Skip to main content

Create plan and apply pipeline

1. Create an environment

Firstly, an Azure DevOps Pipeline Environment is created as a means to facilitate an approval process.

Go to Pipelines / Environments Select "New Environment"

environment

Once created select the ellipsis in the top right corner and select "Approvals and checks"

Then add a suitable approval and save.

e.g.

Azure DevOps Approvals

2. Create pipeline

The below yaml can be used to create a pipeline in Azure DevOps.

The following variables need to be updated for your environment:

Variable NameComments
licenseidFrom "Sign Up for a free trial"
azureSubscriptionThe name of the service connection from "Create a service connection"
rbacSubscriptionsA comma delimited list of the subscriptions you want to process. or use "*" for all subscriptions the service connection has access to
rootFolderThis will be the root folder in your repo that the files are written to. Appending your tenant name could be a good choice here.
environmentThe environment defined above that enables the approval process.
outputFolderoutput files will be created here and uploaded to the artifact
useYamlSet to true to use YAML format, otherwise JSON format is used.
Plan and apply pipeline
trigger: none

pool:
vmImage: 'windows-latest'

variables:
licenseid: '917851e2-3efb-4340-9803-ae40753f0cb9'
azureSubscription: 'sp_rbac_pipeline_apply'
rbacSubscriptions: 'OSX-SUB-SBX,OSX-SUB-DEV,OSX-SUB-SIT,OSX-SUB-PRD'
rootFolder: '$(System.DefaultWorkingDirectory)\OsservanteX'
environment: 'rbac-noapproval'
outputFolder: '$(Build.StagingDirectory)\output'
useYaml: false
artifactname: '_rbac'

stages:
- stage: Plan
jobs:
- deployment: RBACPlan
displayName: RBAC - Plan
pool:
vmImage: 'windows-latest'
environment: '$(environment)'
strategy:
runOnce:
deploy:
steps:
- checkout: self
fetchDepth: 1
persistCredentials: true

- task: Osservante.OsservanteRBAC.custom-build-release-task2.OsservanteRBAC@1
displayName: 'Osservante RBAC - Plan'
inputs:
mode: 'Plan'
licenseid: '$(licenseid)'
azureSubscription: '$(azureSubscription)'
rbacSubscriptions: '$(rbacSubscriptions)'
rootFolder: '$(rootFolder)'
outputFolder: '$(outputFolder)'
useYaml: '$(useYaml)'
- task: PublishPipelineArtifact@1
displayName: 'Publish Pipeline Artifact'
inputs:
artifact: '$(artifactname)'
targetPath: '$(outputFolder)'

- stage: Apply
jobs:
- deployment: RBACApply
displayName: RBAC - Apply
pool:
vmImage: 'windows-latest'
environment: 'rbac-approval'
strategy:
runOnce:
deploy:
steps:
- download: current
artifact: '$(artifactname)'
displayName: Download artifact
- task: Osservante.OsservanteRBAC.custom-build-release-task2.OsservanteRBAC@1
displayName: 'Osservante RBAC - Apply'
inputs:
mode: 'Apply'
licenseid: '$(licenseid)'
azureSubscription: '$(azureSubscription)'
rbacSubscriptions: '$(rbacSubscriptions)'
rootFolder: '$(rootFolder)'
outputFolder: '$(Pipeline.Workspace)\$(artifactname)'
useYaml: '$(useYaml)'