Azure Pipelines 比较 Key Vault Secrets 的状况
Azure Pipelines compare Key Vault Secrets in Condition
我有一个简单的值存储在我的 Azure Pipelines 可以访问的 Key Vault 中。
当我提取值并将其与提供的参数进行比较时,比较总是失败,即使我明确地正确设置了它。我下面的逻辑是否有错误导致比较失败,或者这是我在 Azure Pipelines 中根本无法做到的事情?
- task: AzureKeyVault@1
displayName: "Download Key Vault Data"
inputs:
azureSubscription: 'Azure: MY_SERVICE_CONNECTION'
KeyVaultName: 'myKeyVault23123'
SecretsFilter: 'my-actual'
RunAsPreJob: false
- bash: echo "EXECUTION REQUIRED ${DESIRED} vs ${ACTUAL})"
condition: and(succeeded(), ne('${{ parameters.desired }}', '$(my-actual)'))
displayName: "Detected: Necessary"
env:
ACTAUL: $(my-actual)
DESIRED: ${{ parameters.desired }}
- bash: echo "execution NOT required ${DESIRED} vs ${ACTUAL})"
condition: and(succeeded(), eq('${{ parameters.desired }}', '$(my-actual)'))
displayName: "Detected: Unnecessary"
env:
ACTAUL: $(my-actual)
DESIRED: ${{ parameters.desired }}
如果我在 Key Vault 中明确设置 my-actual,我的检查仍然失败。我试着把它放在脚本中,并且 运行 也连续几次:
- task: AzureCLI@2
displayName: Setting Value Explicitly
inputs:
azureSubscription: "Azure: MY_SERVICE_CONNECTION"
scriptType: bash
scriptLocation: inlineScript
inlineScript: az keyvault secret set --vault-name myKeyVault23123 --name my-actual --value "${{ parameters.desired }}"
addSpnToEnvironment: true
useGlobalConfig: true
如果您的变量是机密,那么它总是被标记为 *** 以保护您的机密。所以你看到 EXECUTION REQUIRED *** vs ***.
是完全正常的
我也对这些值进行了测试:
- parameters.desired = test, my-actual = test 我得到了
EXECUTION REQUIRED *** vs )
- parameters.desired = test123test, my-actual = test I got
EXECUTION REQUIRED ***123*** vs )
奇怪的是,第一个管道没有进入 execution NOT required,但值是相同的。因此我要说的是,在条件下使用秘密是不可能的。
我仍然收到相同的消息,但是我通过此管道实现了正确的行为:
parameters:
- name: desired
displayName: Desired
type: string
default: test
trigger:
- master
pool:
vmImage: ubuntu-latest
steps:
- bash: |
echo '$(my-actual)'
echo '${{ parameters.desired }}'
- bash: |
echo "##vso[task.setvariable variable=skipsubsequent]false"
if [ "${{ parameters.desired }}" == "$(my-actual)" ]; then
echo "##vso[task.setvariable variable=skipsubsequent]true"
fi
- bash: echo "EXECUTION REQUIRED ${DESIRED} vs ${ACTUAL})"
condition: and(succeeded(), eq(variables['skipsubsequent'], 'false'))
displayName: "Detected: Necessary"
env:
ACTAUL: $(my-actual)
DESIRED: ${{ parameters.desired }}
- bash: echo "execution NOT required ${DESIRED} vs ${ACTUAL})"
condition: and(succeeded(), eq(variables['skipsubsequent'], 'true'))
displayName: "Detected: Unnecessary"
env:
ACTAUL: $(my-actual)
DESIRED: ${{ parameters.desired }}
我有一个简单的值存储在我的 Azure Pipelines 可以访问的 Key Vault 中。
当我提取值并将其与提供的参数进行比较时,比较总是失败,即使我明确地正确设置了它。我下面的逻辑是否有错误导致比较失败,或者这是我在 Azure Pipelines 中根本无法做到的事情?
- task: AzureKeyVault@1
displayName: "Download Key Vault Data"
inputs:
azureSubscription: 'Azure: MY_SERVICE_CONNECTION'
KeyVaultName: 'myKeyVault23123'
SecretsFilter: 'my-actual'
RunAsPreJob: false
- bash: echo "EXECUTION REQUIRED ${DESIRED} vs ${ACTUAL})"
condition: and(succeeded(), ne('${{ parameters.desired }}', '$(my-actual)'))
displayName: "Detected: Necessary"
env:
ACTAUL: $(my-actual)
DESIRED: ${{ parameters.desired }}
- bash: echo "execution NOT required ${DESIRED} vs ${ACTUAL})"
condition: and(succeeded(), eq('${{ parameters.desired }}', '$(my-actual)'))
displayName: "Detected: Unnecessary"
env:
ACTAUL: $(my-actual)
DESIRED: ${{ parameters.desired }}
如果我在 Key Vault 中明确设置 my-actual,我的检查仍然失败。我试着把它放在脚本中,并且 运行 也连续几次:
- task: AzureCLI@2
displayName: Setting Value Explicitly
inputs:
azureSubscription: "Azure: MY_SERVICE_CONNECTION"
scriptType: bash
scriptLocation: inlineScript
inlineScript: az keyvault secret set --vault-name myKeyVault23123 --name my-actual --value "${{ parameters.desired }}"
addSpnToEnvironment: true
useGlobalConfig: true
如果您的变量是机密,那么它总是被标记为 *** 以保护您的机密。所以你看到 EXECUTION REQUIRED *** vs ***.
我也对这些值进行了测试:
- parameters.desired = test, my-actual = test 我得到了
EXECUTION REQUIRED *** vs ) - parameters.desired = test123test, my-actual = test I got
EXECUTION REQUIRED ***123*** vs )
奇怪的是,第一个管道没有进入 execution NOT required,但值是相同的。因此我要说的是,在条件下使用秘密是不可能的。
我仍然收到相同的消息,但是我通过此管道实现了正确的行为:
parameters:
- name: desired
displayName: Desired
type: string
default: test
trigger:
- master
pool:
vmImage: ubuntu-latest
steps:
- bash: |
echo '$(my-actual)'
echo '${{ parameters.desired }}'
- bash: |
echo "##vso[task.setvariable variable=skipsubsequent]false"
if [ "${{ parameters.desired }}" == "$(my-actual)" ]; then
echo "##vso[task.setvariable variable=skipsubsequent]true"
fi
- bash: echo "EXECUTION REQUIRED ${DESIRED} vs ${ACTUAL})"
condition: and(succeeded(), eq(variables['skipsubsequent'], 'false'))
displayName: "Detected: Necessary"
env:
ACTAUL: $(my-actual)
DESIRED: ${{ parameters.desired }}
- bash: echo "execution NOT required ${DESIRED} vs ${ACTUAL})"
condition: and(succeeded(), eq(variables['skipsubsequent'], 'true'))
displayName: "Detected: Unnecessary"
env:
ACTAUL: $(my-actual)
DESIRED: ${{ parameters.desired }}