Azure devops appsettings.json 管道中 Key Vault 的变量替换不起作用
Azure devops appsettings.json variable substitution from Key Vault in pipelines not working
我有一个在 devops 中构建的 .Net 6 Web 应用程序。我正在尝试替换 appsettings.json 中的设置,但不知何故无法正常工作。
我有:
- Azure Key vault 已设置,其中的机密名称为:
配置--ConnectionStrings--ConnectionString
- 管道可以使用变量组访问此 Key Vault
- 我已经在构建和发布管道中尝试了转换任务
- 我试过了
IIS Web 应用部署任务中的替换选项
1 - 一切正常
2 - 一切都很好
3 - 我已经在构建和发布中使用以下配置尝试过此任务:
steps:
- task: FileTransform@1
displayName: 'File Transform: '
inputs:
folderPath: '$(System.DefaultWorkingDirectory)/**/WebAppFront.zip'
fileType: json
targetFiles: '**/appsettings.json'
日志看起来可以转换:
2022-03-17T10:04:32.9753812Z ##[section]Starting: File Transform:
2022-03-17T10:04:33.0157518Z ==============================================================================
2022-03-17T10:04:33.0158091Z Task : File transform
2022-03-17T10:04:33.0158579Z Description : Replace tokens with variable values in XML or JSON configuration files
2022-03-17T10:04:33.0159048Z Version : 1.198.0
2022-03-17T10:04:33.0159390Z Author : Microsoft Corporation
2022-03-17T10:04:33.0159938Z Help : https://docs.microsoft.com/azure/devops/pipelines/tasks/utility/file-transform
2022-03-17T10:04:33.0160522Z ==============================================================================
2022-03-17T10:04:33.6732027Z [command]C:\azagent\A1\_work\_tasks\FileTransform_8ce97e91-56cc-4743-bfab-9a9315be5f27.198.0\node_modules\azure-pipelines-tasks-webdeployment-commonzipzipz.exe x -oC:\azagent\A1\_work\_temp\temp_web_package_2021667764440822 C:\azagent\A1\_work\r1\a\_Vind\drop\WebAppFront.zip
2022-03-17T10:04:33.7472675Z
2022-03-17T10:04:33.7679746Z 7-Zip [64] 16.00 : Copyright (c) 1999-2016 Igor Pavlov : 2016-05-10
2022-03-17T10:04:33.7687417Z
2022-03-17T10:04:33.7689291Z Scanning the drive for archives:
2022-03-17T10:04:33.7693972Z 1 file, 21535247 bytes (21 MiB)
2022-03-17T10:04:33.7839085Z
2022-03-17T10:04:33.7855780Z Extracting archive: C:\azagent\A1\_work\r1\a\_Vind\drop\WebAppFront.zip
2022-03-17T10:04:36.6203882Z --
2022-03-17T10:04:36.6205010Z Path = C:\azagent\A1\_work\r1\a\_Vind\drop\WebAppFront.zip
2022-03-17T10:04:36.6206577Z Type = zip
2022-03-17T10:04:36.6238261Z Physical Size = 21535247
2022-03-17T10:04:36.6250740Z
2022-03-17T10:04:36.6282342Z Everything is Ok
2022-03-17T10:04:36.6282941Z
2022-03-17T10:04:36.6283536Z Folders: 24
2022-03-17T10:04:36.6284339Z Files: 112
2022-03-17T10:04:36.6284868Z Size: 58919697
2022-03-17T10:04:36.6288304Z Compressed: 21535247
2022-03-17T10:04:36.6338841Z Applying JSON variable substitution for **/appsettings.json
2022-03-17T10:04:36.7353081Z Applying JSON variable substitution for C:\azagent\A1\_work\_temp\temp_web_package_2021667764440822\Content\D_C\a\s\Vind\WebAppFront\obj\Release\net6.0\PubTmp\Out\appsettings.json
2022-03-17T10:04:36.7444592Z JSON variable substitution applied successfully.
2022-03-17T10:04:40.1757797Z ##[section]Finishing: File Transform:
还有日志的其余部分,例如获取 keyvault(在转换之前完成):
2022-03-17T10:04:32.0237340Z ##[section]Starting: Download secrets: my-key-vault
2022-03-17T10:04:32.0691326Z ==============================================================================
2022-03-17T10:04:32.0691706Z Task : Azure Key Vault
2022-03-17T10:04:32.0691934Z Description : Download Azure Key Vault secrets
2022-03-17T10:04:32.0692142Z Version : 2.200.0
2022-03-17T10:04:32.0692355Z Author : Microsoft Corporation
2022-03-17T10:04:32.0692657Z Help : https://docs.microsoft.com/azure/devops/pipelines/tasks/deploy/azure-key-vault
2022-03-17T10:04:32.0693010Z ==============================================================================
2022-03-17T10:04:32.7133186Z SubscriptionId: my-subscription-id.
2022-03-17T10:04:32.7145990Z Key vault name: my-key-vault.
2022-03-17T10:04:32.7152879Z Downloading secret value for: Configuration--ConnectionStrings--ConnectionString.
2022-03-17T10:04:32.9707096Z ##[section]Finishing: Download secrets: my-key-vault
appsettings.json 看起来像这样:
{
"Configuration": {
"ApplicationName": "Lorem ipsum",
"Logging": {
"LogLevel": {
"Default": "Information",
"Microsoft": "Warning",
"Microsoft.Hosting.Lifetime": "Information"
}
},
"ConnectionStrings": {
"ConnectionString": ""
}
}
}
但是连接字符串保持为空。正如我从阅读大量博客和文档中了解到的那样,这应该是可行的。双连字符 -- 在键名中,应该翻译成一个点,所以 Json 路径表达式是正确的(我认为):Configuration.ConnectionStrings.ConnectionString
- 带转换的 IIS Web 应用程序部署任务给出了类似的结果。所以一个空的连接字符串。尽管它明确声明它更新了压缩包中的 json。
该任务的日志:
2022-03-17T10:04:43.3419710Z ##[section]Starting: IIS Web App Deploy
2022-03-17T10:04:43.3940659Z ==============================================================================
2022-03-17T10:04:43.3941018Z Task : IIS web app deploy
2022-03-17T10:04:43.3941276Z Description : Deploy a website or web application using Web Deploy
2022-03-17T10:04:43.3941526Z Version : 0.198.0
2022-03-17T10:04:43.3941721Z Author : Microsoft Corporation
2022-03-17T10:04:43.3942065Z Help : https://docs.microsoft.com/azure/devops/pipelines/tasks/deploy/iis-web-app-deployment-on-machine-group
2022-03-17T10:04:43.3943670Z ==============================================================================
2022-03-17T10:04:44.0803824Z [command]C:\azagent\A1\_work\_tasks\IISWebAppDeploymentOnMachineGroup_1b467810-6725-4b6d-accd-886174c09bba[=15=].198.0\node_modules\azure-pipelines-tasks-webdeployment-commonzipzipz.exe x -oC:\azagent\A1\_work\_temp\temp_web_package_39200019901712446 C:\azagent\A1\_work\r1\a\_Vind\drop\WebAppFront.zip
2022-03-17T10:04:44.1320582Z
2022-03-17T10:04:44.1365755Z 7-Zip [64] 16.00 : Copyright (c) 1999-2016 Igor Pavlov : 2016-05-10
2022-03-17T10:04:44.1393221Z
2022-03-17T10:04:44.1427445Z Scanning the drive for archives:
2022-03-17T10:04:44.1436856Z 1 file, 23620753 bytes (23 MiB)
2022-03-17T10:04:44.1451518Z
2022-03-17T10:04:44.1587844Z Extracting archive: C:\azagent\A1\_work\r1\a\_Vind\drop\WebAppFront.zip
2022-03-17T10:04:47.1556142Z --
2022-03-17T10:04:47.1556846Z Path = C:\azagent\A1\_work\r1\a\_Vind\drop\WebAppFront.zip
2022-03-17T10:04:47.1558328Z Type = zip
2022-03-17T10:04:47.1558787Z Physical Size = 23620753
2022-03-17T10:04:47.1559027Z
2022-03-17T10:04:47.1566021Z Everything is Ok
2022-03-17T10:04:47.1566315Z
2022-03-17T10:04:47.1566617Z Folders: 35
2022-03-17T10:04:47.1567095Z Files: 112
2022-03-17T10:04:47.1567474Z Size: 58919916
2022-03-17T10:04:47.1567818Z Compressed: 23620753
2022-03-17T10:04:47.2311338Z Applying JSON variable substitution for **/appsettings.json
2022-03-17T10:04:47.3655684Z Applying JSON variable substitution for C:\azagent\A1\_work\_temp\temp_web_package_39200019901712446\Content\D_C\a\s\Vind\WebAppFront\obj\Release\net6.0\PubTmp\Out\appsettings.json
2022-03-17T10:04:47.3751003Z JSON variable substitution applied successfully.
2022-03-17T10:04:50.9446139Z [command]"C:\azagent\A1\_work\_tasks\IISWebAppDeploymentOnMachineGroup_1b467810-6725-4b6d-accd-886174c09bba[=15=].198.0\node_modules\azure-pipelines-tasks-webdeployment-common\MSDeploy3.6\MSDeploy3.6\msdeploy.exe" -verb:sync -source:package='C:\azagent\A1\_work\r1\a\temp_web_package_8577780759906015.zip' -dest:auto -setParam:name='IIS Web Application Name',value='www.mydomain.com' -enableRule:DoNotDeleteRule
2022-03-17T10:04:51.7358688Z Info: Updating file (www.mydoain.com\appsettings.json).
2022-03-17T10:04:51.7839580Z Total changes: 1 (0 added, 0 deleted, 1 updated, 0 parameters changed, 2281 bytes copied)
2022-03-17T10:04:51.8207636Z ##[section]Finishing: IIS Web App Deploy
我做错了什么?当我回显变量时,我唯一注意到的是它在 ; 上被切断了。在连接字符串中,但即使我尝试了一些简单的值,它也不起作用。
我最终通过在管道中创建变量并使用 Key Vault 机密作为值来解决它。
Keyvault 秘密名称:'MyConnectionSecret'
您必须使用点符号来指定路径。请参阅我对 json 结构的问题。
Dev ops 中的 var 名称:
Configuration.ConnectionStrings.ConnectionString
Dev ops 中 var 的值:
$(MyConnectionSecret)
当然在库中你必须添加基于 Keyvault 的变量组
我有一个在 devops 中构建的 .Net 6 Web 应用程序。我正在尝试替换 appsettings.json 中的设置,但不知何故无法正常工作。
我有:
- Azure Key vault 已设置,其中的机密名称为: 配置--ConnectionStrings--ConnectionString
- 管道可以使用变量组访问此 Key Vault
- 我已经在构建和发布管道中尝试了转换任务
- 我试过了 IIS Web 应用部署任务中的替换选项
1 - 一切正常
2 - 一切都很好
3 - 我已经在构建和发布中使用以下配置尝试过此任务:
steps:
- task: FileTransform@1
displayName: 'File Transform: '
inputs:
folderPath: '$(System.DefaultWorkingDirectory)/**/WebAppFront.zip'
fileType: json
targetFiles: '**/appsettings.json'
日志看起来可以转换:
2022-03-17T10:04:32.9753812Z ##[section]Starting: File Transform:
2022-03-17T10:04:33.0157518Z ==============================================================================
2022-03-17T10:04:33.0158091Z Task : File transform
2022-03-17T10:04:33.0158579Z Description : Replace tokens with variable values in XML or JSON configuration files
2022-03-17T10:04:33.0159048Z Version : 1.198.0
2022-03-17T10:04:33.0159390Z Author : Microsoft Corporation
2022-03-17T10:04:33.0159938Z Help : https://docs.microsoft.com/azure/devops/pipelines/tasks/utility/file-transform
2022-03-17T10:04:33.0160522Z ==============================================================================
2022-03-17T10:04:33.6732027Z [command]C:\azagent\A1\_work\_tasks\FileTransform_8ce97e91-56cc-4743-bfab-9a9315be5f27.198.0\node_modules\azure-pipelines-tasks-webdeployment-commonzipzipz.exe x -oC:\azagent\A1\_work\_temp\temp_web_package_2021667764440822 C:\azagent\A1\_work\r1\a\_Vind\drop\WebAppFront.zip
2022-03-17T10:04:33.7472675Z
2022-03-17T10:04:33.7679746Z 7-Zip [64] 16.00 : Copyright (c) 1999-2016 Igor Pavlov : 2016-05-10
2022-03-17T10:04:33.7687417Z
2022-03-17T10:04:33.7689291Z Scanning the drive for archives:
2022-03-17T10:04:33.7693972Z 1 file, 21535247 bytes (21 MiB)
2022-03-17T10:04:33.7839085Z
2022-03-17T10:04:33.7855780Z Extracting archive: C:\azagent\A1\_work\r1\a\_Vind\drop\WebAppFront.zip
2022-03-17T10:04:36.6203882Z --
2022-03-17T10:04:36.6205010Z Path = C:\azagent\A1\_work\r1\a\_Vind\drop\WebAppFront.zip
2022-03-17T10:04:36.6206577Z Type = zip
2022-03-17T10:04:36.6238261Z Physical Size = 21535247
2022-03-17T10:04:36.6250740Z
2022-03-17T10:04:36.6282342Z Everything is Ok
2022-03-17T10:04:36.6282941Z
2022-03-17T10:04:36.6283536Z Folders: 24
2022-03-17T10:04:36.6284339Z Files: 112
2022-03-17T10:04:36.6284868Z Size: 58919697
2022-03-17T10:04:36.6288304Z Compressed: 21535247
2022-03-17T10:04:36.6338841Z Applying JSON variable substitution for **/appsettings.json
2022-03-17T10:04:36.7353081Z Applying JSON variable substitution for C:\azagent\A1\_work\_temp\temp_web_package_2021667764440822\Content\D_C\a\s\Vind\WebAppFront\obj\Release\net6.0\PubTmp\Out\appsettings.json
2022-03-17T10:04:36.7444592Z JSON variable substitution applied successfully.
2022-03-17T10:04:40.1757797Z ##[section]Finishing: File Transform:
还有日志的其余部分,例如获取 keyvault(在转换之前完成):
2022-03-17T10:04:32.0237340Z ##[section]Starting: Download secrets: my-key-vault
2022-03-17T10:04:32.0691326Z ==============================================================================
2022-03-17T10:04:32.0691706Z Task : Azure Key Vault
2022-03-17T10:04:32.0691934Z Description : Download Azure Key Vault secrets
2022-03-17T10:04:32.0692142Z Version : 2.200.0
2022-03-17T10:04:32.0692355Z Author : Microsoft Corporation
2022-03-17T10:04:32.0692657Z Help : https://docs.microsoft.com/azure/devops/pipelines/tasks/deploy/azure-key-vault
2022-03-17T10:04:32.0693010Z ==============================================================================
2022-03-17T10:04:32.7133186Z SubscriptionId: my-subscription-id.
2022-03-17T10:04:32.7145990Z Key vault name: my-key-vault.
2022-03-17T10:04:32.7152879Z Downloading secret value for: Configuration--ConnectionStrings--ConnectionString.
2022-03-17T10:04:32.9707096Z ##[section]Finishing: Download secrets: my-key-vault
appsettings.json 看起来像这样:
{
"Configuration": {
"ApplicationName": "Lorem ipsum",
"Logging": {
"LogLevel": {
"Default": "Information",
"Microsoft": "Warning",
"Microsoft.Hosting.Lifetime": "Information"
}
},
"ConnectionStrings": {
"ConnectionString": ""
}
}
}
但是连接字符串保持为空。正如我从阅读大量博客和文档中了解到的那样,这应该是可行的。双连字符 -- 在键名中,应该翻译成一个点,所以 Json 路径表达式是正确的(我认为):Configuration.ConnectionStrings.ConnectionString
- 带转换的 IIS Web 应用程序部署任务给出了类似的结果。所以一个空的连接字符串。尽管它明确声明它更新了压缩包中的 json。
该任务的日志:
2022-03-17T10:04:43.3419710Z ##[section]Starting: IIS Web App Deploy
2022-03-17T10:04:43.3940659Z ==============================================================================
2022-03-17T10:04:43.3941018Z Task : IIS web app deploy
2022-03-17T10:04:43.3941276Z Description : Deploy a website or web application using Web Deploy
2022-03-17T10:04:43.3941526Z Version : 0.198.0
2022-03-17T10:04:43.3941721Z Author : Microsoft Corporation
2022-03-17T10:04:43.3942065Z Help : https://docs.microsoft.com/azure/devops/pipelines/tasks/deploy/iis-web-app-deployment-on-machine-group
2022-03-17T10:04:43.3943670Z ==============================================================================
2022-03-17T10:04:44.0803824Z [command]C:\azagent\A1\_work\_tasks\IISWebAppDeploymentOnMachineGroup_1b467810-6725-4b6d-accd-886174c09bba[=15=].198.0\node_modules\azure-pipelines-tasks-webdeployment-commonzipzipz.exe x -oC:\azagent\A1\_work\_temp\temp_web_package_39200019901712446 C:\azagent\A1\_work\r1\a\_Vind\drop\WebAppFront.zip
2022-03-17T10:04:44.1320582Z
2022-03-17T10:04:44.1365755Z 7-Zip [64] 16.00 : Copyright (c) 1999-2016 Igor Pavlov : 2016-05-10
2022-03-17T10:04:44.1393221Z
2022-03-17T10:04:44.1427445Z Scanning the drive for archives:
2022-03-17T10:04:44.1436856Z 1 file, 23620753 bytes (23 MiB)
2022-03-17T10:04:44.1451518Z
2022-03-17T10:04:44.1587844Z Extracting archive: C:\azagent\A1\_work\r1\a\_Vind\drop\WebAppFront.zip
2022-03-17T10:04:47.1556142Z --
2022-03-17T10:04:47.1556846Z Path = C:\azagent\A1\_work\r1\a\_Vind\drop\WebAppFront.zip
2022-03-17T10:04:47.1558328Z Type = zip
2022-03-17T10:04:47.1558787Z Physical Size = 23620753
2022-03-17T10:04:47.1559027Z
2022-03-17T10:04:47.1566021Z Everything is Ok
2022-03-17T10:04:47.1566315Z
2022-03-17T10:04:47.1566617Z Folders: 35
2022-03-17T10:04:47.1567095Z Files: 112
2022-03-17T10:04:47.1567474Z Size: 58919916
2022-03-17T10:04:47.1567818Z Compressed: 23620753
2022-03-17T10:04:47.2311338Z Applying JSON variable substitution for **/appsettings.json
2022-03-17T10:04:47.3655684Z Applying JSON variable substitution for C:\azagent\A1\_work\_temp\temp_web_package_39200019901712446\Content\D_C\a\s\Vind\WebAppFront\obj\Release\net6.0\PubTmp\Out\appsettings.json
2022-03-17T10:04:47.3751003Z JSON variable substitution applied successfully.
2022-03-17T10:04:50.9446139Z [command]"C:\azagent\A1\_work\_tasks\IISWebAppDeploymentOnMachineGroup_1b467810-6725-4b6d-accd-886174c09bba[=15=].198.0\node_modules\azure-pipelines-tasks-webdeployment-common\MSDeploy3.6\MSDeploy3.6\msdeploy.exe" -verb:sync -source:package='C:\azagent\A1\_work\r1\a\temp_web_package_8577780759906015.zip' -dest:auto -setParam:name='IIS Web Application Name',value='www.mydomain.com' -enableRule:DoNotDeleteRule
2022-03-17T10:04:51.7358688Z Info: Updating file (www.mydoain.com\appsettings.json).
2022-03-17T10:04:51.7839580Z Total changes: 1 (0 added, 0 deleted, 1 updated, 0 parameters changed, 2281 bytes copied)
2022-03-17T10:04:51.8207636Z ##[section]Finishing: IIS Web App Deploy
我做错了什么?当我回显变量时,我唯一注意到的是它在 ; 上被切断了。在连接字符串中,但即使我尝试了一些简单的值,它也不起作用。
我最终通过在管道中创建变量并使用 Key Vault 机密作为值来解决它。
Keyvault 秘密名称:'MyConnectionSecret'
您必须使用点符号来指定路径。请参阅我对 json 结构的问题。 Dev ops 中的 var 名称:
Configuration.ConnectionStrings.ConnectionString
Dev ops 中 var 的值:
$(MyConnectionSecret)
当然在库中你必须添加基于 Keyvault 的变量组