Is there a way to get the SubscriptionID used in task: "Azure Resource Group Deployment"

2
votes

I am using Azure Resource Group Deployment task in Azure Devops. Some of the Override template parameters include the SubscriptionID.

-virtualNetworkId /subscriptions/53614803-d327-4397-bf55-8dedcc24be0d/resourceGroups/$(resourceGroup)/providers/Microsoft.Network/virtualNetworks/vnet

Is there a was to use the SubsciptionID used in the Azure subscription connection ?

Reason: The subscriptionId needed to be known in the build pipeline. This also solves the uniqueString template issue, where we need to know the uniqueString, but powershell does not have a way to tell you.

My deployments are being built to run in any ResourceGroup in different Subscriptions. I am deploying several VM's using the ARM template generated creating one VM in the portal. One of the parameters embedded the subscription Id as shown in question. Because of how the variables are calculated inside the template built by the portal, [subscription.SubscriptionId] was not going to work:

  "variables": {
    "vnetId": "[parameters('virtualNetworkId')]",
    "subnetRef": "[concat(variables('vnetId'), '/subnets/', parameters('subnetName'))]",

It ends up at run time as:

/subscriptions/$(subscription().subscriptionid)/resourceGroups/Dev1/providers/Microsoft.Network/virtualNetworks/vnet/subnets/default

I do not want to edit the template, as I will need to make some adjustments to future deployments, and will likely use the portal to make a new template. The subscriptionId needed to be known in the build pipeline. This also solves the uniqueString template issue, where we need to know the uniqueString, but powershell does not have a way to tell you.

4
azureazure-devopsazure-pipelines-build-task
you want to get the subscriptionid in the build task?Sajeetharan
Yes, it needs to be used as a build property, something like $(subscriptionId)jlo-gmail
what about "subscriptionId": "{{inputs.subscriptionId}}",?Sajeetharan
How would I use that in the string of the question ? ie "-virtualNetworkId ...."jlo-gmail
you need to create a variable and pass it variables('virtualNetworkId')Sajeetharan

4 Answers

2
votes

You can use this YAML Pipeline to get subscription from Azure Cli task and create a pipeline variable called subscriptionId

trigger:
- none

pool:
  vmImage: 'windows-latest'


stages:
- stage: Build
  displayName: Build stage

  jobs:
  - job: GetSubscription
    steps:
    - checkout: none
    - task: AzureCLI@2
      inputs:
        azureSubscription: 'CTP.AssuranceDW-Non-Production'
        scriptType: 'ps'
        scriptLocation: 'inlineScript'
        inlineScript: |
          $id = convertfrom-json (az account list --query "[?isDefault].id | [0]")
          Write-Host $id
          echo "##vso[task.setvariable variable=subscriptionId]$id"
    - powershell: Write-Host $(subscriptionId)
1
votes

Solution: I created a blank template with output variables and an empty parameters file: template.json:

{
  "$schema": "http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
  "contentVersion": "1.0.0.0",
  "parameters": {  },
  "variables": {  },
  "resources": [ ],
  "outputs": {
    "subscriptionId": {
      "condition": "[bool('true')]",
      "type": "string",
      "value": "[subscription().subscriptionId]"
    },
    "uniqueString": {
      "condition": "[bool('true')]",
      "type": "string",
      "value": "[uniqueString(resourceGroup().id)]"
    }
  }
}

parameters.json

{
  "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentParameters.json#",
  "contentVersion": "1.0.0.0",
  "parameters": {
  }
}

Then I ran the tasks:

1. Azure Resource Group Deployment -> runs empty template

2. ARM Outputs -> captures outputs from ARM as variables:

##[section]Starting: ARM Outputs
==============================================================================
Task         : ARM Outputs
Description  : This task reads the output values of an ARM deployment and sets them as Azure Pipelines variables.
Version      : 5.0.21
Author       : Kees Schollaart
Help         : [More Information](https://github.com/keesschollaart81/vsts-arm-outputs)
==============================================================================
1ef1317c-0917-4a7e-a922-a31b6069c707 exists true
Logging in using ApplicationTokenCredentials, authScheme is 'ServicePrincipal'
Updating Azure Pipelines variable 'subscriptionId'
Updating Azure Pipelines variable 'uniqueString'
##[section]Finishing: ARM Outputs

Then I invoke the real Azure Resource Group Deployment to run my actual template.

Now I can set the Override template parameters property using Pipeline Syntax, ie $(parmName):

-location eastus 
-enableAcceleratedNetworking true 
-subnetName default 
-virtualNetworkId /subscriptions/$(subscriptionId)/resourceGroups/$(resourceGroup)/providers/Microsoft.Network/virtualNetworks/vnet 
-diagnosticsStorageAccountId /subscriptions/$(subscriptionId)**/resourceGroups/$(resourceGroup)/providers/Microsoft.Storage/storageAccounts/osdiag$(uniqueString) 
...
0
votes

Powershell az command

This command will output the default subscription id:

convertfrom-json (az account list --query "[?isDefault].id | [0]")

It can be used in the Azure CLI task and the query language is JMESPath.

0
votes

for those with multiple subscriptions you can query via subscription name (if that's perfectly ok for u to do) and then get the single unquoted value

az account list --query "[?name == 'Azure subscription 1'].{Id:id}" -o tsv

learned it all from this link https://docs.microsoft.com/en-us/cli/azure/query-azure-cli