azure-pipelines-yamlazure-bicep
Override parameter in Bicep template through Azure ADO
I am trying to pass a variable dynamically from the Yaml file to my bicep file, but no luck.
Please note overrideParameters: '-capital_env $(environment) based on this.
I also tried
param capital_env=''
and
param capital_env
and
param capital_env string
in my bicepparam file but no luck.
I also tried overrideParameters: '-capital_env DEV' in my yaml file, but this one also did not work.
I have this yaml file:
parameters:
- name: environment
displayName: 'Environment'
type: string
default: 'DEV'
values:
- DEV
- TST
- PRD
trigger: none
pr: none
stages:
- stage: Deploy
displayName: 'Deploy to $(environment)'
jobs:
- job: DeployDev
displayName: 'Deploy to Development Environment'
condition: eq('${{ parameters.environment }}', 'DEV')
pool:
name: 'PartnerPortal'
variables:
azureServiceConnection: 'AzON-TST'
resourceGroupName: 'rgname'
location: 'australiaeast'
templateFile: '.\Infrastructure\DEV\mainStorageAccountCreation.bicep'
parametersFile: '.\Infrastructure\DEV\mainStorageAccountCreation.bicepparam'
steps:
- script: |
echo "Listing files in $(System.DefaultWorkingDirectory)"
dir $(System.DefaultWorkingDirectory)
echo "Listing files in $(System.DefaultWorkingDirectory)\Infrastructure\DEV\"
dir $(System.DefaultWorkingDirectory)\Infrastructure\DEV
displayName: 'List files in working directory'
- script: |
echo "Current PATH: $env:Path"
az --version
displayName: 'Verify Azure CLI Installation'
- task: AzureResourceManagerTemplateDeployment@3
inputs:
deploymentScope: 'Resource Group'
azureSubscription: '7c0513a'
ConnectedServiceName: 'AzON-TST'
resourceGroupName: $(resourceGroupName)
location: $(location)
templateLocation: 'Linked artifact'
csmFile: '$(templateFile)'
csmParametersFile: '$(parametersFile)'
overrideParameters: '-capital_env $(environment)'
displayName: 'Deploy ARM Template to DEV'
I have this bicepparamter file:
using 'mainStorageAccountCreation.bicep'
param capital_env='dfd'
param lower_env = toLower(capital_env)
param encryptionScopeName = 'defaultEncryptionScope'
param publicNetworkAccessLappFapp = 'Disabled'
param publicNetworkAccessApp = 'Enabled'
param ipWhitelist= [
'203....' //my IP
]
param storageAccountsApp = [
'uwasydstapartp${lower_env}'
]
param storageAccountsfapplapp = [
'uwasydstapartptla${lower_env}'
'uwasydstapartptli${lower_env}'
]
and this my bicep file
param location string = resourceGroup().location
param capital_env string
param lower_env string = toLower(capital_env)
targetScope = 'resourceGroup'
param encryptionScopeName string
param publicNetworkAccessApp string
param publicNetworkAccessLappFapp string
param storageAccountsApp array
param storageAccountsfapplapp array
param ipWhitelist array
module storageapp '../modules/StorageAccountApp.bicep' = [for storageName in storageAccountsApp: {
name: storageName
params: {
location: location
storagename: storageName
encryptionScopeName: encryptionScopeName
publicNetworkAccessApp: publicNetworkAccessApp
ipWhitelist:ipWhitelist
}
}]
module storageappfapplapp '../modules/StorageAccountLappFapp.bicep' = [for storageName in storageAccountsfapplapp: {
name: storageName
params: {
location: location
storagename: storageName
encryptionScopeName: encryptionScopeName
publicNetworkAccessLappFapp: publicNetworkAccessLappFapp
}
}]
the module for creating the storage account
param storagename string
param location string
param encryptionScopeName string
param publicNetworkAccessApp string
param ipWhitelist array // Array of IP addresses to whitelist
resource storageAccount 'Microsoft.Storage/storageAccounts@2023-01-01' = {
name: storagename
location: location
sku: {
name: 'Standard_LRS'
}
kind: 'StorageV2'
//Optional. Set the extended location of the resource. If not set, the storage account will be created in Azure main region. Otherwise it will be created in the specified extended location
properties: {
accessTier: 'Hot'
allowBlobPublicAccess: false
allowCrossTenantReplication: false
allowedCopyScope: 'AAD'
allowSharedKeyAccess: false
defaultToOAuthAuthentication: false //A boolean flag which indicates whether the default authentication is OAuth or not. The default interpretation is false for this property.
//dnsEndpointType: 'string'
encryption: {
keySource: 'Microsoft.Storage' //Microsoft-managed keys
requireInfrastructureEncryption: false
services: {
blob: {
enabled: true
// keyType: 'Account'
}
file: {
enabled: true
// keyType: 'Account'
}
queue: {
enabled: true
// keyType: 'Account'
}
table: {
enabled: true
// keyType: 'Account'
}
}
}
isHnsEnabled: false
isLocalUserEnabled: false
isNfsV3Enabled: false
isSftpEnabled: false
minimumTlsVersion: 'TLS1_2'
networkAcls: {
bypass: 'AzureServices'
ipRules: [
for ip in ipWhitelist: {
action: 'Allow'
value: ip
}
]
defaultAction: 'Deny'
}
publicNetworkAccess: publicNetworkAccessApp
}
}
resource encryptionScope 'Microsoft.Storage/storageAccounts/encryptionScopes@2022-09-01' = {
name: encryptionScopeName
parent: storageAccount
properties: {
source: 'Microsoft.Storage'
}
}
I am not able to pass capital_env from the yaml to bicepparam successfully, what changes I may need to do to fix this?
I am expecting to pass the capital_env to my bicepparemter file.
Solution
I tested to override parameter in Bicep template with the task AzureResourceManagerTemplateDeployment@3 in my pipeline and it works.
The YAML of my pipeline:
parameters:
- name: SKU
type: string
default: 'Standard_LRS'
values:
- Standard_LRS
- Standard_GRS
- name: Prefix
type: string
default: 'dev'
values:
- dev
- prd
trigger: none
steps:
- task: AzureResourceManagerTemplateDeployment@3
inputs:
deploymentScope: 'Resource Group'
azureResourceManagerConnection: 'ConnectionName'
subscriptionId: 'XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX'
action: 'Create Or Update Resource Group'
resourceGroupName: 'Group'
location: 'Southeast Asia'
templateLocation: 'Linked artifact'
csmFile: '$(System.DefaultWorkingDirectory)/templates/template.bicep'
csmParametersFile: '$(System.DefaultWorkingDirectory)/templates/template.bicepparam'
overrideParameters: '-storagePrefix ${{ parameters.Prefix }} -storageSKU ${{ parameters.SKU }}'
deploymentMode: 'Incremental'
So, the overrideParameters in your case should be '-capital_env ${{ parameters.environment }}'.
Here are my test Bicep files to create a storage account (referenced here): Files in the repo:
template.bicep
@minLength(3)
@maxLength(11)
param storagePrefix string
@allowed([
'Standard_LRS'
'Standard_GRS'
'Standard_RAGRS'
'Standard_ZRS'
'Premium_LRS'
'Premium_ZRS'
'Standard_GZRS'
'Standard_RAGZRS'
])
param storageSKU string
param location string = 'southeastasia'
var uniqueStorageName = '${storagePrefix}${uniqueString(resourceGroup().id)}'
resource stg 'Microsoft.Storage/storageAccounts@2021-04-01' = {
name: uniqueStorageName
location: location
sku: {
name: storageSKU
}
kind: 'StorageV2'
properties: {
supportsHttpsTrafficOnly: true
}
}
output storageEndpoint object = stg.properties.primaryEndpoints
template.bicepparam
using 'template.bicep'
param storagePrefix='test'
param storageSKU='Standard_LRS'
The storage account deployed with the pipeline:
