
              Write-Output "subcriptionList ---- $(Sub)"
        FailOnStandardError: true
        azurePowerShellVersion: 'LatestVersion'
        pwsh: true
        
    - task: AzurePowerShell@4
      displayName: Updating
      inputs:
        **azureSubscription: ${{ sub }}** # here it is giving me error?
        ScriptType: 'FilePath'
        ScriptPath: '$(System.DefaultWorkingDirectory)/Foundation/xxxxx.ps1'
        azurePowerShellVersion: 'LatestVersion'

So in the 2nd task, I am passing subscription from my parameter.

Error is :  Unrecognized value: 'sub'.

Can someone help me?

learner
  • 223
  • 3
  • 19

2 Answers2

9

This is possible with some creativity but not native to the task. Rather using variables and dynamically loading the variable file.

I usually declare the Service Connection name as a variable template file in a separate repository. This allows for reuse across all projects in the org, not required but find it easier that way. Part of the template name would be the environment being deployed to. So a template file might be called azure.dev.yml or azure.uat.yml and look like:

variables:
AzureSubscriptionServiceConnectionName: Azure - Dev

Then a variable defined within the scope of the stage/job would load the template file like below, assuming that a parameter or a local variable would be passed in with the given environmentName.

  variables: 
  - template: /azure.${{ parameters.environmentName }}.yml

Then the stage/job can reference this variable via:

${{ variables.AzureSubscriptionServiceConnectionName }}

Here is some more Microsoft Documentation on YAML Pipeline Variable Scope

DreadedFrost
  • 2,602
  • 1
  • 11
  • 29
  • Isn't that you need to define template per subscription? – Krzysztof Madej Jun 18 '21 at 18:26
  • Yeah you would. Above was mapping a parameter object type per subscription so in terms of effort they are similar. Can additional map subscription related variables into the same file as well. – DreadedFrost Jun 18 '21 at 18:29
3

You cannot set azureSubcription dynamically. It is known limitation.

@JoeGaggler this feature isn't supported today. Usage of service endpoints (Azure Subscription is one of kind) in release/build definition is controlled by some permissions. At the time of saving a release/build definition service validates that the author (whoever is saving the definition) has appropriate permissions on the endpoint. If we support variable replacements for service endpoint input then service can't validate that the author has required permissions or not and it might become a security issue.

Krzysztof Madej
  • 32,704
  • 10
  • 78
  • 107
  • 2
    If scrolling down on the link provided in the answer would see it is possible with a work around similar to the one posted above. FYI. – DreadedFrost Jun 18 '21 at 18:18