Search code examples
variablesazure-devopsazure-pipelines

Dynamic variable group in azure

I am stuck with the following. Being trying to use a variable group in azure depending in the variable of an another vg. Example below:

variables:
- group: automation-marionette
- name: workingEnv
  value: $(variables.envName)
- group: $(workingEnv)


stages:
  - stage: test
    jobs:
      - job: test
        steps:
        - script: |
               echo 'envName: ' $(envName)
               echo $(VALUES_FILE)

even though I changed the variable call with many different ways , it never works. I tried:

  • $(variables.envName)
  • $[variables.envName]
  • $(variables['envName'])

but always I get the error:

An error occurred while loading the YAML build pipeline. Variable group was not found or is not authorized for use. For authorization details, refer to https://aka.ms/yamlauthz.

Permissions have been checked and the vg has no restrictions from pipelines and every user has admin rights.

Solution

  • You can't do this based on the variable, but you can use parameters instead

    parameters:
- name: environment
  displayName: Environment
  type: string
  default: QA
  values:
  - QA
  - PROD

stages:
- stage:
  displayName: 'Build and Restore'
  variables:
  - group: ${{ parameters.environment }}
  jobs:
    - job:
      steps:
      - script: echo $(name)

    Take a look also here.

    Using variable groups this is not possible. References by you link to the documentation presents different case

    variables:
- group: my-variable-group
- name: my-passed-variable
  value: $[variables.myhello] # uses runtime expression

steps:
- script: echo $(myhello) # uses macro syntax
- script: echo $(my-passed-variable)

    It uses a compile-time expression for setting variable group - group: my-variable-group and runtime expression for setting variable.

    In this step here - group: $(workingEnv) you try to use the runtime expression to set the variable group. And this is not possible. It has to be a compile-time expression.

    As it is written here:

    It also answers another common issue: why can't I use variables to resolve service connection / environment names? Resources are authorized before a stage can start running, so stage- and job-level variables aren't available. Pipeline-level variables can be used, but only those variables explicitly included in the pipeline. Variable groups are themselves a resource subject to authorization, so their data is likewise not available when checking resource authorization.

    There is a mistake in documentation. It is possible to set value for variable but it is not possible to set variable group name in this way

    This is likely a case that can be fixed by using a different kind of expression. In our yaml language, we have a few kinds of expressions that are evaluated at different points in the execution of a pipeline.

    https://docs.microsoft.com/en-us/azure/devops/pipelines/process/expressions?view=azure-devops

    If you are using variables to reference resources, those will need to be “compile time constants”, or at least knowable at the start of a stage when resources are auth’d.

    In your case, I expect switching to the compile-time expression ${{}} will solve your issue. In a release of AzureDevops which is currently deploying, we are adding new functionality to increase the power of ${{}} expressions. I expect that even if the ${{}} do not work for you at the moment, they will starting with the rollout of process parameters.

    The variable group is a resource and it has to be a compile-time expression.