-
Notifications
You must be signed in to change notification settings - Fork 207
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Prompting for parameters with aspire/azd #3597
Comments
Your intuition is more or less correct here (in practice the value is saved into a different file, specific to the environment), but then end to end here isn't great yet.
What you can do today is the following - in the
That would cause We need to think about this whole end to end a little more and make this less painful, but perhaps this information helps unblock your specific problem today. |
Hmm, I'm trying this and still running into problems in my CI/CI pipeline. The message I get is:
Which is confusing as the parameter is in my 'main.parameters.json':
That environment variable is set up in the variables group with the right name 'AZURE_ECO_DRIVER_DB' there in Azure Devops and is referenced in the build step:
In the yaml file for the project it appears as:
What am I missing, why is it not picking up the environment variable for this parameter? |
@mip1983, the parameter mapping works only for the bicep template. It doesn't work for service yaml templates. The expression: Please try this:
|
I'm a bit lost there, I don't use azd pipeline config. I've set the build pipeline manually in Azure DevOps. I then push in variables for different environments using the 'Library' feature. I don't think I really want environment specific config on my local machine, particularly production values. e.g.
Is there a way to get azd to pick up this value that I'm trying to push in from the library? |
@mip1983 , yes, if you are doing all manual, you will need to:
{
"infra": {
"parameters": {
"ecoDriverDb": "value-here"
}
}
}
|
Im having this same issue and tried following your advice with no luck. same issue on the deployment. When you say
What exactly do you mean by this? Im assuming you mean to add an env var (AZD_INITIAL_ENVIRONMENT_CONFIG) to each github environment here and then set the value to the json of the config.json I tried adding |
I was referring to the Azure DevOps - library's variable group. Based on the commented user case:
Within each variable group, there should be a variable AZD_INITIAL_ENVIRONMENT_CONFIG with the content of the infrastructure params. Then, the variable should be included in the pipeline definition (yaml) |
I got this to work in github Added
However, one interesting gotcha was that when i do Looks like it was using the value from |
I've not tried out adding 'AZD_INITIAL_ENVIRONMENT_CONFIG' to my library just yet, I imagine adding a multi-line json string to the library would work, just looks a little messy in what is otherwise key/value pairs. What I've done at the moment is use 'azd infra synth'. I've left the connection string as an input in main.parameters and main.bicep. I just then added the connection string as an output variable at the end of the main.bicep file. I've then updated the tml.yaml file, replacing the parameter with something along these lines:
Seen as this is working for now, and is nice and consistent with how all the other connection strings are set up, I might leave as is and hang on a little longer to see if a more user-friendly way of doing this emerges. Maybe anything that's an input in main.parameters.json should be available as an output like I've done. Then it can be used easily by CI/CD and you don't have this separate and not so intuitive home for variables in the form of json against 'AZD_INITIAL_ENVIRONMENT_CONFIG'. If other connection strings are ending up in the .env file, this separate secure parameter concept seems a bit redundant and confusing. |
@mip1983 Is this still working after AZD 1.9.0? I tried implementing your solution by editing the |
@mip1983 , ideally, you should not set connections strings as output params and/or write them to .env files. Consider using AZD_INITIAL_ENVIRONMENT_CONFIG. See this: #3850 (comment) |
I don't feel this is well addressed with this 'AZD_INITIAL_ENVIRONMENT_CONFIG' param. It doesn't suit the key-value nature of an Azure DevOps variable library, it's not intuitive or well documented (correct me if I've missed something there) and I think it's left a few users scratching heads from what I can tell. It's overly complex to simply add a connection string. You've got all the other config including connection strings for blob storage and app insights etc. being put into .env files when using azd locally. Why is this bit of config not in the same place, and why is the json file secure and the env file not? It's not a file in source control, and I'm only using it locally during the setup phase to test things. It's not something that will get checked in and used as a real store for the wider dev team. The dev team will have this in secrets.json during local dev, and it'll be secured in Azure DevOps for deployment. The connection strings for deployment in an Azure DevOps library are secured by permissions within Azure DevOps and can be backed by key vault, so this seems like a reasonable place to want to keep this config securely, having different libraries for different environments. As such, I really think you should be able to easily pass variables like these connection strings from a library in Azure DevOps into azd in your CI/CI pipeline. It's a bit messy with one connection at the moment, but if you had multiple and you're cramming them all into this one 'AZD_INITIAL_ENVIRONMENT_CONFIG' variable in your library, it's just not very clean and doesn't seem like how it should be organized. Originally I was trying to pass this variable in my pipeline via the 'env' section, I think this should be supported with it being on the user to secure Azure Devops libraries. If it could accept this input as a secure param, I wouldn't then need the work around outputting it in bicep. Or better yet, if possible, the task should pick up matching variables from the variable group specified on the pipeline without having to manually pass them in on the task. /unresolve |
Yes, this has stopped working for me since 1.9, I'm going to do some more playing around with it, but it seems like it's not picking up things in the yaml file, including my custom domain binding (#3875). |
There should be only host names, but not connection strings (including keys). For any parameter that Aspire-manifest defines as In a world where azd would only be meant to run in CI/CD, it would be ok to directly use one secret for each parameter, which, in fact, works for mapping env to infra. But for |
Ok, so because it could have credentials and is marked as What about allowing the user to explicitly specify as an argument that they want to accept secure params from the environment so this is something you can do deliberately just in a pipeline? i.e.
|
Hi there, nothing has changed much on this front as far as I'm aware. I'd say if the goal of Aspire is to simplify and remove the pain/complexity of building and deploying cloud native apps, then this aspect of supplying a connection string (secured parameter) in a CI/CD pipeline (including one that's not had the yaml generated via azd) is still too difficult to figure and clunky (in my opinion, but I think I've seen a few posts by others on GitHub on it). It isn't really covered in the documentation unless there's more detail elsewhere? I still have 'AZD_INITIAL_ENVIRONMENT_CONFIG' with some JSON in the value field in Libraries in the Azure DevOps which is really for key/value pairs. I'd like to see a better way and clear documentation, perhaps like I've mentioned in my previous comment. |
I can confirm that this issue/thread is the "Best" documentation that I have found for this field and I am still very much unclear how to use it for my own purposes. |
It would be great if this can be simplified, right now the cli command has everything mixed up and since we had to do a custom action file the cli tries to set the environment variables each time we want to update the secure arguments. The current process is cumbersome as I have to pull the secrets to my local machine to then use the cli and manually paste it one by one before running azd pipeline config. It would be great if azd/aspire supported using a keyvault to pull the secrets just like it's possible with bicep using the deployment parameters file. We could even use the same deploymentParameters.json file and would make it much more straightforward to setup. |
@vhvb1989 I was working on a pet project today and I ran into this issue when I wanted to start making use of GitHub Environments in my GitHub Actions. The problem with I think this is an area that we need to look at overall in terms of:
People should be able to define additional environments just by adding the environment in GitHub and setting the unique values for that environment (e.g. In GitHub Actions its extra hard because there is literally no way to look at the existing value of
|
azd version 1.7.0 (commit 49d6adc)
Describe the issue
Having chatted about this on the aspire discussion area, @davidfowl asked me to raise this as an issue:
dotnet/aspire#2848 (reply in thread)
I'm using preview 4 and trying to add a sql connection to an existing database.
I've added
var sqlConnection = builder.AddConnectionString("sql", "SQL_CONNECTION");
And then on my project:
This is fine running locally, reading the connection string from the AppHost secrets.
However, if you do an azd deploy, or run azd in your Azure DevOps pipeline, it asks for this connection string as a parameter. e.g. this in the prompt after 'azd deploy':
? Enter a value for the 'sql' infrastructure secured parameter:
If I provide this parameter, I think it essentially adds it to the main.paramaters.json, and then it's not so intuitive in terms of how to get this working as an environment variable so it can be built in a promptless CI/CI pipeline, the process doesn't tell you the name of this variable.
It is documented, but it would be good if during this prompt it could give you the option to save this parameter as an environment variable (and let you know the name of said variable) rather than it ending up in the json file.
Another potential option that might be nice to have is if aspire takes the 'environmentVariableName' param from AddConnectionString and outputs it to the manifest so that azd can use the same name for the environment variable input param (so it's named consistently and in a controllable/predictable way).
To Reproduce
Within an aspire project, declare a connection to an existing DB with the environmentVariableName param e.g.
var sqlConnection = builder.AddConnectionString("sql", "SQL_CONNECTION");
Expected behavior
I (wrongly) expected the project to require the environment variable name I'd given as input to populate the connection string value, wasn't clear how it worked until pointed at the docs
Environment
Information on your environment:
* .NET Aspire preview 4
* VS2022 17.10 Preview 2
The text was updated successfully, but these errors were encountered: