Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
Stage-scoped Variables Not Respected for Azure CLI Task
See original GitHub issueNote
Issues in this repo are for tracking bugs, feature requests and questions for the tasks in this repo
For a list:
https://github.com/Microsoft/azure-pipelines-tasks/tree/master/Tasks
If you have an issue or request for the Azure Pipelines service, use developer community instead:
https://developercommunity.visualstudio.com/spaces/21/index.html )
Required Information
Entering this information will route you directly to the right team and expedite traction.
Question, Bug, or Feature?
Type: Bug
Enter Task Name: AzureCLI@2
list here (V# not needed):
https://github.com/Microsoft/azure-pipelines-tasks/tree/master/Tasks
Environment
-
Server - Azure Pipelines
- If using Azure Pipelines, provide the account name, team project name, build definition name/build number:
-
Agent - Hosted
- If using Hosted agent, provide agent queue name: Azure Pipelines
Issue Description
It doesn’t look like stage-scoped variables are respected when running the Azure CLI task. Is there anything on the roadmap for getting variables defined at the stage/job level supported? I’m trying to make our pipeline more dynamic by passing in variable templates for each environnment. Here is a generic overview of what I’m trying to do:
vars.yml
variables:
serviceConnectionName: <service connection name>
cli task in template.yml
- task: AzureCLI@2
displayName: Disable Storage Account Firewall
inputs:
azureSubscription: $(serviceConnectionName)
scriptType: 'bash'
scriptLocation: 'inlineScript'
inlineScript: |
# Temporarily disable storage account firewall for Terraform access
az storage account update -g $(appStorageAccountResourceGroupName) -n $(appStorageAccountName) --default-action=allow
And finally the main pipeline.yml, which references vars.yml in the stage definition:
stages:
- stage:
displayName: Terraform Plan
variables:
- template: vars.yml
jobs:
- template: templates/template.yml
I would expect this to work, but instead the variable isn’t picked up by the pipeline at all, so the value remains as the literal string “serviceConnectionName.” This is the error in the Azure DevOps UI when running the pipeline:
There was a resource authorization issue: “The pipeline is not valid. Job TFPlan: Step AzureCLI1 input connectedServiceNameARM references service connection $(serviceConnectionName) which could not be found. The service connection does not exist or has not been authorized for use. For authorization details, refer to https://aka.ms/yamlauthz.,Job TFPlan: Step TerraformTaskV11 input backendServiceArm references service connection $(serviceConnectionName) which could not be found. The service connection does not exist or has not been authorized for use. For authorization details, refer to https://aka.ms/yamlauthz.”
If I move the variable template files to the top of the pipeline.yml, and thus making them global variables, it works fine:
variables:
- template: vars.yml
stages:
- stage:
displayName: Terraform Plan
jobs:
- template: templates/template.yml
It might also be worth mentioning @chshrikh replied to another user on an issue with the AzFileCopy task and said that stage-scoped variables were not supported at the moment. Is this something that is common across all tasks or only a few?
Error logs
[Insert error from the logs here for a quick overview]
Issue Analytics
- State:
- Created 3 years ago
- Comments:8 (3 by maintainers)
Top Results From Across the Web
Top Related Medium Post
Top Related StackOverflow Question
Troubleshoot Live Code
Top Related Reddit Thread
Top Related Hackernoon Post
Top Related Tweet
Top Related Dev.to Post
Top Related Hashnode Post
Raised a feature request on Dev Community for this, thanks again for your help @vtbassmatt . Feel free to correct me if I’ve gotten anything wrong here.
https://developercommunity.visualstudio.com/idea/973433/gather-stage-scoped-variables-when-preparing-stage.html
Ah, thanks for clarifying. The problem is that for purposes of resolving resources, the system can only see variables at the pipeline level. In principle we could change this to also include stage variables (and it’s worth asking about that on Developer Community). Job-scoped variables will not work because we pause at the start of each stage – before any jobs have run – and collect up the resources to be authorized.