Create plan and apply pipeline
1. Create an environment
Firstly, an Azure DevOps Pipeline Environment is created as a means to facilitate an approval process.
Go to Pipelines / Environments Select "New Environment"
Once created select the ellipsis in the top right corner and select "Approvals and checks"
Then add a suitable approval and save.
e.g.
2. Create pipeline
The below yaml can be used to create a pipeline in Azure DevOps.
The following variables need to be updated for your environment:
Variable Name | Comments |
---|---|
licenseid | From "Sign Up for a free trial" |
azureSubscription | The name of the service connection from "Create a service connection" |
rbacSubscriptions | A comma delimited list of the subscriptions you want to process. or use "*" for all subscriptions the service connection has access to |
rootFolder | This will be the root folder in your repo that the files are written to. Appending your tenant name could be a good choice here. |
environment | The environment defined above that enables the approval process. |
outputFolder | output files will be created here and uploaded to the artifact |
useYaml | Set to true to use YAML format, otherwise JSON format is used. |
Plan and apply pipeline
trigger: none
pool:
vmImage: 'windows-latest'
variables:
licenseid: '917851e2-3efb-4340-9803-ae40753f0cb9'
azureSubscription: 'sp_rbac_pipeline_apply'
rbacSubscriptions: 'OSX-SUB-SBX,OSX-SUB-DEV,OSX-SUB-SIT,OSX-SUB-PRD'
rootFolder: '$(System.DefaultWorkingDirectory)\OsservanteX'
environment: 'rbac-noapproval'
outputFolder: '$(Build.StagingDirectory)\output'
useYaml: false
artifactname: '_rbac'
stages:
- stage: Plan
jobs:
- deployment: RBACPlan
displayName: RBAC - Plan
pool:
vmImage: 'windows-latest'
environment: '$(environment)'
strategy:
runOnce:
deploy:
steps:
- checkout: self
fetchDepth: 1
persistCredentials: true
- task: Osservante.OsservanteRBAC.custom-build-release-task2.OsservanteRBAC@1
displayName: 'Osservante RBAC - Plan'
inputs:
mode: 'Plan'
licenseid: '$(licenseid)'
azureSubscription: '$(azureSubscription)'
rbacSubscriptions: '$(rbacSubscriptions)'
rootFolder: '$(rootFolder)'
outputFolder: '$(outputFolder)'
useYaml: '$(useYaml)'
- task: PublishPipelineArtifact@1
displayName: 'Publish Pipeline Artifact'
inputs:
artifact: '$(artifactname)'
targetPath: '$(outputFolder)'
- stage: Apply
jobs:
- deployment: RBACApply
displayName: RBAC - Apply
pool:
vmImage: 'windows-latest'
environment: 'rbac-approval'
strategy:
runOnce:
deploy:
steps:
- download: current
artifact: '$(artifactname)'
displayName: Download artifact
- task: Osservante.OsservanteRBAC.custom-build-release-task2.OsservanteRBAC@1
displayName: 'Osservante RBAC - Apply'
inputs:
mode: 'Apply'
licenseid: '$(licenseid)'
azureSubscription: '$(azureSubscription)'
rbacSubscriptions: '$(rbacSubscriptions)'
rootFolder: '$(rootFolder)'
outputFolder: '$(Pipeline.Workspace)\$(artifactname)'
useYaml: '$(useYaml)'