CODEWITHSUNDEEP
azureazure-devopsazure-pipelinesazure-cliazure-pipelines-yaml
prakashrajansakthivel
prakashrajansakthivel

Reputation: 2032

update variable group from azure devops pipeline

I am trying to update a variable in a variable group using az pipelines cli from the pipeline, I have created a PAT and passed on to the pipeline its working fine. but I use the default one such as $(System.AccessToken) its able to list the variable from the variable group but unable to update the variable group. Its saying

ERROR: You do not have permissions to perform this operation on the variable group. A variable group Administrator should add you to the Administrator role. ##[error]Script failed with exit code: 1

after some search I found that I need to add Project Collection Build Service (name) as the administrator in the variable group and try again. I have added that but still I am getting the same error. any suggestions?

I am using classic pipeline, here is the exported task from the pipeline.

steps
- task: AzureCLI@2
  displayName: 'Azure CLI '
  inputs:
    azureSubscription: 'sc'
    scriptType: pscore
    scriptLocation: inlineScript
    inlineScript: |
     az extension add --name azure-devops
     az pipelines variable-group variable list --group-id id --org "orgname" --project "projectname"
     az pipelines variable-group variable update --group-id id --name apim-service-name --value $(str_tf_module_containername) --org "orgname" --project "projectname"
  env:
    AZURE_DEVOPS_EXT_PAT: $(System.AccessToken)

Upvotes: 1

Views: 4506

Answers (2)

Vince Bowdren
Vince Bowdren

Reputation: 9208

If you define your variable group based on an Azure Key Vault, then it is quite easy for your pipeline to save a new value to the vault with just a line or two of powershell.

See this question and answer for an example: How to write a secret to azure key vault from Azure DevOps pipeline?

Upvotes: 0

Krzysztof Madej
Krzysztof Madej

Reputation: 40583

This works well:

steps
- pwsh: |
     az extension add --name azure-devops
     az pipelines variable-group variable list --group-id id --org "orgname" --project "projectname"
     az pipelines variable-group variable update --group-id id --name apim-service-name --value $(str_tf_module_containername) --org "orgname" --project "projectname"
  env:
    AZURE_DEVOPS_EXT_PAT: $(System.AccessToken)

but you need to giveProject Collection Build Service (account) Administrator permission on give variable group:

enter image description here

enter image description here

Upvotes: 5

Related Questions