0

我在 azure devops 服务中有一个多阶段的完整 yaml 管道。不同的阶段包括构建阶段、开发阶段(将 azure 资源部署到 azure 资源组)和 UAT 阶段(将 azure 资源部署到不同的资源组)。一切都很好。但是我需要使用模板,因为我想重用这些步骤。将步骤移至模板后,开发阶段继续工作,但 UAT 阶段给出授权错误。值得一提的是,dev 和 uat 阶段针对不同的订阅使用不同的服务连接。但是为什么当我不使用模板并且突然将步骤移动到模板文件时它不起作用时它会起作用。这是一个已知的错误?

这是我在使用模板方法时遇到的错误:

 | The client '9e5cc21a-bb38-46b9-a16a-289fbbf9c8b9' with object
     | id '9e5cc21a-bb38-46b9-a16a-289fbbf9c8b9' does not have
     | authorization to perform action
     | 'Microsoft.Resources/subscriptions/resourceGroups/resources/read' over scope '/subscriptions/7041f5ba-1040-4989-8e48-497b3b826d01/resourceGroups/Resource-Group-Test-A' or the scope is invalid. If access was recently granted, please refresh your credentials. StatusCode: 403 ReasonPhrase: Forbidden OperationID : 464f577e-6617-4bed-9a14-1f7487b5f209

这是不使用模板的管道(完美!)。

# Starter pipeline
# Start with a minimal pipeline that you can customize to build and deploy your code.
# Add steps that build, run tests, deploy, and more:
# https://aka.ms/yaml

trigger:
- master

variables:
- group: 'Dev ARMT SFTP Connection'

resources:
  repositories:
    - repository: templates
      type: git
      name: CommonTasks

stages: 
- stage: Build
  jobs:
    - job: Build
      pool:
        vmImage: 'ubuntu-latest'
      steps:
      - task: printAllVariables@1
      - task: CopyFiles@2
        inputs:
          SourceFolder: '$(System.DefaultWorkingDirectory)'
          Contents: 'ARM-Templates/**'
          TargetFolder: '$(Build.ArtifactStagingDirectory)'
      - task: PublishBuildArtifacts@1
        inputs:
          PathtoPublish: '$(Build.ArtifactStagingDirectory)'
          ArtifactName: 'drop'
          publishLocation: 'Container'
      - task: PowerShell@2
        inputs:
          targetType: 'inline'
          script: |
            # Write your PowerShell commands here.
            
            Write-Host "Build Completed..."
            $workingdir = "$(Build.ArtifactStagingDirectory)"
            Write-Host $workingdir
            $fcontent = Get-ChildItem -Path $workingdir
            Write-Host $fcontent

    
- stage: Dev
  jobs:
  - job: Dev
    pool:
        vmImage: 'ubuntu-latest'
    steps:
    - task: DownloadBuildArtifacts@0
      inputs:
        buildType: 'specific'
        project: '530cfd4b-51b8-4237-b2fa-f296a4cba29d'
        pipeline: '30'
        buildVersionToDownload: 'latest'
        downloadType: 'single'
        artifactName: 'drop'
        downloadPath: '$(System.ArtifactsDirectory)/CommonTasks'
    - task: DownloadBuildArtifacts@0
      inputs:
        buildType: 'current'
        downloadType: 'single'
        artifactName: 'drop'
        downloadPath: '$(System.ArtifactsDirectory)/SftpConnection'
    - task: FileTransform@1
      displayName: 'ARMT SFTP Connection - Parameters File Transform '
      inputs:
        folderPath: '$(System.ArtifactsDirectory)/SftpConnection/drop'
        fileType: json
        targetFiles: 'ARM-Templates/parameters.json'
    - task: AzurePowerShell@4
      displayName: 'ARMT SFTP Connection - Check Resource Existance'
      inputs:
        azureSubscription: 'Starwood-DT-DEV-ServiceConnection'
        ScriptPath: '$(System.ArtifactsDirectory)/CommonTasks/drop/AzurePowerShell/ResourceExistance.ps1'
        ScriptArguments: '-resourceGroupName Starwood-DT-DEV -resourceName $(parameters.sftp_name.value)'
        azurePowerShellVersion: LatestVersion
    - task: AzureResourceGroupDeployment@2
      displayName: 'ARMT SFTP Connection - Deploy'
      inputs:
        azureSubscription: 'Starwood-DT-DEV-ServiceConnection'
        resourceGroupName: 'Starwood-DT-DEV'
        location: 'East US'
        csmFile: '$(System.ArtifactsDirectory)/SftpConnection/drop/ARM-Templates/template.json'
        csmParametersFile: '$(System.ArtifactsDirectory)/SftpConnection/drop/ARM-Templates/parameters.json'
      condition: eq(variables['deployresource'],'true')

- stage: GroupATest
  jobs:
  - job: GroupATest
    pool:
        vmImage: 'ubuntu-latest'
    steps:
    - task: DownloadBuildArtifacts@0
      inputs:
        buildType: 'specific'
        project: '530cfd4b-51b8-4237-b2fa-f296a4cba29d'
        pipeline: '30'
        buildVersionToDownload: 'latest'
        downloadType: 'single'
        artifactName: 'drop'
        downloadPath: '$(System.ArtifactsDirectory)/CommonTasks'
    - task: DownloadBuildArtifacts@0
      inputs:
        buildType: 'current'
        downloadType: 'single'
        artifactName: 'drop'
        downloadPath: '$(System.ArtifactsDirectory)/SftpConnection'
    - task: FileTransform@1
      displayName: 'ARMT SFTP Connection - Parameters File Transform '
      inputs:
        folderPath: '$(System.ArtifactsDirectory)/SftpConnection/drop'
        fileType: json
        targetFiles: 'ARM-Templates/parameters.json'
    - task: AzurePowerShell@4
      displayName: 'ARMT SFTP Connection - Check Resource Existance'
      inputs:
        azureSubscription: 'Resource-Group-Test-A'
        ScriptPath: '$(System.ArtifactsDirectory)/CommonTasks/drop/AzurePowerShell/ResourceExistance.ps1'
        ScriptArguments: '-resourceGroupName Resouce-Group-Test-A -resourceName $(parameters.sftp_name.value)'
        azurePowerShellVersion: LatestVersion

    - task: AzureResourceGroupDeployment@2
      displayName: 'ARMT SFTP Connection - Deploy'
      inputs:
        azureSubscription: 'Resource-Group-Test-A'
        resourceGroupName: 'Resouce-Group-Test-A'
        location: 'East US'
        csmFile: '$(System.ArtifactsDirectory)/SftpConnection/drop/ARM-Templates/template.json'
        csmParametersFile: '$(System.ArtifactsDirectory)/SftpConnection/drop/ARM-Templates/parameters.json'
      condition: eq(variables['deployresource'],'true')

移动到步骤模板时(然后我收到错误消息):

 # Starter pipeline
# Start with a minimal pipeline that you can customize to build and deploy your code.
# Add steps that build, run tests, deploy, and more:
# https://aka.ms/yaml

trigger:
- master


resources:
  repositories:
    - repository: templates
      type: git
      name: CommonTasks

stages: 
- stage: Build
  jobs:
    - job: Build
      pool:
        vmImage: 'ubuntu-latest'
      steps:
      - task: printAllVariables@1
      - task: CopyFiles@2
        inputs:
          SourceFolder: '$(System.DefaultWorkingDirectory)'
          Contents: 'ARM-Templates/**'
          TargetFolder: '$(Build.ArtifactStagingDirectory)'
      - task: PublishBuildArtifacts@1
        inputs:
          PathtoPublish: '$(Build.ArtifactStagingDirectory)'
          ArtifactName: 'drop'
          publishLocation: 'Container'
      - task: PowerShell@2
        inputs:
          targetType: 'inline'
          script: |
            # Write your PowerShell commands here.
            
            Write-Host "Build Completed..."
            $workingdir = "$(Build.ArtifactStagingDirectory)"
            Write-Host $workingdir
            $fcontent = Get-ChildItem -Path $workingdir
            Write-Host $fcontent

    
- stage: Dev
  variables:
  - group: 'Dev ARMT SFTP Connection'
  jobs:
  - job: Dev
    pool:
        vmImage: 'ubuntu-latest'
    steps:
    - task: DownloadBuildArtifacts@0
      inputs:
        buildType: 'specific'
        project: '530cfd4b-51b8-4237-b2fa-f296a4cba29d'
        pipeline: '30'
        buildVersionToDownload: 'latest'
        downloadType: 'single'
        artifactName: 'drop'
        downloadPath: '$(System.ArtifactsDirectory)/CommonTasks'
    - task: DownloadBuildArtifacts@0
      inputs:
        buildType: 'current'
        downloadType: 'single'
        artifactName: 'drop'
        downloadPath: '$(System.ArtifactsDirectory)/SftpConnection'
    - template: YamlTemplate/azure-resource-deploy.yml@templates
      parameters:
        dropLocation: '$(System.ArtifactsDirectory)/SftpConnection/drop'
        transformTargetPath: 'ARM-Templates/parameters.json'
        resourceName: $(parameters.sftp_name.value)
        resourceGroupName: 'Starwood-DT-DEV'
        azureServiceConnectionName: 'Starwood-DT-DEV-ServiceConnection'
        resourceLocation: 'East US'
        armtTemplateFilePath: '$(System.ArtifactsDirectory)/SftpConnection/drop/ARM-Templates/template.json'
        armtParemeterFilePath: '$(System.ArtifactsDirectory)/SftpConnection/drop/ARM-Templates/parameters.json'

- stage: GroupATest
  variables:
  - group: 'GroupA ARMT SFTP Connection'
  jobs:
  - job: GroupATest
    pool:
        vmImage: 'ubuntu-latest'
    steps: 
    - task: DownloadBuildArtifacts@0
      inputs:
        buildType: 'specific'
        project: '530cfd4b-51b8-4237-b2fa-f296a4cba29d'
        pipeline: '30'
        buildVersionToDownload: 'latest'
        downloadType: 'single'
        artifactName: 'drop'
        downloadPath: '$(System.ArtifactsDirectory)/CommonTasks'
    - task: DownloadBuildArtifacts@0
      inputs:
        buildType: 'current'
        downloadType: 'single'
        artifactName: 'drop'
        downloadPath: '$(System.ArtifactsDirectory)/SftpConnection'
    - template: YamlTemplate/azure-resource-deploy.yml@templates
      parameters:
        dropLocation: '$(System.ArtifactsDirectory)/SftpConnection/drop'
        transformTargetPath: 'ARM-Templates/parameters.json'
        resourceName: $(parameters.sftp_name.value)
        resourceGroupName: 'Resource-Group-Test-A'
        azureServiceConnectionName: 'Resource-Group-Test-A'
        resourceLocation: 'East US'
        armtTemplateFilePath: '$(System.ArtifactsDirectory)/SftpConnection/drop/ARM-Templates/template.json'
        armtParemeterFilePath: '$(System.ArtifactsDirectory)/SftpConnection/drop/ARM-Templates/parameters.json'

这是模板结构父模板 - (azure-resource-deploy.yml):

parameters:
- name: dropLocation
  type: string
  displayName: 'Artifact path to drop location'
  default: ''
- name: transformTargetPath
  type: string
  default: ''
- name: resourceName
  type: string
  default: ''
- name: resourceGroupName
  type: string
  default: ''
- name: azureServiceConnectionName
  type: string
  default: ''
- name: resourceLocation
  type: string
  default: ''
- name: armtTemplateFilePath
  type: string
  default: ''
- name: armtParemeterFilePath
  type: string
  default: ''


steps:
- template: armt-parameter-file-transform.yml
  parameters:
   transformStepDisplayName: ''
   folderPath: ${{parameters.dropLocation}}
   targetFile: ${{parameters.transformTargetPath}}

- template: azure-resource-check.yml
  parameters:
   resourceName: ${{parameters.resourceName}}
   resourceGroupName: ${{parameters.resourceGroupName}}
   azureServiceConnectionName: ${{parameters.azureServiceConnectionName}}


- template: armt-deploy.yml
  parameters:
   resourceName: ${{parameters.resourceName}}
   resourceGroupName: ${{parameters.resourceGroupName}}
   resourceLocation: ${{parameters.resourceLocation}}
   azureServiceConnectionName: ${{parameters.azureServiceConnectionName}}
   templateFilePath: ${{parameters.armtTemplateFilePath}}
   parametersFilePath: ${{parameters.armtParemeterFilePath}}

从父级引用的模板:

(armt-参数-文件-transform.yml)

parameters:
- name: transformStepDisplayName
  type: string
  displayName: 'Display name for this step'
  default: ''
- name: folderPath
  type: string
  displayName: 'Path to drop location'
  default: ''
- name: targetFile
  type: string
  displayName: 'Path to paremeter file relative to drop location.'
  default: ''

steps:
- task: FileTransform@1
  displayName: ${{parameters.transformStepDisplayName}}
  inputs:
    folderPath: ${{parameters.folderPath}}
    fileType: json
    targetFiles: ${{parameters.targetFile}}

(天蓝色资源检查.yml)

parameters:
- name: resourceName
  type: string
- name: resourceGroupName
  type: string
- name: azureServiceConnectionName
  type: string

steps:
- script: echo Echo -resourceGroupName ${{ parameters.resourceGroupName }} -resourceName ${{ parameters.resourceName }}
- task: AzurePowerShell@4
  displayName: '${{ parameters.resourceName }} - Checking Resource Existance'
  inputs:
    azureSubscription: '${{ parameters.azureServiceConnectionName }}'
    ScriptPath: '$(System.ArtifactsDirectory)/CommonTasks/drop/AzurePowerShell/ResourceExistance.ps1'
    ScriptArguments: '-resourceGroupName ${{ parameters.resourceGroupName }} -resourceName ${{ parameters.resourceName }}'
    azurePowerShellVersion: LatestVersion

(armt-deploy.yml)

parameters:
- name: resourceName
  type: string
- name: resourceGroupName
  type: string
- name: resourceLocation
  type: string
- name: azureServiceConnectionName
  type: string
- name: templateFilePath
  type: string
- name: parametersFilePath
  type: string

steps:
- task: AzureResourceGroupDeployment@2
  displayName: 'ARMT Deploy - ${{parameters.resourceName}}'
  inputs:
    azureSubscription: ${{parameters.azureServiceConnectionName}}
    resourceGroupName: ${{parameters.resourceGroupName}}
    location: ${{parameters.resourceLocation}}
    csmFile: ${{parameters.templateFilePath}}
    csmParametersFile: ${{parameters.parametersFilePath}}
  condition: eq(variables['deployresource'],'true')
4

1 回答 1

0

这只是一个错字造成的。资源组的实际名称是Resouce-Group-Test-A,我在命名这个资源组时错过了 r。在非模板版本中不会发生该错误,因为当您从下拉列表中选择资源组时,您会使用正确的预填充名称进行操作,因此不会出错。然而,在一个完整的 yaml 管道中,您必须输入它,这就是发生错字的地方。如果这里有什么可以学习的。输入资源名称时要密切注意,错误可能描述性不够。对不起,如果浪费了任何人宝贵的时间。

于 2020-07-06T18:38:01.930 回答