Override parameter in Bicep template through Azure ADO

Question

I am trying to pass a variable dynamically from the Yaml file to my bicep file, but no luck.

Please note overrideParameters: '-capital_env $(environment) based on this.

I also tried

param capital_env=''

and

param capital_env

and

param capital_env string

in my bicepparam file but no luck.

I also tried overrideParameters: '-capital_env DEV' in my yaml file, but this one also did not work.

I have this yaml file:

parameters:
- name: environment
  displayName: 'Environment'
  type: string
  default: 'DEV'
  values:
  - DEV
  - TST
  - PRD

trigger: none
pr: none

stages:
- stage: Deploy
  displayName: 'Deploy to $(environment)'
  jobs:
  - job: DeployDev
    displayName: 'Deploy to Development Environment'
    condition: eq('${{ parameters.environment }}', 'DEV')
    pool:
      name: 'PartnerPortal'
    variables:
      azureServiceConnection: 'AzON-TST'
      resourceGroupName: 'rgname'
      location: 'australiaeast'
      templateFile: '.\Infrastructure\DEV\mainStorageAccountCreation.bicep'
      parametersFile: '.\Infrastructure\DEV\mainStorageAccountCreation.bicepparam'
    steps:
    - script: |
        echo "Listing files in $(System.DefaultWorkingDirectory)"
        dir $(System.DefaultWorkingDirectory)
        echo "Listing files in $(System.DefaultWorkingDirectory)\Infrastructure\DEV\"
        dir $(System.DefaultWorkingDirectory)\Infrastructure\DEV
      displayName: 'List files in working directory'
    - script: |
        echo "Current PATH: $env:Path"
        az --version
      displayName: 'Verify Azure CLI Installation'
    - task: AzureResourceManagerTemplateDeployment@3
      inputs:
        deploymentScope: 'Resource Group'
        azureSubscription: '7c0513a'
        ConnectedServiceName: 'AzON-TST'
        resourceGroupName: $(resourceGroupName)
        location: $(location)
        templateLocation: 'Linked artifact'
        csmFile: '$(templateFile)'
        csmParametersFile: '$(parametersFile)'
        overrideParameters: '-capital_env $(environment)'
      displayName: 'Deploy ARM Template to DEV'

I have this bicepparamter file:

using 'mainStorageAccountCreation.bicep'
param capital_env='dfd'
param lower_env = toLower(capital_env)
param encryptionScopeName = 'defaultEncryptionScope'
param publicNetworkAccessLappFapp = 'Disabled'
param publicNetworkAccessApp = 'Enabled'
param ipWhitelist= [
  '203....' //my IP
]
param storageAccountsApp = [
  'uwasydstapartp${lower_env}'
]

param storageAccountsfapplapp = [
  'uwasydstapartptla${lower_env}'
  'uwasydstapartptli${lower_env}'
]

and this my bicep file

param location string = resourceGroup().location
param capital_env string
param lower_env string = toLower(capital_env)
targetScope = 'resourceGroup'
param encryptionScopeName string
param publicNetworkAccessApp string
param publicNetworkAccessLappFapp string
param storageAccountsApp array
param storageAccountsfapplapp array
param ipWhitelist array
module storageapp '../modules/StorageAccountApp.bicep' = [for storageName in storageAccountsApp: {
  name: storageName
  params: {
    location: location
    storagename: storageName
    encryptionScopeName: encryptionScopeName
    publicNetworkAccessApp: publicNetworkAccessApp
    ipWhitelist:ipWhitelist
  }
}]



module storageappfapplapp '../modules/StorageAccountLappFapp.bicep' = [for storageName in storageAccountsfapplapp: {
  name: storageName
  params: {
    location: location
    storagename: storageName
    encryptionScopeName: encryptionScopeName
    publicNetworkAccessLappFapp: publicNetworkAccessLappFapp
  }
}]

the module for creating the storage account

param storagename string
param location string
param encryptionScopeName string
param publicNetworkAccessApp string
param ipWhitelist array // Array of IP addresses to whitelist
resource storageAccount 'Microsoft.Storage/storageAccounts@2023-01-01' = {
  name: storagename
  location: location
  sku: {
    name: 'Standard_LRS'
  }
  kind: 'StorageV2'
  //Optional. Set the extended location of the resource. If not set, the storage account will be created in Azure main region. Otherwise it will be created in the specified extended location
  
  properties: {
    accessTier: 'Hot'
    allowBlobPublicAccess: false
    allowCrossTenantReplication: false
    allowedCopyScope: 'AAD'
    allowSharedKeyAccess: false
    defaultToOAuthAuthentication: false //A boolean flag which indicates whether the default authentication is OAuth or not. The default interpretation is false for this property.
    //dnsEndpointType: 'string'
    encryption: {
     
      keySource: 'Microsoft.Storage' //Microsoft-managed keys
      
      requireInfrastructureEncryption: false
      services: {
        blob: {
          enabled: true
         // keyType: 'Account'
        }
        file: {
          enabled: true
         // keyType: 'Account'
        }
        queue: {
          enabled: true
         // keyType: 'Account'
        }
        table: {
          enabled: true
         // keyType: 'Account'
        }
      }
    }
    
    isHnsEnabled: false
    isLocalUserEnabled: false
    isNfsV3Enabled: false
    isSftpEnabled: false
    
    minimumTlsVersion: 'TLS1_2'
    networkAcls: {
      bypass: 'AzureServices'
      ipRules: [
        for ip in ipWhitelist: {
          action: 'Allow'
          value: ip
        }
      ]
      defaultAction: 'Deny'
    }
    publicNetworkAccess: publicNetworkAccessApp
  
   }
}

resource encryptionScope 'Microsoft.Storage/storageAccounts/encryptionScopes@2022-09-01' = {
  name: encryptionScopeName
  parent: storageAccount
  properties: {
    source: 'Microsoft.Storage'
  }
}

I am not able to pass capital_env from the yaml to bicepparam successfully, what changes I may need to do to fix this?

I am expecting to pass the capital_env to my bicepparemter file.

Answer 1

I tested to override parameter in Bicep template with the task AzureResourceManagerTemplateDeployment@3 in my pipeline and it works.

The YAML of my pipeline:

parameters:
- name: SKU
  type: string
  default: 'Standard_LRS'
  values:
  - Standard_LRS
  - Standard_GRS
- name: Prefix
  type: string
  default: 'dev'
  values:
  - dev
  - prd
trigger: none

steps:
- task: AzureResourceManagerTemplateDeployment@3
  inputs:
    deploymentScope: 'Resource Group'
    azureResourceManagerConnection: 'ConnectionName'
    subscriptionId: 'XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX'
    action: 'Create Or Update Resource Group'
    resourceGroupName: 'Group'
    location: 'Southeast Asia'
    templateLocation: 'Linked artifact'
    csmFile: '$(System.DefaultWorkingDirectory)/templates/template.bicep'
    csmParametersFile: '$(System.DefaultWorkingDirectory)/templates/template.bicepparam'
    overrideParameters: '-storagePrefix  ${{ parameters.Prefix }} -storageSKU ${{ parameters.SKU }}'
    deploymentMode: 'Incremental'

So, the overrideParameters in your case should be '-capital_env ${{ parameters.environment }}'.

Here are my test Bicep files to create a storage account (referenced here): Files in the repo:

template.bicep

@minLength(3)
@maxLength(11)
param storagePrefix string

@allowed([
  'Standard_LRS'
  'Standard_GRS'
  'Standard_RAGRS'
  'Standard_ZRS'
  'Premium_LRS'
  'Premium_ZRS'
  'Standard_GZRS'
  'Standard_RAGZRS'
])
param storageSKU string 

param location string = 'southeastasia'

var uniqueStorageName = '${storagePrefix}${uniqueString(resourceGroup().id)}'

resource stg 'Microsoft.Storage/storageAccounts@2021-04-01' = {
  name: uniqueStorageName
  location: location
  sku: {
    name: storageSKU
  }
  kind: 'StorageV2'
  properties: {
    supportsHttpsTrafficOnly: true
  }
}

output storageEndpoint object = stg.properties.primaryEndpoints

template.bicepparam

using 'template.bicep'
param storagePrefix='test'
param storageSKU='Standard_LRS'

The storage account deployed with the pipeline: