I have a configuration in App Service like this
I want to pass this setting into the argument of a pipeline's task
How can I do it?
I've tried to create a variable group but I still don't know how to link the app setting into the variable
Microsoft provide command line tools to access this information. I don't have a web-app to access to give specific commands but roughly something like this.
See documentation here: https://learn.microsoft.com/en-us/azure/app-service/configure-common?tabs=cli#configure-app-settings
For example using az cli you could do something like:
az webapp config connection-string list --resource-group <group-name> --name <app-name> > settings.json
You can then select the specific item out of that list using jq.
myvalue=$(jq -r .some.path settings.json)
And you can also set the value in a variable which you can use in another task:
##vso[task.setvariable variable=appsetting;]value
So :
Download app settings
Select item
Set variable to pass to next step
Use variable in next step.
Related
I need to add single application setting without modifying existing configuration for function app, I found this question Set App Service application setting from Azure DevOps yaml but looking at the solution (https://learn.microsoft.com/en-us/azure/devops/pipelines/tasks/deploy/azure-app-service-settings?view=azure-devops) it looks like this will overwrite settings rather than adding new setting, I would like to just pass key and value to be added rather than writing whole appconfig.
Soulution for me was to use command from https://learn.microsoft.com/en-us/cli/azure/webapp/config/appsettings?view=azure-cli-latest#az-webapp-config-appsettings-set
az webapp config appsettings set -g GRPNAME -n APPNAME --settings dummy1=dummy1value
We have an Azure Key Vault task in our release pipeline which downloads some secrets for use in the stage.
In an Inline Azure PowerShell script you can just use the following to get the secret value:
$secretValue = $(nameOfTheSecretInKeyVault)
This works fine.
However we want to move to using scripts in the repo, i.e. poiting the DevOps task to a file path i.e. /somePath/myScript.ps1
So I would need to parameterise the above line of code, as I cannot just change the name in the inline script like I'm currently doing, but I can't get it to work.
I have tried:
$compositeName = "${someParameter}-Application"
$secretValue1 = $($compositeName)
$secretValue2 = $("${compositeName}")
$secretValue3 = env:$compositeName
$secretValue4 = $(${compositeName})
The top line is just building up the name of the secret which it needs to look for. Unfortunately none of these work. Attempt #1, #2 and #4 come back with the string name only, not having actually got the secret value, and #3 errors saying it doesn't exist.
Is there a way to achieve this, or do I simply need to parameterise the secret and pass it into the script from the ADO task?
As you, I couldn't figure out a way to access the variables the log mentions are loaded in the Download secrets task of the job. It did work in inline mode, but not a chance with a script file.
So instead I leveraged the existing wiring (variable group linked to my KeyVault) and just run the command myself at the start of my script:
$mySecretValue = (Get-AzKeyVaultSecret -VaultName "myVault" -Name "mySecret").SecretValueText
From there I could use it as any other variable.
Either run your KeyVault tasks first, before your PowerShell script, or do it all in PowerShell.
You will need to create a service connection to your Azure subscription from Azure DevOps. Allow the service connection to access the KeyVault. Access the KeyVault from PowerShell or Azure CLI.
E.g. for PowerShell:
(Get-AzKeyVaultSecret -vaultName "Contosokeyvault" -name "ExamplePassword").SecretValueText
Here is a detailed walk through.
There is also native key vault integration now so you can just have your keys read in as a variable group transparently, no Keyvault-specific powershell code required.
https://learn.microsoft.com/en-us/azure/devops/pipelines/library/variable-groups?view=azure-devops&tabs=yaml#link-secrets-from-an-azure-key-vault
One way to tackle this would be to add a parameter for your script to pass the release variable in when you call it, something like -secretValue $(nameOfTheSecretInKeyVault)
You should be able to use $env:nameOfTheSecretInKeyVault, but remember . become _
EDIT: Looking at your question again if you used env:$nameOfTheSecretInKeyVault you would have had an issue. It's $env:<variable_name>
If anyone comes across this in the future and is looking for a bash alternative, I ended up being able to do this with the following command
$(az keyvault secret show --name "${secret_name}" --vault-name "${vault_name} --query "value" | sed "s/\"//g")
This let's you get the value of the vault secret and use it wherever. The sed at the end is needed to drop the " that gets pulled out from the query
I am trying to deploy Ms Sql server by using Azure Cli and ARM template. When i execute the ARM template, it asks me for input parameters like administratorLogin, administratorLoginPassword, serverName. Below is the example:
root#649e67dacd8f:~/.jenkins/workspace/Terraform# az group deployment create --resource-group Arm-template --template-uri https://raw.githubusercontent.com/Azure/azure-quickstart-templates/master/101-sql-logical-server/azuredeploy.json --verbose
Please provide string value for 'serverName' (? for help): chitender
Please provide string value for 'administratorLogin' (? for help): chitender
Please provide securestring value for 'administratorLoginPassword' (? for help):
So I need to input the parameters at runtime.
Now I am trying to automate it through Jenkins build project, so that I get administratorLogin, administratorLoginPassword, serverName input from user who is executing the Jenkins job and ARM template read this input through system variables instead of asking for input in runtime.
So i want to know is there any possible ways where I can enter the input variables through System global variables?
You can use the following command to achieve this.
az group deployment create --resource-group Arm-template --template-uri https://raw.githubusercontent.com/Azure/azure-quickstart-templates/master/101-sql-logical-server/azuredeploy.json --parameters administratorLogin=$administratorLogin administratorLoginPassword=$administratorLoginPassword serverName=$serverName --verbose
which $administratorLogin is the related variable.
So just started playing with Azure Functions, I have a new project with some appsettings in the local.settings.json file.
So this works on my local, but obviously when I deploy to Azure Functions, local.settings.json file isn't used.
Where are we supposed to specify our settings for an Azure Function?
Is there a azure.settings.json file? Or some sort of way to deploy an settings file during the deployment?
If you want to add settings, you could use the way provided by Matt, and if you want to deploy the Function to Azure with the settings in the local.settings.json, there is another way to implement it.
Install the Azure Functions Core Tools on the local, publish the Function with -publish-local-settings -i and if you are using the version 2 the --publish-settings-only -o could only publish settings and skip the content.
The below pic is a sample, you could find it will prompt to overwrite value in azure if setting is different between azure and local.settings.json.
Further more information, you could refer to this tutorial: Publish to Azure.
Just like an Azure App Service, and Azure Function has an Application Settings tab where you can configure these through the Azure Portal. To access these you go to: Your function app > Overview > Configured Features> Configuration, you can then add the settings that you need under the Application Settings tab.
Alternatively, if you would prefer configuring these through a CLI then that option is also available. The main documentation is here.
Edit
For a solution as part of your CI/CD you have two options (examples will use Azure DevOps and perform the action in the CD step):
PowerShell Task. You could add a Powershell (or any type of script that will talk to the Azure CLI for functions) script as part of your CD step. This post goes through the process step by step, the bit you are probably interested in is under "Deploying with Azure DevOps Release Pipeline". Essentially it is building up a collection of your appsetting keys and their values, then a call to Set-AzureRmWebApp the and pass in the collection to the -AppSettings flag as per these docs
Azure CLI task. Same as above but you could use the Azure CLI task along with the Inline script option to call the az functionapp config appsettings set command docs here. The --settings flag takes:
Space-separated app settings in a format of =.
So
az functionapp config appsettings set --name MyFunctionApp --resource-group MyResourceGroup --settings "settings1Key=settings1Value settings2Key=settings2value"
The Azure Functions for .NET template for CI (Build) and Deploy a function app to Azure Functions template for CD (Release) inside Azure DevOps will come in handy.
I have a container image (rancher/rancher:latest) that I need to pass "--acme-domain=" flag.
How can this be done in Azure Aci?
After a lot of trial and error I was able to do this using the command parameter in the Azure Resource Manager template. The gist of it was that I had to explicitly call the container entry point, e.g. "command":["./scripts/entry","--acme-domain=foo"]. I suppose you could do the same with the --command-line argument in the Azure CLI.
You can try to set an environment variable for your tag "--acme-domain=" in Azure ACI.
For more details, see Set environment variables in Azure ACI.