Azure Question posted in
The official documentation to get you started can be found here.

Add azureSubscription in a "each" loop

I need to add the azureSubscription to my each loop which looks like this

parameters:
- name: info
   displayName: Information
   type: object
   default:
     info1: abc
     info2: 123
     info3: hello
steps:
  - checkout: none
  - ${{ each info in parameters.info }}:
      - script: |
          echo "info1 is ${{ info.info1}}"
          echo "info2 is ${{ info.info2}}"
          echo "info3 is ${{ info.info3}}"

          az keyvault secret set --vault-name ${{ parameters.info1 }} --name ${{ parameters.info2 }} --value ${{ parameters.info3 }}
        displayName: Show ${{ info.key }} value

I tried adding it as an input and tried adding it without input but I get an unexpected parameter error

parameters:
 - name: info
   displayName: Information
   type: object
   default:
     info1: abc
     info2: 123
     info3: hello
steps:
  - checkout: none
  - ${{ each info in parameters.info }}:
      -   inputs:
           azureSubscription: subscriptionNumber
          script: |
          echo "info1 is ${{ info.info1}}"
          echo "info2 is ${{ info.info2}}"
          echo "info3 is ${{ info.info3}}"

          az keyvault secret set --vault-name ${{ parameters.info1 }} --name ${{ parameters.info2 }} --value ${{ parameters.info3 }}
        displayName: Show ${{ info.key }} value`
Tags:

2

Answers


  1. 0

    You can set an array of objects containing the keyvault secrets you want to update and then use ${{ each ... }} to generate a script task for each one.

    Changing your code slightly to make it more readable:

    parameters:
  - name: secrets
    displayName: Keyvault secrets
    type: object
    default:
      - subscription: my-subscription1
        vaultName: my-keyvault1
        secretName: my-secret1
        secretValue: password123
      - subscription: my-subscription2
        vaultName: my-keyvault2
        secretName: my-secret2
        secretValue: password456

steps:
  - checkout: none
  - ${{ each secret in parameters.secrets }}:
    - script: |
        echo "Subscription: ${{ secret.subscription }}"
        echo "Vault name: ${{ secret.vaultName }}"
        echo "Secret name: ${{ secret.secretName }}"
        
        # DO NOT PRINT SECRET VALUE IN THE PIPELINE LOGS
        # echo "Secret value: ${{ secret.secretValue }}"

        # ECHO USED JUST FOR DEMONSTRATION PURPOSES, REPLACE WITH ACTUAL COMMAND
        echo "az keyvault secret set --subscription ${{ secret.subscription }} --vault-name ${{ secret.vaultName }} --name ${{ secret.secretName }} --value ${{ secret.secretValue }} --output none"
      displayName: 'Set secret ${{ secret.vaultName }}/${{ secret.secretName }}'

    Running the pipeline:

    Pipeline logs

    Login or Signup to reply.
  2. 0 
    parameters:
- name: info
  displayName: Information
  type: object
  default:
    - subscription: Connection-Test1
      resourceGroup: resourceGroupName1
      keyvaultName: keyVaultName1
      secretName: secretName1
      secretValue: secretValue1
    - subscription: Connection-Test2
      resourceGroup: resourceGroupName2
      keyvaultName: keyVaultName2
      secretName: secretName2
      secretValue: secretValue2
  
pool:
  vmImage: ubuntu-latest

steps:
- ${{ each item in parameters.info }}:
  - task: AzureCLI@2
    displayName: showing resource group ${{ item.resourceGroup }}
    inputs:
      azureSubscription: ${{ item.subscription }}
      scriptType: bash
      scriptLocation: inlineScript
      inlineScript: |
        each ${{ item.subscription }}
        each ${{ item.resourceGroup }}

        az keyvault secret set --subscription ${{ item.subscription }} --vault-name ${{ item.vaultName }} --name ${{ item.secretName }} --value ${{ item.secretValue }}
    Login or Signup to reply.
Please signup or login to give your own answer.

Back To Top
Search