azure-devops - 从 pipeline.yaml 中的服务连接导出 ARM_CLIENT_ID 和 ARM_CLIENT_SECRET

问题描述

我创建了将现有 Azure 资源导入 terraform 的管道。由于 Terraform 导入需要从服务连接中提取的以下详细信息的提供者详细信息或环境变量。

steps:
- task: AzureCLI@2
  displayName: Terraform Init
  inputs:
    azureSubscription: ${{ parameters.service_connection }} 
    addSpnToEnvironment: true
    scriptType: bash
    scriptLocation: inlineScript
    inlineScript: |
        export ARM_CLIENT_ID=$servicePrincipalId
        export ARM_CLIENT_SECRET=$servicePrincipalKey
        export ARM_SUBSCRIPTION_ID=$(az account show --query id | xargs)
        export ARM_TENANT_ID=$(az account show --query tenantId | xargs)
        ls
        terraform init -upgrade -input=false  \
            -backend-config="subscription_id=${{ parameters.tf_state_subscription_id }}" \
            -backend-config="tenant_id=$tenantId" \
            -backend-config="client_id=$servicePrincipalId" \
            -backend-config="client_secret=$servicePrincipalKey" \
            -backend-config="resource_group_name=${{ parameters.resource_group_name }}" \
            -backend-config="storage_account_name=${{ parameters.storage_account_name }}" \
            -backend-config="container_name=${{ parameters.tf_state_key }}" \
            -backend-config="key=${{ parameters.tf_state_key }}.tfstate"
        if [ $(az resource list --name pytestkeyvault --query '[].id' -o tsv) != null ]
        then
          echo "using Keyvault $(az resource list --name pytestkeyvault --query '[].id' -o tsv)"
          terraform import azurerm_key_vault.this $(az resource list --name pytestkeyvault --query '[].id' -o tsv) 
        else
          echo "Keyvault does not exist"
        fi
echo $ARM_CLIENT_ID

导出的环境变量 ARM_CLIENT_ID 为空。以下变量未导出为环境变量。

echo $ARM_CLIENT_ID echo $ARM_CLIENT_SECRET echo $ARM_SUBSCRIPTION_ID echo $ARM_TENANT_ID

标签： azure-devops