问题
I asked previously how to do variable substitution with Azure KeyVault here, and was able to get it mostly working save one last issue. For some unknown reason, the substitution occurs perfectly but it adds one extra single quote at the end. Since these are connection strings in the web.config, that extra single quote breaks it. I have no idea what is adding that extra single quote. I did quadruple check KeyVault to ensure its not there as a typo. I have tried doing XML variable substitution with the FileTransform@2 task as recommended by the answer on my previous question as well with the IISWebAppDeploymentOnMachineGroup@0 task with XmlVariableSubstitution set to true. Both added the extra single quote
Example of web.config before pipeline runs (this is what is checked into Git):
<connectionStrings>
<add name="DbConnection" connectionString="Placeholder"/>
...
</connectionStrings>
And after the pipeline finishes with XML variable substitution
<connectionStrings>
<add name="DbConnection" connectionString="DataSource=TheDatabase;CheckConnectionOnOpen=true;UserId=MyUser;Password=ThePassword;'"/>
...
</connectionStrings>
As you can see, its properly connecting to Azure KeyVault, getting the value and doing the substitution. It's that extra single quote at the end after "ThePassword;" that's making the connection string un-parseable by the application.
Here's snippets of my pipeline:
- task: AzureKeyVault@1
displayName: 'Get secrets from KeyVault'
inputs:
azureSubscription: '${{parameters.keyVault.keyVaultServiceConnection}}'
KeyVaultName: '${{parameters.keyVault.keyVaultName}}'
SecretsFilter: '*'
# KeyVault has an app name prefix for each connection string as well as an environment name postfix so this loops removes that prefix so the transformation can match the names/keys properly
- ${{ each secret in parameters.keyVault.secrets }}:
- task: CmdLine@2
displayName: 'Set KeyVault secret to match config name'
inputs:
script: echo ##vso[task.setvariable variable=${{secret.configSecretName}}]$(${{secret.secretName}}-${{parameters.environment}})
- task: IISWebAppManagementOnMachineGroup@0
displayName: 'Set up app pool and web site'
inputs:
IISDeploymentType: 'IISWebsite'
ActionIISWebsite: 'CreateOrUpdateWebsite'
WebsiteName: '${{parameters.webSiteName}}'
WebsitePhysicalPath: '${{parameters.webSitePhysicalPathRoot}}'
WebsitePhysicalPathAuth: 'WebsiteUserPassThrough'
CreateOrUpdateAppPoolForWebsite: true
AppPoolNameForWebsite: '${{parameters.webAppPool}}'
DotNetVersionForWebsite: '${{parameters.webAppPoolDotNetVersion}}'
PipeLineModeForWebsite: '${{parameters.pipeLineModeForWebsite}}'
AppPoolIdentityForWebsite: '${{parameters.appPoolIdentityForWebsite}}'
- task: IISWebAppDeploymentOnMachineGroup@0
displayName: 'Deploy web site'
inputs:
WebSiteName: '${{parameters.webSiteName}}'
VirtualApplication: '${{parameters.webAppName}}'
Package: '$(System.ArtifactsDirectory)\*.zip'
RemoveAdditionalFilesFlag: ${{parameters.removeAdditionalFiles}} # Set to true
XmlTransformation: ${{parameters.xmlTransformation}} # Set to false
XmlVariableSubstitution: ${{parameters.xmlVariableSubstitution}} # Set to true
TakeAppOfflineFlag: true
I have also tried setting XmlVariableSubstitution to false and using the FileTransform@2 as mentioned above:
- task: FileTransform@2
inputs:
folderPath: '${{parameters.webSitePhysicalPathRoot}}'
xmlTargetFiles: 'web.config'
来源:https://stackoverflow.com/questions/61775700/keyvault-azure-pipeline-xml-variable-substitution-adds-extra-single-quot