'In Azure pipelines; where to store arrays?

We're setting up infrastructure as code in Azure pipelines. I now have a list of Role assignments; Roles which I want to give to groups. I've defined a list of these assignments as a default parameter like so:

parameters:
  name: assignments
  type: object
  default: 
  - {role: Azure Event Hubs Data Owner, scope: '/resourceGroups/myworkload/providers/Microsoft.EventHub/namespaces/myname-weu-eventhub-namespace-d-xxx', groupId: xxx-xxx-xxx-xxx},
  - {role: Reader, scope: '/resourceGroups/myworkload/providers/Microsoft.DBforPostgreSQL/servers/myname-pg01-weu-psql-d-01-xxx', groupId: xxx-xxx-xxx-xxx},
  - {role: Storage Blob Data Contributor, scope: '/resourceGroups/myworkload/providers/Microsoft.Storage/storageAccounts/dataweuxxx', groupId: xxx-xxx-xxx-xxx},
  - etc

This works, but I want to move them outside of the steps.yaml file into a variables file. This is because they are also different for each of our 4 DTAP environments. Unfortunately, it seems impossible to store "sequences" into this variables.yaml file. I could of course define all these values separately in the variables file, but that will create an enormous mess.

How and where could I define this list outside of the code so that I keep things tidy and readable?

azureazure-devopsazure-pipelines


Solution 1:[1]

Define the assignments as a json string in a variable, perhaps like this:

assignments: >-
  [
    {
      "role": "Azure Event Hubs Data Owner",
      "scope": "/resourceGroups/myworkload/providers/Microsoft.EventHub/namespaces/myname-weu-eventhub-namespace-d-xxx",
      "groupId": "xxx - xxx - xxx - xxx"
    },
    {
      "role": "Reader",
      "scope": "/resourceGroups/myworkload/providers/Microsoft.DBforPostgreSQL/servers/myname-pg01-weu-psql-d-01-xxx",
      "groupId": "xxx - xxx - xxx - xxx"
    },
    {
      "role": "Storage Blob Data Contributor",
      "scope": "/resourceGroups/myworkload/providers/Microsoft.Storage/storageAccounts/dataweuxxx",
      "groupId": "xxx - xxx - xxx - xxx"
    }
  ]

We use variables like this in a few ways, including:

  1. as a parameter to a powershell script, which can then process them as an array of objects
  2. as a parameter to an ARM template, where an array-type parameter is expected

Sources

This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.

Source: Stack Overflow

Solution Source
Solution 1 Vince Bowdren

Related Questions