Use secret variable sent via REST API - azure

I currently have an Azure devops pipeline that I trigger with a call to the REST API. I use the "Run pipeline" interface: https://learn.microsoft.com/en-us/rest/api/azure/devops/pipelines/runs/run-pipeline?view=azure-devops-rest-6.1
With this API I can trigger a run of my AZDO pipeline, and I can send variables that are NOT secrets. I can then access these parameters as env variables in the AZDO pipeline.
The format of these variables is defined here: https://learn.microsoft.com/en-us/rest/api/azure/devops/pipelines/runs/run-pipeline?view=azure-devops-rest-6.1#variable. Please note the isSecret part.
However, I soon as I set isSecret to true, I'm unable to read these variables as env variables on the pipeline side. They just appear like they don't contain anything.
I know I could use the library and a variable group to pass secret to the pipeline, but this isn't what I'm trying to do. I'd like to know if I can pass secret to the pipeline via the REST API.
I've been looking around for a few hours and I haven't found anything.

When setting IsSecret to true in API body, the echo output in pipeline will be shown as ***
"variables": {"variable 1": { "value": "{Some Vaule}", "isSecret" : true}
If you want to read these variables on pipeline side, you could put your variable into a .txt file and publish the .txt file to Artifacts to check.
If you want to use this API passed secret value as environment variable in your pipeline, you should define it as environment variable first instead of using it directly: https://learn.microsoft.com/en-us/azure/devops/pipelines/process/variables?view=azure-devops&tabs=yaml%2Cbatch#secret-variables

Related

How to pass variable to Azure DevOps Run Pipeline

I am trying to put predefined value RELEASE_RELEASENAME to Azure DevOps Run Pipeline task, but it ends always with error: "##[error]Build parameters is not a valid json object array. Example valid object: [{"VAR1":"VALUE1","VAR2":"VALUE2"},{"VAR1":"VALUE1","VAR2":"VALUE2"}]"
Azure Setup
You could try the change the expression of the variable like:
[{"var1": "$(Release.ReleaseName)"}]

Terraform Destroy does not work with Azure Devops Variables in terraform.tfvars

I have very simple pipeline, classic pipeline with Terraform Init, Plan and Apply, how ever deployment failed in middle, so I wanted to destroy all resources…
(backend is remote sitting on Azure blob container
so I enabled only Init and Destroy Task in pipeline, In Init parameters I have provided remote backend details, but when I run pipeline with destroy command it says " variable not allowed"
Actually in terraform.tfvars file I have used azure variable group variable substitution like below
and I have destory task like below
error i get is:
"It isn’t possible to define anything other than static values in a .tfvars file.", see Reference environment variables in .tfvars file.
Alternativly, you can rename the environment variables to start with TF_VAR_ prefix, e.g. TF_VAR_resource_group or you can try to pass the values via -var parameter.
I normally recommend against this type of solutions as it's non-canonical; e.g. there are ways to solve the problem, as #sschmeck has posted, so adding a third-party tool can just create more of a headache.
That said, this article details the use a "Replace Tokens" task in Azure DevOps.
Simply put, you can tell this task to scan for *.tfvars files, and have it replace some tokens with a pattern such as __example__, so in your example:
resource_group = __resource_group__
And set the resource_group variable in a Azure DevOps variable group; it will then search for your specified pattern and replace it.
Again, I would say use TF_VARs as it's canonical, but this may also work for you.

Release Azure Functions and file transformations

I have a lot of Azure Functions projects to deploy on Azure. I set build and pipeline for them. For example, this is one Release for an Azure Function.
Under Variables I defined all variables for the environments (one for dev, one for stage and one for production).
There is only one step for deploying the Azure Functions on Azure. I want to add/replace in the local.settings.json the right settings for an environment. I'm not be able to find how to configure that.
In other project, if I use Azure App Service Deploy, there is a section File Transforms & Variable Substitution Options.
How can I do the same in the release of an Azure Functions? What is the correct strategy or best practice?
Update and Solution
I thought it was much straightforward. I think this is the solution. In the App settings under Application and Configuration Settings, I have to specified each variable and its value using the ... in that line.
I can type or copy in this field. The syntax is
-variableName "$(variablename)"
I'm using quotes because if in the value there is any space (for example in the connection string you have Initial Catalog) DevOps raises an error. For array, I'm still using :.
Another way is to use File Transform task to substitute the variables in local.settings.json file with pipeline variables. See here for more information.
With File Transform task, you donot have to specify each variable and its value in App settings of deploy Azure Functions task.
You can add a File Transform task before the deploy Azure Functions task. Then define the variables(eg. KeyVaultSettings.ClientId) in your pipeline variables.
Then set the Package or folder, file format and Target files in File Transform task. See below:
This is what I've done in my Azure Functions pipeline (it's yaml, but you'll get the idea).
Create one stage per environment in your pipeline
Create your pipelines variables and asign a different value based on scope (stage)
Create a configuration entry (see picture) in your pipeline and asign the variable value.
Consume the configuration entry in your Azure Function (in my case I use Environmental Variables for that)
Use pipeline environment in your azure function configuration

Upload File as a parameter to job in Azure DevOps

I have a Azure DevOps pipeline that automates user creation in salesforce. I am expecting the user details in an excel file, which is to be fed to the Azure DevOps pipeline as a pre-build parameter. However, I am not able to find a solution to it in Azure DevOps.
I had implemented this in Jenkins already using File parameter plugin in my previous projects. Does Azure DevOps has this capability?
After searching through various blogs and posts, I realized that there is no way to get this done directly in VSTS. However, I was able to get a work around for the same.
I created a VSTS User story and uploaded my attachment there
Using the Work Item ID, I used the work Item api to get the attachment ID.
Using the attachment API I was able to write a python script to download this attachment as a part of a pre-step in the Pipeline. Then this was available to use through out my automation script.
I don't think you can load a file before the build start and read the variables, but, you can add a task that read the variables from a file and put him in the beginning (the first step in your pipeline).
There are few extensions to read variable from a JSON file, for example: Json to Variable.
If you want to read from excel I think you should write a script that does it.
Using local hosted agent, you can publish artifact from local share, then move to i.e. ms-hosted agent and use it normally.
- task: DownloadFileshareArtifacts#1
inputs:
filesharePath: '\\myhost\myshare\myfolder'
artifactName: 'my-artifact'
downloadPath: '$(System.ArtifactsDirectory)'
parallelizationLimit: '8'
https://learn.microsoft.com/en-us/azure/devops/pipelines/tasks/utility/download-fileshare-artifacts?view=azure-devops

What does the App Service Url under output in VSTS mean and do?

I'm trying to understand what the App Service Url part of the Output Section of a VSTS Deployment is.
When you hover over the (i) it says:
Specify a name for the output variable that is generated for the URL
of the Azure App Service. The variable can be consumed in subsequent
tasks.
This gives me the impression that I am putting the name of a variable I want the Url of the app service assigned to.
Looking at other websites, they are putting the url of the website in.
I'm not sure how to be using it in subsequent steps. Can anyone help?
This variable is used for exactly what you think it would be used for. When you deploy to your App Service, you may want to use the App Service URL for a subsequent release task step.
You should create a variable as similar to hold the output URL:
You can then use it in a subsequent release step as shown below. (Note: I am simply using the Command Line release task to simulate how to use the output variable).
Here I have used the output URL of my Azure App Service as a command line argument in a subsequent release step.

Resources