Randi Ratnayake

Cloud Architect | DevSecOps Evangelist | Mentor

  |   2 minute read


When dealing with the Azure DevOps pipeline, we may have situations where we need to extract the current Azure subscription ID and use it as a variable in follow-up pipeline tasks. There are two ways of achieving this. One is storing the Azure subscription ID as a pipeline variable in a configurable place. Certainly nothing wrong with that. But we make the assumption we know it ahead of time.

Problem

I was working on this engagement where a client did not have the Azure environment ready by the time I was onboarded. The client was planning to have a subscription for each of their target environment. In this case, that is four (4). Given my tight timeline, I want to wrap things up in a way my pipeline code can target any subscription scoped by the Azure DevOps service connection. So the client can use my pipeline whenever they are ready.

I have talked about Azure DevOps service connections before in this post. In this project, I know I will have a service connection setup scoped for each subscription, and I know the naming format of each service connection.

Solution

Given that I know the service connection format, I added an Azure CLI task to get the Azure subscription ID into a variable and immediately set it as an Azure DevOps Pipeline variable.

The first thing I do, I make my service connection a calculated variable at run time. For illustration purposes, I do this same place. But you can easily modularise these deployment steps into a template and make it cleaner.

The magical Azure CLI command help me extract the Azure subscription ID is below;

subscriptionId=$(az account show --query id --output tsv)

The very immediate thing I do is set this captured variable as a pipeline variable. To learn how to set the pipeline variables, deep dive into this article.

I set the pipeline variable scoped for the current job scope in this instance. So any job after this step can get hold of this new pipeline variable.

echo "##vso[task.setvariable variable=azureSubscriptionId;]$subscriptionId"

The complete pipeline with all steps included with an example of hot to use it looks like below. How exactly you use the subscription ID may depend upon your use case.

trigger:
- main

pool:
  vmImage: 'ubuntu-latest'

stages:
  - stage: DeployDev
    displayName: Deploy DEV
    variables:
      environmentShortName: dev
      azureServiceConnection: 'sc-rkt-ado-arm-$(environmentShortName)'
    jobs:
      - job: DeployDev
        displayName: Deployment
        steps:
          - task: AzureCLI@2
            displayName: Fetch Azure subscription ID
            inputs:
              azureSubscription: $(azureServiceConnection)
              scriptType: bash
              scriptLocation: inlineScript
              inlineScript: |
                subscriptionId=$(az account show --query id --output tsv)
                echo "##vso[task.setvariable variable=azureSubscriptionId;]$subscriptionId"

          - script: |
              echo $(azureSubscriptionId) # outputs Azure subscription ID
            displayName: Using Azure subscription ID variable

Conclusion

In this short post, I first intend to document what I did so that it will remind me that every problem has simple solutions. We often face similar issues where the environment is not ready, there needs to be more information, and the infrastructure needs to be set up.

If you develop any infrastructure or automation scripts targetting the cloud environments, your scripts should be clever enough to target any subscription without needing to depend on hard-coded variables. I hope this helps anyone.

Leave a comment

You may also enjoy

Security Best Practices for Azure API Management (API-M)

  |   6 minute read

APIs have become the building blocks of modern software applications, enabling data and services to be shared across diverse platforms and devices. As we have been understanding in this series, Azure API Management (API-M) is there to manage our APIs. So, the security of itself and the safety of the APIs it manages are equally important. This post will explore the options available to protect our APIs and API-M out of the box and look at examples of implementing some of them.

Understanding and Designing Policies in API Management (API-M)

  |   12 minute read

Azure API Management (API-M) policies are the heart and soul of the service. It is, in fact, the most powerful feature that makes API-M stand out as an API management suite. Policies are a collection of XML and C# code snippets executed sequentially on an API’s request and response flow, controlling its access behaviour and format of the payload. In this post, we will understand more about policies and some design considerations. We will learn how to use this powerful feature to enhance and protect our backend services and how it can genuinely shine as a management layer to our APIs.

Versioning and Revisioning in API Management (API-M)

  |   11 minute read

Changes and enhancements are inevitable in any product that wants to keep up with evolving requirements. Azure API Management (API-M) offers offers robust features to facilitate this process. One of the key aspects of API Management is revisioning and versioning, which ensures that our APIs remain functional and relevant as our service evolves. In this post, we will explore the concepts of revisioning and versioning in Azure API Management, learn how to leverage these capabilities effectively and discuss some design considerations.

Designing Products in API Management (API-M)

  |   12 minute read

Azure API Management Products logically separates APIs into units to offer a subset of the APIs or different SLAs to consumers. It’s a powerful concept that makes API-M stand out to offer true enterprise-ready managed API service. So it’s important to understand the basic principles and design considerations of designing products in API-M, which this post will dive into.