Home > Back-end >  Azure SQL Server CICD Bicep and Key Vault
Azure SQL Server CICD Bicep and Key Vault

Time:11-21

I have built a CICD Pipeline to deploy an Azure SQL Server and DB and part of this process is to obtain the username and password from secrets in a Key Vault. The Key Vault task in YAML works and can access the Vault, but when it calls an Azure CLI Task to execute the Bicep, it fails with the following error:

ERROR: Unable to parse parameter: **

My code:

   steps:
- task: AzureKeyVault@2
  displayName: 'Download Key Vault Secrets'
  inputs:
    connectedServiceName: ${{ parameters.AzureResourceManagerConnection }}
    keyVaultName: ${{ parameters.keyVaultName }}
    secretsFilter: '*' 

- task: AzureCLI@2
  displayName: '${{ parameters.deploymentType }}: ${{ parameters.targetEnvironment }} ${{ parameters.product }}'
  inputs:
    azureSubscription: ${{ parameters.AzureResourceManagerConnection }}
    scriptType: 'ps'
    scriptLocation: 'inlineScript'
    inlineScript: |
      $tags = "${{ parameters.releaseFolder }}/${{ parameters.targetEnvironment }}/tags.json"
      $products = "${{ parameters.releaseFolder }}/${{ parameters.targetEnvironment }}/products.json"
      $productDeploymentFile = "${{ parameters.releaseFolder }}/SQLServer.bicep"
      az --version
      az deployment group ${{ parameters.deploymentType }} --name ${{ parameters.targetEnvironment }}-${{ parameters.product }}-products-deployment --resource-group ${{ parameters.resourceGroup }} --template-file $productDeploymentFile --parameters $tags $products "$(sql-admin-username)" "$(sql-admin-password)" --mode ${{ parameters.deploymentMode }}

And the Bicep file:

param tags object
    param sqlServers array
    param sqlDatbases array
    
    param sqlAdminUserName string
    @secure()
    param sqlAdminPassword string
    
    
    resource sqlServer 'Microsoft.Sql/servers@2021-08-01-preview' = [for sql in sqlServers: {
      name: sql.Name
      location: sql.location
      properties: {
        administratorLogin: sqlAdminUserName
        administratorLoginPassword: sqlAdminPassword
        administrators: {
          azureADOnlyAuthentication: false
          administratorType: sql.administratorType
          principalType: sql.principalType
          login: sql.login
          sid: sql.sid
          tenantId: sql.tenantId
        }
      }
      tags: tags
    }]

Is there anything obvious that is incorrect?

CodePudding user response:

Looking at your yaml file, the way you are passing inline parameters is not correct (see documentation), you would need to specify the parameter names as well:

az deployment group `
...
  --parameters `
  sqlAdminUserName="$(sql-admin-username)" `
  sqlAdminPassword="$(sql-admin-password)" `
...
  • Related