Using Object Type Azure DevOps YAML Pipeline Parameter in PowerShell Task

 Using a YAML pipeline paramter in a PowerShell task is straight forward for types such as string. For example, if there is a YAML pipeline parameter named env of type string, we can read it in PowerShell task with $envName = '${{ parameters.env }}; without any issue. However, if the parameter is type of object we cannot read, the paramter the same way we do with string parameters. If we try to read object parameter named apps, $apps = '${{ parameters.apps}}; , there will be an YAML validation error staring the pipeline such as below. 

/azure-pipelines.yml (Line: 57, Col: 23): Unable to convert from Array to String. Value: Array

Even if we try to use below it will be same issue.

[String[]]$apps = '${{ parameters.apps}};

[PSObject[]]$apps = '${{ parameters.apps}};

Let's explore the issueand solution in detail.

Mapping SQL Database SKU Bicep Specs with Available SKUs in a Region

 How to fnd SKU information for SQL databses is documented here. The command suggested to use is az sql db list-editions -l region -o table . This would provide available list of SQL database SKU optons to chose form for a given region. However, the headings and parameters required in bicep is bit confusing to figure out intially. Let's look at how to map values for available SKUs provided by az sql db list-editions -l region -o table  command, and parmeters in Bicep SKU for SQL database.

Ensure Azure App Config Refresh for Keyvault Secret Updates in Terraform

Keyvault secrets can be used in Azure app conciguratoins and can be setup with terraform. However, if the secret is modified then modified secret reference is not get updated to the app configuration. There are two ways to fix this issue in terraform. Let's explore them.

Fix Terraform Azure AD App Registration (SPN) Read Permssions Running with Azure DevOps Pipelines

 Azure DevOps use service principals (SPN or Azure AD app registration) to make a service connection to Azure to be able to run Terraform or other IaC based resource deployments targeting Azure. You may run into issue while trying to read another Azure AD app registration information, within terraform. For example consider below code segment.

# aks kv app

data "azuread_application" "akskv" {

  display_name = "${var.PREFIX}-${var.PROJECT}-aks-kv-app"

}

data "azuread_service_principal" "akskv" {

  application_id = data.azuread_application.akskv.application_id

}

Generate KVSet json Format Using appsettings json for Updating Azure App Configurations

 To apply Azure App Configurations including key vault secrets reference key values and normal key values, using a single file requires to use KVSet file as described in the Article here.  With Azure pipelines updating the app config values require, two seperate files to be used in default mode to update, app configs for non secrets and secrets. However, developers of .NET applications would prefer to keep the appsettings file for keeping configurations for development purpose, rather than keeping seperate file to keep references to secret key values. Therefore, in Azure pipline implmentation, it would be required to generate a KVSet file using an app setting file.