Azure SQL Server CICD Bicep and Key Vault
I have built a CICD Pipeline to deploy an Azure SQL Server and DB and part of this process is to obtain the username and password from secrets in a Key Vault. The Key Vault task in YAML works and can access the Vault, but when it calls an Azure CLI Task to execute the Bicep, it fails with the following error:
ERROR: Unable to parse parameter: **
My code:
steps:
- task: AzureKeyVault@2
displayName: 'Download Key Vault Secrets'
inputs:
connectedServiceName: $
keyVaultName: $
secretsFilter: '*'
- task: AzureCLI@2
displayName: '$: $ $'
inputs:
azureSubscription: $
scriptType: 'ps'
scriptLocation: 'inlineScript'
inlineScript: |
$tags = "$/$/tags.json"
$products = "$/$/products.json"
$productDeploymentFile = "$/SQLServer.bicep"
az --version
az deployment group $ --name $-$-products-deployment --resource-group $ --template-file $productDeploymentFile --parameters $tags $products "$(sql-admin-username)" "$(sql-admin-password)" --mode $
And the Bicep file:
param tags object
param sqlServers array
param sqlDatbases array
param sqlAdminUserName string
@secure()
param sqlAdminPassword string
resource sqlServer 'Microsoft.Sql/servers@2021-08-01-preview' = [for sql in sqlServers: {
name: sql.Name
location: sql.location
properties: {
administratorLogin: sqlAdminUserName
administratorLoginPassword: sqlAdminPassword
administrators: {
azureADOnlyAuthentication: false
administratorType: sql.administratorType
principalType: sql.principalType
login: sql.login
sid: sql.sid
tenantId: sql.tenantId
}
}
tags: tags
}]
Is there anything obvious that is incorrect?
Comments
Post a Comment